ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 18129

How i can dox someone ?

by EliteKing - 04-28-2018 - 05:00 PM
#1
With a tool or website ? please give me some tips :D
Reply
#2
First Name:
Middle Name:
Last Name:

Address:
City:
State:
Zip Code:
Country:

Phone Number:

Pictures:

How to Dox

-Via Ip Address -
Doxing via IP won’t get you much information but it will help you in
your goal of getting your target’s dox. There are many ways of getting
someone’s IP address. I’m going to tell you two of the most used.

Way #1: Obtain the IP through email. I’m not going to explain all that but here is a tutorial on how to
http://aruljohn.com/info/howtofindipaddress/ .

Way #2: Obtain the IP through Xbox Live. For this you need a program
called “Cain & Abel” here is a video tutorial on how to set that
all up
http://www.youtube.com/watch?v=e19D9E3e0b0 .

Now once you have obtained your target’s IP head on over to this site http://www.ip-adress.com/ip_tracer/ .
From there you can find their latitude/longitude which will let you find their state and city. The city isn’t always correct.

-Via Email Address -
Assuming that you have their email address(es) there is quite a bit of information you can find from this. Head over to
http://com.lullar.com/

This site is a very handy doxing tool. Enter the email address you have on here and it will pull up any accounts or names registered to that email. You know, Facebook, Myspace, YouTube, etc. If you get their Facebook or something with their first and last name on it then you are golden. Then go ahead and use the next method. (Note, you can use email to obtain IP’s that has been explained above.)

-Via Telephone Number,Names,Address -
For this method the only website you will need is
http://www.whitepages.com/ .

Fill in the first name, last name, city, and state. Then click search. If you only have a phone number that will work too. More than likely you’ll
have multiple people pop-up with same name as your target but
different addresses. Now this is were the hard work starts. In order to
eliminate the “fakes” you’re going to have dox a few more people. Now if you look to the right of the names you will see the people they are related to. Find which ones are related to your target.

-Via User Names -
http://knowem.com/
Is the site you need, it works the same as the email method.

-Via Social Groups -
Social groups are good once you found your target’s Facebook for
example. You can use it to obtain more information on your target and
also get pictures of your target. Pictures can also help you dox your
target. I will explain that later on.

- Social Engineering -
Social Engineering is a greatly used technique for obtaining
information. Social engineering is basically manipulating or tricking
your target into giving you his/her information. One way of doing this
for example is by email. I once doxed a person by making a believable
email address and pretending that I worked for a website and wrote
articles. I asked my target if I could interview him and he said “sure”. I said, “Would you mind starting off this interview with telling me your first and last name?” He gave it to me simple as that! Then I
used the other methods for the rest of his dox.

-Via Domain Names They Own -
Domain names (website URL’s) are also very useful in doxing because
you can obtain a full name and address from them. However, this is only if your target is stupid enough to enter his/her real info for his/her site. Goon over to
http://whois.domaintools.com/
and enter a website. Then click “look up” and you will get something like this. As you can see though that is a example of false information or just not the dox we are looking for.

-Via Images -
Searching images is a good way to find where pictures are uploaded. So lets say you have a picture of your target. Just go here http://www.tineye.com/ and enter the picture you have. It will search for you and with any luck you will get a link to his/her Facebook or Myspace.

== What To Do With Dox ==
Once you have obtained all the dox of your target there are several things you can do.
1. You can use them as blackmail. Threaten to post them everywhere if you don’t get what you want.
2. You can just be an asshole and post them everywhere and send your target the link.
3. Use the information to gain access to something that belongs to them such as an xbox live account.

== Useful Links With Descriptions ==

http://www.zabasearch.com/- No Success with Whitepages? Try this.
http://www.zoominfo.com/-professional Career and Employment.
http://wink.com/- Another People Search
http://www.freeality.com/ -Name, city, and state.
http://www.infospace.com/-companies by Name, category, or city.
http://www.isearch.com/ - Phone Books
http://www.whitepages.com/find_neighbors - Need to confirm dox? Calling neighbors and asking for the target. They tell you how you can reach them.
http://www.411.com/-source Free people and business searches in the US and Canada.
http://infobel.com/ Links to almost every phone book in the world.
Social Networks Facebook,MySpace,YouTube,Blogs, Whois, etc.
http://www.pipl.com/- Searches quite a few different places.
http://com.lullar.com/- A profile searcher for Networking sites.
http://www.checkusernames.com/ - Check to see if a username has been used on over 9000 websites.
http://www.ip2location.com/ Accurate!
http://www.paterva.com/web5/ It provides excellent results when e-mail addresses and full names are used.
http://www.archive.org/index.php Find deleted webpages.
http://www.emailchange.com/ Have someone’s old email? Find current ones.
http://www.nedsite.nl/search/people.htm#top- Search email by name, phone, fax, college, ancestors, etc.
http://www.selfseo.com/find_ip_address_of_a_website.php - Find the ip of a protected site
http://regex.info/exif.cgi -EXIF searcher.
IP Tracers/Network Tools

http://www.dnsstuff.com/
http://www.whois.net/
http://www.ip-adress.com/ip_tracer/
http://centralops.net/co/
http://www.robtex.com/
People Look Up

1. http://www.spokeo.com/

2. http://pastehtml.com/view/b1026x5qu.html

3. http://www.pipl.com/

4. http://www.ipeople.com/

5. https://www.facebook.com/directory/people/

6. http://www.whitepages.com/

7. http://www.yasni.com/

8. http://www.skipease.com/

9. http://www.peekyou.com/

10. http://www.soople.com/

11. http://www.zaba.com/

12. http://www.zabasearch.com/

13. http://www.Abika.com/

14. http://www.freeality.com/

15. http://www.radaris.com/

16. http://www.fonefinder.net/

17. http://wink.com/

18. http://spock.com/

19. http://socialmention.com/

20. http://www.whostalkin.com/

21. http://www.oneriot.com/

22. http://www.kosmix.com/

23. http://www.yacktrack.com/

24. http://www.keotag.com/

25. http://www.twoogel.com/

26. http://www.knowem.com/

27. http://www.samepoint.com/

28. http://yahoo.intelius.com/

29. http://www.findermind.com/free-people-search-engines/

30. http://www.peekyou.com/

31. http://aad.archives.gov/aad/series-list.jsp?cat=GS29

32. http://www.192.com/

33. http://www.freecellphonedirectorylookup.com/

34. http://pastehtml.com/view/bh59gkh7b.html#

35. http://www.archive.org/web/web.php

36. http://www.numberway.com/phone-numbers/3/

37. https://www.vinelink.com/vinelink/initMap.do

38. http://www.jailbase.com/en/sources/fl-lcso/

39. http://publicrecords.onlinesearches.com/

40. http://www.thepublicrecords.com/

41. http://www.spokeo.com/

42. http://www.soople.com/ .

43. http://www.whitepages.com/

Alternative Twitter search engines:

http://twopcharts.com/
http://www.twinitor.com/
http://snapbird.org/
IP/Domain Information Gathering

http://centralops.net/co/
http://www.robtex.com/
http://www.netcraft.com/
http://betterwhois.com/
http://www.shodanhq.com/
http://website-tools.net/google-keyword/site/find
http://subnetscanner.onlinetoolkit.org/
http://www.scroogle.com/
Online Port scanning:
http://www.t1shopper.com/tools/port-scan/
http://nmap-online.com/
http://labs.programming-designs.com/portscanner/
Doxing Links:

http://www.intelius.com/
http://www.spokeo.com/
http://pastehtml.com/view/b1026x5qu.html
http://www.pipl.com/
http://www.ipeople.com/
https://www.facebook.com/directory/people/
http://www.whitepages.com/
http://www.phonebooks.com/
http://www.yasni.com/
http://www.skipease.com/
http://www.peekyou.com/
http://www.soople.com/
http://www.zaba.com/
http://www.zabasearch.com/
http://www.Abika.com/
http://www.freeality.com/
http://www.radaris.com/
http://www.fonefinder.net/
http://yahoo.intelius.com/
http://www.findermind.com/free-people-search-engines/
http://www.peekyou.com/
http://aad.archives.gov/aad/series-list.jsp?cat=GS29
http://www.192.com/
http://www.freecellphonedirectorylookup.com/
http://pastehtml.com/view/bh59gkh7b.html#
http://www.archive.org/web/web.php
http://www.numberway.com/phone-numbers/3/
https://www.vinelink.com/vinelink/initMap.do
http://www.jailbase.com/en/sources/fl-lcso/
http://publicrecords.onlinesearches.com/
Reply
#3
If you only have their IP address, there really isn't much you can do.
Doxing someone online is very difficult, although in real life can be pretty simple.
All you have to do is stalk them, I managed to pin point to exact house a jock at my school lives in just by looking at landmarks in a picture.
The more access you have to them, the easier it will be.

The websites the above user posted are pretty good, my girlfriend's address was on one of them before (until she contacted the website and they removed it). I've had the most luck with phone numbers and full names (including family members, although it is difficult to get someone's parents' names).

If you really wanted to get someone's address, you could make a website under a free domain that will request their location for something.
You could social engineer them into enabling their location (on their phone will be more accurate). It is similar to a phishing attack.
If you are going to do this attack, I suggest sending them a link to your website before nighttime, when they will most likely be at home.
Reply
#4
The people above me seem to have a pretty decent grip on this, good luck.
Reply
#5
I don't know how. Please anyone here for help
Reply
#6
From what I am seeing here is people do not understand that you can ISP dox when you have someones IP and get more information on a person then you would get through white pages alone.


Obviously everyone who says that you cannot do anything with someones IP address has not been in the community long enough


ISP Doxing tutorial below


METHOD #0)



I've decided to release my guide/tutorial to ISP Doxing.



Things you need:

>Basic Social Engineering Skills.

>Intelligence

>Skype



Find your victim, pull their IP. And look up the IP online. Once you know their ISP, google the Support/Customer Care line for it.



Once you have that number, get on Skype and call. These are Toll-Free Numbers, so don't worry about Credits.



Keep Pressing Buttons/Etc. to get to the Live Representative.



Each ISP has their own Program that they use for looking up Customer Information. Here is a list of Major US Providers and their Tools.





AT&T

• Systems: CCTP (Call Center Transformation Program), G2



Cox

• Systems: Icon, Polar



Charter

• Systems: Sigma, IRIS



Comcast

• Systems: ACSR, Comtrac, CSG, Einstien, Grandslam, Vision



Time Warner / Road Runner

• Systems: Real, Unify



Verizon

• Systems: Coffee





Once you are talking to a Representative, you can follow this script, and modify it with your own information/etc. Going to be using Comcast as an example.



*You: Hello, My name is Joe, and I'm with Tech Support. I was trying to look up a Customer’s Account Information in Grandslam, when our systems crashed. I currently cannot open up Grandslam or CSG. I was wondering if you could help me out and look up a customer’s information on your end. Thanks.

Agent: They will ask you for a Phone number. Reply with:

*You: Unfortunately, I only have their IP address, since I was in Live Chat with them. I have them on scheduled called back in 3 hours. I know Grandslam can look up Customer Info with an IP, can you try it in that.

Agent: Sure... blah, blah, give them the IP.

*You: They should look everything up. You can ask for:

>Name on the account

>Address

>Phone Number

>Account Number

>Last 4 of the SSN





METHOD #1)



1. Call comcast

2. Hello my name is (What ever name you want) and my employee id is (What ever you want e.g 809*jly) and i am from customer care and my floor is down because of maintenance and my level 2 told me to contact you guys to look up an account for me and verify some information?

3. (If you want to use the comcast ip address make sure you ask them to tell them to use the GrandSlam system to lookup from the ip address because that is the only system that can lookup accounts from the ip address if you have something else like the phone #, account #, name, address etc use ascr, csg, comtrac but if you dont ask them they will use ascr/csg by default) So provide them what ever information you have.

4. Ask them if they have the account pulled up yet. If yes, say can you verify the name and so on.

5. Once you have the information you say "thank you for your cooperation have a nice shift".

Here is a format to lay the information out:

IP:

Name on file:

DOB on file:

SSN on file:

Phone on file:

Address on file:

Comcast Account #:

Primary Comcast Email:



---------------------------------------------------------------------------------------------------------



METHOD #2)



Introduction

If you've come to a stop point when doxing someone and the only way you can get to them is to dox via ISP (Internet Service Provider), you're in the right place.

Why Do This When I Have Google?

ISP doxing is extremely simple and it's very quick, all it requires is a small amount of patience and you can't sound like a little kid.

How To Find Out The I.P. and ISP

Find the person's I.P. address through programs like Skype, Xbox Live, or some other way.

- To find an I.P. through Skype, look for a Skype resolver. If you're too lazy to type it in to google, look This link is hidden from you. If you want to see it you have to register on this board.. If that doesn't work for any reason, just google the damn thing. Type in the Skype name then look for the I.P. which is located wherever.

- To find an I.P. through Xbox Live, refer to This link is hidden from you. If you want to see it you have to register on this board..



Now on to finding the ISP, type in the I.P.This link is hidden from you. If you want to see it you have to register on this board. and look at the last part of hostname and you found the ISP.

Requirements

- Internet Connection

- Skype

- Possibly Skype credits, it all depends on the ISP

- Somewhat deep voice (unless you're a woman)

How To

1. You want to call up whichever ISP the person is on that you're going to dox using Skype (If you need help finding that, look two lines up).

2. Refer to This link is hidden from you. If you want to see it you have to register on this board., so you can figure out which tool your desired ISP uses.

3. Follow the script below.

Conversation

Agent: Hello, my name is Linda. How may I assist you today?

You: Hello, Linda, my name is Max. I work for Comcast as well and I was having a little trouble looking up a customer. Grandslam is down in my department. Would you mind helping me out?

Agent: Sure thing, Max. Let's get to it. Can I have the phone number of the customer you were trying to reach?

You: Linda, the issue to this is that I was only able to manage to get the I.P. Address.

Agent: Could you give me the I.P. Address, Max?

You: Sure thing, Linda. Let me see... Ah, (I.P. Address here)

Agent: Thank you for that information, Max. The name is (doxed person's registered name) and here's the phone number (doxed person's phone number here). And here's the address here (address here).

- YOU DO NOT HAVE TO DO THIS PART!!

You: Thank you so much for that information Linda, but I'm afraid I need more information. Can you give me the last 4 of the SSN so I can verify the account holder? (Ask for anything else).

Agent: No problem, Max. (Anything else here).

You: Thank you very much, Linda.



Please be respectful at the end and don't just hang up. They gave you all of this information and could potentially be fired for it. Do the right thing and respect them.

I hope you all enjoyed this tutorial. If you need any help, please come to me.



---------------------------------------------------------------------------------------------------------



METHOD #3)



Successfully Social Engineering an ISP (more specifically, Sympatico)



***



Social Engineering at any ISP can be easy. Knowing how they operate is key,

knowing what the helpdesk is instructed to do and say in certain circumstances

is imperative.



DEFINITION

Social Engineering: Term used among crackers and samurai for cracking

techniques that rely on weaknesses in wetware rather than software; the aim is

to trick people into revealing passwords or other information that compromises

a target system's security. Classic scams include phoning up a mark who has

the required information and posing as a field service tech or a fellow

employee with an urgent access problem. See also the tiger team story in the

patch entry.



http://www.dictionary.com/cgi-bin/dict.p...ngineering



THE BASICS

The first thing you need to do is determine what you want from the ISP. You

may only want a user id or password, or you might be at the other end of the

spectrum and want to create total havoc and chaos at the ISP. Either way,

specifically figure out what you need. I'm going to focus on getting the

password and user ID of Sympatico accounts.



BASIC INFORMATION & SCENARIOS

If it's your first shot at calling Sympatico Help Desk (310-SURF), I suggest

calling and asking the help desk agent some simple questions to get a good

idea of how stupid they are. Crack a few jokes and keep the conversation

light. Never EVER let on that you know anything technical. Always play stupid,

it'll make them feel smart and empowered (most help desk agents see themselves

as knowing more than you anyway, so there's no point in getting into a "i know

more than you" argument, it won't get you anywhere). As well, if they can't

answer your technical question they'll have to either ask their supervisor or

another help desk agent that may draw unnecessary attention to your call. I

can't stress enuf, how important it is to come off as being their "buddy". If

you sound nervous and unfriendly they'll question you and not feel bad about

withholding information.



At Sympatico, each call is logged in what they refer to as "tickets", they're

all kept in a database called "remedy". Some help desk agents are lazy and

don't log every call, as well, tickets are usually poorly written and not very

specific. The only department that logs tickets properly (most of the time) is

the Sympatico Abuse department, so be careful if you refer to that department.

The good thing is that most of the staff at Sympatico, whether it be a help

desk agent or supervisor (or who ever) doesn't know what the Abuse Department

does. The abuse department is responsible for answering complaints for network

abuse. Their only function is to either deal with people who get spammed or

hacked, or deal with people on the Sympatico network who do the spamming and

hacking (script kiddies mostly...). This is an important piece of knowledge

because if you are trying to get a password, you can use the excuse that the

Abuse Department reset your password and you can't remember it or you wrote it

down wrong because it doesn't work. If you are going to use that excuse,

you'll need to make up a sob story about how someone got your password and was

using your account to Spam, or send hate mail or whatever. Don't go overboard,

Make it believable! The help desk agent will feel sorry for you and will try

to look up the ticket where the password change was documented, so make sure

you make it a point to mention that you just got off the phone with the abuse

people. They'll hopefully conclude that either they are still working on the

"ticket" or that remedy isn't that quick. When you call Sympatico, the

automated system will ask you to enter your account number, depending on what

your strategy is you may or may not want to enter a number. The number you

enter will bring up an account when the help desk agent answers the call. This

can be a disadvantage or an advantage depending on how the help desk agent

answers the call. What I mean is, sometimes the help desk agents will answer

by saying the person's name, like "Sympatico Help Desk, How can I help you Mr.

Doe?" then you'll already have the person's last name, if you don't know the

first name you can always say you are Mr. Doe's daughter or son and that the

account is yours but your parent's pay for it (or whatever.). If the help desk

agent doesn't say the person's name (like they're supposed to) they'll say

something like "Sympatico Help Desk, Can I have your user ID please?". People

enter the wrong account number all the time, so it's no biggie - but you'll

have to have a user ID. User ID's usually begin with b1xxxx (the x's represent

numbers). If you live in the Yukon then they will start with y1xxxx, if you

live in Newfoundland they'll start with a1xxxx, some areas in Nova Scotia also

start with a1xxxx. Once you give them the user ID they may ask you for your

address. This is when you need to get creative, you can say you just moved and

don't remember so you have to look at a piece of mail - when the address

doesn't correspond with their address you can say "well, I changed it

yesterday with the Billing department. How long does it take for the address

change to show in your database?" The help desk agent more than likely won't

know that answer since the Billing department is responsible for address

changes and such. You can say something like "well, when we're done here can

you transfer me to billing so I can make sure they made the change? I don't

want to be late paying my bill", showing concern for the well being of the

account is always good, when they transfer you, just hang up. Just be creative

and pay attention. If the help desk agent says the account holder's name at

any point in time that's key. Even if it's some weird name and you aren't sure

how to spell it, you can simply complain that companies never spell your name

right and your bills have a different spelling on each one (or something like

that).



If you can get a Sympatico email address and you know the person's name then

getting a password from help desk is very simple. The Sympatico email

addresses resolve to the person's user id, so if you have the email address

then you have the user id. If you have access to any mail server, it doesn't

matter if it's in your name or not, telnet to the mail server and send

yourself an email (be sure to put your email address as a blind carbon copy

so your email address isn't visible), put the Sympatico email address in the

"To:" or "CC:" field and the mail server will resolve the user id for you so

when you get the email (they'll get the email too, so make sure you make it

look like Spam or something) all of the Sympatico email addresses you entered

will be in the form of their user id, it'll look like "[email protected]".

I'm sure there's an easier way to resolve the addresses if you only have one

address to resolve, but if you have a bunch of email addresses (you can get

tons of email addresses from the Sympatico newsgroups by the way) it's easier

just to send yourself an email and it'll resolve all of the addresses at the

same time. Once you have the user id and email address, there are several

things you can do to get this account's password. The easier way would be to

call help desk and say that you can't get into your mail box because you get

an error message saying that the password is wrong (remember not to mention

authentication or anything, choose your words carefully - you want to sound as

computer illiterate as possible.). The help desk agent will ask you to verify

the password - the Sympatico passwords usually contain lower case letters and

numbers. The letters are always lower case and 8 characters long. You can say

that it's already in the password field but you can't see it because of the

*'s (asterisks) and that you had it written down somewhere (rustle paper

around and stuff, make it sound like you are looking for it), just say you

can't find it. Make up a convincing story about how you haven't changed it and

it's been in the password field and worked yesterday. Ask them if they are

having problems with mail (try not to mention mail servers, again this will

make you sound smarter than you want to sound), eventually the help desk agent

will get fed up and tell you to write down the password and they'll give it to

you. This has worked more times than not for me - the key to sound really

computer illiterate and really dumb. As with any call you make to the help

desk, it just depends on who you get and how convincing you sound.



The time you decide to call will also make things easier on you. It's always

worse to get someone at the beginning of their shift. Most shifts are at

either 7am - 3pm, 8am - 4pm, 4pm - midnight, 11pm - 7am (those are the

regularly scheduled shifts for the help desk.). The abuse department works

from 8am - 4pm and 4pm to midnight. So time your call properly and it'll make

everything that much easier for you. The people who work from 11pm - 7am are

never happy so if you call at like 2am, they're already sick of taking calls

from drunken bastards who piss them off - it's always better to avoid calling

those guys, they're tired and unpredictable! Grin



If you have to call back and try again, make sure you do it during high peak

hours, like around 6pm (the help desk is in the eastern time zone ([-4 GMT],

EST) because if the help desk agent you last spoke to is free you will get

that person again. The system is designed to direct your call to the last

person you spoke to unless they are already talking to someone else. There are

probably a couple of hundred help desk agents, including billing and the high

speed agents, so if you call during high peak hours the chances of getting the

same person are slim. If you call back using the same user ID and/or account

information there will more than likely be a ticket already logged in remedy

that describes the last call. If you messed up really bad and the help desk

agent noticed, it would be logged in the ticket. Even if you mess up you can

always leave the call open by saying something like "I can't find the address

(or whatever piece of info it is you are stuck on), I'll have to call back"

then when you do call back it won't seem so weird because the fact that you
are calling back will be logged in the ticket.


Crying Tear

From what I am seeing here is people do not understand that you can ISP dox when you have someones IP and get more information on a person then you would get through white pages alone.


Obviously everyone who says that you cannot do anything with someones IP address has not been in the community long enough


ISP Doxing tutorial below


METHOD #0)






Things you need:

>Basic Social Engineering Skills.

>Intelligence

>Skype



Find your victim, pull their IP. And look up the IP online. Once you know their ISP, google the Support/Customer Care line for it.



Once you have that number, get on Skype and call. These are Toll-Free Numbers, so don't worry about Credits.



Keep Pressing Buttons/Etc. to get to the Live Representative.



Each ISP has their own Program that they use for looking up Customer Information. Here is a list of Major US Providers and their Tools.





AT&T

• Systems: CCTP (Call Center Transformation Program), G2



Cox

• Systems: Icon, Polar



Charter

• Systems: Sigma, IRIS



Comcast

• Systems: ACSR, Comtrac, CSG, Einstien, Grandslam, Vision



Time Warner / Road Runner

• Systems: Real, Unify



Verizon

• Systems: Coffee





Once you are talking to a Representative, you can follow this script, and modify it with your own information/etc. Going to be using Comcast as an example.



*You: Hello, My name is Joe, and I'm with Tech Support. I was trying to look up a Customer’s Account Information in Grandslam, when our systems crashed. I currently cannot open up Grandslam or CSG. I was wondering if you could help me out and look up a customer’s information on your end. Thanks.

Agent: They will ask you for a Phone number. Reply with:

*You: Unfortunately, I only have their IP address, since I was in Live Chat with them. I have them on scheduled called back in 3 hours. I know Grandslam can look up Customer Info with an IP, can you try it in that.

Agent: Sure... blah, blah, give them the IP.

*You: They should look everything up. You can ask for:

>Name on the account

>Address

>Phone Number

>Account Number

>Last 4 of the SSN





METHOD #1)



1. Call comcast

2. Hello my name is (What ever name you want) and my employee id is (What ever you want e.g 809*jly) and i am from customer care and my floor is down because of maintenance and my level 2 told me to contact you guys to look up an account for me and verify some information?

3. (If you want to use the comcast ip address make sure you ask them to tell them to use the GrandSlam system to lookup from the ip address because that is the only system that can lookup accounts from the ip address if you have something else like the phone #, account #, name, address etc use ascr, csg, comtrac but if you dont ask them they will use ascr/csg by default) So provide them what ever information you have.

4. Ask them if they have the account pulled up yet. If yes, say can you verify the name and so on.

5. Once you have the information you say "thank you for your cooperation have a nice shift".

Here is a format to lay the information out:

IP:

Name on file:

DOB on file:

SSN on file:

Phone on file:

Address on file:

Comcast Account #:

Primary Comcast Email:



---------------------------------------------------------------------------------------------------------



METHOD #2)



Introduction

If you've come to a stop point when doxing someone and the only way you can get to them is to dox via ISP (Internet Service Provider), you're in the right place.

Why Do This When I Have Google?

ISP doxing is extremely simple and it's very quick, all it requires is a small amount of patience and you can't sound like a little kid.

How To Find Out The I.P. and ISP

Find the person's I.P. address through programs like Skype, Xbox Live, or some other way.

- To find an I.P. through Skype, look for a Skype resolver. If you're too lazy to type it in to google, look This link is hidden from you. If you want to see it you have to register on this board.. If that doesn't work for any reason, just google the damn thing. Type in the Skype name then look for the I.P. which is located wherever.

- To find an I.P. through Xbox Live, refer to This link is hidden from you. If you want to see it you have to register on this board..



Now on to finding the ISP, type in the I.P.This link is hidden from you. If you want to see it you have to register on this board. and look at the last part of hostname and you found the ISP.

Requirements

- Internet Connection

- Skype

- Possibly Skype credits, it all depends on the ISP

- Somewhat deep voice (unless you're a woman)

How To

1. You want to call up whichever ISP the person is on that you're going to dox using Skype (If you need help finding that, look two lines up).

2. Refer to This link is hidden from you. If you want to see it you have to register on this board., so you can figure out which tool your desired ISP uses.

3. Follow the script below.

Conversation

Agent: Hello, my name is Linda. How may I assist you today?

You: Hello, Linda, my name is Max. I work for Comcast as well and I was having a little trouble looking up a customer. Grandslam is down in my department. Would you mind helping me out?

Agent: Sure thing, Max. Let's get to it. Can I have the phone number of the customer you were trying to reach?

You: Linda, the issue to this is that I was only able to manage to get the I.P. Address.

Agent: Could you give me the I.P. Address, Max?

You: Sure thing, Linda. Let me see... Ah, (I.P. Address here)

Agent: Thank you for that information, Max. The name is (doxed person's registered name) and here's the phone number (doxed person's phone number here). And here's the address here (address here).

- YOU DO NOT HAVE TO DO THIS PART!!

You: Thank you so much for that information Linda, but I'm afraid I need more information. Can you give me the last 4 of the SSN so I can verify the account holder? (Ask for anything else).

Agent: No problem, Max. (Anything else here).

You: Thank you very much, Linda.



Please be respectful at the end and don't just hang up. They gave you all of this information and could potentially be fired for it. Do the right thing and respect them.

I hope you all enjoyed this tutorial. If you need any help, please come to me.



---------------------------------------------------------------------------------------------------------



METHOD #3)



Successfully Social Engineering an ISP (more specifically, Sympatico)



***



Social Engineering at any ISP can be easy. Knowing how they operate is key,

knowing what the helpdesk is instructed to do and say in certain circumstances

is imperative.



DEFINITION

Social Engineering: Term used among crackers and samurai for cracking

techniques that rely on weaknesses in wetware rather than software; the aim is

to trick people into revealing passwords or other information that compromises

a target system's security. Classic scams include phoning up a mark who has

the required information and posing as a field service tech or a fellow

employee with an urgent access problem. See also the tiger team story in the

patch entry.



http://www.dictionary.com/cgi-bin/dict.p...ngineering



THE BASICS

The first thing you need to do is determine what you want from the ISP. You

may only want a user id or password, or you might be at the other end of the

spectrum and want to create total havoc and chaos at the ISP. Either way,

specifically figure out what you need. I'm going to focus on getting the

password and user ID of Sympatico accounts.



BASIC INFORMATION & SCENARIOS

If it's your first shot at calling Sympatico Help Desk (310-SURF), I suggest

calling and asking the help desk agent some simple questions to get a good

idea of how stupid they are. Crack a few jokes and keep the conversation

light. Never EVER let on that you know anything technical. Always play stupid,

it'll make them feel smart and empowered (most help desk agents see themselves

as knowing more than you anyway, so there's no point in getting into a "i know

more than you" argument, it won't get you anywhere). As well, if they can't

answer your technical question they'll have to either ask their supervisor or

another help desk agent that may draw unnecessary attention to your call. I

can't stress enuf, how important it is to come off as being their "buddy". If

you sound nervous and unfriendly they'll question you and not feel bad about

withholding information.



At Sympatico, each call is logged in what they refer to as "tickets", they're

all kept in a database called "remedy". Some help desk agents are lazy and

don't log every call, as well, tickets are usually poorly written and not very

specific. The only department that logs tickets properly (most of the time) is

the Sympatico Abuse department, so be careful if you refer to that department.

The good thing is that most of the staff at Sympatico, whether it be a help

desk agent or supervisor (or who ever) doesn't know what the Abuse Department

does. The abuse department is responsible for answering complaints for network

abuse. Their only function is to either deal with people who get spammed or

hacked, or deal with people on the Sympatico network who do the spamming and

hacking (script kiddies mostly...). This is an important piece of knowledge

because if you are trying to get a password, you can use the excuse that the

Abuse Department reset your password and you can't remember it or you wrote it

down wrong because it doesn't work. If you are going to use that excuse,

you'll need to make up a sob story about how someone got your password and was

using your account to Spam, or send hate mail or whatever. Don't go overboard,

Make it believable! The help desk agent will feel sorry for you and will try

to look up the ticket where the password change was documented, so make sure

you make it a point to mention that you just got off the phone with the abuse

people. They'll hopefully conclude that either they are still working on the

"ticket" or that remedy isn't that quick. When you call Sympatico, the

automated system will ask you to enter your account number, depending on what

your strategy is you may or may not want to enter a number. The number you

enter will bring up an account when the help desk agent answers the call. This

can be a disadvantage or an advantage depending on how the help desk agent

answers the call. What I mean is, sometimes the help desk agents will answer

by saying the person's name, like "Sympatico Help Desk, How can I help you Mr.

Doe?" then you'll already have the person's last name, if you don't know the

first name you can always say you are Mr. Doe's daughter or son and that the

account is yours but your parent's pay for it (or whatever.). If the help desk

agent doesn't say the person's name (like they're supposed to) they'll say

something like "Sympatico Help Desk, Can I have your user ID please?". People

enter the wrong account number all the time, so it's no biggie - but you'll

have to have a user ID. User ID's usually begin with b1xxxx (the x's represent

numbers). If you live in the Yukon then they will start with y1xxxx, if you

live in Newfoundland they'll start with a1xxxx, some areas in Nova Scotia also

start with a1xxxx. Once you give them the user ID they may ask you for your

address. This is when you need to get creative, you can say you just moved and

don't remember so you have to look at a piece of mail - when the address

doesn't correspond with their address you can say "well, I changed it

yesterday with the Billing department. How long does it take for the address

change to show in your database?" The help desk agent more than likely won't

know that answer since the Billing department is responsible for address

changes and such. You can say something like "well, when we're done here can

you transfer me to billing so I can make sure they made the change? I don't

want to be late paying my bill", showing concern for the well being of the

account is always good, when they transfer you, just hang up. Just be creative

[color=#dddddd][font=open_sansregular, Tahoma, Verdana, Arial, sans-serif]and pay attention. If the help desk agent says the account holder
~swirl the fat russian iguana Finna
Reply
#7
Use a ddos botnet to dox joey!
Reply
#8
Here's a good tutorial: https://demonforums.net/Thread-Doxing-Tu...pid=201074
Reply
#9
Very good tutorials above!
Reply
#10
Very good tutorials above!
Reply

Users browsing: 1 Guest(s)