Understanding Doxing and Footprint Removal
Understanding Doxing and Footprint Removal
– What is doxing?
– Where do you begin?
– What methods of gaining user info exist?
– Social Media Websites
– Social Engineering
– Final Word
What is doxing?
Doxing (named after documents, “dox”) is the act of releasing someone’s private information.
Usually done with the intention to harm the user this is a popular method of “getting revenge” along with DDoS attacks.
Of course people think highly of their privacy, so how come they can get all of those details about individuals?
And to that, my answer is: “The Internet”. Might seem like a cheesy answer but trust me, the internet is big and you will leave footprints when using it. These footprints can be traced back and followed. Today in society it’s not even that weird to have to give your name, last name, address details, credit card number and so on if you want to purchase something online. And you can’t tell me that you’ve never used the same password to log in on different websites. All because it’s “easier”. Now let me tell you a bit more about how to go about doing this yourself
Where do you begin?
What do you want to know? A critical question you might want to ask yourself. And an important question you should ask yourself: “What do you know?” Is there anything you already know of the target you want to ‘dox’?
Here’s a link to a template I compiled for you to use: http://pastebin.com/XYhTVDVR
What kind of methods for gaining personal info exist?
2. Social Media Websites
3. Social Engineering
A useless list you have right here. But let me explain each of these ‘methods’ and you’ll be on your way in no time.
Google – A Search Engine You Can Build Upon
Google, probably the most popular company out there, what would we do without it?
We use it to search for images, for fun, for finding new games, songs and discovering new websites. What could we possibly do without it? But having indexed a good part of the internet, it allows us to search that indexed data and we will be able to find out more information about people. For example, try searching your own first name in google. Just your first name, see anything about yourself there? No? Not weird, after all, your name isn’t unique, quite a few people exist with that name. But what about a full name? A username, an email?
Using John Doe as an example, (John being first name and Doe being surname of course)
Some google tricks include:
– Quotes – will search the EXACT string: “John Doe” allowing you to more easily find people’s full name, same goes for usernames
– intitle – adding intitle before a query and including the quotes might allow you to find existing doxes for someone: “intitle:Dox “John Doe””
– inurl – Same as above it might help you find a dox for someone on pastebin for example: “inurl:pastebin “John Doe””
Use google like you would normally, find info about your target, be sure to confirm it’s trustworhty and true and note it down, search for more and more, perhaps find out if the user is on facebook, twitter or any other social media sites!
Social Media – Your own downfall
Moving on to our next point in the agenda is Social Media, Facebook, twitter, instagram.. myspace?
We all know them, and probably use them as well. Of course you know how much information about you is available there right? How about Looking up John Doe on facebook (https://www.facebook.com/search/results/?q=John%20Doe&type=users) If you already found out the users location, you can even filter on that.
Did you know you can also search people with their other personal info like Phone Number and Email?
Social engineering also refered to as human hacking is making people do things you want them to do without them really thinking about it. For example you can trick someone into giving their real name, email, phone number or even as far as their credit card details or password.
We’ve all seen the rediculous fake adverts to earn 200$ in a single day from your home computer or our late uncle who died and has a few million waiting for you. It’s stupid and you know that, but people actually fall for that.
Databases – A lovely way to store information
Using your new google tricks you can see if their info in a database was leaked, this can allow you to find their username, full name, email,hash/password, IP and maybe more depending on the type of database.
http://indexeus.com/ is a good example of a database with user information that you can freely access!
Stores an unreal amount of information if it’s not made private using Whoisguard for example.
Although this will only work if the user actually owns one or multiple domains.
http://whois.domaintools.com/ is an example of a whois lookup tool you can use.
The internet is a big place, use it to your advantage to find information, it’s probably the easiest way to find user’s private information ever, unlike in the past where it was nearly impossible to find user’s information.
Below is a list included of some websites that can be used to find user’s information
Credits to Cyberguard
Own knowledge for guide
For the website list:
Info lookup from username:
Info lookup from personal info:
US Reverse Phone Lookup:
Reverse Search for pictures: http://www.tineye.com
Reverse area code search: http://www.telcodata.us/telcodata/telco
Reverse Phone number search: http://www.whitepages.com http://www.411.com
US Criminal Record Check: http://www.criminalsearches.com/
Realtor Home search: http://www.realtor.ca/
Ancestry Search: http://search.ancestry.com/
Internet Archive: http://www.archive.org/web/web.php
Temporary Mail: http://www.mailinator.com/
Anonymous email sending:
Gather Information on people’s cameras by just uploading an image: http://regex.info/exif.cgi
once the target is accuired send free empty boxes: http://www.usps.com/
Telephone Spoofing: http://www.telespoof.com/freecall/agi
I stumbled upon this site the other day, and I thought it’d be nice to share it with you guys. With this site you’re able to “calculate” or determine what someone’s license number is and reverse engineer it. By “reverse engineer”, I’m saying you’re able to determine gender, date of birth, first/middle/last name initials.
This can be really helpful if your target is from the following states:
- Minnesota (pre-2005)
- New Hampshire
- New York (pre 1992)
So how does this all work?
“A number of states encode your name, gender, and date of birth in your license number. These include Florida, Wisconsin, and Illinois. These states use the same system of encoding, or very similar ones. Given someone’s driver’s license number from one of these states, you can take good guesses at someone’s name and exactly determine their gender and date of birth. With someone’s name, date of birth, and gender, you can guess some or all of their driver’s license number. (I expect this same system applies to State IDs, but I don’t know.)” –Alan De Smet
To make it simple. Some states encode your personal information in your license number.
– Getting Someone’s License Number
Note. This site is not a database. It’s a calculator that can 99.9% of the time accurately guess what someone’s license number is in certain states. If your target is in one of those states, you can fill their information in, and 99.9% of the time, you will stumble upon their real license number.
It’s real simple. All you have to do is fill in the boxes.
- First Name
- Middle Initial
- Last Name
- Date of Birth
You will need those information if you want to accurately determine your target’s license number.
You can check the authenticity of the number from some states if they have a driver license check. You can use Google to help you find these sites. With a simple Google search, the state of Florida uses the following site to validate driver licenses.
– Reverse Engineering Someone’s License
If you have a license number from the following states, you can “reverse engineer” it to figure out some information such as first initial, middle initial, possible last names, gender, and date of birth.
Go here: http://www.highprogrammer.com/cgi-bin/uniqueid
Take a look at either the Florida Analyzer, Illinois Analyzer, or Wisconsin Analyzer, depending on your target’s location.
Fill in their license number, and the site will give you an approximate guess on what your target’s information would most likely be.
http://tineye.com/Once you have found whatever you need to remove, we can now proceed!
RemovingThere may be many forums and accounts that are accessible by you, an easy was is to simply login and alter the information being displayed. Also I would suggest changing the email and password to that account as well.
The hard part is attempting to remove information that you don’t have access to.
Pastebin pastes are fairly easy to remove, just report it and say that it contains personal information and within 24 hours the paste should have been removed as requested(http://pastebin.com/contact).
If you’re already Doxed on paste sites such as SkidPaste, you can simply pay $10 BTC to remove that paste, it may seem a lot but if you care about your privacy you will pay it.
Any other sites that you don’t have access to, you should contact the owner and they should also respect that and remove if request. If you are having any problems getting the contact information then run a who.is check on the domain and you should get some contact information that way.
A common website used is whitepages.com, if you’re on this you can simply edit your information and fill it up with false information.
Use common sense when requesting and if it isn’t very serious information, then make up some bullshit lie
Self proclaimed tech enthusiast looking to expand my personal portfolio. Click my profile to find out more. PS. If you give me something i will break it.