Doxing Template The key to success is having a unique and sexy arrangement to post the information. Here's a sample template that I just created: ~ DOX dropped by (Your username or way of contact, e.g. Skype or XXMP) =============================================================== Target: (Name) / (IP) / (Alias) =============================================================== Usernames: * * =============================================================== Locations: * * =============================================================== IP info: * * =============================================================== Family: * * =============================================================== Other information: * * =============================================================== Along with the template you can decorate it with this text to art Website: http://1lineart.kulaone.com/#/ Using their Skype Skype is one of the most broken p2p programs out there, and it quite simple to find IP's through unless the user is running their Skype on a different connection. Resolving their IP Resolving their IP is very simple and barely requires you to use your brain. First off, you can resolve using a packet sniffer. Wireshark a known packet sniffer is what we're going to use. You can download it here: https://www.wireshark.org/#download After downloading simply launch it, if you're a beginner it might seem quite confusing, don't worry I will guide you! To start off select what Network you are using, most people use "WiFi" so click that if you're unsure, and press Start. Now you're going to want to add a filter. So, find a box that says "Filter:" it should be located at the top left and enter this inside it: ip.src == YOUR IPV4 ADDRESS and udp.srcport == SKYPE PORT Fill in the blanks with your IPv4 address which you can find from going into Command Prompt and typing “ipconfig”, and enter your skype port. After adding the filter press your "enter" key. Now all you have to do is call the person who’s IP you're trying to get. Once they accept you should be spammed with a bunch of packets from an IP, this is their IP. Make sure to check if it is a proxy or VPN just in case. Another method is using the Skypedeob, a.k.a the deobfuscated version of Skype. All you need to do is open the "Enable logging" file, start Skype, click "view profile" on one of your Skype contacts that is online and then open the debuglog in Notepad++ and ctrl+f this text in .*(r)[1­9] make sure you replace with the username of the skype. Click Regular Expression and hit enter and you should see an IP, if not just keep on clicking enter, and if it still doesn’t show they’re probably offline. Here is the download to a recent Skypedeob version: https://mega.nz/#!dcQVURob!HrASVfzFUwIC2­y7GuCAWwKnpzaajS7_QWqS6OoAlQk If none of those seem to work, you can go for an old fashion IP Logger. One of the easiest but also less productive way is IP logging as most people can distinguish what is an IP logger and what is not. Of course it’s easy to make the logger but sending it and getting someone to click it is just a hassle, unless the person doesn’t pay attention to anything or knows nothing of IP logging. Some methods I use are using HTML to your advantage. If you use a program known as Teamspeak there is a huge bug, the bug is that Teamspeak allows HTML. I will show you how to spoof your IP logger link so that it can show as anything you want. Here is how you do it: [url=IPLOGGERHERE]Fake link here[/url] This is what you’re going to send your victim if you’re in Teamspeak. As you can see, where is says “IPLOGGERHERE” is where you put the link of your IP logger, and where is says “Fake link here” is where you’re going to put anything you want. You could simply just put “click here” or you could be creative and make a link. This is my example: [url=memediplogger.com]http://hackforums.net/[/url] Here are some IP Loggers that I can vouch for: http://grabify.link/ http://skidtools.net/login.php Acquiring and Using an Email doxing with an email. An email can almost always be a good trace, unless you find something like a 10minute mail. Acquiring Email through Facebook A very broadcasted method, not sure if it works anymore but pretty much you sign into your Facebook account, make sure to create a fake account without any private information on it. Now you want to import your contacts from Skype, so find that and sign in then send a request to your contacts. After doing that head over to this link: https://www.facebook.com/invite_history.php then click the hidden emails and complete the captcha and the email should be there. Another method is importing your Facebook contacts through Yahoo to find their email. Basically create a Yahoo and click the top left where it says contacts and choose Facebook, then login and import the contact you want to and voila the email should come up. In the case that you only have the email you can search Skype for an account connected with it. Simply input the full email into the "add contacts" and if there is a Skype connected it should pop up. Forgot Password For Gmail accounts the Forgot Password button is quite superficial and can sometimes really help your dox. So basically for Gmail try logging in, after entering the email click "Forgot Password", it should bring you to a page which says "enter the last password you remember". On the same screen the Username they have chosen should show on top. Sometimes it is a username they use and other times it's their name. You can also go more forward after that and check what recovery email/phone they have chosen and try to guess it. (Not likely to guess with a Phone but can be easy for an email). PayPal Method This used to give you tons of information like their address, phone number and such but now it only gives you the Name, the only way you'll get the address and stuff is if they send you money. The method is quite simple all you need to do is request or send money to the email you have. Once you do that there should be a notification in your Activity and it should say their name. Remember sometimes people put fake leads so don't always go for it. Finding Social Media There are many sites you can use to find social media and accounts on targets. They search the web through tons of social media with the email you give them and return every bit of information they find for you. Here's a list of some social media finders: https://pipl.com/ http://thatsthem.com/ http://com.lullar.com/ https://namechk.com/ http://email.addresssearch.com/ Using their Name Using the target's name is also very helpful. If you have their name then you can possibly find out their address, phone number, and relatives. Remember you cannot use their name if they are below the age of 18. If they aren't below the age of 18 and you know where they live just enter the information in the sites posted below. If you don't know where they live but have their name then you all you can basically do is look at the locations information on some of their social media or accounts or use the IP address geographical location. Here are some sites to do the lookups on: http://10digits.us/ http://thatsthem.com/ http://www.yellowpages.com/ http://www.whitepages.com/ http://www.ussearch.com/ http://www.canada411.ca/ (Canada) http://www.pipl.com/ http://www.peekyou.com/united_kingdom/ (UK) http://webmii.com/ (UK) http://www.ratsit.se/BC/SearchPerson.aspx/ (Sweden) http://www.dgs.dk/ (Denmark) https://find­person­germany.com/ (Germany) Using their Number Just like the name search you can do a lookup on their phone number, except you do not need a location on the user just their number. If nothing shows up you can just search Google, sometimes phone numbers are posted publicly, but haven’t been connected to Whitepages. Here are some sites to do number lookups: http://www.10digits.us/ http://www.reversemobile.com/index.php/ http://www.numberway.com/ http://www.phonenumber.com/ http://www.whitepages.com/ http://www.dgs.dk/ (Denmark) http://www.canada411.ca/ (Canada) https://www.goyellow.da/ (Germany) Using their IP Using the target's IP address is a very powerful way to dox, if you're quite advanced an IP is all you need to leak the user’s information. Geolocating the IP Basically head over to the website http://www.infosniper.net/ and input the IP address then click search. After doing that you should be granted a rough location on the user, along with their hostname, and other information. Remember that this information is pretty inaccurate and you should not think that it is their exact location. ISP Doxing Before doing this make sure you know what you are doing, never call from your home or mobile phone! Always use spoofed numbers! ISP doxing is basically when you call up the users ISP (Internet Service Provider) and SE (Social Engineer) the support into giving you information on the IP address. You can get basic information such as full names, addresses, phone numbers, emails or you can go further and get SSN's and Credit cards. I will not be providing a guide on how to do this, there are a ton out there just search for some. Searching the IP In addition you may also search the IP address, as you can sometimes find another Dox, a leaked database or sometimes sites publicly post their IP ban list. Just go to google and search for their IP address with quotation marks. Ex: “127.0.0.1” Using their Alias' Searching the target's alias(s) is also a good idea unless their alias is "Mike123". Of course searching google for Mike will lead you with millions of results which most likely won’t have any connection with the user. If the user has an alias such as "Carrotcake123lololol" or something along the lines of that it will be much easier. To search with their Skype you can simply type this in the search bar "Skype: (Username)" make sure to include the quotations. Getting their SSN’s Grabbing the target’s SSN is relatively simple but it costs a little BTC. It’s recommended to hide yourself before doing any of this because it is very illegal. So head over to a website known as http://ssndob.so/login and sign up. You can do this on some from the US or UK. Then deposit money into your account, once you have enough funds head over to the search bar and enter all the information you have on the target. After that you should see a couple entries and then just buy ‘em and you’re done. Getting their Credit Report Another illegal and spooky thing to provide on your dox. There are a couple of sites that help you obtain credit reports but the only way to successfully get one is by having tons of your target’s information. There is no possible way of actually gaining credit reports without firstly having a full dox on the person, which is (If they are +18) their DOB, address, phone number, full name, and more. If they aren’t +18 then you’ll have to dox their parents. Here are a couple of sites that can aid you with credit reports: www.annualcreditreport.com www.creditkarma.com Getting their Ancestor’s This unlike other information is very easy to obtain. All that you have to do is look up the sites below and enter in the information it asks you for. Along with that you can look at their Family on Facebook and perhaps they have added their family to it. Here are some ancestry search sites: http://www.advancedbackgroundchecks.com/ http://www.findmypast.com/ http://www.archives.com/search/ancestor/ http://www.familytreesearcher.com/ Viewing their House Picture Attaining the target’s house picture is very simple. Head over to Google Maps and in the search bar enter in the target’s address and in a matter of seconds their house picture should show up. If you want to get a more close view you can click the “earth’ and use the scroll or + and – buttons on the website to get closer. Along with this there is something known as exif­data. Basically once you’re uploading an image to a site you can possibly cache exif­data that can lead to coordinates of where the image was taken. Anyways, head over to one of the sites below and upload then search the image and you should end up with results. Here are some websites to use: http://www.geoimgr.com/ http://exifdata.com/ http://www.makeuseof.com/tag/exif­photo­data­find­understand/ Grabbing their House Information Now I’ll show you how to get the target’s house information such as the number of bedrooms, bathrooms, how large the yard and lot is, etc. All you have to do is go on one of the websites below and enter in the address of the user. Here are some sites you can use: http://www.zillow.com/ http://www.realtor.com/ Using Databases Database, a file or list of information something analyzes and gathers on users. In short words a database is more or less a text file in which information of users is stored, like passwords, emails, usernames, IPs, and much more. Liking this so far? Well, unfortunately databases are rather hard to find or easy but you need to pay a crazy sum of money, at least the more useful ones. But this does not mean that there aren’t any good ones for free, no there are plenty such as the MPGH forums database and 000webhost which have been leaked on many sites. So you don’t want to pay $100 for a database right? No problem, there are a ton of websites that have gathered hundreds of databases in which you can use for just $2 BTC a day. One of those websites is known as http://leakedsource.com/, and just input one of the following registries: Usernames, emails, phone numbers, names, and IP addresses. In result you will get a password (Hashed or real), email, username, and more. Here are a couple free databases and sites to get dbs from: MPGH Database: http://www.filedropper.com/mpgh Nulled.io Database: http://www.filedropper.com/nullediodatabasedump06052016 000webhost Database: http://www.filedropper.com/000webhostcom_1 http://siph0n.net/ https://leakforums.net/ https://citadel.sx/ Social Engineering the User The amount of times I’ve done these techniques and succeeded. Many times when I end up with a blank page I go to a last resort, faking a Skype account and messaging the user and SE’ing them to give me information. Here is a quick guide on how I SE through Skype. Let’s get a setting first, for example I will be faking a PayPal Support member. Me: “Would like to add you as a contact…blah blah blah” Target: “Accepts.”, “Hello who is this?” Me: “Hello, this is Dan with the PayPal support team, we are currently having an attack and encourage all users to change their passwords. Unfortunately you may not manually reset them, we have to reset them for you because they will potentially get logged by the attackers.” Target: “How did you find my Skype?” Me: “We are PayPal, a large organisation that surveys many users and connect much of their information, but in the act that this is the improper account I ask of your email to confirm your identity.” Target: “Ok, it’s ……………@domain.com Me: “Aaaaah, yes I found you. May I just ask for another method of access such as a card linked, phone number, address, or current password?” Target: “Yeah, my password is *********.” Me: “Alright let me just check here, yep everything looks fine. Now what do you wish your new password to be?” Target: “I guess change it to **********.” Me: “Very fell, the process will take up to 1 hour, please do not login to PayPal until we send out emails stating that you can. Thank you for your time and patience, Goodbye.” Target: “Cya m9.” And it can be done like this, or so this is how I usually do it. Although very skeptical people will usually either decline and block you, or just be notorious trolls. If they get quite curious though and say the PayPal site looks fine you can just say, “Our site is currently being controlled by hackers and they currently have stolen up to $1 million dollars. We are currently moving and changing our database and we need you to choose a new password.” Or something along those lines. Customize this however you want and have fun. Picture to Account Basically when someone posts a picture it sometimes can be taken from a photo hosting website, you can right click it and click it and open in a new tab and sometimes it will lead to imgur or something. Or if you have a picture of the user in real life you could reverse the image to find if there is another profile that it is linked with. You can do this with the website known as https://www.tineye.com/ What to do after completing a Dox A very interesting subject that many get after completing a Dox is “What the fuck do I do now”. Act like a badass or el1te hax0r? Sure go ahead! Or you can get a little lethal and do some of these suggestions: Posting Le Dox: The easiest of them is just posting the dox. Here are some sites to post doxes on: http://pastebin.com/ http://skidpaste.org/ http://paste4btc.com/ Pizza Bombing: Basically, when you order many pizza’s to the address of the user, unfortunately I’m not quite sure if this works anymore but I’ll implement it anyways. Simply head over to https://www.dominos.com/en/ and order whatever you want to the person’s house. If you intentionally order a large meal you will be prompted to confirm the order via a call to a phone. Don’t worry, I will teach you how to make a free number in the anonymity section. Swatting: Now claimed as an illegal act, swatting is when you ring up the police and claim your target has a bomb or is doing something worthy of a Swat team arriving and raiding the home. I do not condone anyone to swat. Craigslist: A godly website, known as craigslist is the horror point of doxing. One of my favorite things is faking a large party at the place. All you have to do is create a thread on it exclaiming that there will be free food, DJ, booze and many chicks and you will have a total sausage fest. In the thread include the address, your email just in case people have questions and the date it is occurring. (Best days of the week would have to be Friday – Sunday and the time could be from 8:00pm till 12:00am. DDoS: Although this is quite pointless unless you have like a huge net and can boot for days on days. Legal action: If the user has done something illegal the best option is to inform the police, and give them all the info you have (apart from the illegal stuff you gained, if you did). Anonymity Introduction (BONUS) What is the point of performing and posting a Dox or simply searching the internet if you can’t cover up your tracks? Welcome to anonymity section, I will guide you on how to conceal the light and live in only the darkness. As dark as it sounds it’s actually pleasant. Now, let us begin! Hiding your IP address An IP address, a useless set of numbers right? No, your IP is something that is quite important to you and those willing to attack you. With these magical set of numbers people may DDoS you, dox you, and more. Here I will guide you into fully securing your IP address from others. Using a VPN A VPN also known as a Virtual Private Network, is a Network in which you connect to the providers networks and you can do whatever on them. Almost like connecting to Starbucks Wi­Fi. If you are planning to perform illegal activity on them I highly suggest you not to as most log information on users and if authorities ask for it the VPN service is required to hand it over. Benefits of having a VPN are: your IP address changes, you can visit blocked websites, and more. VPN’s to use: Cryptic’s VPN: http://hackforums.net/showthread.php?tid=5231265 (Favorite) RA4WVPN: http://hackforums.net/showthread.php?tid=4692270 143VPN: http://hackforums.net/showthread.php?tid=4892146 IPVanish: https://www.ipvanish.com/ Private Internet Access: https://www.privateinternetaccess.com/ Using Tor Tor was pretty secure but is getting way less secure do to the government having access to it and such. Anyways it’s still a very good program. Also you won’t be able to access HF, Netflix and all those anti proxy sites due to Tor being blocked. Firstly, head over to https://www.torproject.org/download/download and locate your operating system. Click your OS and download the Expert Bundle. Then, move your Tor .zip file to wherever you would like and open it up, then click the Tor file located inside the .zip and run the tor.exe and you're gucci. Now that you have Tor up and running we want to route most of our applications through it. For this tutorial I'll simply use Skype and Firefox as an example. Open up Skype and head to Tools>Options>Advanced>Connection. Now that you're there you want to set the port type to SOCKS5 and input 127.0.0.1 into the Host label and 9050 into the port (Tor runs through port 9050). Also, input 9050 into the "Use port ____ for incoming connections". Now for Firefox. Open up Firefox and head to Options>Advanced>Connection now click Settings and Check the Manual Proxy Configuration box. Now, input 127.0.0.1 into the SOCKS Host label and 9050 for the port. Lastly, check Socks_v5 below the IP, now click Ok and you should have a slower connection, but be protected by the Onion. Using an RDP An RDP is the acronym for Remote Desktop Protocol, basically a Windows desktop that you can connect through remotely. This can give you a large benefit when for example you are playing a game and want to Skype someone for contact but want to hide your IP. You don’t want to use a VPN as that will give you a slower connection in the game so your next best option is an RDP. There are plenty of them which you can buy or even get for free in the Marketplace on HF. Using a VPS A VPS is basically the Linux based RDP. I honestly think that VPS’ are better because they have far more features. Like for instance setting up a private SOCKS5 proxy on your VPS. Here’s a tutorial on how to do that on CentOS 5, every line is a command: yum update yum upgrade yum install make automake gcc gcc­c++ gcc­g77 nano wget wget http://downloads.sourceforge.net/project/kingate/kingate/2.1/kingate­2.1.tar.gz tar xvf kingate­2.1.tar.gz cd kingate­2.1 sh ./configure ­­prefix=/usr/local/kingate make make install nano /usr/local/kingate/etc/kingate.conf (find socks off and change it to on, find socks_port and change it to whatever you like or leave it default, then save by CTRL X) wget http://soft.vpser.net/proxy/kingate/kingate.init.d mv kingate.init.d /etc/init.d/kingate chmod +x /etc/init.d/kingate service iptables save service iptables stop chkconfig iptables off Then to start it type in: /etc/init.d/kingate start The proxy IP will be your main VPS IP, and port is whatever you set it to. Using Proxies Basically just like Tor except you don’t need to install anything. All you have to do is go scraping for some good proxies, although most people in my opinion don’t use proxies for a soul purpose of staying anonymous over Google Chrome but rather while cracking. Anyways it’s quite simple, all you have to do is do some searches on “proxies” and you will be bombed with pages full of live proxies. Or if you’re quite the lazy gentleman you could pay $1­$4 for a proxy scraper from HF, which supplies you with Lifetime proxies, around 3­5k per day. Removing your Dox Have you already been doxed, and need it removed a.s.a.p.? Well congratulations you’ve located yourself to the right section, these are some methods that will teach you how to remove doxes. If your dox is on a website known as Pastebin you’re guaranteed going to be able to remove it, other sites not so much as people might ask for BTC to remove the dox. Anyways here are some methods on removing the Dox. Report Abuse As much of a meme it sounds it actually works on Pastebin. Basically, click the “report abuse” button and create a Pastebin account and file a complaint against it too and it should disappear in around 3­5 business days. Updating the Dox This is very simple and works really well. Head over to Pastebin and locate your Dox, then copy the whole paste along with the title and create a copy, before posting it tweak the information so it’s very off but don’t switch the social media and such just the dangerous information such as IP’s, addresses, names and such. Once you post it, it should update the post and take over the position of the old paste with the real info. Removing Cache This will delete all the information from deleted/removed pastes. To define that basically when you report a post it gets junked, although removed from Pastebin it is still available when people search for your dox on Google and such. All you have to do to remove the information is head over to this website: https://www.google.com/webmasters/tools/removals?pli=1 Now enter in the URL of the dox and then it’ll say some other stuff. Make sure the page has been removed, you will get denied if the page is a live page, like someone made their own website and posted the dox on there, it won’t work until the owner of the website deletes the content. Getting a Fake Phone Number If you’re just looking to call people, you can use Skype and get a free month subscription to unlimited calls (NO SMS). My personal favorite is this: https://www.textnow.com/ You can also check out this awesome article: http://wizblogger.com/get­fake­mobile­numbers­to­bypass­verification/ Using XXMP Using XXMP over Skype is needed if you’re wanting to be anonymous. It offers encrypted chats and connections so you are anonymous when chatting with people. Using BTC Another thing you want to add to your list is using BTC instead of PayPal and such. My pros are that it offers securable banking and money usage, it is very unlikely someone will hack into your account. Another point to add is that it doesn’t reveal info when you send money, unlike PayPal that hands your Address, Phone number, email and all that to someone BTC does not collect that info and sending money is secure. Also there are no worries about someone charging back because you can’t. Deleting Accounts A huge part of the information in doxes are gathered from Social Media that have much leaked info on them. Here I will show you how to delete your accounts. Email: Gmail: https://www.google.com/accounts/DeleteAccount Yahoo: https://edit.yahoo.com/config/delete_user Microsoft Emails: https://accounts.live.com/CloseAccount.aspx Skype: Although you can’t actually delete your Skype account but you can remove it from the user search. All you have to do is contact Skype Support and tell them you would like to delete your account and they’ll do the rest for you. Outro Again I would like to thank you for reading Savage Doxing and I would love feedback. If you have any questions feel free to private message me and I hope for the best in your further Private Investigations. Another Bonus I thought I’d add: (LOOK BELOW) Jacking accounts tutorials How to jack a Skype: Before we begin, I would like to list the requirements the account you want to "hack" must meet. ● The account must display a Birth date. (Shown here: http://i.imgur.com/ArPoqno.png) ● The account must display a Country. (Shown here: http://i.imgur.com/wbB2vec.png) ● It would also very much help if the account displayed a first and last name, this is not completely necessary but improves your chances of taking the account greatly. ● If the account meets the requirements you can more than likely take it. Let's begin! ● First, find an account you want to take that meets the requirements listed above. ● Now go to http://www.skype.com/go/help.support.request ● Once you're on the correct page it will ask you to "Choose a help topic". Choose "Account and Password". ● You will then be asked to "Choose a related problem". Choose "Password / SkypeName problems", then click the "Next >" button. ● Now it will take you to a page that asks you to "Select a contact method". Click "Email support". ● Here is where you need to fill out some details about the account you want to take. ● For "Country or region" put the country that was listed on the account. ● For "Preferred language" put English. ● For "Your first name" and "Your last name" put their first and last name, if the account didn't display a first or last name and only displayed the username then for the first and last name put that username for both. ● For "Your email address" put an email address you have access too. ● For "Your Skype name" put the Skype username you're wanting to take. ● Now skip everything else and find "What email address did you provide when you registered?" ● For "What email address did you provide when you registered?" put "I don't remember which one I used". ● Now find "What is your date of birth (dd/mm/yy)?". ● For "What is your date of birth (dd/mm/yy)?" put the Birth date that was displayed on the account. ● Now find "When did you create your Skype account (mm/yy)?". ● For "When did you create your Skype account (mm/yy)?" if it's an "OG" account I suggest putting 02/04, if it's just some random person I'd try putting something like 02/12. Just take a guess really! ● Now find "Please provide five names that are in your Contacts list." this part can be a little tricky but do not worry! Here is what I do, I either add the account I want to take on 5 different Skype's and list all the Skypes there. Or if I know 5 contacts the person has added that is a really big benefit! So if you know 5 contacts, be sure to put them there. If not, make 5 Skype's and add the account. Or you can try just putting random usernames. It's a hit or miss really, unless you know for sure 5 contacts they have added. ● Okay, skip everything and find What name (first and last) did you provide when you registered for your account?". ● For "What name (first and last) did you provide when you registered for your account?" put the first and last name that was displayed on the account. Again, if no first or last name was display. Put the username twice. ● Now find "Which country did you select when you registered?". ● For "Which country did you select when you registered?" put the country displayed on the account. ● Now we're done filling out everything we know about the account, hooray! We must now list our "problem" to Skype so they can give us a password reset. ;) For "Subject" put "I do not know my Skype login". Skip "If your question relates to Skype on a particular device, please specify which it is?" For "Description" put "Hello, Skype live chat redirected me here. They said you will be able to change the email on my Skype account. I have forgotten my password to my Skype account and when I try to reset my password with email it says its not in records. I think I forgot which email I used on my account when I signed up. Can you help me please?" Now click the "Send" button!