Podcast

So this is the post I make before I start my podcast. What do you want to hear about? Understanding the capabilities of 7zip? Image backups VS traditional sissy backups? How to facebook? Let me know in the comments. Since I wont receive any replies at the time of writing, I’ll be keeping track of replies to this post for a while. Look forward to hearing from you normies.

Recon-NG notes

At this time this is incomplete, This is my “working” notes page When they are are useful I’ll remove this line. All commands and expected results are “to the best of my understanding”, I am not an expert, and will be improving my understanding over time.

Site – https://bitbucket.org/LaNMaSteR53/recon-ng

Usage Guide – https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide

Another guide which I found useful – https://www.codemetrix.net/practical-osint-recon-ng/

Recon-NG is a tool for finding information on the web about a target company or entity. This tool, when properly configured, can do a better job than you in less time at reconnaissance. The usage guides above are likely better resources, this is a place for my personal notes.

Basic commands

Workspaces
I think before doing anything else, you should understand workspaces. They are essentially containers for your projects.  These commands must be executed from the root level of recon-ng.

workspaces list
workspaces add (some name)
workspaces select (some name)
workspaces delete (some name) – if you delete “default” workspace, it automatically creates a new, empty default workspace.

Modules
Show modules – on its own shows all available modules, you can dive into them individually if you prefer by appending the group you’d like to see.
show modules discovery
show modules exploitation, or import, or recon.

Commands

API’s and Not API’s
If you really want to take advantage of recon-ng, you will most likely want to go beyond the basic non API functionalities.  See below for pricing and signup pages.

Full list… (copied and pasted from application) 
(bold means it requires an API, will link below)
(Italics means it does not require and API key)
(No formatting means I haven’t checked yet).

Discovery
 ---------
 discovery/info_disclosure/cache_snoop
 discovery/info_disclosure/interesting_files

Exploitation
 ------------
 exploitation/injection/command_injector
 exploitation/injection/xpath_bruter

Import
 ------
 import/csv_file
 import/list

Recon
 -----
 recon/companies-contacts/bing_linkedin_cache
 recon/companies-contacts/jigsaw/point_usage
 recon/companies-contacts/jigsaw/purchase_contact
 recon/companies-contacts/jigsaw/search_contacts
 recon/companies-contacts/linkedin_auth
 recon/companies-multi/github_miner
 recon/companies-multi/whois_miner
 recon/contacts-contacts/mailtester
 recon/contacts-contacts/mangle
 recon/contacts-contacts/unmangle
 recon/contacts-credentials/hibp_breach
 recon/contacts-credentials/hibp_paste
 recon/contacts-domains/migrate_contacts
 recon/contacts-profiles/fullcontact
 recon/credentials-credentials/adobe
 recon/credentials-credentials/bozocrack
 recon/credentials-credentials/hashes_org
 recon/domains-contacts/metacrawler
 recon/domains-contacts/pgp_search
 recon/domains-contacts/whois_pocs
 recon/domains-credentials/pwnedlist/account_creds
 recon/domains-credentials/pwnedlist/api_usage
 recon/domains-credentials/pwnedlist/domain_creds
 recon/domains-credentials/pwnedlist/domain_ispwned
 recon/domains-credentials/pwnedlist/leak_lookup
 recon/domains-credentials/pwnedlist/leaks_dump
 recon/domains-domains/brute_suffix
 recon/domains-hosts/bing_domain_api
 recon/domains-hosts/bing_domain_web
 recon/domains-hosts/brute_hosts
 recon/domains-hosts/builtwith
 recon/domains-hosts/certificate_transparency
 recon/domains-hosts/google_site_api
 recon/domains-hosts/google_site_web
 recon/domains-hosts/hackertarget
 recon/domains-hosts/mx_spf_ip
 recon/domains-hosts/netcraft
 recon/domains-hosts/shodan_hostname
 recon/domains-hosts/ssl_san
 recon/domains-hosts/threatcrowd
 recon/domains-vulnerabilities/ghdb
 recon/domains-vulnerabilities/punkspider
 recon/domains-vulnerabilities/xssed
 recon/domains-vulnerabilities/xssposed
 recon/hosts-domains/migrate_hosts
 recon/hosts-hosts/bing_ip
 recon/hosts-hosts/freegeoip
 recon/hosts-hosts/ipinfodb
 recon/hosts-hosts/resolve
 recon/hosts-hosts/reverse_resolve
 recon/hosts-hosts/ssltools
 recon/hosts-locations/migrate_hosts
 recon/hosts-ports/shodan_ip
 recon/locations-locations/geocode
 recon/locations-locations/reverse_geocode
 recon/locations-pushpins/flickr
 recon/locations-pushpins/instagram
 recon/locations-pushpins/picasa
 recon/locations-pushpins/shodan
 recon/locations-pushpins/twitter
 recon/locations-pushpins/youtube
 recon/netblocks-companies/whois_orgs
 recon/netblocks-hosts/reverse_resolve
 recon/netblocks-hosts/shodan_net
 recon/netblocks-ports/census_2012
 recon/netblocks-ports/censysio
 recon/ports-hosts/migrate_ports
 recon/profiles-contacts/dev_diver
 recon/profiles-contacts/github_users
 recon/profiles-profiles/namechk
 recon/profiles-profiles/profiler
 recon/profiles-profiles/twitter_mentioned
 recon/profiles-profiles/twitter_mentions
 recon/profiles-repositories/github_repos
 recon/repositories-profiles/github_commits
 recon/repositories-vulnerabilities/gists_search
 recon/repositories-vulnerabilities/github_dorks

Reporting
 ---------
 reporting/csv
 reporting/html
 reporting/json
 reporting/list
 reporting/proxifier
 reporting/pushpin
 reporting/xlsx
 reporting/xml

Getting access to API’s (in the order listed above)

 

 

 | bing_api Free trial (90 d)Pricing
 | builtwith_api Free (1 req/second)Pricing
 | censysio_id Rate Limited free
 | censysio_secret Is this different than above?
 | flickr_api Free for personal, See details on page for commercial
 | fullcontact_api Appears free
 | github_api Appears free
 | google_api Appears free
 | google_cse Appears Free
 | hashes_api Please donate
 | instagram_api free for personal business?
 | instagram_secret Different from above?
 | ipinfodb_api free
 | jigsaw_api Free or starts at $250/yr, not sure.
 | jigsaw_password 
 | jigsaw_username 
 | linkedin_api Appears free
 | linkedin_secret 
 | pwnedlist_api Site is down at the time of writing
 | pwnedlist_ivSite is down at the time of writing
 | pwnedlist_secret Site is down at the time of writing
 | shodan_api Free, may have limitations Pricing
 | twitter_api free
 | twitter_secret Different from above?

Equifax missed facts.

Freeze your credit, complain about not being able to get a loan… You probably did it wrong anyway, you missed the other two. Its not even the real issue.

You can’t sue equifax, no one really can. Also not the issue. They potentially destroyed your life, your good credit, your home mortgage, (the second and third mortgage someone else took out, some jerk might buys a gun in your name and kills someone. Someone else might rent a car and smash it).

Still, you are missing the point.

The real issue? Zero liability for anyone in the future. When you medical records get jacked?  When you ridentity gets stolen? When your CAR gets stolen, When your car gets stolen by someone over the internet? how can you prove damages? Those credentials were already lost by someone else. No one has to accept responsibility anymore.

Lets get it straight, Target lost your data if you shop there, OPM lost your data if you work for the Government. Equifax lost your data if you are a US citizen. Your data is worth money, and others gave it away in a game. The game is familiar, its called I win, you played it with people you didn’t like and they generally lost, if they won, it was because you changed the rules to allow it.

What did they gain? That is a better question. I think they shorted the market in a scam of their own making, deceived by someone clever who wants to watch the world burn. With all the occupiers, the neonazis, the BLM’s, SJW’s in general, and people like the FBI conning criminals into horrible things with get out of jail free cards, did you really think this wasn’t coming? Al Quaida was entirely trained and funded by the US (CIA). It’s not a conspiracy theory. What did you gain when you played? A sense of power? Money?

No. You got nothing. Same as the people playing against you, they were scammed. They are screwed, but maybe less than they would have been if equifax had patched the software it had with an old, known vulnerability.

Whats next? Yahoo is already toast and without value. Only noobs attack yahoo, even though they have a lot of your personal information, no one cares about them anymore.

gMail? A good candidate. Better? The IRS is probably next, that would be complete domination of us citizens, and prove everyone right in what they want to believe (even though its silly)… The idea that the IRS is bad. The IRS isn’t bad, but they are the most probable next target.

Other targets are likely to be backbone service providers. Comcast, Google, and the Bells are in the southeast. Once they get pwned power and water become trivial. Power and water are the alternative to personal information, personal information is probably a distraction anyway, north korea is probably a distraction.

Equifax seems too convenient. So back to the point. Equifax tech was taken over not because they did poor security. Its the other way around, they did poor security so they had an excuse to get hacked. Its much more profitable that way, for everyone. Look at the C levels, inside trading nonsense. they made more money then you will legitimately earn in your life over something that looks pretty darn suspicious.

The next issue, when one of experian or transunion gets hacked and loses your data, who can you sue? Only those who you can prove created damages. When best buy gets hacked? Uh, your identity already got jacked, not liable. Who’s liable? No one who has enough money. Welcome to the suck friends.

 

This was written quickly and late at night, I hope to fix grammar, but my frustration is at least documented and available.