
Data breaches and data leaks have taken over cybersecurity headlines for years. It seems that there is a constant flow of people's private, public, and every other kind of information stolen, leaked, sold and more.
Although data breaches and data leaks are often used interchangeably by the media, in reality, they are two very different things.
A data breach occurs when data is stolen via black hat hackers. So, when an organization is compromised, an insider steals data, or hacked end users have their data compiled — like Experian. Another scenario that comes to mind is from The Privacy Security and OSINT Show, where the host talks about how he found an exposed database with malware logs containing username, passwords and more.
A data leak though? This occurs when data is accidentally exposed. For example, when an organization misconfigures a database or server in a way that allows public access. Think about the terrorist database that was exposed or more recently, a terrorist watchlist.
That said, let's work through how to discover both data leaks and breaches.
Without further ado, here are step-by-step instructions (WITH SCREENSHOTS!) on how to take a fresh Kali Linux install to finding the latest and greatest data leak or breach:
- Download Kali Linux from kali.org
- Extract the downloaded TAR file
- Import it into VirtualBox
*Note: It may take a few minutes for the import to complete*
- Once imported, start the machine and log in using the credentials:
kali/kali
- Click the terminal icon on the taskbar
- Update the aptitude package lists with:
sudo apt-get update
- Update the aptitude packages with:
sudo apt-get upgrade -y
- Upgrade the Kali Linux distribution with:
sudo apt-get dist-upgrade -y
- Lastly, let's remove all unneeded packages with:
sudo apt autoremove -y
- Now, let's install the main tool we will use to discover unsecured databases! It's called LeakLooker-X. We can install with:
cd /opt/
sudo mkdir OSINT
cd OSINT
sudo git clone https://github.com/woj-ciech/LeakLooker-X
cd LeakLooker-X
sudo apt-get install python3-pip
sudo pip3 install -r requirements.txt
- Create an account at Binary Edge (A free account works!)
- After creating account and logging in, click the Account Menu and select API access.
- Now, type in "LeakLooker" and hit Create Token. Now, save that token!
sudo nano config.json
and paste the API token into the "BINARY_EDGE_KEY" value. Now type: `CRTL + O` and hit `ENTER` to savesudo apt-get install celery redis-server -y
sudo python3 manage.py makemigrations
python3 manage.py migrate
python3 manage.py runserver
- Let's open a new terminal tab with `CRTL+SHIFT+T`
- Let's start the redis-server in the new tab or window with:
redis-server
- Let's open another terminal tab with: `CRTL+SHIFT+T`
- Navigate to the LeakLooker-X install directory:
cd /opt/OSINT/LeakLooker-X
- Let's start celery:
sudo celery worker -A leaklooker --loglevel=info
- Now let's open Firefox and go to
"Localhost:8000"
. Also, note your credits since these are used whenever you perform a search. - Click the Search button and then the Keyword button.
- Type in a Keyword such as "msg" and click search.
- Let the results populate.
- Depending on the type of Database, we can access it in different ways.
- For example, this result is a Elastic DB which can be accessed via the web browser.
- Let's look at the data with this:
"IP:9200/api/_search?size=500"
- That's it! Now depending on what you search, you may find sensitive information! For example, if you search "license plate," you may find a database of license plates! It's your turn to be creative and persistent to find the next big data leak!
- And as a bonus, I'll walk you through how to access MongoDB databases, as well!
- For MongoDB first:
sudo apt-get install gnupg
wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list
sudo apt-get update
sudo apt-get install mongodb-org -y
- Now, lets look at this Mongo result from the "msg" search:
- To access the database we can use MongoSH a CLI client with the following:
mongosh "mongodb://IP:27017"
- Once we're connecting we can view the databases with:
show databases
- Now, let's access a database with:
use 'msg'
and then let's view the collections with:show collections
- Lastly, we can view the data with:
db.collectionName.find()
Voilà! Any questions? Feel free to reach out to me on Twitter or comment below.
Lastly, mark your calendars for February 24, 2022 at 3 p.m. ET and join my colleague, Cody Michaels, as he gives a live demo of Google Dorking to find IoT vulnerabilities in the wild.
- Jon Gaines, Senior Application Security Consultant, nVisium
According to a Zscaler report, IoT-specific malware infections jumped 700% amid the pandemic. With nearly 25 billion devices making up the Internet of Things, how can you even begin to protect your environment?
Join Cody Michaels as he gives a live demo of how attackers infiltrate your networks, how to harden your IoT devices, and the value of IoT assessments in securing the enterprise.
***CLICK TO REGISTER***