Hacking Email 101

You are most likely reading this because you want to break into somebody�s email
account.

Well, you must understand that there is no 1-2-3 process to anything. I will give
you options to consider when persuing such a task, but it will ultimately be up to
you to do this. This is what you want to do, and no matter what sort of offers you
throw up at anybody, nobody is going to do this for you. There is no program that
is going to do all this for you. Also don�t forget that nobody is going to hold
your hand and lead you through this. I�m offering you as the reader suggestions
for ways you can address this task, and that is about all the help you are going
to get from anybody. So now that I�ve made all that clear, let�s begin�

Things You Should Know

As I mentioned in the previous section, there is no program that will do all this
for you. Almost all the crackers you see out there will not work, because services
like Hotmail, Yahoo!, etc. have it set so that it will lock you from that account
after a certain number of login attempts. There are some rare exceptions, like
some crackers for Yahoo! that are made for cracking �illegal� accounts, but the
thing you must understand about those types of crackers is that they are built to
crack SPECIFICALLY �illegal� names. They can not be used to target a specific
account on Yahoo!, so don�t try to use them for this purpose. Another thing you
must know if you ask this question in any �hacker� chat room/channel (which I
highly discourage), or if you read something on this topic, and you hear that you
have to email some address and in any way have to give up your password in the
process, do NOT believe this. This is a con used to trick gullible people into
handing over their passwords. So don�t fall for this. Well that concludes this
section, now lets get to what you want to know.

If You Have Physical Access

I will start off with options you have if you have physical access to the computer
of the user that you are targeting, because it is a lot easier if you do. One
option you have, that you will hear a lot if you ask this question, and anybody
bothers to answer is to use a keylogger. A keylogger is an excellent option, and
probably the easiest. There are a lot of keyloggers out there, ranging from
hardware keyloggers, to software keyloggers. For this task, you won�t need to buy
a hardware keylogger, since the only advantage to a hardware one is that you can
grab passwords that are given to access a certain local user on the operating
system used. There are a lot of software keyloggers out there, and you can feel
free to check out www.google.com to look at your options. I will go ahead and toss
a couple of keyloggers out to try for those of you who seem allergic to search
engines.

One option you have that is good for a free keylogger is Perfect Keylogger (which
you can find at www.blazingtools.com/bpk.html). It works just fine, and has some
nice options to keep it hidden from your average end user (computer user).

Another option you have, which is probably the best one you can get is Ghost
Keylogger. It has a lot of options that will allow you to get the results of this
program remotely (it will email you the results). However, this is not a free
keylogger, so if you are wanting to get a copy you can look on the file sharing
networks for a copy of the program, and the serial number for it (look on
www.zeropaid.com for different file sharing clients you can try).

Once you have whatever keylogger you are going to use downloaded, just install it
onto the computer you are wanting to monitor, and wait till next time they login
to their email account. You will then have the password for the account. Another
option you have if they use Outlook to access their email account, is to copy the
*.dbx files for their Outlook account onto a floppy, and extract the emails at
home (the dbx file stores the files stored in each Outlook folder on a given
account, meaning the received and sent emails). When you are on the computer of
the user you are targeting, look in

C:\Windows\ApplicationData\Identities\{ACblahblahblah}\Microsoft\ OutlookExpress\
and copy all the .dbx files onto a floppy. Then when you take the .dbx files back
to your house, use DBXtract to extract the messages from these files. Check out
the link below to download this program�.

www.download-freeware-shareware.com/Freeware-Internet.php?Type=4171

Another option you have if you have physical access is to execute a RAT (Remote
Administration Tool, you may know these programs as trojans) server on the
computer. Of course, you do not have to have physical access to go this route, but
it helps. What you must understand is that these tools are known threats, and the
popular ones are quickly detected by antivirus software, and thusly taken care of.
Even ISPs block incoming/outgoing traffic from the most popular ports used by
these programs.

One newcomer in the RAT market that you should know about is Project Leviathan.
This program uses already existing services to host it�s service, instead of
opening up an entirely new port. This allows it to hide itself from any port
detection tool/software firewall that may be in place. This of course will not
guarantee that it�s server program will not be detected by any antivirus software
used (actually, if the user has kept up with his/her signature tables, then it
WILL be detected), but it will give you more of a chance of holding access. Search
the engines to download Project Leviathan�

Once you have downloaded this tool, follow the instructions listed to install and
use this program. However, since this RAT is a command line tool, you will still
need another program set up on the user�s computer in order to catch the desired
password. For this, you can use Password Logger.. Google it

Once you have this downloaded, set it up on the targeted computer. The program
will remain hidden, while logging any types of passwords into a .lst file in the
same directory that you executed it on. Therefore, you can access this *.lst file
through Project Leviathan remotely in order to retrieve the user�s email password
remotely. Well that pretty much concludes it for this section. At this very moment
I can practically hear a lot of you thinking to yourselves �But, but I don�t HAVE
physical access!�. No reason to worry, that�s what the next section is for�

If You Don�t Have Physical Access

Well of course most of you out there will say that you don�t have physical access
to your target�s computer. That�s fine, there still are ways you can gain access
into the desired email account without having to have any sort of physical access.
For this we are going to go back onto the RAT topic, to explain methods that can
be used to fool the user into running the server portion of the RAT (again, a RAT
is a trojan) of your choice. Well first we will discuss the basic �send file�
technique. This is simply convincing the user of the account you want to access to
execute the server portion of your RAT.

To make this convincing, what you will want to do is bind the server.exe to
another *.exe file in order to not raise any doubt when the program appears to do
nothing when it is executed. For this you can use the tool like any exe file to
bind it into another program (make it something like a small game)�

On a side note, make sure the RAT of your choice is a good choice. The program
mentioned in the previous section would not be good in this case, since you do
need physical access in order to set it up. You will have to find the program of
your choice yourself (meaning please don�t ask around for any, people consider
that annoying behavior).

If you don�t like any of those, I�m afraid you are going to have to go to
www.google.com, and look for some yourself. Search for something like �optix pro
download�, or any specific trojan. If you look long enough, among all the virus
notification/help pages, you should come across a site with a list of RATs for you
to use (you are going to eventually have to learn how to navigate a search engine,
you can�t depend on handouts forever). Now back to the topic at hand, you will
want to send this file to the specified user through an instant messaging service.

The reason why is that you need the ip address of the user in order to connect
with the newly established server. Yahoo! Messenger, AOL Instant Messenger, it
really doesn�t matter. What you will do is send the file to the user. Now while
this transfer is going on you will go to Start, then Run, type in �command�, and
press Enter. Once the msdos prompt is open, type in �netstat -n�, and again, press
enter. You will see a list of ip addresses from left to right. The address you
will be looking for will be on the right, and the port it�s established on will
depend on the instant messaging service you are using. With MSN Messenger it will
be remote port 6891, with AOL Instant Messenger it will be remote port 2153, with
ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with Yahoo!
Messenger it will be remote port 1614.

So once you spot the established connection with the file transfer remote port,
then you will take note of the ip address associated with that port. So once the
transfer is complete, and the user has executed the server portion of the RAT,
then you can use the client portion to sniff out his/her password the next time
he/she logs on to his/her account.

Don�t think you can get him/her to accept a file from you? Can you at least get
him/her to access a certain web page? Then maybe this next technique is something
you should look into.

Currently Internet Explorer is quite vulnerable to an exploit that allows you to

drop and execute .exe files via malicious scripting within an html document. For
this what you will want to do is set up a web page, make sure to actually put
something within this page so that the visitor doesn�t get too entirely
suspicious, and then imbed the below script into your web page so that the server
portion of the RAT of your choice is dropped and executed onto the victim�s
computer�

While you are at it, you will also want to set up an ip logger on the web page so
that you can grab the ip address of the user so that you can connect to the newly
established server. Here is the source for a php ip logger you can use on your
page�

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&...

Just insert this source into your page along with the exedrop script, and you are
set. Just convince the user to go to this page, and wait till the next time they
type in their email password. However, what do you do if you can not contact this
user in any way to do any of the above tricks. Well, then you definately have your
work cut out for you. It doesn�t make the task impossible, but it makes it pretty
damn close to it. For this we will want to try info cracking. Info cracking is the
process of trying to gather enough information on the user to go through the
�Forgot my Password� page, to gain access into the email account.

If you happen to know the user personally, then it helps out a lot. You would then
be able to get through the birthday/ zipcode questions with ease, and with a
little mental backtracking, or social engineering (talking) out the information
from the user be able to get past the secret question. However, what do you do if
you do not have this luxury? Well in this case you will have to do a little
detective work to fish out the information you need.

First off, if a profile is available for the user, look at the profile to see if
you can get any information from the profile. Many times users will put
information into their profile, that may help you with cracking the account
through the �Forgot my Password� page (where they live, their age, their birthday
if you are lucky). If no information is provided then what you will want to do is
get on an account that the user does not know about, and try to strike
conversation with the user. Just talk to him/her for a little while, and
inconspicuously get this information out of the user (inconspicuously as in don�t
act like you are trying to put together a census, just make casual talk with the
user and every once in a while ask questions like �When is your birthday?� and
�Where do you live?�, and then respond with simple, casual answers).

Once you have enough information to get past the first page, fill those parts out,
and go to the next page to find out what the secret question is. Once you have the
secret question, you will want to keep making casual conversation with the user
and SLOWLY build up to asking a question that would help you answer the secret
question. Don�t try to get all the information you need in one night or you will
look suspicious. Patience is a virtue when info cracking. Just slowly build up to
this question. For example, if the secret question is something like �What is my
dog�s name?�, then you would keep talking with the user, and eventually ask
him/her �So how many dogs do you have? �Oh, that�s nice. What are their names?�.
The user will most likely not even remember anything about his/her secret
question, so will most likely not find such a question suspicious at all (as long
as you keep it inconspicuous). So there you go, with a few choice words and a
little given time, you have just gotten the user to tell you everything you need
to know to break into his/her email account. The problem with this method is that
once you go through the �Forgot my Password� page, the password will be changed,
and the new password will be given to you. This will of course deny the original
user access to his/her own account. But the point of this task is to get YOU
access, so it really shouldn�t matter.

Almost every one of us has heard a friend complaining that his email account has
been hacked. Or it may have happened to you. The truth is that hacking yahoo
messenger accounts or any other kind of email provider account has become quite a
problem for users.
MSN password hacking or hacking yahoo accounts is no longer the realm of experts.

Thanks to the widespread use of the internet, any hacker can learn the required
tricks to master the art of hacking yahoo ids or hotmail email password hacking.
He only needs to make a basic search with keywords like hacking yahoo passwords,
msn messenger hacking tools, msn hacking programs, hacking yahoo mail, hotmail
hacking programs, hacking yahoo email or even something as simple as hotmail
hacking guide. All of that is out there, ready to be learnt.

Can Emails Be Hacked?

Yes. As a matter of fact, almost anything can be hacked in the Internet. The
problem is that email accounts are the repositories were people store their
private information or even their business data. It is a quite serious condition
and most of the mail providers have taken some measures for stopping it.
Unfortunately, users don�t take them seriously and they don�t follow the
precautions.

There are several methods for hacking yahoo, msn or AOL email accounts. One of
these methods is social engineering. Considered a revolutionary art among the
hacker community, it has proven to be an interesting tool that can be exploited by
anyone.

Social engineering consists in the ability to trick someone in believing that he

is giving information to someone who has the authority to ask for it. The most
common way to do it is through the telephone or via the internet. Let�s say that a
user receives a call from someone who identifies himself as a system administrator
of his company and that he requires some information that could be considered
harmless.

It�s quite probable that that bit of information is the final piece that the
hacker required for finishing his work. Something as innocent as when was the last
time that the system asked the user to change his password could be used by him in
his advantage.

A quite ingenious method within social engineering was a webpage were users
required to enter their mail and password for finding if someone had deleted or
blocked them from their Instant Messenger (IM). Unfortunately, many fell under
this scheme. Hacking yahoo messenger or any other messenger is quite easy if you
find how to exploit the user�s needs.

Alternatives used

Besides social engineering, hackers can obtain your password through other means,
like worms, viruses or Trojans. Once a hacker is inside your computer, he will
look for those files
were your login names and passwords are stored. That�s they reason why it isn�t
considered
safe to store them inside your computer. Even when the provider tells you that it
is safe. Remember than there isn�t a more secure place for keeping your password
than your mind.

Methods Used In The Past !

In the past, one of the common practices used by hacker was using programs that
tried different password combinations until it found the correct one. This method
was contra rested by email providers by giving a limited number of options or by
placing some security measures inside their webpage.

Other method was placing false web pages instead of the original ones. A hacker
could make a user think that he is accessing his email at the webpage of his email
provider. In reality, he was entering all his information to a webpage created by
the hacker. This scheme isn�t used any more since users have become a bit more
careful and have acquired some concepts on internet security. They have started
using secure pages for login which starts

What Are Keyloggers?

Keyloggers are specially devised programs that are installed inside a computer via
a Trojan, a virus or a worm. Once inside, the keylogger will auto execute and
start recording all the key strokes made by the computer user. Once a determined
period of time has gone by, the keylogger will send the keystroke information to
the hacker who sent this infectious software.

Then the hacker will start searching key combinations that can lead him to
determine the password for determined web pages. This simple and effective method
is a favorite among hackers since it can provide them with lots of private
information from their victims.

Many computer users have more than one email account, especially if they use the
messenger services from multiple providers, like Microsoft�s Hotmail, Yahoo�s
Email or AOL email. It doesn�t matter if you have one or many email accounts,
every one of them may be a victim of a hacker. Even with the security measures
imposed by the companies, Yahoo password hacking or hotmail hacking still exist.
And it�s very improbable that will disappear.

So, if you want to protect yourself from people who are hacking yahoo accounts or
whose whole purpose in life is to do some MSN hacking, then increase the number of
special characters in your password and try not to access your email account from
a computer that is not yours. And that goes to IM�s too. The ability for hacking
yahoo messenger or any other IM provider it�s a latent danger for all of us.

LOCALLY STORED PASSWORDS

Most browsers, including Internet Explorer� and Netscape�, the AOL� client, and
Windows� Dial-Up Connections allow you the option to store passwords. These
passwords are stored on the local machine and (depending upon where and how it is
stored) there is usually a method of recovering these passwords. Storing any
password locally is insecure and may allow the password to be recovered by anyone
who has access to the local machine. While we are not currently aware of any
program to recover locally stored AOL� passwords, we do not recommend that these
are secure. Software does exist that can recover most of the other types of
locally stored passwords.

TROJAN

A Trojan is a program that is sent to a user that allows an attacker to control

functions of the target computer, recover information from the target or to delete
or damage files on the target. The name Trojan is given because the program will
usually come attached to some other program or file that entices you to run it.
There are a wide variety of Trojans any number of which can be programmed to
capture passwords as they are typed and to email or transmit them to a third
party. To protect yourself against Trojans, you should never execute or download
software or files that are not from a trusted source. It is critical that anyone
working on internet use a virus protection program (which should catch most
Trojans.) Note that since a Trojan requires the password to be typed or stored in
order to be recovered, this is not an effective way to recover your own password.
It could explain, however, how someone could lose their password to a hacker.
Sending someone a Trojan program is certainly illegal and we do not recommend or
condone this activity. A Trojan is unlikely to be effective in recovering a
particular account password since it requires the target to install it. However,
hackers will often bulk mail Trojans to thousands of people in the hope that a
small percentage will get caught. Legitimate account holders who may have been
caught by a Trojan and can authenticate themselves should contact their service
provider to have their account passwords res

SNIFFING
If two people do not share the same computer, but do share the same network, it
may be possible for one to sniff the others� packets as they sign-on. The traffic
between your computer and the internet site you are accessing may be able to be
recorded and decrypted or �played-back.� This is not a simple attack to execute,
but is possible if two people are close to one another and share a hub. Again,
this is likely to be illegal and we do not condone this activity
account details BIOS password hacking cheating wife cookie exploit crack hotmail
crack hotmail passwords crack messenger crack yahoo! mail crack yahoo passwords
email Email password cracking GMail google exploit google hacking hack hotmail
Hack Hotmail password hack yahoo hack yahoo password hack yahoo password free
hacker Hacking hacking hotmail hacking MSN hacking tools hackmail hotmail hacking
how to crack password how to hack yahoo how to recover yahoo! asswords keyloggers
yahoo yahoo! software yahoo account yahoo email yahoo id yahoo passwords

Source:
http://netonspy.com/drupal-5.3/?q=node/55