Identify email owners by their password and PGP key

Today I will talk about the sources that I use to identify users by their password and PGP key.

There are several resources on the web that allow you to search for related nicknames and email addresses using leaked passwords:

https://leak-lookup.com/

https://leakpeek.com/

https://breachdirectory.org

/passwords.html

https://eyeofgod.global/

https://leakcheck.io/

https://github.com/jdiazmx/karma/tree/dd49cace6f68772397

a66b04860c10a93f4eb505

http://xjypo5vzgmo7jca6b322dnqbsdnp3amd24ybx26x5nxbusccjkm4pwid.onion/

Next, we learn to identify the user’s mail by its public PGP encryption key. And you didn’t know, go, that it’s possible?

Let’s start with the simplest. So, there are services in the network ( https://www.google.com/search?q=list+of+public+pgp+keyservers ,) on which public PGP keys are laid out.

I personally found peegeepee (https://peegeepee.com/) and keybase (https://keybase.io/) to be the most pleasant services. The data is partially hidden there, but when it scared us.

To extract an email address from a PGP key, we will use the two built-in Linux commands curl and gpg to download and extract the key of interest. Curl is built into Linux and Mac OS by default. For Windows, there is GPG4Win (https://www.gpg4win.org/) which will allow you to download and import PGP keys

Retrieve the full PGP public key:

$ curl https://peegeepee.com/******.asc

We read the data of the full PGP key (including the username and his email):

$ curl https://d.peegeepee.com/******.asc | gpg

REFERENCE: https://medium.com/@ibederov_en

Posted by: @ESPYER

Facebook
Twitter
LinkedIn