Hack an email account

Hack an email account

 

I constantly get emails of people asking me how to hack hotmail, hack yahoo, and all the other popular email services. Usually it’s for one of the following moronic cover-ups: It’s my password, I just forgot it. , or my boyfriend this or my girlfriend that. I just don’t understand what possesses them to possibly think that I give a hoot.  Nah, I love you guys, I’m just kidding! Everyone seems to think that there’s some hacking trick that will magically get them the password. Too bad you have to actually learn something. Bummer… eh? Below I have briefly described the most common methods.

Phishing - Phishing is by far the most used and easiest method. The attacker simply sets up a page that looks exactly like the real email login page and tricks people into entering their login information.
Update: Check out the new post on how to create your own phishing page here.

Malware - Attackers can infect computers with malware such as Trojan horses that could extract all the saved passwords on a computer or a key logger that will log all the victims typed passwords.

Guessing - The attacker could literally guess the password if the victim uses an easy password like his/her name, birthday, favorite something, pets name, or something similar. If the attacker knows the victim well enough this attack won’t be that difficult to carry out.

Social Engineering - The attacker could literally ask for your password by calling up the victim and pretending to be an IT employee of the company. Once the victims trust is gained, the attacker would then make up a story saying something like the victims password is needed to do some updates because the user database is down or some other bogus. The attacker could also use social engineering along with a phishing page. This would be done by sending the victim a n email that looks like it is from the real email provider. In the email would be a link to his phishing page telling the victim that he/she needs to login and update or change some information immediately for whatever reason.

If you would like to see in detail how to excecute every one of these methods, see The Hacker’s Underground Handbook.

Read More

Know More About Secure Sockets Layer (SSL)

Know More About Secure Sockets Layer (SSL)

 

Secure Sockets Layer (SSL) is the most widely used technology for providing a secure communication between the web client and the web server. Most of us are familiar with many sites such as Gmail, Yahoo etc. using https protocol in their login pages. When we see this, we may wonder what’s the difference between http and https. In simple words HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a SECURE communication.

What exactly is Secure Communication ?

Suppose there exists two communication parties A (client) and B (server).

Working of HTTP

When A sends a message to B, the message is sent as a plain text in an unencrypted manner. This is acceptable in normal situations where the messages exchanged are not confidential. But imagine a situation where A sends a PASSWORD to B. In this case, the password is also sent as a plain text. This has a serious security problem because, if an intruder (hacker) can gain unauthorised access to the ongoing communication between A and B , he can see the PASSWORDS since they remain unencrypted. This scenario is illustrated using the following figure

 

Now lets see the working of HTTPS

When A sends a PASSWORD (say “mypass“) to B, the message is sent in an encrypted format. The encrypted message is decrypted on B’s side. So even if the Hacker gains an unauthorised access to the ongoing communication between A and B he gets only the encrypted password (“xz54p6kd“) and not the original password. This is shown below

How is HTTPS implemented ?

HTTPS is implemented using Secure Sockets Layer (SSL).A website can implement HTTPS by purchasing an SSL Certificate. Secure Sockets Layer (SSL) technology protects a Web site and makes it easy for the Web site visitors to trust it. It has the following uses

1. An SSL Certificate enables encryption of sensitive information during online transactions.
2. Each SSL Certificate contains unique, authenticated information about the certificate owner.
3. A Certificate Authority verifies the identity of the certificate owner when it is issued.

How Encryption Works ?

Each SSL Certificate consists of a Public key and a Private key. The public key is used to encrypt the information and the private key is used to decrypt it. When your browser connects to a secure domain, the server sends a Public key to the browser to perform the encryption. The public key is made available to every one but the private key(used for decryption) is kept secret. So during a secure communication, the browser encrypts the message using the public key and sends it to the server. The message is decrypted on the server side using the Private key(Secret key).

How to identify a Secure Connection ?

In Internet Explorer, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar.You can click the lock to view the identity of the website.

In high-security browsers, the authenticated organization name is prominently displayed and the address bar turns GREEN when an Extended Validation SSL Certificate is detected. If the information does not match or the certificate has expired, the browser displays an error message or warning and the status bar may turn RED.

So the bottom line is, whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you have a secure communication. A secure communication is a must in these situations.Otherwise there are chances of Phishing using a Fake login Page.

Read More

What is MD5 Hash and How to Use it?

What is MD5 Hash and How to Use it?

 

In this post I will explain you about one of my favorite and interesting cryptographic algorithm called MD5 (Message-Digest algorithm 5). This algorithm is mainly used to perform file integrity checks under most circumstances. Here I will not jump into the technical aspects of this algorithm, rather will tell you about how to make use of this algorithm in your daily life. Before I tell you about how to use MD5, I would like to share one of my recent experience which made me start using MD5 algorithm.

Recently I made some significant changes and updates to my website and as obvious I generated a complete backup of the site on my server. I downloaded this backup onto my PC and deleted the original one on the server. But after a few days something went wrong and I wanted to restore the backup that I downloaded. When I tried to restore the backup I was shocked! The backup file that I used to restore was corrupted. That means, the backup file that I downloaded onto my PC wasn’t exactly the one that was on my server. The reason is that there occured some data loss during the download process. Yes, this data loss can happen often when a file is downloaded from the Internet. The file can be corrupted due to any of the following reasons.

• Data loss during the download process, due to instability in the Internet connection/server
• The file can be tampered due to virus infections or
• Due to Hacker attacks

So whenever you download any valuable data from the Internet it is completely necessary that you check the integrity of the downloaded file. That is you need to ensure that the downloaded file is exactly the same as that of the original one. In this scenario the MD5 hash can become handy. All you have to do is generate MD5 hash (or MD5 check-sum) for the intended file on your server. After you download the file onto your PC, again generate MD5 hash for the downloaded file. Compare these two hashes and if it matches then it means that the file is downloaded perfectly without any data loss.

A MD5 hash is nothing but a 32 digit hexadicimal number which can be something as follows

e4d909c290d0fb1ca068ffaddf22cbd0

This hash is unique for every file irrespective of it’s size and type. That means two .exe files with the same size will not have the same MD5 hash even though they are of same type and size. So MD5 hash can be used to uniquely identify a file. 

How to use MD5 Hash to check the Integrity of Files?

Suppose you have a file called backup.tar on your server. Before you download, you need to generate MD5 hash for this file on your server. To do so use the following command.

For UNIX:

md5sum backup.tar

When you hit ENTER you’ll see something as follows

e4d909c290d0fb1ca068ffaddf22cbd0

This is the MD5 hash for the file backup.tar. After you download this file onto your PC, you can cross check it’s integrity by again re-generating MD5 hash for the downloaded file. If both the hash matches then it means that the file is perfect. Otherwise it means that the file is corrupt. To generate the MD5 hash for the downloaded file on your Windows PC use the following freeware tool

MD5 Summer (Click on the link to download)

Read More

How to Hack Windows Administrator Password

PASSWORD HACKING, VISTA HACKS, WIN 7 HACKS, XP HACKS »
How to Hack Windows Administrator Password


This hack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.

Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer. You can do this with a small tool called Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features.

* You do not need to know the old password to set a new one
* Will detect and offer to unlock locked or disabled out user accounts!
* There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.


How it works?

Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence it is necessary that you need to boot off your computer and access this sam file via boot. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.

The download link for both CD and floppy drives along with the complete instructions is given below

Offline NT Password & Reg Editor Download

It is recommended that you download the CD version of the tool since floppy drive is outdated and doesn’t exist in today’s computer. Once you download you’ll get a bootable image which you need to burn it onto your CD. Now boot your computer from this CD and follow the screen instructions to reset the password.
Another simple way to reset non-administrator account passwords

Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task.

1. Open the command prompt (Start->Run->type cmd->Enter)

2. Now type net user and hit Enter

3. Now the system will show you a list of user accounts on the computer. Say for example you need to reset the password of the account by name John, then do as follows

4. Type net user John * and hit Enter. Now the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for John without knowing his old password.

So in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.

Read More

hub vs switch – sniffing

hub vs switch – sniffing

Let’s look at the difference between a hub and a switch and how one could attack them. Watch the video to see hubs and switches from a hacker’s point of view. Read the post for a more formal description. (sorry about the quality, still working on perfecting this video stuff)

A hub and a switch have the same purpose; to connect a bunch of computers via ethernet “cross over” cables to create a network. Their main difference is that a switch is much more intelligent than a hub.

On a hub, all of the internet traffic (packets) are sent to every connected computer, where it is determined whether it belongs to that computer. As you may have already guessed, this isn’t very bandwidth friendly and is bad for performance.

Switches are much smarter, they are able to inspect all the headers of the packets coming in and determine where they are coming from and to whom they are destined for. The switch then forwards the traffic to the proper destination. This greatly reduces bandwidth and offers much better performance. For this reason you won’t find many hubs these days, switches are the preferred choice for networks for obvious reasons.

Because all traffic is forwarded to all the machines on a hub, it is very easy to sniff and store the traffic since it just comes to you. The sniffed packets may include website passwords, ftp passwords, the websites the user visits and other personal information.

On a switch, since the traffic is examined and forwarded to the correct machine, how would you sniff it if it doesn’t come to you? Easy, by ARP spoofing. Watch out for a post on that very soon.

Read More