Finding Hidden Gems In Temporary Mail Services
Recon Village @ DEF CON 30 • 12th, 13th and 14th August 2022
Abstract
In today's world, where temporary mail services are used a lot, our project is to monitor these temporary mail services according to the given configuration and to find useful gems.
We wrote a command and control python tool for this research. This Tool is hosted on our private server on amazon. So what does this tool do? This tool constantly scans the most used temporary mail services (yopmail,
tempr.email
, dispostable, guerrila, maildrop) today and indexes the mails falling there according to the words we specify, and keeps us informed via telegram with the telegram API integrated into the tool. This tool has been running on our server for about 1 year and has stored and continues to store more than 1 million mails. In our research, we observed these e-mails, what kind of e-mails are sent in these services and what use these e-mails can be for a hacker. In our research, we were able to take over the accounts containing money from these mail services. In our ongoing research, we have identified information such as confidential personal information, account reset emails, hundreds of game accounts, bitcoin wallet information. We will show them in our presentation, some of which will be censored.
In addition, we will release the tool on github after the presentation. this tool
contains a config. It constantly crawls and monitors the mails in the URLs given in this config file and can save it if you want. It makes the e-mails it will record according to the keywords in the config file that you can configure. Therefore, I can say that this tool is very effective.
For example, I installed this tool and entered words such as ebay, password reset, bitcoin, OTP into the related words. This tool saves or tells you when e-mails containing these words come to the relevant e-mail services instantly. In addition, this tool has telegram API integration. In this way, when the relevant e-mails are received instantly, you can receive information via telegram.
We have included all of these in our research. In addition, while presenting our project, we will perform a live proof of concept and see what valuable things we can gain during the presentation.
In the bonus part, we will show the redteam activities that we noticed while examining these mail services. This place can be very interesting :)