top of page
Search
  • Writer's pictureotw

Open Source Intelligence (OSINT): Finding Breached Email Addresses , Passwords and Other Credentials

Updated: Feb 15, 2023

Welcome back, my aspiring OSINT Investigators!


In the course of OSINT or forensic investigations, there are often times when you will need an email password of the subject of your investigation. In a security assessment or pentest, you may want to check to see whether you can obtain the passwords of users in the target organization. Nearly everyday, another data breach takes place and those email addresses and other credentials are sold and exchanged on the dark web. If you can obtain those credentials, it will likely make your job much easier.


In previous tutorials, we have demonstrated a number of tools for finding breached email addresses and passwords including h8mail. In this tutorial, we will look at what may be the best tool for finding breached emails, passwords and other credentials, www.dehashed.com.



Step #1: Open a Browser and Navigate to www.dehashed.com


Open a browser and go to www.dehashed.com. Like many other sites such as haveIbeenpwned.com, dehashed collects emails and credentials from data dumps on the dark web that have been compromised by hackers. Unlike those other sites, dehashed provides you all the credentials for a particular email address from the various dumps.



For instance, as part of a forensics investigation of a scammer Instagram account (a legitimate IG account was taken over and used to scam men out of their money), I found the email address that the scammers were using, a.rushubirwa@gmail.com (Note: this was the account the scammers were using, but actually belongs to another person and had been taken over by the scammers). From there, I entered the email address into dehashed.com .

Dehashed finds that the email address appeared in at least 3 data dumps. When we click on one of the dumps, dehashed tells us that we need a subscription to get the passwords or password hashes or other info.


Dehashed is relatively inexpensive and if you are working as an investigator or pentester, its simply a small cost for some key info.




Now that we have subscribed and logged into account, we do the search again. This time when we click on one of the dumps, the hashed password is revealed.



From there, we can then attempt to crack the hash using sites such as;



and



or use such hash cracking tools as John the Ripper or hashcat.



In some cases, the data dumps include other key information. In this dump, the account name, username and IP address are revealed.



This dump from Mathway, included names, Google and Facebook ID's, email addresses, salted hashes and IP addresses.



Step #2: Try Another Email


Let's now try another. This one belongs to a colleague, Mick Scott. His email address, as you might expect, is mick.scott@gmail.com. When we enter it into dehashed, it returns numerous results. When we click on the first result from a data dump of CouponMom.com from 2014, we can see that his password was dumped in plaintext "redinuzi17".


Other dumps reveal another password "fender8".


In another dump, his password was dumped as a hash.


Of course, the user is probably no longer using these passwords but human beings--as we know--tend to use a version of their old passwords. That is where tools such as crunch are so useful in creating variations of a password.



Summary


Whether you are doing an OSINT investigation or a penetration test, finding the credentials of your target can be critical to your success. Although a number of tools are available for obtaining breached credentials from data dumps, dehashed.com may be the best and fastest. Although it is not free, it is inexpensive and may very well be a good investment if you are working as an investigator or information security assessor/pentester.






20,159 views2 comments

2 Comments


astriddavina54
astriddavina54
Jan 02, 2023

i know of a very good hacker that can help you with any type of hacking, either phones or computers. My husband was so smooth at hiding his infidelity so I had no proof for months, I was referred to some hacker and decided to give him a try.. the result was incredible because all my cheating husband’s text messages, emails , facebook and even phone conversations was wired directly to my cellphone. Computerguru helped me put a round-the-clock monitoring on him and I got concrete evidence of his escapades..if you think your spouse is an expert at hiding his cheating adventure, you can contact them too at HENRYCLARKETHICALHACKER@GMAIL.COM on whatsapp12622367526.


Like

You can hire Henryclarkethicalhacker for all your hacking needs which include clearing of criminal and driving records, credit hack fix, college grade changes, cloning phones, spying on anyone, hacking all social media accounts, etc,. Reach him via Henryclarkethicalhacker at gmail com,

Text him,, Whatsapp,,+1 8 1 3 4 2 1 1 3 2 6.


Like
bottom of page