Advertisements:


Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Leak] DOX via ISP (DOB,SSN,Address)
#1
Leaked from some other shitty site
-------------------------------------------


Know how its done
Reason why i made this paste: Cluster up methods on how people will attempt to SE and/or DOX. These methods already have been released, I'm just spreading the knowledge.

METHOD #0)

I've decided to release my guide/tutorial to ISP Doxing.

Things you need:
>Basic Social Engineering Skills.
>Intelligence
>Skype

Find your victim, pull their IP. And look up the IP online. Once you know their ISP, google the Support/Customer Care line for it.

Once you have that number, get on Skype and call. These are Toll-Free Numbers, so don't worry about Credits.

Keep Pressing Buttons/Etc. to get to the Live Representative.

Each ISP has their own Program that they use for looking up Customer Information. Here is a list of Major US Providers and their Tools.


AT&T
• Systems: CCTP (Call Center Transformation Program), G2

Cox
• Systems: Icon, Polar

Charter
• Systems: Sigma, IRIS

Comcast
• Systems: ACSR, Comtrac, CSG, Einstien, Grandslam, Vision

Time Warner / Road Runner
• Systems: Real, Unify

Verizon
• Systems: Coffee


Once you are talking to a Representative, you can follow this script, and modify it with your own information/etc. Going to be using Comcast as an example.

*You: Hello, My name is Joe, and I'm with Tech Support. I was trying to look up a Customer’s Account Information in Grandslam, when our systems crashed. I currently cannot open up Grandslam or CSG. I was wondering if you could help me out and look up a customer’s information on your end. Thanks.
Agent: They will ask you for a Phone number. Reply with:
*You: Unfortunately, I only have their IP address, since I was in Live Chat with them. I have them on scheduled called back in 3 hours. I know Grandslam can look up Customer Info with an IP, can you try it in that.
Agent: Sure... blah, blah, give them the IP.
*You: They should look everything up. You can ask for:
>Name on the account
>Address
>Phone Number
>Account Number
>Last 4 of the SSN


METHOD #1)

1. Call comcast
2. Hello my name is (What ever name you want) and my employee id is (What ever you want e.g 809*jly) and i am from customer care and my floor is down because of maintenance and my level 2 told me to contact you guys to look up an account for me and verify some information?
3. (If you want to use the comcast ip address make sure you ask them to tell them to use the GrandSlam system to lookup from the ip address because that is the only system that can lookup accounts from the ip address if you have something else like the phone #, account #, name, address etc use ascr, csg, comtrac but if you dont ask them they will use ascr/csg by default) So provide them what ever information you have.
4. Ask them if they have the account pulled up yet. If yes, say can you verify the name and so on.
5. Once you have the information you say "thank you for your cooperation have a nice shift".
Here is a format to lay the information out:
IP:
Name on file:
DOB on file:
SSN on file:
Phone on file:
Address on file:
Comcast Account #:
Primary Comcast Email:

---------------------------------------------------------------------------------------------------------

METHOD #2)

Introduction
If you've come to a stop point when doxing someone and the only way you can get to them is to dox via ISP (Internet Service Provider), you're in the right place.
Why Do This When I Have Google?
ISP doxing is extremely simple and it's very quick, all it requires is a small amount of patience and you can't sound like a little kid.
How To Find Out The I.P. and ISP
Find the person's I.P. address through programs like Skype, Xbox Live, or some other way.
- To find an I.P. through Skype, look for a Skype resolver. If you're too lazy to type it in to google, look This link is hidden from you. If you want to see it you have to register on this board.. If that doesn't work for any reason, just google the damn thing. Type in the Skype name then look for the I.P. which is located wherever.
- To find an I.P. through Xbox Live, refer to This link is hidden from you. If you want to see it you have to register on this board..

Now on to finding the ISP, type in the I.P.This link is hidden from you. If you want to see it you have to register on this board. and look at the last part of hostname and you found the ISP.
Requirements
- Internet Connection
- Skype
- Possibly Skype credits, it all depends on the ISP
- Somewhat deep voice (unless you're a woman)
How To
1. You want to call up whichever ISP the person is on that you're going to dox using Skype (If you need help finding that, look two lines up).
2. Refer to This link is hidden from you. If you want to see it you have to register on this board., so you can figure out which tool your desired ISP uses.
3. Follow the script below.
Conversation
Agent: Hello, my name is Linda. How may I assist you today?
You: Hello, Linda, my name is Max. I work for Comcast as well and I was having a little trouble looking up a customer. Grandslam is down in my department. Would you mind helping me out?
Agent: Sure thing, Max. Let's get to it. Can I have the phone number of the customer you were trying to reach?
You: Linda, the issue to this is that I was only able to manage to get the I.P. Address.
Agent: Could you give me the I.P. Address, Max?
You: Sure thing, Linda. Let me see... Ah, (I.P. Address here)
Agent: Thank you for that information, Max. The name is (doxed person's registered name) and here's the phone number (doxed person's phone number here). And here's the address here (address here).
- YOU DO NOT HAVE TO DO THIS PART!!
You: Thank you so much for that information Linda, but I'm afraid I need more information. Can you give me the last 4 of the SSN so I can verify the account holder? (Ask for anything else).
Agent: No problem, Max. (Anything else here).
You: Thank you very much, Linda.

Please be respectful at the end and don't just hang up. They gave you all of this information and could potentially be fired for it. Do the right thing and respect them.
I hope you all enjoyed this tutorial. If you need any help, please come to me.

---------------------------------------------------------------------------------------------------------

METHOD #3)

Successfully Social Engineering an ISP (more specifically, Sympatico)

***

Social Engineering at any ISP can be easy. Knowing how they operate is key,
knowing what the helpdesk is instructed to do and say in certain circumstances
is imperative.

DEFINITION
Social Engineering: Term used among crackers and samurai for cracking
techniques that rely on weaknesses in wetware rather than software; the aim is
to trick people into revealing passwords or other information that compromises
a target system's security. Classic scams include phoning up a mark who has
the required information and posing as a field service tech or a fellow
employee with an urgent access problem. See also the tiger team story in the
patch entry.

http://www.dictionary.com/cgi-bin/dict.p...ngineering

THE BASICS
The first thing you need to do is determine what you want from the ISP. You
may only want a user id or password, or you might be at the other end of the
spectrum and want to create total havoc and chaos at the ISP. Either way,
specifically figure out what you need. I'm going to focus on getting the
password and user ID of Sympatico accounts.

BASIC INFORMATION & SCENARIOS
If it's your first shot at calling Sympatico Help Desk (310-SURF), I suggest
calling and asking the help desk agent some simple questions to get a good
idea of how stupid they are. Crack a few jokes and keep the conversation
light. Never EVER let on that you know anything technical. Always play stupid,
it'll make them feel smart and empowered (most help desk agents see themselves
as knowing more than you anyway, so there's no point in getting into a "i know
more than you" argument, it won't get you anywhere). As well, if they can't
answer your technical question they'll have to either ask their supervisor or
another help desk agent that may draw unnecessary attention to your call. I
can't stress enuf, how important it is to come off as being their "buddy". If
you sound nervous and unfriendly they'll question you and not feel bad about
withholding information.

At Sympatico, each call is logged in what they refer to as "tickets", they're
all kept in a database called "remedy". Some help desk agents are lazy and
don't log every call, as well, tickets are usually poorly written and not very
specific. The only department that logs tickets properly (most of the time) is
the Sympatico Abuse department, so be careful if you refer to that department.
The good thing is that most of the staff at Sympatico, whether it be a help
desk agent or supervisor (or who ever) doesn't know what the Abuse Department
does. The abuse department is responsible for answering complaints for network
abuse. Their only function is to either deal with people who get spammed or
hacked, or deal with people on the Sympatico network who do the spamming and
hacking (script kiddies mostly...). This is an important piece of knowledge
because if you are trying to get a password, you can use the excuse that the
Abuse Department reset your password and you can't remember it or you wrote it
down wrong because it doesn't work. If you are going to use that excuse,
you'll need to make up a sob story about how someone got your password and was
using your account to Spam, or send hate mail or whatever. Don't go overboard,
Make it believable! The help desk agent will feel sorry for you and will try
to look up the ticket where the password change was documented, so make sure
you make it a point to mention that you just got off the phone with the abuse
people. They'll hopefully conclude that either they are still working on the
"ticket" or that remedy isn't that quick. When you call Sympatico, the
automated system will ask you to enter your account number, depending on what
your strategy is you may or may not want to enter a number. The number you
enter will bring up an account when the help desk agent answers the call. This
can be a disadvantage or an advantage depending on how the help desk agent
answers the call. What I mean is, sometimes the help desk agents will answer
by saying the person's name, like "Sympatico Help Desk, How can I help you Mr.
Doe?" then you'll already have the person's last name, if you don't know the
first name you can always say you are Mr. Doe's daughter or son and that the
account is yours but your parent's pay for it (or whatever.). If the help desk
agent doesn't say the person's name (like they're supposed to) they'll say
something like "Sympatico Help Desk, Can I have your user ID please?". People
enter the wrong account number all the time, so it's no biggie - but you'll
have to have a user ID. User ID's usually begin with b1xxxx (the x's represent
numbers). If you live in the Yukon then they will start with y1xxxx, if you
live in Newfoundland they'll start with a1xxxx, some areas in Nova Scotia also
start with a1xxxx. Once you give them the user ID they may ask you for your
address. This is when you need to get creative, you can say you just moved and
don't remember so you have to look at a piece of mail - when the address
doesn't correspond with their address you can say "well, I changed it
yesterday with the Billing department. How long does it take for the address
change to show in your database?" The help desk agent more than likely won't
know that answer since the Billing department is responsible for address
changes and such. You can say something like "well, when we're done here can
you transfer me to billing so I can make sure they made the change? I don't
want to be late paying my bill", showing concern for the well being of the
account is always good, when they transfer you, just hang up. Just be creative
and pay attention. If the help desk agent says the account holder's name at
any point in time that's key. Even if it's some weird name and you aren't sure
how to spell it, you can simply complain that companies never spell your name
right and your bills have a different spelling on each one (or something like
that).

If you can get a Sympatico email address and you know the person's name then
getting a password from help desk is very simple. The Sympatico email
addresses resolve to the person's user id, so if you have the email address
then you have the user id. If you have access to any mail server, it doesn't
matter if it's in your name or not, telnet to the mail server and send
yourself an email (be sure to put your email address as a blind carbon copy
so your email address isn't visible), put the Sympatico email address in the
"To:" or "CC:" field and the mail server will resolve the user id for you so
when you get the email (they'll get the email too, so make sure you make it
look like Spam or something) all of the Sympatico email addresses you entered
will be in the form of their user id, it'll look like "[email protected]".
I'm sure there's an easier way to resolve the addresses if you only have one
address to resolve, but if you have a bunch of email addresses (you can get
tons of email addresses from the Sympatico newsgroups by the way) it's easier
just to send yourself an email and it'll resolve all of the addresses at the
same time. Once you have the user id and email address, there are several
things you can do to get this account's password. The easier way would be to
call help desk and say that you can't get into your mail box because you get
an error message saying that the password is wrong (remember not to mention
authentication or anything, choose your words carefully - you want to sound as
computer illiterate as possible.). The help desk agent will ask you to verify
the password - the Sympatico passwords usually contain lower case letters and
numbers. The letters are always lower case and 8 characters long. You can say
that it's already in the password field but you can't see it because of the
*'s (asterisks) and that you had it written down somewhere (rustle paper
around and stuff, make it sound like you are looking for it), just say you
can't find it. Make up a convincing story about how you haven't changed it and
it's been in the password field and worked yesterday. Ask them if they are
having problems with mail (try not to mention mail servers, again this will
make you sound smarter than you want to sound), eventually the help desk agent
will get fed up and tell you to write down the password and they'll give it to
you. This has worked more times than not for me - the key to sound really
computer illiterate and really dumb. As with any call you make to the help
desk, it just depends on who you get and how convincing you sound.

The time you decide to call will also make things easier on you. It's always
worse to get someone at the beginning of their shift. Most shifts are at
either 7am - 3pm, 8am - 4pm, 4pm - midnight, 11pm - 7am (those are the
regularly scheduled shifts for the help desk.). The abuse department works
from 8am - 4pm and 4pm to midnight. So time your call properly and it'll make
everything that much easier for you. The people who work from 11pm - 7am are
never happy so if you call at like 2am, they're already sick of taking calls
from drunken bastards who piss them off - it's always better to avoid calling
those guys, they're tired and unpredictable! Grin

If you have to call back and try again, make sure you do it during high peak
hours, like around 6pm (the help desk is in the eastern time zone ([-4 GMT],
EST) because if the help desk agent you last spoke to is free you will get
that person again. The system is designed to direct your call to the last
person you spoke to unless they are already talking to someone else. There are
probably a couple of hundred help desk agents, including billing and the high
speed agents, so if you call during high peak hours the chances of getting the
same person are slim. If you call back using the same user ID and/or account
information there will more than likely be a ticket already logged in remedy
that describes the last call. If you messed up really bad and the help desk
agent noticed, it would be logged in the ticket. Even if you mess up you can
always leave the call open by saying something like "I can't find the address
(or whatever piece of info it is you are stuck on), I'll have to call back"
then when you do call back it won't seem so weird because the fact that you
are calling back will be logged in the ticket.

CONCLUSION
Don't be afraid to use this information, the worst thing that can happen is
you won't get the information you want and will have to call back. Try not to
raise any suspicion by hanging up on the person, ride it out until they give
you the information you need. Be persistent and creative, you'll get what you
want. This information should help, it's not meant to be the official guide -
use it for tips and bits of information. As with everything else, you have to
figure stuff out on your own.
Reply
#2
sticky this shit, this is in-depth and informative
Nice work!
Reply
#3
Damn, this shit is a gamechanger, but this needs to be polished up before I can sticky it.

Too text heavy.
Reply
#4
>> http://www.ripprforums.com/showthread.php?tid=15
Reply
#5
Probable one if not the best methods to get a lot of information about someone just with their IP.
Great share, if you get good at this you can do a lot.
Reply
#6
Wow.. Amazing tutorial... +1 friend. +2 for inventive social engeering :D Even though you just leaked, thanks for finding this! Another scary example why IPs can be so dangerous.
Reply
#7
get raided later that day
Reply
#8
Thanks for this tutorial :D
Reply
#9
Thanks for this tutorial, always wondered how this was done.
Reply
#10
to lazy to read all this fucking sht
Reply
#11
This content is leeched, and out of date as fuck, you're just trying to make some quick rep you fuck, so stop shitposting for credits.
Reply
#12
thank you for sharing this info! :-)
Reply
 


Possibly Related Threads...
Thread Author Replies Views Last Post
  [HOT] NEW DOXING METHOD [LEAK] LeakingDatabases 3 231 10-03-2017, 04:15 PM
Last Post: tit



Users browsing this thread: 2 Guest(s)