How to Break Into Email Accounts
by protonigger
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Introduction
I have written this tutorial to address a question that is all too
commonly asked in any channel/chat room with "hack" in the title
(asked in frequency to the point of harrassment really). So since this
is a question that so many people ask, then I believe that there should
at least be an answer available (regardless of the morality or
"lameness" of such a question). So you as the reader are most likely
reading this because you want to break into somebody's email account.
Well, you must understand that there is no 1-2-3 process to anything.
I will give you options to consider when persuing such a task, but it
will ultimately be up to you to do this. This is what you want to do,
and no matter what sort of offers you throw up at anybody, nobody is
going to do this for you. There is no program that is going to do
all this for you. Also don't forget that nobody is going to hold your
hand and lead you through this. I'm offering you as the reader
suggestions for ways you can address this task, and that is about all
the help you are going to get from anybody. So now that I've made
all that clear, let's begin...
Things You Should Know
As I mentioned in the previous section, there is no program that will
do all this for you. Almost all the crackers you see out there will not
work, because services like Hotmail, Yahoo!, etc. have it set so that
it will lock you from that account after a certain number of login
attempts. There are some rare exceptions, like some crackers for
Yahoo! that are made for cracking "illegal" accounts, but the thing you
must understand about those types of crackers is that they are built
to crack SPECIFICALLY "illegal" names. They can not be used to target
a specific account on Yahoo!, so don't try to use them for this
purpose. Another thing you must know if you ask this question in any
"hacker" chat room/channel (which I highly discourage), or if you read
something on this topic, and you hear that you have to email some
address and in any way have to give up your password in the process,
do NOT believe this. This is a con used to trick gullible people into
handing over their passwords. So don't fall for this. Well that
concludes this section, now lets get to what you want to know.
If You Have Physical Access
I will start off with options you have if you have physical access
to the computer of the user that you are targeting, because it is
a lot easier if you do. One option you have, that you will hear a lot
if you ask this question, and anybody bothers to answer is to use a
keylogger. A keylogger is an excellent option, and probably the
easiest. There are a lot of keyloggers out there, ranging from hardware
keyloggers, to software keyloggers. For this task, you won't need to
buy a hardware keylogger, since the only advantage to a hardware one
is that you can grab passwords that are given to access a certain local
user on the operating system used. There are a lot of software
keyloggers out there, and you can feel free to check out www.google.com
to look at your options. I will go ahead and toss a couple of
keyloggers out to try for those of you who seem allergic to search
engines.
One option you have that is good for a free keylogger is
Perfect Keylogger (which you can find at www.blazingtools.com/bpk.html). It works just fine, and has some nice options to keep it hidden from
your average end user (computer user).
Another option you have, which
is probably the best one you can get is Ghost Keylogger. It has a lot
of options that will allow you to get the results of this program
remotely (it will email you the results). However, this is not a
free keylogger, so if you are wanting to get a copy you can look on
the file sharing networks for a copy of the program, and the serial
number for it (look on www.zeropaid.com for different file sharing
clients you can try).
Once you have whatever keylogger you are going
to use downloaded, just install it onto the computer you are wanting to
monitor, and wait till next time they login to their email account. You
will then have the password for the account. Another option you have
if they use Outlook to access their email account, is to copy the *.dbx
files for their Outlook account onto a floppy, and extract the
emails at home (the dbx file stores the files stored in each Outlook
folder on a given account, meaning the received and sent emails). When
you are on the computer of the user you are targeting, look in
C:\Windows\ApplicationData\Identities\{ACblahblahblah}\Microsoft\
OutlookExpress\ and copy all the .dbx files onto a floppy. Then when
you take the .dbx files back to your house, use DBXtract to extract
the messages from these files. Check out the link below to download
this program....
www.download-freeware-shareware.com/Freeware-Internet.php?Type=4171
Another option you have if you have physical access is to execute a
RAT (Remote Administration Tool, you may know these programs as
trojans) server on the computer. Of course, you do not have to have
physical access to go this route, but it helps. What you must
understand is that these tools are known threats, and the popular
ones are quickly detected by antivirus software, and thusly taken
care of. Even ISPs block incoming/outgoing traffic from the most
popular ports used by these programs.
One newcomer in the RAT
market that you should know about is Project Leviathan. This program
uses already existing services to host it's service, instead of opening
up an entirely new port. This allows it to hide itself from any port
detection tool/software firewall that may be in place. This of course
will not guarantee that it's server program will not be detected by
any antivirus software used (actually, if the user has kept up with
his/her signature tables, then it WILL be detected), but it will give
you more of a chance of holding access. Go to the below link to
download Project Leviathan...
www.iamaphex.net/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=53
Once you have downloaded this tool, follow the instructions listed to
install and use this program. However, since this RAT is a command
line tool, you will still need another program set up on the user's
computer in order to catch the desired password. For this, you can
use Password Logger, provided below...
www.iamaphex.net/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=50
Once you have this downloaded, set it up on the targeted computer.
The program will remain hidden, while logging any types of passwords
into a .lst file in the same directory that you executed it on.
Therefore, you can access this *.lst file through Project Leviathan
remotely in order to retrieve the user's email password remotely.
Well that pretty much concludes it for this section. At this very
moment I can practically hear a lot of you thinking to yourselves
"But, but I don't HAVE physical access!". No reason to worry, that's
what the next section is for...
If You Don't Have Physical Access
Well of course most of you out there will say that you don't have
physical access to your target's computer. That's fine, there still
are ways you can gain access into the desired email account without
having to have any sort of physical access. For this we are going to
go back onto the RAT topic, to explain methods that can be used to
fool the user into running the server portion of the RAT (again, a RAT
is a trojan) of your choice. Well first we will discuss the basic
"send file" technique. This is simply convincing the user of the
account you want to access to execute the server portion of your RAT.
To make this convincing, what you will want to do is bind the
server.exe to another *.exe file in order to not raise any doubt when
the program appears to do nothing when it is executed. For this you
can use the tool below to bind it into another program (make it
something like a small game)...
www.iamaphex.net/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=1
On a side note, make sure the RAT of your choice is a good choice.
The program mentioned in the previous section would not be good in
this case, since you do need physical access in order to set it up.
You will have to find the program of your choice yourself (meaning
please don't ask around for any, people consider that annoying
behavior). I will nonetheless give you a link to a page to look at
that has a couple you can try out...
www.astalavista.com/index.php?section=dir&id=79
If you don't like any of those, I'm afraid you are going to have to
go to www.google.com, and look for some yourself. Search for something
like "optix pro download", or any specific trojan. If you look long
enough, among all the virus notification/help pages, you should come
across a site with a list of RATs for you to use (you are going to
eventually have to learn how to navigate a search engine, you can't
depend on handouts forever). Now back to the topic at hand, you will
want to send this file to the specified user through an instant
messaging service.
The reason why is that you need the ip address
of the user in order to connect with the newly established server.
Yahoo! Messenger, AOL Instant Messenger, it really doesn't matter.
What you will do is send the file to the user. Now while this transfer
is going on you will go to Start, then Run, type in "command", and
press Enter. Once the msdos prompt is open, type in "netstat -n", and
again, press enter. You will see a list of ip addresses from left to
right. The address you will be looking for will be on the right, and
the port it's established on will depend on the instant messaging
service you are using. With MSN Messenger it will be remote port
6891, with AOL Instant Messenger it will be remote port 2153, with
ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with
Yahoo! Messenger it will be remote port 1614.
So once you spot the
established connection with the file transfer remote port, then you
will take note of the ip address associated with that port. So once
the transfer is complete, and the user has executed the server portion
of the RAT, then you can use the client portion to sniff out his/her
password the next time he/she logs on to his/her account.
Don't think
you can get him/her to accept a file from you? Can you at least get
him/her to access a certain web page? Then maybe this next technique
is something you should look into.
Currently Internet Explorer is
quite vulnerable to an exploit that allows you to drop and execute
.exe files via malicious scripting within an html document. For this
what you will want to do is set up a web page, make sure to actually
put something within this page so that the visitor doesn't get too
entirely suspicious, and then imbed the below script into your
web page so that the server portion of the RAT of your choice is
dropped and executed onto the victim's computer...
http://www.illmob.org/0day/internet%20explorer%20exploits/ie6-exedrop-asp-POC.zip
While you are at it, you will also want to set up an ip logger on
the web page so that you can grab the ip address of the user so that
you can connect to the newly established server. Here is the source
for a php ip logger you can use on your page...
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8
Just insert this source into your page along with the exedrop script,
and you are set. Just convince the user to go to this page, and wait
till the next time they type in their email password. However, what
do you do if you can not contact this user in any way to do any of
the above tricks. Well, then you definately have your work cut out for
you. It doesn't make the task impossible, but it makes it pretty damn
close to it. For this we will want to try info cracking. Info cracking
is the process of trying to gather enough information on the user
to go through the "Forgot my Password" page, to gain access into
the email account.
If you happen to know the user personally, then it
helps out a lot. You would then be able to get through the birthday/
zipcode questions with ease, and with a little mental backtracking, or
social engineering (talking) out the information from the user be able
to get past the secret question. However, what do you do if you do not
have this luxury? Well in this case you will have to do a little
detective work to fish out the information you need.
First off, if a
profile is available for the user, look at the profile to see if you
can get any information from the profile. Many times users will put
information into their profile, that may help you with cracking the
account through the "Forgot my Password" page (where they live, their
age, their birthday if you are lucky). If no information is provided
then what you will want to do is get on an account that the user does
not know about, and try to strike conversation with the user. Just talk
to him/her for a little while, and inconspicuously get this
information out of the user (inconspicuously as in don't act like you
are trying to put together a census, just make casual talk with the
user and every once in a while ask questions like "When is your
birthday?" and "Where do you live?", and then respond with simple,
casual answers).
Once you have enough information to get past the
first page, fill those parts out, and go to the next page to find out
what the secret question is. Once you have the secret question, you
will want to keep making casual conversation with the user and SLOWLY
build up to asking a question that would help you answer the secret
question. Don't try to get all the information you need in one night
or you will look suspicious. Patience is a virtue when info cracking.
Just slowly build up to this question. For example, if the secret
question is something like "What is my dog's name?", then you would
keep talking with the user, and eventually ask him/her "So how many
dogs do you have? ...Oh, that's nice. What are their names?". The
user will most likely not even remember anything about his/her secret
question, so will most likely not find such a question suspicious at
all (as long as you keep it inconspicuous). So there you go, with a few
choice words and a little given time, you have just gotten the user to
tell you everything you need to know to break into his/her email
account. The problem with this method is that once you go through
the "Forgot my Password" page, the password will be changed, and the
new password will be given to you. This will of course deny the
original user access to his/her own account. But the point of this
task is to get YOU access, so it really shouldn't matter. Anyways,
that concludes it for this tutorial. Good luck...
Note: In case you want to see a couple of other options that you have
for this task, then be sure to take a look at a tutorial written by
my friend Hallakaust on pretty much the same topic...
www.oddworldz.com/enough/misc.html
Note again: If you have a question or comment that doesn't involve
"Can you please do this for me?" and feel the need to get in touch
with me, then you can do so at [email protected].
|