A Step-By-Step Guide to Uncovering Data Leaks

Data breaches and data leaks have taken over cybersecurity headlines for years. It seems that there is a constant flow of people's private, public, and every other kind of information stolen, leaked, sold and more. 

Although data breaches and data leaks are often used interchangeably by the media, in reality, they are two very different things.

A data breach occurs when data is stolen via black hat hackers. So, when an organization is compromised, an insider steals data, or hacked end users have their data compiled — like Experian. Another scenario that comes to mind is from The Privacy Security and OSINT Show, where the host talks about how he found an exposed database with malware logs containing username, passwords and more. 

A data leak though? This occurs when data is accidentally exposed. For example, when an organization misconfigures a database or server in a way that allows public access. Think about the terrorist database that was exposed or more recently, a terrorist watchlist. 

That said, let's work through how to discover both data leaks and breaches.

Without further ado, here are step-by-step instructions (WITH SCREENSHOTS!) on how to take a fresh Kali Linux install to finding the latest and greatest data leak or breach:

1. Download Kali Linux from kali.org 
   
   
   
2. Extract the downloaded TAR file

3. Import it into VirtualBox 
   
   

*Note: It may take a few minutes for the import to complete* 

4. Once imported, start the machine and log in using the credentials: kali/kali
   
   
5. Click the terminal icon on the taskbar 
   
   
   
   
6. Update the aptitude package lists with: sudo apt-get update 
   
   
   
   
7. Update the aptitude packages with: sudo apt-get upgrade -y
   
   
   
   
8. Upgrade the Kali Linux distribution with: sudo apt-get dist-upgrade -y
   
   
   
   
9. Lastly, let's remove all unneeded packages with: sudo apt autoremove -y
   
   
   
   
10. Now, let's install the main tool we will use to discover unsecured databases! It's called LeakLooker-X. We can install with:
    
    
11. cd /opt/
    
    
12. sudo mkdir OSINT
    
    
13. cd OSINT
    
    
    
    
14. sudo git clone https://github.com/woj-ciech/LeakLooker-X
    
    
    
    
15. cd LeakLooker-X
    
    
16. sudo apt-get install python3-pip
    
    
    
    
17. sudo pip3 install -r requirements.txt
    
    
    
    
18. Create an account at Binary Edge (A free account works!)
    
    
19. After creating account and logging in, click the Account Menu and select API access.
    
20. Now, type in "LeakLooker" and hit Create Token. Now, save that token! 
    
    
21. sudo nano config.json and paste the API token into the "BINARY_EDGE_KEY" value. Now type: `CRTL + O` and hit `ENTER` to save
    
    
    
    
22. sudo apt-get install celery redis-server -y 
    
    
    
    
23. sudo python3 manage.py makemigrations

    
    
24. python3 manage.py migrate
    
    
    
    
25. python3 manage.py runserver
    
    
    
    
26. Let's open a new terminal tab with `CRTL+SHIFT+T`
    
    
27. Let's start the redis-server in the new tab or window with: redis-server
    
    
    
    
28. Let's open another terminal tab with: `CRTL+SHIFT+T`
    
    
29. Navigate to the LeakLooker-X install directory: cd /opt/OSINT/LeakLooker-X
    
    
30. Let's start celery: sudo celery worker -A leaklooker --loglevel=info 
    
    
    
    
31. Now let's open Firefox and go to "Localhost:8000". Also, note your credits since these are used whenever you perform a search. 
    
    
    
    
32. Click the Search button and then the Keyword button.
    
    
33. Type in a Keyword such as "msg" and click search.
    
    
34. Let the results populate.
    
    
35. Depending on the type of Database, we can access it in different ways. 
    
    
36. For example, this result is a Elastic DB which can be accessed via the web browser. 
    
    
    
    
    
37. Let's look at the data with this: "IP:9200/api/_search?size=500"
    
    
    
    
38. That's it! Now depending on what you search, you may find sensitive information! For example, if you search "license plate," you may find a database of license plates! It's your turn to be creative and persistent to find the next big data leak! 
    
    
39. And as a bonus, I'll walk you through how to access MongoDB databases, as well!
    
    
40. For MongoDB first:
    
    
41. sudo apt-get install gnupg
    
    
    
    
42. wget -qO - https://www.mongodb.org/static/pgp/server-5.0.asc | sudo apt-key add -
    
    
    
    
43. echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/5.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-5.0.list 
    
    
    
44. sudo apt-get update
    
    
45. sudo apt-get install mongodb-org -y 
    
    
    
    
46. Now, lets look at this Mongo result from the "msg" search:
    
    
    
    
47. To access the database we can use MongoSH a CLI client with the following: mongosh "mongodb://IP:27017"
    
    
    
    
48. Once we're connecting we can view the databases with: show databases
    
    
    
    
49. Now, let's access a database with: use 'msg' and then let's view the collections with: show collections
    
    
    
    
50. Lastly, we can view the data with: db.collectionName.find()
    
    

Voilà! Any questions? Feel free to reach out to me on Twitter or comment below.

Lastly, mark your calendars for February 24, 2022 at 3 p.m. ET and join my colleague, Cody Michaels, as he gives a live demo of Google Dorking to find IoT vulnerabilities in the wild.

- Jon Gaines, Senior Application Security Consultant, nVisium

According to a Zscaler report, IoT-specific malware infections jumped 700% amid the pandemic. With nearly 25 billion devices making up the Internet of Things, how can you even begin to protect your environment?

Join Cody Michaels as he gives a live demo of how attackers infiltrate your networks, how to harden your IoT devices, and the value of IoT assessments in securing the enterprise.

***CLICK TO REGISTER***