Introduction

Many corporations are not aware of the types of data that can be found and used by attackers in the wild. The information that you will be able to find will vary from target to target, but will typically include items such as IP ranges, domain names, e-mail addresses, public financial data, organizational information, technologies used, job titles, phone numbers, usernames and much more. The primary goal of the passive gathering stage is to gather as much actionable data as possible while at the same time leaving few or none indicators that anyone has searched for the data. It takes time and patience to sort through web pages, perform Google hacking, and map systems thoroughly in an attempt to understand the infrastructure of a particular target.

In article let’s assume that we have a task to perform a penetration test for online banking system to verify the ability to guess valid usernames and passwords. If you were a hacker what would you do?

Speaking for myself, first I would write up a quick script to create a dictionary file for potential usernames, secondly, find out the company password policy (like password length, the number of special character and so on..), and based on that, I will build my own password dictionary file. Finally, automate the process to see if we can get a correct password or maybe perform a DoS and block the account after X numbers of failed attempts!!

Many users are using the same username for their bank account, Facebook, Twitter, and other social media. So let’s forge a small python script to illustrate how an attacker could use an ordinary publicly available information and build up a dictionary file which contains Twitter followers for XYZ Bank. At the time of writing this article, XYZ Bank has around 24,027 followers, let’s bring them up!

**Disclaimer: all of the actions explained in this article are counted under Passive Information Gathering and considered legitimate. We just spotlight a smart way of data collection.**
Build your own dictionary file

Twitter and many social websites have something called API < Application Programming Interface > which allows a programmer to write his own code to interact with Twitter and Get/Post information from/to Twitter. Fortunately, we have many libraries in Python that makes my job much easier, so all that I need to do is to register in Twitter developers and use the developer ID/keys in my script to run. The registration process should be something similar to these snapshots:


Intelligence Information Gathering   Collecting Twitter Followers with 25 lines ...
Intelligence Information Gathering   Collecting Twitter Followers with 25 lines ...
Intelligence Information Gathering   Collecting Twitter Followers with 25 lines ...

Tweepy is a Python third-party library allow us to parse Twitter’s data; installing Tweepy is pretty easy:-

[email protected]:~$ sudo apt-get install python-pip
[email protected]:~$ sudo pip install tweepy
Source Code import tweepy
import time
#insert your Twitter keys here
consumer_key = ‘blah blah blah’
consumer_secret = ‘blah blah blah’
access_token = ‘blah blah blah’
access_secret = ‘blah blah blah’
auth = tweepy . auth . OAuthHandler ( consumer_key , consumer_secret )
auth . set_access_token ( access_token , access_secret )
api = tweepy . API ( auth )
list = open ( ‘/home/hkhrais/Desktop/list.txt’ , ‘w’ )
if ( api . verify_credentials ):
print
‘We su c cessfully logged in . ‘
user = tweepy . Cursor ( api . followers , screen_name = “XYZbankgroup” ). items ()
while
True :
try :
u = next ( user )
list . write ( u . screen_name + ‘ \n’ )
except :
time . sleep ( 15 * 60 )
print
‘We got a timeout … Sleeping for 15 minutes’
u = next ( user )
list . write ( u . screen_name + ‘ \n’ )
list . close ()

The code is almost self-explanatory, I passed consumer/token keys to function “ OauthHandler” to identify/authenticate myself to Twitter, after that I asked to get followers ID for ‘ XYZbankgroup ‘ and store it in variable “ user “.

According to Twitter development paper, there’s a limit for how many requests a program can ask, in case of getting followers ID we should wait around 15 minutes otherwise a limit excess exception will show up.

Ethical Hacking Training Resources (InfoSec)

tweepy.error.TweepError: [{‘message’: ‘Rate limit exceeded’, ‘code’: 88}]
Execution Output
[email protected]:~/Desktop/Tweets$ sudo python Twitter.py
[sudo] password for hkhrais:
We su c cessfully logged in
We got a timeout … Sleeping for 15 minutes
We got a timeout … Sleeping for 15 minutes
We got a timeout … Sleeping for 15 minutes
We got a timeout … Sleeping for 15 minutes

We got a timeout … Sleeping for 15 minutes
Traceback (most recent call last):
File “Twitter.py”, line 31, in <module>
u = next(user)
File “/usr/local/lib/python2.7/dist-packages/tweepy/cursor.py”, line 181, in next
self.current_page = self.page_iterator.next()
File “/usr/local/lib/python2.7/dist-packages/tweepy/cursor.py”, line 64, in next
raise StopIteration
StopIteration
[email protected]:~/Desktop/Tweets$

Note that the last exception indicates iteration completion, which means we’ve grabbed the whole followers’ usernames :)

The result:


Intelligence Information Gathering   Collecting Twitter Followers with 25 lines ...
Conclusion

Intelligence gathering requires careful planning, research, and, most importantly, the ability to think like an attacker. With a small Python script (around 25 lines), we could retrieve a 24,027 followers’ usernames for @XYZbankgroup which can be used as good dictionary usernames. Keep in mind that this script gets very handy especially if our target usernames are not English!

References Twitter API https://dev.twitter.com/docs/twitter-libraries Tweepy library https://pypi.python.org/pypi/tweepy/

本文开发(python)相关术语:python基础教程 python多线程 web开发工程师 软件开发工程师 软件开发流程

主题: TwitterFacebookPython
分页:12
转载请注明
本文标题:Intelligence Information Gathering Collecting Twitter Followers with 25 lines ...
本站链接:http://www.codesec.net/view/481642.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 开发(python) | 评论(0) | 阅读(30)