 Report page

 Share this

How to Break Into Email Accounts

iCyse.com
crack0hack v 2.0

> Blog
> Forum SUBSCRIBE

Most popular page of this site

Hack for free online shopping!!

Click here!!

Disclaimer :

I do not endorse Hacking !

This is meant for educational purpose only !
I want u to know how others can try break into your Personal life !
Beware !!

This is a Genuine Article.

Will try to add in as much as possible

keep posting !
comment on this article !

Related article : more on email hacking

Shankha
Introduction

I have written this tutorial to address a question that is all too commonly asked in any
channel/chat room with "hack" in the title (asked in frequency to the point of harrassment
really). So since this is a question that so many people ask, then I believe that there should
at least be an answer available (regardless of the morality or "lameness" of such a
question). So you as the reader are most likely reading this because you want to break into
somebody's email account.

Well, you must understand that there is no 1-2-3 process to anything. I will give you
options to consider when persuing such a task, but it will ultimately be up to you to do this.
This is what you want to do, and no matter what sort of offers you throw up at anybody,
nobody is going to do this for you. There is no program that is going to do all this for you.
Also don't forget that nobody is going to hold your hand and lead you through this. I'm
offering you as the reader suggestions for ways you can address this task, and that is about
all the help you are going to get from anybody. So now that I've made all that clear, let's
begin...

Things You Should Know

As I mentioned in the previous section, there is no program that will do all this for you.
Almost all the crackers you see out there will not work, because services like Hotmail,
Yahoo!, etc. have it set so that it will lock you from that account after a certain number of
login attempts. There are some rare exceptions, like some crackers for Yahoo! that are
made for cracking "illegal" accounts, but the thing you must understand about those types
of crackers is that they are built to crack SPECIFICALLY "illegal" names. They can not
be used to target a specific account on Yahoo!, so don't try to use them for this purpose.
Another thing you must know if you ask this question in any "hacker" chat room/channel
(which I highly discourage), or if you read something on this topic, and you hear that you
have to email some address and in any way have to give up your password in the process,
do NOT believe this. This is a con used to trick gullible people into handing over their
passwords. So don't fall for this. Well that concludes this section, now lets get to what you
want to know.

If You Have Physical Access

I will start off with options you have if you have physical access to the computer of the user
that you are targeting, because it is a lot easier if you do. One option you have, that you will
hear a lot if you ask this question, and anybody bothers to answer is to use a keylogger. A
keylogger is an excellent option, and probably the easiest. There are a lot of keyloggers out
there, ranging from hardware keyloggers, to software keyloggers. For this task, you won't
need to buy a hardware keylogger, since the only advantage to a hardware one is that you
can grab passwords that are given to access a certain local user on the operating system
used. There are a lot of software keyloggers out there, and you can feel free to check out
www.google.com to look at your options. I will go ahead and toss a couple of keyloggers out
to try for those of you who seem allergic to search engines.

One option you have that is good for a free keylogger is Perfect Keylogger (which you can
find at www.blazingtools.com/bpk.html). It works just fine, and has some nice options to
keep it hidden from your average end user (computer user).

Another option you have, which is probably the best one you can get is Ghost Keylogger. It
has a lot of options that will allow you to get the results of this program remotely (it will
email you the results). However, this is not a free keylogger, so if you are wanting to get a
copy you can look on the file sharing networks for a copy of the program, and the serial
number for it (look on www.zeropaid.com for different file sharing clients you can try).

Once you have whatever keylogger you are going to use downloaded, just install it onto the
computer you are wanting to monitor, and wait till next time they login to their email
account. You will then have the password for the account. Another option you have if they
use Outlook to access their email account, is to copy the *.dbx files for their Outlook
account onto a floppy, and extract the emails at home (the dbx file stores the files stored in
each Outlook folder on a given account, meaning the received and sent emails). When you
are on the computer of the user you are targeting, look in

C:\Windows\ApplicationData\Identities\{ACblahblahblah}\Microsoft\ OutlookExpress\
and copy all the .dbx files onto a floppy. Then when you take the .dbx files back to your
house, use DBXtract to extract the messages from these files. Check out the link below to
download this program....

www.download-freeware-shareware.com/Freeware-Internet.php?Type=4171

Another option you have if you have physical access is to execute a RAT (Remote
Administration Tool, you may know these programs as trojans) server on the computer. Of
course, you do not have to have physical access to go this route, but it helps. What you must
understand is that these tools are known threats, and the popular ones are quickly detected
by antivirus software, and thusly taken care of. Even ISPs block incoming/outgoing traffic
from the most popular ports used by these programs.

One newcomer in the RAT market that you should know about is Project Leviathan. This
program uses already existing services to host it's service, instead of opening up an entirely
new port. This allows it to hide itself from any port detection tool/software firewall that
may be in place. This of course will not guarantee that it's server program will not be
detected by any antivirus software used (actually, if the user has kept up with his/her
signature tables, then it WILL be detected), but it will give you more of a chance of holding
access. Search the engines to download Project Leviathan...

Once you have downloaded this tool, follow the instructions listed to install and use this
program. However, since this RAT is a command line tool, you will still need another
program set up on the user's computer in order to catch the desired password. For this,
you can use Password Logger.. Google it

Once you have this downloaded, set it up on the targeted computer. The program will
remain hidden, while logging any types of passwords into a .lst file in the same directory
that you executed it on. Therefore, you can access this *.lst file through Project Leviathan
remotely in order to retrieve the user's email password remotely. Well that pretty much
concludes it for this section. At this very moment I can practically hear a lot of you
thinking to yourselves "But, but I don't HAVE physical access!". No reason to worry,
that's what the next section is for...

If You Don't Have Physical Access

Well of course most of you out there will say that you don't have physical access to your
target's computer. That's fine, there still are ways you can gain access into the desired
email account without having to have any sort of physical access. For this we are going to
go back onto the RAT topic, to explain methods that can be used to fool the user into
running the server portion of the RAT (again, a RAT is a trojan) of your choice. Well first
we will discuss the basic "send file" technique. This is simply convincing the user of the
account you want to access to execute the server portion of your RAT.

To make this convincing, what you will want to do is bind the server.exe to another *.exe
file in order to not raise any doubt when the program appears to do nothing when it is
executed. For this you can use the tool like any exe file to bind it into another program
(make it something like a small game)...

On a side note, make sure the RAT of your choice is a good choice. The program
mentioned in the previous section would not be good in this case, since you do need physical
access in order to set it up. You will have to find the program of your choice yourself
(meaning please don't ask around for any, people consider that annoying behavior).

If you don't like any of those, I'm afraid you are going to have to go to www.google.com,
and look for some yourself. Search for something like "optix pro download", or any
specific trojan. If you look long enough, among all the virus notification/help pages, you
should come across a site with a list of RATs for you to use (you are going to eventually
have to learn how to navigate a search engine, you can't depend on handouts forever). Now
back to the topic at hand, you will want to send this file to the specified user through an
instant messaging service.

The reason why is that you need the ip address of the user in order to connect with the
newly established server. Yahoo! Messenger, AOL Instant Messenger, it really doesn't
matter. What you will do is send the file to the user. Now while this transfer is going on you
will go to Start, then Run, type in "command", and press Enter. Once the msdos prompt is
open, type in "netstat -n", and again, press enter. You will see a list of ip addresses from
left to right. The address you will be looking for will be on the right, and the port it's
established on will depend on the instant messaging service you are using. With MSN
Messenger it will be remote port 6891, with AOL Instant Messenger it will be remote port
2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with Yahoo!
Messenger it will be remote port 1614.

So once you spot the established connection with the file transfer remote port, then you will
take note of the ip address associated with that port. So once the transfer is complete, and
the user has executed the server portion of the RAT, then you can use the client portion to
sniff out his/her password the next time he/she logs on to his/her account.

Don't think you can get him/her to accept a file from you? Can you at least get him/her to
access a certain web page? Then maybe this next technique is something you should look
into.
Currently Internet Explorer is quite vulnerable to an exploit that allows you to drop and
execute .exe files via malicious scripting within an html document. For this what you will
want to do is set up a web page, make sure to actually put something within this page so
that the visitor doesn't get too entirely suspicious, and then imbed the below script into
your web page so that the server portion of the RAT of your choice is dropped and
executed onto the victim's computer...

While you are at it, you will also want to set up an ip logger on the web page so that you
can grab the ip address of the user so that you can connect to the newly established server.
Here is the source for a php ip logger you can use on your page...

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8

Just insert this source into your page along with the exedrop script, and you are set. Just
convince the user to go to this page, and wait till the next time they type in their email
password. However, what do you do if you can not contact this user in any way to do any of
the above tricks. Well, then you definately have your work cut out for you. It doesn't make
the task impossible, but it makes it pretty damn close to it. For this we will want to try info
cracking. Info cracking is the process of trying to gather enough information on the user to
go through the "Forgot my Password" page, to gain access into the email account.

If you happen to know the user personally, then it helps out a lot. You would then be able
to get through the birthday/ zipcode questions with ease, and with a little mental
backtracking, or social engineering (talking) out the information from the user be able to
get past the secret question. However, what do you do if you do not have this luxury? Well
in this case you will have to do a little detective work to fish out the information you need.

First off, if a profile is available for the user, look at the profile to see if you can get any
information from the profile. Many times users will put information into their profile, that
may help you with cracking the account through the "Forgot my Password" page (where
they live, their age, their birthday if you are lucky). If no information is provided then what
you will want to do is get on an account that the user does not know about, and try to strike
conversation with the user. Just talk to him/her for a little while, and inconspicuously get
this information out of the user (inconspicuously as in don't act like you are trying to put
together a census, just make casual talk with the user and every once in a while ask
questions like "When is your birthday?" and "Where do you live?", and then respond with
simple, casual answers).
Once you have enough information to get past the first page, fill those parts out, and go to
the next page to find out what the secret question is. Once you have the secret question, you
will want to keep making casual conversation with the user and SLOWLY build up to
asking a question that would help you answer the secret question. Don't try to get all the
information you need in one night or you will look suspicious. Patience is a virtue when info
cracking. Just slowly build up to this question. For example, if the secret question is
something like "What is my dog's name?", then you would keep talking with the user, and
eventually ask him/her "So how many dogs do you have? ...Oh, that's nice. What are their
names?". The user will most likely not even remember anything about his/her secret
question, so will most likely not find such a question suspicious at all (as long as you keep it
inconspicuous). So there you go, with a few choice words and a little given time, you have
just gotten the user to tell you everything you need to know to break into his/her email
account. The problem with this method is that once you go through the "Forgot my
Password" page, the password will be changed, and the new password will be given to you.
This will of course deny the original user access to his/her own account. But the point of
this task is to get YOU access, so it really shouldn't matter. Anyways, that concludes it for
this tutorial. Good luck...