|
BY
Rishabh Šara
r_dara@hotmail.com
www.rishabhdara.com
In this tutorial I am going to discuss the various ways of
getting past the hotmail security systems.
1)Brute Forcing
This method is extremely tedious, time consuming and
useless. A Brute Forcing software tries to gain acsess to an
account by the "hit and try" method. It has a dictionary
list of (supposedly all) possible passwords and it tries all
those passwords for that one username. A good Brute Forcer
is the Munga Bunga's HTTP Brute Forcer
(http://www.rishabhdara.com/tools/password/bruteforcers/)
2)Fake Login screen
The victim can be fooled into typing his password into a
fake login screen which looks similar to that of the actual
hotmail login screen. Once he types in his login & password
and clicks on sign-in, his details are mailed to your
specified email address.
(http://www.rishabhdara.com/fakeloginscreen.htm)
(http://www.rishabhdara.com/computersecurity/Fake Hotmail
Login Screen.zip)
3)Java Scripting & Cookies
Web Programmers tend to use relatively easy webbased
languages at the expence of security (cross-scripting).
These can be exploited ...
(http://eyeonsecurity.net//papers/passport.htm)
4)Keyloggers & Similar Trojans
Send him a keylogger which notes down all his keystrokes
and then mails them to you. If he ever signs in into his
hotmail account, his username and password will be sent to
you.
(http://www.rishabhdara.com/tools/utilities/keylogger/)
(http://www.astalavista.com/library/misc/hotmail/hack.shtml)
5)Hotmail Message Scanner
Some bright empiricist from Root-Core has discovered that
anyone can log into their Hotmail account and then call
messages from any other Hotmail account by crafting a URL
with the second account's username and a valid message
number.
(http://www.astalavista.com/hacking/password/hotmail1.shtml)
6)Verfication Auto Bot
This method is probably the lamest, least known but also
the most sucessful method of hacking hotmail. For this i
created a email address verificationautobot@hotmail.com .
Then i added a page on my website ie.
http://www.rishabhdara.com/computersecurity/hotmail.htm
which had the following message ...
*************************BEGIN*********************
By continuing on down this letter you agree that
Hack_Attack69 will not be held responsible for any misuse of
information within these pages. This letter is purely for
educational use. If your intentions are similar proceed but
if not you will be held responsible for your own mistakes.
Hello Hotmail users. There have been many attempts to hack
hotmail.com. Unfortunately all of them have failed, EXCEPT
this one. I though have found out a revolutionary way to
hack hotmail. And might I add it's as easy as ABC. After 8
months of research we have found the broken link.
VerificationAutoBot to be exact.
VerificationAutoBot@hotmail.com is a bot, an auto bot. You
send it a letter and within a week it will send you one
back. The ULTIMATE hack for hotmail is as follows:
First send a letter to verificationautobot@hotmail.com,
second within the Subject heading place the word "Password"
(not in quotes but has to have a capital P) this way the
automated bot recognizes what you are after. Then in the
text field place the name of the person at hotmail that you
want to hack (Do not put @hotmail.com after their name). No
capital letters are to be put in this place. Then skip three
(3) lines and place your own hotmail account information
such as: "My login:My password" (a semicolon makes it easier
for the bot to recognize). This way the bot can verify that
your account actually exists. And then supplies you with the
password for the person's account that you want it for. Here
is an example:
--------------------------------------------------------------------------------
To: verificationautobot@hotmail.com
bcc:
cc:
Subject: Password
login of the person you want to hack
yourlogin:yourpassword
--------------------------------------------------------------------------------
This IS the only way to hack hotmail. Use it with care.
Thank You Hack_Attack69
*************************END*********************
People ... being extremely vulnerable, fell for my trick.
Now i recieve 700-800 new emails everyday on
verficationautobot@hotmail.com . LOL ;)
Ps: You need to use a similar method and fool others into
doing the above and mailing their passwords to you.
7)Confirmation of Activation
For this one needs to know how to send anonymous emails.
Good anonymous mailers can be downloaded at
http://www.rishabhdara.com/tools/utilities/email/ . Then You
need to create a hotmail account which sounds similar to
confiramtionofactivation@hotmail.com or
re_confirmation@hotmail.com. Then send a email from "Hotmail
Member Services" <staff@hotmail.com> to your victim with the
following message ...
*************************BEGIN*********************
Dear Hotmail® User,
The MSN Hotmail servers are currently under heavy stress
due to unproportional usage of our email services. Thus The
Hotmail Staff has decided to reduce the number of Hotmail
accounts by a huge margin to regain its potential.
All accounts which are currently not under use shall be
removed permanently from our web servers. If you wish to
retain your Hotmail account kindly send an email to
confirmationofactivation@hotmail.com with the subject as
"CONFIRMATION" and the message body containing the following
details seperated by colons(;)
Login ; Password ; Date of Birth ; Country
Accounts not confirmed shall be rendered terminated. MSN
Hotmail® sincerely regrets the inconvenience caused to its
clients.
The Hotmail Staff
*************************END*********************
This procedure almost "never" fails. Your victim is surely
going to reply back with his password.
Credits|
Rishabh Šara
r_dara@hotmail.com
http://www.rishabhdara.com
Discalimer | The contents of this tutorial should be used
for educational purposes only and any misuse of information
is none of my buisness ;)
Credits
BY Rishabh Šara |