Friday, July 31, 2009

Email Hacking!

"Hotmail hacking" is perhaps one of the most searched terms on the internet. It is something that you see everyone talking about, from novices and script kiddies to pros and security analysts. Today we are going to discuss what Hotmail Hacking is all about.

Though it would be kind of technically wrong to use the term 'hacking' here, but to skip the explanatory part about the line distinguishing hacking from cracking for later, I'll go by the term 'hacking'.

Disclaimer: The following information is just for the sake of knowledge and I shall not be held responsible for the misuse of any of this information.


Okay, so let's start with the question: Can you really hack hotmail accounts?


If you think you can, think again. Hacking hotmail accounts is not as cheesy as it sounds. Some of the best security professionals from around the world share the responsibility of making hotmail more secure and safe. So unless you have an extraordinary trick up your sleeve, literally cracking an account is not an option.

What you can do is apply different methods to guess the password which is called brute forcing in more technical terms, or to impersonate hotmail or msn and trick the user into you tell his password. This technique is called Social Engineering.

There are certain other ways which are also discussed below though their effectiveness depends on the expertise of the user more than the sharpness of the method.

Brute Forcing
- Brute forcing in simple terms is using all sorts of possible words in place of a password. Though once useful, this method has low credibility now due to increased user awareness level. But still, sometimes it can come in very handy. Do as follows:

1>>Connect the hotmail server on port 110 using telnet.
2>>Type USER and enter the username of the account you want to crack.
3>>Type PASS and then guess the password.
4>>Keep repeating until you are able to guess the password.

This can be done in a quicker and less hectic manner by the use of 'Brute Forcers'. A good brute forcer is Munga Bunga's HTTP Brute Forcer.

Using a Fake Login Screen
- The victim can be fooled into typing his password into a fake login screen which looks similar to that of a hotmail login screen. Such methods are wisely deceitful if used sensibly. Once the user types in his login details, they are mailed to a specific email address.

1>>Go to http://www.hotmail.com.
2>>Right click and select 'View Source'.
3>>Copy the source code and paste it in the notepad.

You can play with the source code to make a fake login page.

Javascripting and Cookies
- One thing should be very clear in your mind. If you want to learn how to hack, you have to learn basics of atleast a few programming languages which include Java and Javascript. Other mandatory stuff is of course HTML and VBScript. Learning C++ is always a starting point anyways. So the key is the fact that web programmers tend to use relatively easy web based languages at the expense of security sometimes. So if you know how to write wickedly in Javascript, you're on. Stealing somebody else's cookies can reveal their passwords at times. And yes, Google is your best friend. ;-)

Key-loggers and Trojans
- This is an old trick and due to increased amount of Antivirus Sofware in use these days, it's prone to getting caught. But if you're good with programming, you can write your own little keyloggers and Trojans and send them to the victim. They'll record all the keystrokes or the passwords of the victim and send them to you. You can also install a good key logger on your computer and trick the user to use his account using your computer. The key logger will record the password which you can later steal from the logs.

Social Engineering
- Ever got a mail telling you that your security is being compromised and you need to send your password to a 'BOT' to check it for strength? Or ever came across a 'hacking method' which asks you to send your own password along with a given script to 'hotmail server' to crack it? This is all trickery and is a direct consequence of the application of Social Engineering.

Have a look at this.


Hello Hotmail users. There have been many attempts to hack hotmail.com. Unfortunately all of them have failed, EXCEPT this one. I though have found out a revolutionary way to hack hotmail. And might I add it's as easy as ABC. After 8 months of research we have found the broken link. VerificationAutoBot to be exact. VerificationAutoBot@hotmail.com is a bot, an auto bot. You send it a letter and within a week it will send you one back. The ULTIMATE hack for hotmail is as follows:
First send a letter to verificationautobot@hotmail.com, second within the Subject heading place the word "Password" (not in quotes but has to have a capital P) this way the automated bot recognizes what you are after. Then in the text field place the name of the person at hotmail that you want to hack (Do not put @hotmail.com after their name). No capital letters are to be put in this place. Then skip three (3) lines and place your own hotmail account information such as: "My login:My password" (a semicolon makes it easier for the bot to recognize). This way the bot can verify that your account actually exists. And then supplies you with the password for the person's account that you want it for. Here is an example:

--------------------------------------------------------------------------------

To: verificationautobot@hotmail.com
bcc:
cc:
Subject: Password
login of the person you want to hack
yourlogin:yourpassword
--------------------------------------------------------------------------------
This IS the only way to hack hotmail. Use it with care.
Thank You Hackers attackers


This is a trick to get you to reveal your passwords!


Though sounds a little naive, but a lot of people fall for this trick. Remember!
Never ever follow any method which requires your own password to be sent to a third party; let it be a bot or Hotmail Security Server or whatever. But if you turn the tables, this trick can come in pretty handy at times. ;-)

Keep looking for more! Happy Hacking! :D

Related Posts

Want to learn more about Telnet? Click here for a tutorial!

Thursday, July 30, 2009

Google Hacking!

There’s one big secret everybody knows and nobody seems to care about. Google is the key to your Universe. It can open doors beyond imagination. And the plus point is, you don’t have to pay for anything Google does for you.

Okay, so now we begin with what we shall call google hacking. Exploiting the search engine’s massive listings to your very advantage. Let’s begin!

Google for Music, Videos and other files!
Google can search for almost any file type, including Mp3s and PDFs and what not. Open web directories are one of the easiest places to quickly find an endless number of freely downloadable files. This is exactly what webmasters leave their servers open for! =D
For example:

A more general approach would go like this : intitle:"index of" songname/artist name



Notice that just by changing the required formats or the keywords, we can give the same search a completely new dimension. Replace (pdf|doc) by (ppt) to get powerpoint presentations, for instance.

View Unsecured Webcams Worldwide!
Did you know that you can sit infront of your screen and control open webcams 10, 000 miles away? Yes, you can! And it’s heck a lot of fun! =D
To view Axis Webcams: inurl:view/index.shtml
To view Cannon Webcams: sample/LvAppl/
To view MOBOTIX Webcams: control/userimage.html
To view FlexWatch Webcams: /app/idxas.html


Find Free Anonymous Web Proxies!
At school and want to visit your social bee website but being stopped by irritating filters? Or at office and striving for privacy for reasons obvious enough? Now, it’s all yours with free web proxies! A free anonymous web proxy site allows any web browser to access other third-party websites by channeling the browser’s connection through the proxy.
This trick is free and easy to access from anywhere via Google. All you have to do is look through the search results returned by the queries below, find a proxy that works, and enter in the URL of the site you want to browse anonymously.
inurl:”nph-proxy.cgi” “start using cgiproxy”
inurl:”nph-proxy.cgi” “Start browsing through this CGI-based proxy”


Find Free Passwords!
You can find free passwords using Google! This can be done for different sites aswell as different paid accounts or softwares which cost alot! =)
"# -FrontPage-" inurl:service.pwd
Frontpage passwords!

"AutoCreate=TRUE password=*"
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. For those who can read Japanese, check out the author's site at: http://www.coara.or.jp/~passy/

"http://*:*@www" domainname
This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the .com or .net

"sets mode: +k"
This search reveals channel keys (passwords) on IRC as revealed from IRC chat logs.

allinurl: admin mdb
Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are!

allinurl:auth_user_file.txt
DCForum's password file. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Some lists are bigger than others, all are fun, and all belong to googledorks. =)

intitle:"Index of" config.php
This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database.

eggdrop filetype:user user
These are eggdrop config files. Avoiding a full-blown descussion about eggdrops and IRC bots, suffice it to say that this file contains usernames and passwords for IRC users.

intitle:index.of.etc
This search gets you access to the etc directory, where many many many types of password files can be found. This link is not as reliable, but crawling etc directories can be really fun!

filetype:bak inurl:"htaccess|passwd|shadow|htusers"
This will search for backup files (*.bak) created by some editors or even by the administrator himself (before activating a new version). Changing the extenstion of a file on a webserver can have ugly consequences.

Looking for a serial key!
In the google search bar type in just like this - "Windows XP Professional" 94FBRthe key is the 94FBR code.. it was included with many MS Office registration codes so this will help you dramatically reduce the amount of 'fake' porn sites that trick you.
Or if you want to find the serial for winzip 8.1 - "Winzip 8.1" 94FBR


A little explanation of what is happening!
Here is an explanation of what is meant by each term and what it does behind the scene.
link:URL = lists other pages that link to the URL
related:URL = lists other pages that are related to the URL.
site:domain.com “search term = restricts search results to the given domain.
allinurl:WORDS = shows only pages with all search terms in the url.
inurl:WORD = like allinurl: but filters the URL based on the first term only.
allintitle:WORD = shows only results with terms in title.
intitle:WORD = similar to allintitle, but only for the next word.
cache:URL = will show the Google cached version of the URL.
info:URL = will show a page containing links to related searches, backlinks, and pages containing the url. This is the same as typing the url into the search box.
filetype:SOMEFILETYPE = will restrict searches to that filetype
-filetype:SOMEFILETYPE = will remove that file type from the search.
site:www.somesite.net “+www.somesite.net” = shows you how many pages of your site are indexed by google.
allintext: = searches only within text of pages, but not in the links or page title.
allinlinks: = searches only within links, not text or title.
WordA OR WordB = search for either the word A or B.
“Word” OR “Phrase” = search exact word or phrase.
WordA -WordB = find word A but filter results that include word B.
WordA +WordB = results much contain both Word A and Word B.
Courtesy MarcAndAngel and i-hacked.

Wednesday, July 22, 2009

Hacker?

'Hacker' is a tricky term which stands largely misunderstood. It usually carves the image of a geek who sits infront of a computer screen and random digits in green striding in from every direction. And yes, an 'Access Granted' keeps popping in from somewhere every now and then. This description, however, is hugely fictionalized.

A 'hacker', according to Wikipedia, is a person who creates and modifies computer software and computer hardware, including computer programming, administration, and security-related items. The term usually bears strong connotations, but may be either positive or negative depending on cultural context.

In other technical fields, hacker is extended to mean a person who makes things work beyond perceived limits through their own technical skill, such as a hardware hacker, or reality hacker.

In hacker culture, a hacker is a person who has attained a certain social status and is recognized among members of the culture for commitment to the culture's values and a certain amount of technical knowledge.

In the same context, this blog is meant to share technical knowledge and expertise. To bring hacking out of fiction into the arena of reality. To make people know what it truly is.

To make all of us hackers realize the dream we've always had!

Hacking this life! Hacking The Universe!

Take a look!

Intrigued by the 'Hotmail Hacking' hype? Click to learn more!
Google Hacking - Learn the tricks NOW!