Harvest email addresses using Backtrack and msfconsole

Hello all,

Most of you probably already know what i am about to explain here. But bear with me

Tools you will need :
1) Backtrack 5 ( Contains Msfconsole by default)

Instructions :
1) Lets begin by opening your shell command on Backtrack 5.
2) Next type the following commands shown below :
root@root:~# msfconsole
NOTICE: CREATE TABLE will create implicit sequence “hosts_id_seq” for serial column “hosts.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “hosts_pkey” for table “hosts”
NOTICE: CREATE TABLE will create implicit sequence “clients_id_seq” for serial column “clients.id”
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index “clients_pkey” for table “clients”
* Allow Msfconsole to fully load till the screen below appears.
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM MMMMMMMMMM
MMMN$ vMMMM
MMMNl MMMMM MMMMM JMMMM
MMMNl MMMMMMMN NMMMMMMM JMMMM
MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMNM MMMMMMM MMMMM jMMMM
MMMNI WMMMM MMMMMMM MMMM# JMMMM
MMMMR ?MMNM MMMMM .dMMMM
MMMMNm `?MMM MMMM` dMMMMM
MMMMMMN ?MM MM? NMMMMMN
MMMMMMMMNe JMMMMMNMMM
MMMMMMMMMMNm, eMMMMMNMMNMM
MMMMNNMNMMMMMNx MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM
=[ metasploit v4.2.0-release [core:4.2 api:1.0]
+ — –=[ 805 exploits - 451 auxiliary - 135 post
+ -- --=[ 246 payloads - 27 encoders - 8 nops
=[ svn r15704 updated 163 days ago (2012.02.23)


msf > search gather
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
auxiliary/admin/oracle/tnscmd 2009-02-01 normal Oracle TNS Listener Command Issuer
auxiliary/gather/android_htmlfileprovider normal Android Content Provider File Disclosure
auxiliary/gather/checkpoint_hostname 2011-12-14 normal CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
*Allow search gather to load fully


msf > use auxiliary/gather/search_email_collector
msf auxiliary(search_email_collector) > show options
Module options (auxiliary/gather/search_email_collector):
Name Current Setting Required Description
---- --------------- -------- -----------
DOMAIN yes The domain name to locate email addresses for
OUTFILE no A filename to store the generated email list
SEARCH_BING true yes Enable Bing as a backend search engine
SEARCH_GOOGLE true yes Enable Google as a backend search engine
SEARCH_YAHOO true yes Enable Yahoo! as a backend search engine



msf auxiliary(search_email_collector) > set domain nasa.gov
domain => nasa.gov
msf auxiliary(search_email_collector) > run
[*] Harvesting emails …..
[*] Searching Google for email addresses from nasa.gov
[*] Extracting emails from Google search results…
[*] Searching Bing email addresses from nasa.gov
one [*] Extracting emails from Bing search results…
[*] Searching Yahoo for email addresses from nasa.gov
[*] Extracting emails from Yahoo search results…
[*] Located 23 email addresses for nasa.gov
[*] adam.szabo@nasa.gov
[*] amita.v.mehta@nasa.gov
[*] angela.d.storey@nasa.gov
[*] candrea.k.thomas@nasa.gov
[*] curt.tilmes@nasa.gov
[*] debbie.l.thomas@nasa.gov
[*] dennis.chesters@nasa.gov
[*] elizabeth.b.ward@nasa.gov
[*] elizabeth.s.leblanc@nasa.gov
[*] gordon.d.holman@nasa.gov
[*] james.l.harrington@nasa.gov
[*] john.gerlach@nasa.gov
[*] joy.w.bretthauer@nasa.gov
[*] ksc-specsintact@nasa.gov
[*] lila.b.howarth@nasa.gov
[*] marcus.c.orr@nasa.gov
[*] michael.r.collier@nasa.gov
[*] nasa-satern.support@nasa.gov
[*] nasaedpartners@nasa.gov
[*] patrick.hogan@nasa.gov
[*] rita.m.sambruna@nasa.gov
[*] trent.j.perrotto@nasa.gov
[*] trupti.d.sanghani@nasa.gov
[*] Auxiliary module execution completed
msf auxiliary(search_email_collector) > one Interrupt: use the ‘exit’ command to quit
msf auxiliary(search_email_collector) >
Congratulations!!! we have successfully harvested the email from the desired domain.

Authors Note : Educational Purposes Only.

Popular posts from this blog

Domain Controller Machine Password Reset

Configuring a Certificate on Exchange Receive Connector

Running Multiple NGINX Ingress Controllers in AKS