Carding 4 Carders
Professional
Hi!
The essence of a Keylogger is that it writes everything that the user enters from the keyboard to a special file. You will only have to go to the computer a second time to pick up the resulting file (or receive it by mail).
One of the advantages of a Keylogger is that it records everything in a row. Therefore, in addition to passwords, you can get a lot of interesting information about your victim. But they also have a lot of disadvantages. The most important point is that most keyloggers are successfully detected by antivirus programs, and if an antivirus is installed on the victim's computer, you will not be able to use the Keylogger. After all, it is not always possible to disable the antivirus.
The second drawback stems from its dignity. The resulting file contains a lot of unnecessary information. It's not enough to collect information from the keyboard, you also need to find out what you need among all the superfluous things - a password.
The third drawback is that if the victim uses an email client rather than a web interface, the Keylogger will not help at all. Most likely, the password is already entered in the mail client and remembered, so the victim does not enter it every time when checking mail. Therefore, the Keylogger will write to the file everything that the user enters, except for what you need.
There is another drawback - if the selected Keylogger does not support sending the resulting file by e-mail, then you will have to go to the computer again. An example of a Keylogger is SniperSpy, just in case you want to use it.
Programs for" restoring " email account passwords allow you to immediately get all the passwords you are interested in without having to read megabytes of text in the search for the password you need. In addition, the antivirus does not respond to them in any way. One of these programs is Mail PassView. It allows you to recover the passwords of the following email accounts:
Figure 1. Mail PassView Program
Mail PassView is not the only program of its kind. There are other programs as well:
We also tested this utility. The program has successfully recovered all passwords stored in IE, Firefox, Chrome, and Opera browsers (Safari was not tested by us, but we believe that there will be a complete "order"), see Fig. 17. Even if you don't find the mailbox password in this list, this list will also be useful, because people often use the same passwords for different services.
Figure 2: Recovered passwords
For convenience, the program allows you to save the selected passwords to a text file, which you can then slowly study on your computer.
Since we have already started talking about password recovery, you can use the Dialupass program that recovers dialup / RAS / VPN passwords. The program supports Windows 2000, Windows XP, Windows 2003/2008, Windows Vista, Windows 7, Windows 8 and Windows 10
Efficiency: high
Difficulty: low
Cost: low
Method 1: social engineering
Only lazy people didn't write about this method. Much has already been said. Do you think that this method is not as effective as they say? You're wrong.
Most recently, the mail of CIA Director John Brennan was hacked. The absurdity of the situation is that the mail was hacked not by a "seasoned" hacker, but by an ordinary teenager, who correctly collected information about his "victim". The teenager first contacted the mobile operator, introducing himself as a technical support employee, and clarified the details of Brennan's account.
After that, he logged in to AOL and introduced himself as Brennan and asked to reset his password. Since he knew all the necessary information (email account number, last digits of the Bank card, 4-digit PIN code, phone number), the password was reset and no one suspected anything.
A little later, Wikileaks published letters from the CIA Director, see figure 3.
Figure 3. Letters from the CIA Director published by Wikileaks
The advantage of this method is that you do not need to have any special knowledge and this method is within the power of anyone. The success of this method depends on the savvy of the "attacker" - whether he can find the necessary information or not.
Efficiency: high
Difficulty: medium
Cost: low
Method 2: trusting users (phishing)
We'll ask the user to tell us their password themselves. No, this method does not involve physical violence, and none of the users will suffer as a result of the experiment. Physically, anyway.
The essence of this method is as follows: you need to create a fake authorization page for the service that you want to hack. For example, if you want to get a password from Yandex. mail GMail.com, then you need to create the same login page.
Next, you need to lure the user to a fake page. There are several ways to do this:
So, we created an authorization form similar to the Google login form. Of Course, it could have been better, but we were in a hurry.
What happened next? Then users read the email, clicked on the link, and naively entered the username and password that were passed to the script. The script accepts this data and writes it to a text file. Any beginner who knows the basics of PHP can write such a script. An example code of the script (this is not the same script that we used) is given in listing 1.
Listing 1. the Simplest password recording scenario
Code:
The result of our scenario is shown.
Script Output.
Once again, we note that everything was done in a hurry. And Yahoo! mail was used to send the message, so as not to fight anti-spam. But it would be possible to go the other way. For example, you can find an SMTP server that can send emails freely (without authorization). As a rule, this will be an improperly configured SMTP server of some small organization. Lists of such servers are regularly updated on special resources. I don't think it will be too difficult to find such a list, for example, this one. Next, you can deploy a web server with PHP support on your local computer. Then you will have access to php. ini and can specify the SMTP server through which the mail() function will send messages.
On the other hand, you can also try to send a message through your own hosting service (you don't have to install a local web server). It all depends on its settings. For example, we used our hosting service to execute the script for sending our message. On it, the mail() function was executed without any complaints. It is clear that if you view all the email headers, the "trace" will lead to us. But that's not important to us right now. Now it is important that the "From" field in the mail client contains what we need. In the first method, we did exactly this, that is, we used the mail () function to send the message.
The standard PHP mail() function makes it easy to specify both the message text and its headers. For example:
Code:
Emails sent in this way passed Google antispam (did not end up in the Spam folder) and were displayed normally both in the mail client (checked in Outlook and The Bat!) and in the web interface. Of course, before sending a message to the victim, it is better to send it to your mailbox and make sure that the message is displayed correctly, at least that the email client correctly detects the encoding. If this is not the case, add headers describing the message encoding to $headers.
We obtained certain results using this method. Some of the users left their real passwords. Some people did not respond to this email and contacted the administrator. And some people guessed what was going on and entered gibberish instead of the password. Such mediocre results are due to the fact that we did not prepare much and made both the login form and the email itself very poorly. But we still got a few real passwords, so this method works, despite all the skepticism.
Efficiency: high
Difficulty: high
Cost: high
Method 3: study the victim and "remember" the password
Now **-**-**-**-**-**-**-**-**- remember something you never knew - the password to the victim's mailbox. Very often, email services allow you to restore a forgotten question. To make sure that the user trying to restore access to the mailbox is its owner, the mail service asks the security question specified when registering the mailbox (figure 22). If you're trying to hack the mailbox of someone you know, chances are that you already know the answer to this question. If you are hacking someone else's password, then the first thing to do is to study the victim.
Password Recovery.
The more information you collect about the victim, the easier it will be to hack the mailbox. Information can be collected in many ways - you can ingratiate yourself with the victim and find out, as if by accident, the information you need from him (for example, the maiden name of your mother, see figure 22), or you can make friends with friends of the victim. Fortunately, social networks allow you to quickly find not only the victim, but also her friends.
Efficiency: high
Difficulty: medium
Cost: low
Method 4: XSS vulnerabilities
One of the ways to hack email is to use XSS vulnerabilities. But you can hardly call it effective. First, all XSS vulnerabilities found in popular email services are quickly fixed. Secondly, given the "first", you will have to look for the XSS vulnerability yourself (after all, all the vulnerabilities found have already been closed). And the search will take a certain amount of time. And the implementation of an attack through an XSS vulnerability requires advanced training. Alternatively, this method can be considered. Purely out of academic interest. But if you need to hack your email faster, the same social engineering will be more effective. If you want to look at hacking using XSS, you can read this article here. It describes how to steal other people's cookies. If you develop the topic further, you can replace your own cookies with someone else's and get access to someone else's mailbox.
Efficiency: low
Difficulty: high
Cost: low
Method 5: Stealing cookies
Another good way to gain access to your mailbox is by stealing cookies. Of course, it is effective if the victim stores their passwords in the browser. Even if you don't get a password for your mailbox, you can get passwords for other services. Users often use the same passwords to access different services. So if you find a password for one service (for example, a blog or forum), you can try to use it when logging in to your email account. There is a chance that it will fit.
How to steal cookies? There are various ways-from using a Trojan (see Fig. 23) before the banal copying to a flash drive or your FTP, if you were at the victim's computer. Don't have an app for getting passwords at hand (see method 3)? It doesn't matter! You can simply copy the directory with Cookies and analyze it on your computer. To analyze Cookies, you can use a variety of utilities, one of which is CookieSpy, which supports not only installed, but also portable browsers, which allows you to "slip" the program a directory with Cookies.
Stealing cookies using a Trojan
Cookie Analysis by CookieSpy
Efficiency: average
Difficulty: high
Cost: low
Method 6: bruteforce
The most inefficient way. It consists of searching through the password list. The program simply tries to find a password using the "poke" method (also known as the Cauchy method). Of course, under ideal conditions, it will eventually succeed. But almost all services will block the mailbox after 3-5 failed attempts. Therefore, it is unlikely that you will be able to use the "brute force method". If you still want to try, then you can try using the Brutus utility, the use of which is discussed on hackerthreads.
There is another fairly popular utility — THC-Hydra, which allows you to hack a variety of services: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NCP, NNTP, Oracle listener, Oracle sid, Oracle, PC-anywhere, PCNFS, POP3, Postgres, RDP, rexec, RLOGIN, RSH, S7-300, SAP/R3, SIP, SMB, SMTP, SMTP enum, SNMP, SOCKS5, SSH (V1 and V2), Subversion, TEAMSPEAK (TS2), Telnet, VMware-auth, VNC, and xmpp.
Efficiency: low
Difficulty: medium
Cost: low
Method 7: reach out to professionals
On the Internet, it is not difficult to find contacts of a" professional " who is engaged in hacking mail. This is the easiest way. Its effectiveness depends on the correct choice of a specialist. The advantage is that almost everything described in this article will be done for you (maybe a little more, maybe a little less) and you will not have to do anything yourself. The disadvantage is that the "hacker" may turn out to be an elementary fraudster. As a result, no hacked mailbox, no money. There are even special forums on the Internet where you can easily find a "specialist" (figure 25). We specifically erased the forum address so as not to make unnecessary advertising to anyone. However, if you want and know how to use the search engine, you can easily find not only this forum, but also hundreds of other similar ones.
Forum with ads about email hacking offers.
Efficiency: average
Difficulty: low
Cost: high
The essence of a Keylogger is that it writes everything that the user enters from the keyboard to a special file. You will only have to go to the computer a second time to pick up the resulting file (or receive it by mail).
One of the advantages of a Keylogger is that it records everything in a row. Therefore, in addition to passwords, you can get a lot of interesting information about your victim. But they also have a lot of disadvantages. The most important point is that most keyloggers are successfully detected by antivirus programs, and if an antivirus is installed on the victim's computer, you will not be able to use the Keylogger. After all, it is not always possible to disable the antivirus.
The second drawback stems from its dignity. The resulting file contains a lot of unnecessary information. It's not enough to collect information from the keyboard, you also need to find out what you need among all the superfluous things - a password.
The third drawback is that if the victim uses an email client rather than a web interface, the Keylogger will not help at all. Most likely, the password is already entered in the mail client and remembered, so the victim does not enter it every time when checking mail. Therefore, the Keylogger will write to the file everything that the user enters, except for what you need.
There is another drawback - if the selected Keylogger does not support sending the resulting file by e-mail, then you will have to go to the computer again. An example of a Keylogger is SniperSpy, just in case you want to use it.
Programs for" restoring " email account passwords allow you to immediately get all the passwords you are interested in without having to read megabytes of text in the search for the password you need. In addition, the antivirus does not respond to them in any way. One of these programs is Mail PassView. It allows you to recover the passwords of the following email accounts:
- Outlook Express
- Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
- Microsoft Outlook 2002/2003/2007/2010/2013 (POP3, IMAP, HTTP and SMTP Accounts)
- Windows Mail
- IncrediMail
- Eudora
- Netscape 6.x/7.x
- Mozilla Thunderbird
- Group Mail Free
- Yahoo! Mail – если пароль сохранен в приложении Yahoo! Messenger.
- Hotmail / MSN mail – if the password is saved in the MSN Messenger app.
- Gmail – if the password is saved in the Gmail Notifier, Google Desktop, or Google Talk apps.
Figure 1. Mail PassView Program
Mail PassView is not the only program of its kind. There are other programs as well:
- Outlook Password Decryptor - allows you to recover passwords from Outlook, including the most recent versions (Outlook 2015, running on Windows 10);
- PstPassword — another program for recovering passwords saved in Outlook;
- WebBrowserPassView - a program for recovering passwords stored in the browser. Supported browsers are IE, Chrome, Opera, Safari, and Firefox.
We also tested this utility. The program has successfully recovered all passwords stored in IE, Firefox, Chrome, and Opera browsers (Safari was not tested by us, but we believe that there will be a complete "order"), see Fig. 17. Even if you don't find the mailbox password in this list, this list will also be useful, because people often use the same passwords for different services.
Figure 2: Recovered passwords
For convenience, the program allows you to save the selected passwords to a text file, which you can then slowly study on your computer.
Since we have already started talking about password recovery, you can use the Dialupass program that recovers dialup / RAS / VPN passwords. The program supports Windows 2000, Windows XP, Windows 2003/2008, Windows Vista, Windows 7, Windows 8 and Windows 10
Efficiency: high
Difficulty: low
Cost: low
Method 1: social engineering
Only lazy people didn't write about this method. Much has already been said. Do you think that this method is not as effective as they say? You're wrong.
Most recently, the mail of CIA Director John Brennan was hacked. The absurdity of the situation is that the mail was hacked not by a "seasoned" hacker, but by an ordinary teenager, who correctly collected information about his "victim". The teenager first contacted the mobile operator, introducing himself as a technical support employee, and clarified the details of Brennan's account.
After that, he logged in to AOL and introduced himself as Brennan and asked to reset his password. Since he knew all the necessary information (email account number, last digits of the Bank card, 4-digit PIN code, phone number), the password was reset and no one suspected anything.
A little later, Wikileaks published letters from the CIA Director, see figure 3.
Figure 3. Letters from the CIA Director published by Wikileaks
The advantage of this method is that you do not need to have any special knowledge and this method is within the power of anyone. The success of this method depends on the savvy of the "attacker" - whether he can find the necessary information or not.
Efficiency: high
Difficulty: medium
Cost: low
Method 2: trusting users (phishing)
We'll ask the user to tell us their password themselves. No, this method does not involve physical violence, and none of the users will suffer as a result of the experiment. Physically, anyway.
The essence of this method is as follows: you need to create a fake authorization page for the service that you want to hack. For example, if you want to get a password from Yandex. mail GMail.com, then you need to create the same login page.
Next, you need to lure the user to a fake page. There are several ways to do this:
- Send him a message ostensibly on behalf of the administration of that service. In the message, specify something like "you haven't logged in to your mailbox for a long time. If you don't use it before <D>.<D><M>.<M><D>, it will be deleted.". We draw a Sign in button that will take the user to your authorization page.
- Send a message with a link that should interest the user. When they click on it, they will see a message telling them that they need to log in to view the content. Now many services allow you to log in using a GMail account or one of the social networks. So the user may not suspect anything.
So, we created an authorization form similar to the Google login form. Of Course, it could have been better, but we were in a hurry.
What happened next? Then users read the email, clicked on the link, and naively entered the username and password that were passed to the script. The script accepts this data and writes it to a text file. Any beginner who knows the basics of PHP can write such a script. An example code of the script (this is not the same script that we used) is given in listing 1.
Listing 1. the Simplest password recording scenario
Code:
The result of our scenario is shown.
Script Output.
Once again, we note that everything was done in a hurry. And Yahoo! mail was used to send the message, so as not to fight anti-spam. But it would be possible to go the other way. For example, you can find an SMTP server that can send emails freely (without authorization). As a rule, this will be an improperly configured SMTP server of some small organization. Lists of such servers are regularly updated on special resources. I don't think it will be too difficult to find such a list, for example, this one. Next, you can deploy a web server with PHP support on your local computer. Then you will have access to php. ini and can specify the SMTP server through which the mail() function will send messages.
On the other hand, you can also try to send a message through your own hosting service (you don't have to install a local web server). It all depends on its settings. For example, we used our hosting service to execute the script for sending our message. On it, the mail() function was executed without any complaints. It is clear that if you view all the email headers, the "trace" will lead to us. But that's not important to us right now. Now it is important that the "From" field in the mail client contains what we need. In the first method, we did exactly this, that is, we used the mail () function to send the message.
The standard PHP mail() function makes it easy to specify both the message text and its headers. For example:
Code:
Emails sent in this way passed Google antispam (did not end up in the Spam folder) and were displayed normally both in the mail client (checked in Outlook and The Bat!) and in the web interface. Of course, before sending a message to the victim, it is better to send it to your mailbox and make sure that the message is displayed correctly, at least that the email client correctly detects the encoding. If this is not the case, add headers describing the message encoding to $headers.
We obtained certain results using this method. Some of the users left their real passwords. Some people did not respond to this email and contacted the administrator. And some people guessed what was going on and entered gibberish instead of the password. Such mediocre results are due to the fact that we did not prepare much and made both the login form and the email itself very poorly. But we still got a few real passwords, so this method works, despite all the skepticism.
Efficiency: high
Difficulty: high
Cost: high
Method 3: study the victim and "remember" the password
Now **-**-**-**-**-**-**-**-**- remember something you never knew - the password to the victim's mailbox. Very often, email services allow you to restore a forgotten question. To make sure that the user trying to restore access to the mailbox is its owner, the mail service asks the security question specified when registering the mailbox (figure 22). If you're trying to hack the mailbox of someone you know, chances are that you already know the answer to this question. If you are hacking someone else's password, then the first thing to do is to study the victim.
Password Recovery.
The more information you collect about the victim, the easier it will be to hack the mailbox. Information can be collected in many ways - you can ingratiate yourself with the victim and find out, as if by accident, the information you need from him (for example, the maiden name of your mother, see figure 22), or you can make friends with friends of the victim. Fortunately, social networks allow you to quickly find not only the victim, but also her friends.
Efficiency: high
Difficulty: medium
Cost: low
Method 4: XSS vulnerabilities
One of the ways to hack email is to use XSS vulnerabilities. But you can hardly call it effective. First, all XSS vulnerabilities found in popular email services are quickly fixed. Secondly, given the "first", you will have to look for the XSS vulnerability yourself (after all, all the vulnerabilities found have already been closed). And the search will take a certain amount of time. And the implementation of an attack through an XSS vulnerability requires advanced training. Alternatively, this method can be considered. Purely out of academic interest. But if you need to hack your email faster, the same social engineering will be more effective. If you want to look at hacking using XSS, you can read this article here. It describes how to steal other people's cookies. If you develop the topic further, you can replace your own cookies with someone else's and get access to someone else's mailbox.
Efficiency: low
Difficulty: high
Cost: low
Method 5: Stealing cookies
Another good way to gain access to your mailbox is by stealing cookies. Of course, it is effective if the victim stores their passwords in the browser. Even if you don't get a password for your mailbox, you can get passwords for other services. Users often use the same passwords to access different services. So if you find a password for one service (for example, a blog or forum), you can try to use it when logging in to your email account. There is a chance that it will fit.
How to steal cookies? There are various ways-from using a Trojan (see Fig. 23) before the banal copying to a flash drive or your FTP, if you were at the victim's computer. Don't have an app for getting passwords at hand (see method 3)? It doesn't matter! You can simply copy the directory with Cookies and analyze it on your computer. To analyze Cookies, you can use a variety of utilities, one of which is CookieSpy, which supports not only installed, but also portable browsers, which allows you to "slip" the program a directory with Cookies.
Stealing cookies using a Trojan
Cookie Analysis by CookieSpy
Efficiency: average
Difficulty: high
Cost: low
Method 6: bruteforce
The most inefficient way. It consists of searching through the password list. The program simply tries to find a password using the "poke" method (also known as the Cauchy method). Of course, under ideal conditions, it will eventually succeed. But almost all services will block the mailbox after 3-5 failed attempts. Therefore, it is unlikely that you will be able to use the "brute force method". If you still want to try, then you can try using the Brutus utility, the use of which is discussed on hackerthreads.
There is another fairly popular utility — THC-Hydra, which allows you to hack a variety of services: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NCP, NNTP, Oracle listener, Oracle sid, Oracle, PC-anywhere, PCNFS, POP3, Postgres, RDP, rexec, RLOGIN, RSH, S7-300, SAP/R3, SIP, SMB, SMTP, SMTP enum, SNMP, SOCKS5, SSH (V1 and V2), Subversion, TEAMSPEAK (TS2), Telnet, VMware-auth, VNC, and xmpp.
Efficiency: low
Difficulty: medium
Cost: low
Method 7: reach out to professionals
On the Internet, it is not difficult to find contacts of a" professional " who is engaged in hacking mail. This is the easiest way. Its effectiveness depends on the correct choice of a specialist. The advantage is that almost everything described in this article will be done for you (maybe a little more, maybe a little less) and you will not have to do anything yourself. The disadvantage is that the "hacker" may turn out to be an elementary fraudster. As a result, no hacked mailbox, no money. There are even special forums on the Internet where you can easily find a "specialist" (figure 25). We specifically erased the forum address so as not to make unnecessary advertising to anyone. However, if you want and know how to use the search engine, you can easily find not only this forum, but also hundreds of other similar ones.
Forum with ads about email hacking offers.
Efficiency: average
Difficulty: low
Cost: high
