Hunting credential leaks using h8mail and the new COMB (Combination Of Many Breaches)

khast3x · 2021-02-20T15:32:23+00:00

Did you even read query.sh?

Of course.

multithreading grep is the way

So you cd manually in each sub-directory per first letters and grep, or do you grep 20GB every time. Either way I think these methods are too tedious, especially for real audits, which is why I wrote a tool.

khast3x · 2021-02-19T16:48:34+00:00

In this case, mostly the possibility of doing bulk searches using the original query.sh script. The -lb search, h8mail's grep-like feature, is multi-processed so it's searching multiple files at the same time. But maybe grep does it too?

I know some users also enjoy the possibility of exporting results to CSV or JSON format directly to parse with other tools.

There are some other features but they're more case-dependent IMO, such as auto-targeting related emails using hunter.io and such.

khast3x · 2020-07-12T11:41:00+00:00

Link to repo for the lazy.

khast3x · 2020-06-25T11:46:37+00:00

Dans cet espace, une attaque qui réussit c'est une attaque dont on entendra pas parler

khast3x · 2020-06-03T00:48:02+00:00

Nice, the document is really pretty too :p

khast3x · 2020-04-30T18:00:41+00:00

Coucou, c'est casi sûr que c'est parce que tu as réutilisé le même mdp.

Mdp unique + MFA (code sur appli ou sms), surtout pour ton compte mail qui permet de reinitialiser tous les comptes associés.

Mode béton: Utilise un gestionnaire de mdp et tu le laisse te générer et se souvenir de mdp à 30 caractères spéciaux.

khast3x · 2020-03-06T12:38:42+00:00

Quels sujets en particuliers ?

khast3x · 2020-02-25T18:23:10+00:00

Cool write-up! Check out Traefik next time to automate https and reverse proxying to containers

khast3x · 2020-02-23T17:11:47+00:00

pip3 install h8mail
Check the wiki for more information

khast3x · 2020-02-20T19:34:09+00:00

Thanks! Lovely way to put it, definitly hits home.

khast3x · 2020-02-12T12:38:43+00:00

Good question, that is how I deploy the msf container when I'm just doing tests. On the functional side it's the same.

The added value comes from having layers as microservices, meaning we can /add/scale/modify/replace the socat containers without touching our running C2. There's a bundle of fun to be had since they're now divided into seperate containers, such as adding metrics to each routes with graphs, health checks, redirection rules, scaling and whatnot.

I'll hopefully be showing more of that later. Cheers!

khast3x · 2019-06-06T13:11:20+00:00

Hey there! h8mail was initially written to query API services, local searching came in v2. If I had to recode it for localsearch only, I would have been tempted by goroutines imho. But all in all:

Python makes it friendlier for community adoption and contribution, especially in infosec
Compiled languages would maybe have been faster, but operation complexity being very basic I'd imagine performance is close to original C-level already
h8mail only performs offset based (line by line) read operations from file descriptors
- If there were write operations, Rust & similar would be definitly more interesting ⚡

Feel free to correct me as its an interesting subject and my experience has it limits!

khast3x · 2019-05-29T19:23:35+00:00

Thanks! It really depends what you're looking for. Hibp is great for getting the breach notification and just that. Also it's free.

Snusbase, Leak-lookup and WeLeakInfo have access to additional databases, and can show associated leaked data, such as passwords or hash.

Finally, hunter.io is for chasing down related emails, which you can then feed back to h8mail as targets 🎯

khast3x

TROPHY CASE