How to hack e-mail accounts !! A Detailed Tutorial !

•May 7, 2009 • Leave a Comment

Hello Gentlemen ..its been so long since I published anything. Was busy with my work ! But I have written something recently… so here we go !

The Internetsย  MOST ASKED QUESTION OF ALL TIME !

HOW CAN I HACK HOTMAIL/GMAIL/YAHOO/FACEBOOK

OK ?

Here is the “CORRECT” answer,

I’m merely disappointed by the number of technically illiterate people around the world. The most popular question in any hacking related site is “How to hack e-mail” its not tolerated in any security/hacking related forum and if asked you can expect to get a rant from people. the reason is simple because there are NO ways of hacking a e-mail address by easy means and the people who know this fact often get very annoyed when most people don’t understand WHY its NOT POSSIBLE !

The hacking of a e-mail is possible when a person who owns the account gets hacked. the other way is to hack them directly from the e-mail servers which is most unlikely because these sites use sophisticated Intrusion Detection and highly skilled consultants who are up to date with exploits and patch’s. unless you are a real professional hacker its highly unlikely you will ever break into a e-mail server.

People MUST understand that there are NO PROGRAMS/SOFTWARE’S that can hack a e-mail password when you enter an e-mail address. to understand this better let me explain you how e-mail works

Lets say you have a gmail account

When you enter your username and password and hit login what happens is your outgoing e-mail server encrypts the login information and sends over the network to its destination which is a gmail server which can ONLY decrypt the encrypted credentials then these were checked against its database and if they match it will re direct you to your mail inbox. to authenticate you with the gmail server, it will send you a cookie ( a text file ) with a session ID to your browser confirming that you are authenticated so the gmail server.

So there was a time when e-mail servers gave the option to NOT to use SSL cause it slows down the e-mail. because of the time it takes to encrypt. it was a “happy time” for the hackers who simply used a wifi hotspot to sniff session ID and break into emails !!! why ? because If anyone sniffs your session ID he can use it to login into you mail WITHOUT the password because the session ID is the proof of authentication as I mentioned earlier ^ but with almost all the e-mail servers NOW use a SSL encryption and the Session ID is also encrypted so by sniffing its NOT possible to decrypt the ID !

So there goes Packet Sniffing ๐Ÿ˜ฆ

You may ask so what ? why the encryption cannot be cracked ?

Because The encryption uses Hypertext Transfer Protocol over Secure Socket Layer and public/Private key encryptions technique which is almost impossible to crack. Do some Research on these terms and you will know why its not possible to crack/

If you’re curious and patient enough read this else Skip

http://www.cohn-family.com/encryption.htm

So now the next possible way is to somehow hack into the gmail servers and pull the password hash’s and then crack them. well, sadly not many people have succeeded doing it because its highly impossible and way too risky

Now after reading all this you might have a slight idea why I ask people who claim “they can hack any e-mail” to prove it !! so if you can make a program that can somehow bypass all the security and bring the password from the gmail server then you deserve a noble prize !!!

<But I must tell you that professional hackers do have few techniques to override these terms I mentioned in certain cases….>

NOW ASK ME HOW TO HACK A E-MAIL ?

Ok you clearly know its almost impossible but the good news is that its possible to hack a individuals computer or a web server. most people lack of common sense and so many people have NO technical knowledge whatsoever. so by hacking them its possible to steal their passwords.

Because we can’t hack the password from the servers but we can hack it from the people who use it..

There are so many ways.. here are some of the methods,

1. Fake Login page – Fake page also known as phishing. This process involves creating a fake login page of a certain e-mail and tweaking the password authentication process so when the user inserts login details it will be sent to the hacker. This is the easiest way to hack when the victim has no technical knowledge.

2. Social Engineering – Humans have certain weaknesses and this process involves exploiting someone’s weakness to retrieve a credential such as a password. for an e.g: There are many incidents in the past like once when a hacker phoned a employee of a company (victim) and identified himself as the Technical Engineer of that company and instructed the employee (victim) to follow a set of FAKE system error checking and eventually received his login password from him by simply convincing him to reveal them. its just simple as that/ it does takes lot of confidence and skill.

3. Keylogger – Its an application which runs hidden from a user in the background and logs/records all the keystrokes of a user. when a user types something it will be recorded and saved. when the system goes online the recorded details will be sent to the hacker. which can contain a e-mail login detail. the keyloggers are outdated and most of them are detected by anti-virus programs. but when used in a LAN network or when the hacker has physical access to a system it proves to be effective. so if your girlfriend/boyfriend is cheating on you this is the way to go.. but I still think smart people don’t keep “cheating related e-mails in their inbox” he he

The downfall of keyloggers are that not many keyloggers can be deployed remotely and they are often picked by anti-virus programs (which can be avoided by using code obfuscation or packing/crypting, changing Entry point..but its more complex)

Another downfall of keylogger is that most of them don’t use any encryption and the data is sent as it is, with a skilled reverse engineer its possible to track down the hacker by breaking the file and analysing the code.

4. Trojans – Programs which are often known as backdoors. these programs are similar to keyloggers but they can execute certain commands sent by the hacker. most Trojans have a built in password stealer which is an application that can steal stored browser passwords. also in addition they have far more sophisticated functions such as webcam capture (YES the hacker can see you when you pick your nose) ability to browse/download/edit your files and folders, audio recording, etc.. different Trojans have different functions. All hacker has to do is create a server and send it to the victim and once the victim opens the file it will drop into the victims system and connect to hackers client. now he can issue commands to his server which is in the victims computer and manipulate it whatever the way he likes.

Trojans are very easy to use and most of them use encryption and security evasion techniques and there are TONS of tutorials all over internet if anyone interested in using them.

I hope I have covered enough information. so next time when you see someone asking “How to hack email” Please point it to this thread. so he/she don’t waste his/her time and money.

My advise is if you have a personal issue such as cheating/breaking up I encourage you to sort them by other means. or maybe Go see a doctor. if she dumped you… MOVE ON !

DON’T EVER PAY ANYONE TO HACK ANY EMAIL because ……………. I hope you read the whole thing ^

I hope this sheds some light and answers the most asked question of all time. Feel free to add your suggestions/feedback and if you share this article please keep the credits intact. any questions feel free to ask and if you want feel free to write constructive criticism.

By Max ๐Ÿ™‚
Advertisements

How to boost your WiFi Signal ! Awesome & Simple method

•December 18, 2008 • Leave a Comment

Hello guys I guess everyone’s busy making preparations for Christmas ?

This week I have something really cool ! Have you had this problem when you have a wireless network and use a wireless card and you’re out of signal and you keep disconnecting ? isn’t that a total pain in the ass ?

How many times you have “repaired” the connection and waited till it connect then rebooted your router then worst case moved closer to router.. duh

But Not to worry ! we have a solution now. The best part is you don’t have to spend money on expensive extra gadgets and high speed routers. you need to spend ยฃ1 or less..

It’s called as Windsurfer also known as Ez-12 Parabolic Reflector. its a simple and very effective antenna built with some foil, glue & card board.. the blokes over at freeantennas.com done a excellent job engineering this piece of work.

I had the same network coverage issue as my room is quite far from the router. So I tried this project today. it took me about 10 minutes and I have to say it WORKS GREAT ! I got a very strong connection and my connection bar went from 2 to -> 4

Here is the template. download this and print it on a A4 paper

http://www.freeantennas.com/projects/template2/index.html

Now cut out the 2 sections. glue the aluminium foil. glue the parts together. simple text book stuff. hook it to your Router Antenna and turn and point the wind surfer towards your laptop/PC

Here is mine

Enjoy a fast wireless connection and higher download speeds !

– Maxguy

How to find any song (mp3) using google !

•November 28, 2008 • 2 Comments

Hello guys happy Thanksgiving day to you all…

I have a very busy schedule so I will keep this very short and sweet, This is technically not a hack. but it works. Ever wondered around google frustrated looking for your favourite music tracks with no luck ? I know you don’t want to subscribe to itunes and Buy music. Even though it would be the legal way lets see how we can get them for free. As you all know due to Intellectual property laws the Distribution of Music files (Mp3 files) over web sites is prohibited and any site found will be shut down by the host admins. But wait.. that doesn’t mean we can’t have the mp3 files in the servers… of course we can.. but hey as hackers we’re going to steal it.. but, how ?

There is something called Google Dorks.. these are google hacks. using special commands we mislead google bot (the same bot which is responsible for crawling the webspace and get us results) to do the dirty work for us. I’m not going to explain the technical side of google dorks. if you want you can go here and have a read http://johnny.ihackstuff.com

Ok lets see how we can use this to find any song we want..

First lets see in normal terms how google responds to us when we search for this old classic song Hotel California performed by Eagles

As you can see we end up with tons of results as every one of them either asking you to purchase the tracks..so on.. all of us done this before and we clearly know there is no place to get the files downloaded for free ๐Ÿ˜‰

Now lets hack…

Here is the code I’m going to use it in the Google search field

?intitle:index.of? mp3 Song name

e.g: ?intitle:index.of? mp3 Hotel california

Ok lets take a look at the results..

Bingo.. google returned us all the hosts/servers which holds the file named hotel california.mp3 ๐Ÿ™‚

Lets go to the first link and see

Ok Awesome..we got the song. Now right click and save as..

There you go you have it ๐Ÿ™‚

Written By – Maxguy

Best ways to Deny Computer Hackers ! 3 Effective Methods !

•September 19, 2008 • Leave a Comment

Hello Folks, After long time, Got some time so I decided to write a new paper. Today I’m going to write about how to deny access to the most 3 important elements of data in a computer to a hacker. these three methods use free/commercial applications. its highly effective and focuses on a defensive strategy than a proactive strategy.

1.Denying access to files to an hacker

As we all know its very easy to get yourself infected with a trojan. Once a hacker gains access to your system he can basically go through all your drives & files and will have the ability to modify/delete data. in order to protect your files you can use a application called ‘Folder Lock’ its an revolutionary application that can deny access to the files you locked to any of the trojan available to the hackers. I have tested with the most widely used and popular Trojans such as Poison Ivy, Bifrost, Bandook, Nuclear RAT, Pain RAT, Shark, etc..ย  I infected my computer with a Trojan and tested it out. here is the results,

I’m locking A Folder called [b]Reverse Engineering[/b] in E:\ Drive

I infected myself with Bifrost(Trojan).. and Look the bifrost file manager can’t pick up the folder once its securely locked.

As you can see the Folder “Reverse Engineering” is not visible to the trojan.

2. Denying access to keystrokes a.k.a Keyloggers

Keyloggers have a long history and so does people who lost their logins and passwords. these are piece of applications that can steal your keystrokes (Passwords & login information) and pass them to a hacker. the best way to defend from a keylogger is to have a anti-virus installed. but adding an extra layer of security you can use this following method. you need this application called KeyScrambler. its an application which scrambles/encrypts all your keystrokes real time.

Ok I enabled the Real time Key logging option in my trojan. so it records all the keystrokes as its typed

Here is what happens when I try to login to My Bank account (of course the logins are fake for demonstration purposes..hehe)

My Login : Maxguy
Password: maxguy123

Och.. My login is stolen :-[

Now lets see what happens when I enable Key scrambler premium. it encrypts the login data real time..

Bingo..

There is a free lite version of this application is available. But I’m using a premium version which encrypts everything you type.. its a very good investment if you ask me. make sure you buy the software and support the coder.

3. Denying access to the SAVED PASSWORDS in browsers & system to Hackers

Every internet user knows how hard it is to memorize all the passwords for every website. facebook, yahoo, hotmail, forums.. you name it. as a security measure we all know we can’t have the same password for every site. so what we do ? we save the password in the browser. so every time we go to the site it automatically logs us in ? rite ? wrong… guess why ? most of the Trojans equipped with a password stealer. its a module that grabs the saved passwords from browser cache like firefox, internet explorer.. etc..

I have used a Password grabber (Credits to Aphex & Italian Family) to demonstrate how a grabber can grab/steal your saved passwords. (I have blocked some of my logins for privacy issues and I don’t have any of my important logins saved in the cache)

So as you can see its a click away from you losing your entire logins to a hacker. ok so how to deny this ? for that there is an application called ‘Roboform’ its a password manager works with browsers. you can use it with firefox & Internet explorer.. once installed each time you login to a site it saves the login to its encrypted file. and then when you login again all you have to do is simply click the name of the site and your logins will be automatically filled. it even submits !

Ok lets say I want to login to my facebook account

Roboform Enabled. it fills and even submits my login. I don’t have to memorize my login details & of course its secured from being sniffed by a Packet sniffer or a keylogger

Pretty cool eh ? make sure you clear your cache and don’t save the passwords !

Thats all for now folks. Been a bit busy with my studies lately. anyways I hope you guys find this paper helpful. Please google if you want to download any of the programs explained in this paper..

Remember : There are two types of encryption: one that will prevent your sister from reading your diary and one that will prevent your government – Bruce Schneier

Paper Written by Maxguy on 19th september 2008 Copy rights reserved https://securityfactor.wordpress.com

How Hackers operate & how you can safeguard urself online ?

•July 3, 2008 • Leave a Comment

What are hackers ?

A hacker is a person who has great knowledge over computers and networks and has the ability to research, exploit, program and make tools and use existing tools to break into remote computers without authorization and can gain/modify/destroy/ steal data.

What type of hackers out there ?

This is quite a complex question. there are different type of hackers such a Black hats, White hats.. etc.. basically there are noobs.. often called as skiddies. who are new to the world of hacking and often like to show off to others that they are hackers and can hack but in real terms they are not capable of carrying out any real hack without using ready made tools. they involve in carrying out DDOS (Distributed denial of service) attacks on websites and they often target myspace accounts, facebook,runescape accounts, personal mail accounts (LAME) and mostly use keylogging programs, Trojans.. etc..

The other kind of hackers are often know as scammers. who make a living out of fraud and scamming others by gaining sensitive informations of their victims.. such as bank logins, Credit card (A Process Known as Carding) etc.. even though they use same techniques and tools they are not respected in the underground community and NOT considered as hackers..

The other kind of hackers are the Professionals..White hats (Who hack systems and do penetration testing and use the knowledge to make better systems), The Blackhats (Who hack systems but never reveal the methods to others and not involved with any firms or agencies) These professionals who rarely speak out about hacking and has a much greater knowledge about networks and core systems and has the ability to exploit and write his own programs and never use any of the knowledge to gain any financial interests. the only point of these guys is to prove that they can do anything and in return they expect others to respect them for what they are capable of and help make better systems.

Big question.. how do they do it ?

Ahhaa ! not a bad question at all.. well its much more complicated if you are just a home pc user. I’m not going to confuse you all with so much technical terms. instead ill explain it with easy to understand examples.

Method 1

Using a Trojan/key logger/Bot

These are all malicious programs which can infect a computer and open connections to an hacker in your pc or even scan all your files for sensitive information such as login user names and passwords and remotely distribute them to hackers..

Method 2

Using exploits

Exploits are certain weaknesses in applications in operating systems which allows a hacker to use them to hack into a system. for an e.g : A exploit in internet explorer can help a hacker to code a shell which once embedded into a html file and hosted in a server and a victim who runs internet explorer and visits that infected web page (the victim can be lured into viewing that page) will trigger an event where a bot or a trojan server is remotely downloaded into the victims pc and executed (Remote code execution) and then later the hacker can break into your system with the method 1 mentioned above..

A hacker can do a random port scanning to find out informations about computers in his networks ..such as what kind of services running in the target computer, applications, operating system (Known as OS Fingerprinting) and look for a exploit that exploits a certain application a target victim is running !

Info : These days the exploits has gone far beyond anything an anti virus company or a operating system developers can think of preventing with the invention of automated tools such as icepack, mpack etc.. these tools are often very expensive and sold up to ยฃ1000 a piece in black markets and can scan millions of systems for holes and can even do an automated infection once a certain exploit is found..

method 3

Social engineering

Its a method of exploiting the greatest weakness of all time.. HUMANS… sounds weird ? Yes ! when it comes to computer security humans are the biggest weakness ! A social engineering works in the basics of tricking a person to do something that will help a hacker to gain enough information or fool the person to execute certain procedures in order to hack into the system. this system is used by one of the legends Kevi.D.Mitnick ..A well known hacker who was able to hack into many highly secured systems just by calling and tricking the employees to reveal passwords !

Hint : If you want to know more read the book “Art of Deception” by Kevin.D.Mitnick on how he executed these tricks successfully !

Those are the main types of hackings.. now moving on will see how you might become a victim to one these methods ?

1. Downloading files over P2P, Torrents, Warez sites.. etc.. – Ok we all love software piracy.. hackers normally target these sites. A hacker can bind a malicious piece of software with a legitimate program which you badly looking for free… and spread over torrents, P2P (like kaazza, limewire) and once you download and execute the file and while you enjoy your new program you are very unaware that you just became part of a bot net or your credit card details are stolen and being used to purchase something very expensive !

CURE : DON’T download any file that has an executable extension (.exe, .cmd, .pif, .hta) over these methods. only download from legitimate sites.. also please support the developers by buying the products !

2. Update your operating systems regularly. if you are using a windows operating system make sure your live update is ON and it gives you certain amount of protection over exploits. but its not a 100% fault proof as a new exploit (often called as a 0day) can exploit your system. avoid using internet explorer as the standard web browser. install Firefox or opera as they give a bit more protection over IE. Avoid using Outlook as the e-mail client as a computer worm ( self replicating program) almost every one of them looks for your contact lists and tries to make them a victim as well.. (by sending copies of infected files by hijacking your mail and pretending to be you)

3. If you receive phone calls from your bank, credit card company DO NOT reveal your PIN numbers, passwords to them.. some of the social engineers can ask lot of personal information from you without asking for passwords which they can use with your credit card company to scam you by pretending to be YOU ! or use for Identity theft ! so be careful when answering the phone. if you feel suspicious hang up and contact your bank. I would take a walk..

4. Avoid logging into your bank.. etc from public computers or other places where you can’t trust. e.g : An internet cafe seems to be a safe place but a employee can be a part of a scam ring and has access to administrator privileges and might be stealing your passwords ! TRUST NO ONE ( I know i stole it from X-files but i don’t care :p )

4. DO NOT store passwords in your computer. cause most of the Trojans can steal them with a click of a button. so store them in a USB Key and use them when needed. there are many password storing programs. use one of them. (I personally use IRON KEY.. its a revolutionary product.. Google for more details)

5. Always have a Strong password.. A strong password takes ages to break by brute force (A Process in which a program tries different combinations to try ans guess the password) and never use a password which can be guessed by someone such as your wifes name, common words, date of birth, words from a dictionary etc..because a dictionary attack (A Process where a word list is used to guess the password) can break your passwords in minutes. when creating a password use lengthy passwords..like 12 Chars, UPPERCASE, lowercase, symbols.. e.g : TWat&$17*&lo

6. Always encrypt your sensitive data. there are plenty of free programs that can do it. e.g : True crypt use private/public key encryption methods..

7. DO NOT post your email address online. in forums, blogs..etc your e-mails can be grabbed by automated bots and used for spamming purposes. always post your e-mails in such a format maxguy{at}hotmail.com A Email collecting bot will normally look for strings with the format of username@domain.com so we have prevented it from collecting our e-mail by replacing ‘@’ with ‘{at}’

8. Use a good firewall & Anti-virus programs.Do not buy something just because a agent is trying to sell it to you. do your research before buying..search and read what experts think about them.. I would personally visit a hackers website and see their comments as they are always a step ahead of anti-virus company experts… Regularly update the virus definitions and buy a Proactive defense internet security tool..(e.g : kaspersky) But keep in mind every piece of technology can be Beaten by hackers and there is no such thing as ‘THE BEST ANTI-VIRUS’

Ok now you know what you should do and what you shouldn’t to protect yourself ! lets see how the hackers get away with doing illegal activities ?

A Hacker can use many ways to protect himself. Normally hackers use proxies and a good hacker will always use Socks4,5 or even a VPN to protect himself or buy a Static IP, use a foreign domain, use a hacked server to run a botnet, use a hacked computer to bounce off to networks, relayed servers..etc

The law enforcement agencies are getting high tech these days with the state of the art equipment and softwares to track down hackers but as long as the technology exists the HACKERS will always exist !

Once a hacker is always a hacker my mate tom used to tell me ๐Ÿ˜‰

Written by – Max 02-July-2008 (15.25PM) All rights reserved.

I’m Back ! yep !

•July 3, 2008 • Leave a Comment

Hello Everybody,

Sorry about the long pause.. I had to get over my studies and stuff.. was too busy ! Expect my new posts in following days !

– Max

P.S : I got some very interesting things to share about the latest security and vulnerabilities.. Specially the kaspersky the unbeatable machine is finally beaten !

Fooling a keylogger with a simple method !

•November 13, 2007 • Leave a Comment

Hi guys,

I just want to share a cool idea of mine.. i was thinking some random stuff and came up with this idea ๐Ÿ™‚

when you surf net at public computers or net cafes…maybe it can be even at your friends house..etc.. there is a danger that a possible key logger software can steal your password, so i have come up with a simple and effective way to counter it…at least 50% …

lets see how simply you can fool a key logger,

When you choose passwords try using simple, capital & numbers as a combination..
when you enter them in a public computer rather than entering it in sequence try entering it in a combination..

This is how you do it..

im accessing my yahoo mail in a public computer

my password is – hi2K1987 [DEMO password]

This is how a key logger captures the password

Now when you break your password into 3 combinations and enter them one after another (without using the backspace key) so what i did was i entered 2k first then using the mouse i went to the start of the password field and entered hi then i placed the cursor at the end and entered 1987 now simply the key logger is fooled,

Now imagine if you use a set of numbers for your password and you enter them in a combination…

so, guys next time you enter your password you know you are safeย ๐Ÿ™‚

Written by : Max. Copyrights Reserved !