daily pastebin goal


signinmyaccount Aug 14th, 2016 (edited) 84 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  4. *///#Knowhowitsdone
  5. //Reason why i made this paste: Cluster up methods on how people will attempt to SE and/or DOX. These methods already have been released, I'm just spreading the knowledge.
  7. METHOD #0)
  9. I've decided to release my guide/tutorial to ISP Doxing.
  11. Things you need:
  12. >Basic Social Engineering Skills.
  13. >Intelligence
  14. >Skype
  16. Find your victim, pull their IP. And look up the IP online. Once you know their ISP, google the Support/Customer Care line for it.
  18. Once you have that number, get on Skype and call. These are Toll-Free Numbers, so don't worry about Credits.
  20. Keep Pressing Buttons/Etc. to get to the Live Representative.
  22. Each ISP has their own Program that they use for looking up Customer Information. Here is a list of Major US Providers and their Tools.
  24. \
  25. AT&T
  26. • Systems: CCTP (Call Center Transformation Program), G2
  28. Cox
  29. • Systems: Icon, Polar
  31. Charter
  32. • Systems: Sigma, IRIS
  34. Comcast
  35. • Systems: ACSR, Comtrac, CSG, Einstien, Grandslam, Vision
  37. Time Warner / Road Runner
  38. • Systems: Real, Unify
  40. Verizon
  41. • Systems: Coffee
  42. /
  44. Once you are talking to a Representative, you can follow this script, and modify it with your own information/etc. Going to be using Comcast as an example.
  46. *You: Hello, My name is Joe, and I'm with Tech Support. I was trying to look up a Customer’s Account Information in Grandslam, when our systems crashed. I currently cannot open up Grandslam or CSG. I was wondering if you could help me out and look up a customer’s information on your end. Thanks.
  47. Agent: They will ask you for a Phone number. Reply with:
  48. *You: Unfortunately, I only have their IP address, since I was in Live Chat with them. I have them on scheduled called back in 3 hours. I know Grandslam can look up Customer Info with an IP, can you try it in that.
  49. Agent: Sure... blah, blah, give them the IP.
  50. *You: They should look everything up. You can ask for:
  51. >Name on the account
  52. >Address
  53. >Phone Number
  54. >Account Number
  55. >Last 4 of the SSN
  58. METHOD #1)
  60. 1. Call comcast
  61. 2. Hello my name is (What ever name you want) and my employee id is (What ever you want e.g 809*jly) and i am from customer care and my floor is down because of maintenance and my level 2 told me to contact you guys to look up an account for me and verify some information?
  62. 3. (If you want to use the comcast ip address make sure you ask them to tell them to use the GrandSlam system to lookup from the ip address because that is the only system that can lookup accounts from the ip address if you have something else like the phone #, account #, name, address etc use ascr, csg, comtrac but if you dont ask them they will use ascr/csg by default) So provide them what ever information you have.
  63. 4. Ask them if they have the account pulled up yet. If yes, say can you verify the name and so on.
  64. 5. Once you have the information you say "thank you for your cooperation have a nice shift".
  65. Here is a format to lay the information out:
  66. IP:
  67. Name on file:
  68. DOB on file:
  69. SSN on file:
  70. Phone on file:
  71. Address on file:
  72. Comcast Account #:
  73. Primary Comcast Email:
  75. ------------------------------------------------------------------------------------------------------------------------------------
  77. METHOD #2)
  79. Introduction
  80. If you've come to a stop point when doxing someone and the only way you can get to them is to dox via ISP (Internet Service Provider), you're in the right place.
  81. Why Do This When I Have Google?
  82. ISP doxing is extremely simple and it's very quick, all it requires is a small amount of patience and you can't sound like a little kid.
  83. How To Find Out The I.P. and ISP
  84. Find the person's I.P. address through programs like Skype, Xbox Live, or some other way.
  85. - To find an I.P. through Skype, look for a Skype resolver. If you're too lazy to type it in to google, look This link is hidden from you. If you want to see it you have to register on this board.. If that doesn't work for any reason, just google the damn thing. Type in the Skype name then look for the I.P. which is located wherever.
  86. - To find an I.P. through Xbox Live, refer to This link is hidden from you. If you want to see it you have to register on this board..
  88. Now on to finding the ISP, type in the I.P.This link is hidden from you. If you want to see it you have to register on this board. and look at the last part of hostname and you found the ISP.
  89. Requirements
  90. - Internet Connection
  91. - Skype
  92. - Possibly Skype credits, it all depends on the ISP
  93. - Somewhat deep voice (unless you're a woman)
  94. How To
  95. 1. You want to call up whichever ISP the person is on that you're going to dox using Skype (If you need help finding that, look two lines up).
  96. 2. Refer to This link is hidden from you. If you want to see it you have to register on this board., so you can figure out which tool your desired ISP uses.
  97. 3. Follow the script below.
  98. Conversation
  99. Agent: Hello, my name is Linda. How may I assist you today?
  100. You: Hello, Linda, my name is Max. I work for Comcast as well and I was having a little trouble looking up a customer. Grandslam is down in my department. Would you mind helping me out?
  101. Agent: Sure thing, Max. Let's get to it. Can I have the phone number of the customer you were trying to reach?
  102. You: Linda, the issue to this is that I was only able to manage to get the I.P. Address.
  103. Agent: Could you give me the I.P. Address, Max?
  104. You: Sure thing, Linda. Let me see... Ah, (I.P. Address here)
  105. Agent: Thank you for that information, Max. The name is (doxed person's registered name) and here's the phone number (doxed person's phone number here). And here's the address here (address here).
  107. You: Thank you so much for that information Linda, but I'm afraid I need more information. Can you give me the last 4 of the SSN so I can verify the account holder? (Ask for anything else).
  108. Agent: No problem, Max. (Anything else here).
  109. You: Thank you very much, Linda.
  111. Please be respectful at the end and don't just hang up. They gave you all of this information and could potentially be fired for it. Do the right thing and respect them.
  112. I hope you all enjoyed this tutorial. If you need any help, please come to me.
  114. ------------------------------------------------------------------------------------------------------------------------------------
  116. METHOD #3)
  118.    Successfully Social Engineering an ISP (more specifically, Sympatico)
  120.                                    ***
  122. Social Engineering at any ISP can be easy. Knowing how they operate is key,
  123. knowing what the helpdesk is instructed to do and say in certain circumstances
  124. is imperative.
  127. Social Engineering: Term used among crackers and samurai for cracking
  128. techniques that rely on weaknesses in wetware rather than software; the aim is
  129. to trick people into revealing passwords or other information that compromises
  130. a target system's security. Classic scams include phoning up a mark who has
  131. the required information and posing as a field service tech or a fellow
  132. employee with an urgent access problem. See also the tiger team story in the
  133. patch entry.
  135. http://www.dictionary.com/cgi-bin/dict.pl?term=Social%20Engineering
  138. The first thing you need to do is determine what you want from the ISP. You
  139. may only want a user id or password, or you might be at the other end of the
  140. spectrum and want to create total havoc and chaos at the ISP. Either way,
  141. specifically figure out what you need. I'm going to focus on getting the
  142. password and user ID of Sympatico accounts.
  145. If it's your first shot at calling Sympatico Help Desk (310-SURF), I suggest
  146. calling and asking the help desk agent some simple questions to get a good
  147. idea of how stupid they are. Crack a few jokes and keep the conversation
  148. light. Never EVER let on that you know anything technical. Always play stupid,
  149. it'll make them feel smart and empowered (most help desk agents see themselves
  150. as knowing more than you anyway, so there's no point in getting into a "i know
  151. more than you" argument, it won't get you anywhere). As well, if they can't
  152. answer your technical question they'll have to either ask their supervisor or
  153. another help desk agent that may draw unnecessary attention to your call. I
  154. can't stress enuf, how important it is to come off as being their "buddy". If
  155. you sound nervous and unfriendly they'll question you and not feel bad about
  156. withholding information.
  158. At Sympatico, each call is logged in what they refer to as "tickets", they're
  159. all kept in a database called "remedy". Some help desk agents are lazy and
  160. don't log every call, as well, tickets are usually poorly written and not very
  161. specific. The only department that logs tickets properly (most of the time) is
  162. the Sympatico Abuse department, so be careful if you refer to that department.
  163. The good thing is that most of the staff at Sympatico, whether it be a help
  164. desk agent or supervisor (or who ever) doesn't know what the Abuse Department
  165. does. The abuse department is responsible for answering complaints for network
  166. abuse. Their only function is to either deal with people who get spammed or
  167. hacked, or deal with people on the Sympatico network who do the spamming and
  168. hacking (script kiddies mostly...). This is an important piece of knowledge
  169. because if you are trying to get a password, you can use the excuse that the
  170. Abuse Department reset your password and you can't remember it or you wrote it
  171. down wrong because it doesn't work. If you are going to use that excuse,
  172. you'll need to make up a sob story about how someone got your password and was
  173. using your account to Spam, or send hate mail or whatever. Don't go overboard,
  174. Make it believable! The help desk agent will feel sorry for you and will try
  175. to look up the ticket where the password change was documented, so make sure
  176. you make it a point to mention that you just got off the phone with the abuse
  177. people. They'll hopefully conclude that either they are still working on the
  178. "ticket" or that remedy isn't that quick. When you call Sympatico, the
  179. automated system will ask you to enter your account number, depending on what
  180. your strategy is you may or may not want to enter a number. The number you
  181. enter will bring up an account when the help desk agent answers the call. This
  182. can be a disadvantage or an advantage depending on how the help desk agent
  183. answers the call. What I mean is, sometimes the help desk agents will answer
  184. by saying the person's name, like "Sympatico Help Desk, How can I help you Mr.
  185. Doe?" then you'll already have the person's last name, if you don't know the
  186. first name you can always say you are Mr. Doe's daughter or son and that the
  187. account is yours but your parent's pay for it (or whatever.). If the help desk
  188. agent doesn't say the person's name (like they're supposed to) they'll say
  189. something like "Sympatico Help Desk, Can I have your user ID please?". People
  190. enter the wrong account number all the time, so it's no biggie - but you'll
  191. have to have a user ID. User ID's usually begin with b1xxxx (the x's represent
  192. numbers). If you live in the Yukon then they will start with y1xxxx, if you
  193. live in Newfoundland they'll start with a1xxxx, some areas in Nova Scotia also
  194. start with a1xxxx. Once you give them the user ID they may ask you for your
  195. address. This is when you need to get creative, you can say you just moved and
  196. don't remember so you have to look at a piece of mail - when the address
  197. doesn't correspond with their address you can say "well, I changed it
  198. yesterday with the Billing department. How long does it take for the address
  199. change to show in your database?" The help desk agent more than likely won't
  200. know that answer since the Billing department is responsible for address
  201. changes and such. You can say something like "well, when we're done here can
  202. you transfer me to billing so I can make sure they made the change? I don't
  203. want to be late paying my bill", showing concern for the well being of the
  204. account is always good, when they transfer you, just hang up. Just be creative
  205. and pay attention. If the help desk agent says the account holder's name at
  206. any point in time that's key. Even if it's some weird name and you aren't sure
  207. how to spell it, you can simply complain that companies never spell your name
  208. right and your bills have a different spelling on each one (or something like
  209. that).
  211. If you can get a Sympatico email address and you know the person's name then
  212. getting a password from help desk is very simple. The Sympatico email
  213. addresses resolve to the person's user id, so if you have the email address
  214. then you have the user id. If you have access to any mail server, it doesn't
  215. matter if it's in your name or not, telnet to the mail server and send
  216. yourself an email (be sure to put your email address as a blind carbon copy
  217. so your email address isn't visible), put the Sympatico email address in the
  218. "To:" or "CC:" field and the mail server will resolve the user id for you so
  219. when you get the email (they'll get the email too, so make sure you make it
  220. look like Spam or something) all of the Sympatico email addresses you entered
  221. will be in the form of their user id, it'll look like "b1xxxx@sympatico.ca".
  222. I'm sure there's an easier way to resolve the addresses if you only have one
  223. address to resolve, but if you have a bunch of email addresses (you can get
  224. tons of email addresses from the Sympatico newsgroups by the way) it's easier
  225. just to send yourself an email and it'll resolve all of the addresses at the
  226. same time. Once you have the user id and email address, there are several
  227. things you can do to get this account's password. The easier way would be to
  228. call help desk and say that you can't get into your mail box because you get
  229. an error message saying that the password is wrong (remember not to mention
  230. authentication or anything, choose your words carefully - you want to sound as
  231. computer illiterate as possible.). The help desk agent will ask you to verify
  232. the password - the Sympatico passwords usually contain lower case letters and
  233. numbers. The letters are always lower case and 8 characters long. You can say
  234. that it's already in the password field but you can't see it because of the
  235. *'s (asterisks) and that you had it written down somewhere (rustle paper
  236. around and stuff, make it sound like you are looking for it), just say you
  237. can't find it. Make up a convincing story about how you haven't changed it and
  238. it's been in the password field and worked yesterday. Ask them if they are
  239. having problems with mail (try not to mention mail servers, again this will
  240. make you sound smarter than you want to sound), eventually the help desk agent
  241. will get fed up and tell you to write down the password and they'll give it to
  242. you. This has worked more times than not for me - the key to sound really
  243. computer illiterate and really dumb. As with any call you make to the help
  244. desk, it just depends on who you get and how convincing you sound.
  246. The time you decide to call will also make things easier on you.  It's always
  247. worse to get someone at the beginning of their shift. Most shifts are at
  248. either 7am - 3pm, 8am - 4pm, 4pm - midnight, 11pm - 7am (those are the
  249. regularly scheduled shifts for the help desk.). The abuse department works
  250. from 8am - 4pm and 4pm to midnight. So time your call properly and it'll make
  251. everything that much easier for you. The people who work from 11pm - 7am are
  252. never happy so if you call at like 2am, they're already sick of taking calls
  253. from drunken bastards who piss them off - it's always better to avoid calling
  254. those guys, they're tired and unpredictable! :)
  256. If you have to call back and try again, make sure you do it during high peak
  257. hours, like around 6pm (the help desk is in the eastern time zone ([-4 GMT],
  258. EST) because if the help desk agent you last spoke to is free you will get
  259. that person again.  The system is designed to direct your call to the last
  260. person you spoke to unless they are already talking to someone else. There are
  261. probably a couple of hundred help desk agents, including billing and the high
  262. speed agents, so if you call during high peak hours the chances of getting the
  263. same person are slim. If you call back using the same user ID and/or account
  264. information there will more than likely be a ticket already logged in remedy
  265. that describes the last call. If you messed up really bad and the help desk
  266. agent noticed, it would be logged in the ticket. Even if you mess up you can
  267. always leave the call open by saying something like "I can't find the address
  268. (or whatever piece of info it is you are stuck on), I'll have to call back"
  269. then when you do call back it won't seem so weird because the fact that you
  270. are calling back will be logged in the ticket.
  273. Don't be afraid to use this information, the worst thing that can happen is
  274. you won't get the information you want and will have to call back. Try not to
  275. raise any suspicion by hanging up on the person, ride it out until they give
  276. you the information you need. Be persistent and creative, you'll get what you
  277. want. This information should help, it's not meant to be the official guide -
  278. use it for tips and bits of information. As with everything else, you have to
  279. figure stuff out on your own.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand