10 Feb, 2022

A Step-By-Step Guide to Uncovering Data Leaks

by nVisium

Data breaches and data leaks have taken over cybersecurity headlines for years. It seems that there is a constant flow of people's private, public, and every other kind of information stolen, leaked, sold and more. 

Although data breaches and data leaks are often used interchangeably by the media, in reality, they are two very different things.

A data breach occurs when data is stolen via black hat hackers. So, when an organization is compromised, an insider steals data, or hacked end users have their data compiled like Experian. Another scenario that comes to mind is from The Privacy Security and OSINT Show, where the host talks about how he found an exposed database with malware logs containing username, passwords and more. 

A data leak though? This occurs when data is accidentally exposed. For example, when an organization misconfigures a database or server in a way that allows public access. Think about the terrorist database that was exposed or more recently, a terrorist watchlist

That said, let's work through how to discover both data leaks and breaches.

Without further ado, here are step-by-step instructions (WITH SCREENSHOTS!) on how to take a fresh Kali Linux install to finding the latest and greatest data leak or breach:

  1. Download Kali Linux from kali.org 
    1

  2. Extract the downloaded TAR file
  1. Import it into VirtualBox 

    2

 

*Note: It may take a few minutes for the import to complete* 

3

 

  1. Once imported, start the machine and log in using the credentials: kali/kali

  2. Click the terminal icon on the taskbar 

    4

  3. Update the aptitude package lists with: sudo apt-get update 

    5

  4. Update the aptitude packages with: sudo apt-get upgrade -y

    6

  5. Upgrade the Kali Linux distribution with: sudo apt-get dist-upgrade -y

    7

  6. Lastly, let's remove all unneeded packages with: sudo apt autoremove -y

    8

  7. Now, let's install the main tool we will use to discover unsecured databases! It's called LeakLooker-X. We can install with:

  8. cd /opt/

  9. sudo mkdir OSINT

  10. cd OSINT

    9

  11. sudo git clone https://github.com/woj-ciech/LeakLooker-X

    10

  12. cd LeakLooker-X

  13. sudo apt-get install python3-pip

    11

  14. sudo pip3 install -r requirements.txt

    12

  15. Create an account at Binary Edge (A free account works!)

  16. After creating account and logging in, click the Account Menu and select API access.
    13
  17. Now, type in "LeakLooker" and hit Create Token. Now, save that token! 

  18. sudo nano config.json and paste the API token into the "BINARY_EDGE_KEY" value. Now type: `CRTL + O` and hit `ENTER` to save

    14

  19. sudo apt-get install celery redis-server -y 
    15-1


  20. sudo python3 manage.py makemigrations
    16

  21. python3 manage.py migrate

    17

  22. python3 manage.py runserver

    18

  23. Let's open a new terminal tab with `CRTL+SHIFT+T`

  24. Let's start the redis-server in the new tab or window with: redis-server

    19

  25. Let's open another terminal tab with: `CRTL+SHIFT+T`

  26. Navigate to the LeakLooker-X install directory: cd /opt/OSINT/LeakLooker-X

  27. Let's start celery: sudo celery worker -A leaklooker --loglevel=info 

    20

  28. Now let's open Firefox and go to "Localhost:8000". Also, note your credits since these are used whenever you perform a search. 

    21

  29. Click the Search button and then the Keyword button.

  30. Type in a Keyword such as "msg" and click search.

  31. Let the results populate.

  32. Depending on the type of Database, we can access it in different ways. 

  33. For example, this result is a Elastic DB which can be accessed via the web browser. 

    22


  34. Let's look at the data with this: "IP:9200/api/_search?size=500"

    23

  35. That's it! Now depending on what you search, you may find sensitive information! For example, if you search "license plate," you may find a database of license plates! It's your turn to be creative and persistent to find the next big data leak! 

  36. And as a bonus, I'll walk you through how to access MongoDB databases, as well!

  37. For MongoDB first:

  38. sudo apt-get install gnupg

    24

  39. wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -

    25

  40. echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list 
    26

  41. sudo apt-get update

  42. sudo apt-get install mongodb-org -y 

    27

  43. Now, lets look at this Mongo result from the "msg" search:

    28

  44. To access the database we can use MongoSH a CLI client with the following: mongosh "mongodb://IP:27017"

    29

  45. Once we're connecting we can view the databases with: show databases

    30

  46. Now, let's access a database with: use 'msg' and then let's view the collections with: show collections

    31

  47. Lastly, we can view the data with: db.collectionName.find()

    32

Voilà! Any questions? Feel free to reach out to me on Twitter or comment below.

Lastly, mark your calendars for February 24, 2022 at 3 p.m. ET and join my colleague, Cody Michaels, as he gives a live demo of Google Dorking to find IoT vulnerabilities in the wild.

- Jon Gaines, Senior Application Security Consultant, nVisium

According to a Zscaler report, IoT-specific malware infections jumped 700% amid the pandemic. With nearly 25 billion devices making up the Internet of Things, how can you even begin to protect your environment?
Join Cody Michaels as he gives a live demo of how attackers infiltrate your networks, how to harden your IoT devices, and the value of IoT assessments in securing the enterprise.
***CLICK TO REGISTER***

nVisium IoT Webinar

 

Linux data leak data breach Kali OSINT cloud MongoDB elastic search

You might also like:

Get Security Assessment Tips Delivered to your inbox