PDA

View Full Version : Hotmail Hacking Exposed ...nice one



Pirate King
05-21-2009, 01:11 PM
Hotmail Hacking Exposed !!
Author : U.R

Disclaimer : The information in this tutorial is for educational purposes only !!.The Author isn’t responsible for anything that come’s out of this information. And copy this tutorial ONLY with my name on it otherwise I will trace you down like a maniac.

Intro
Ok I’m whiling to learn you all about hotmail hacking. I’m going to explain Every hotmail hacking technique that exist. This information is only for educational purposes if you have any intention of using it to hack people stop reading right now. For all the people that want too learn something have a nice read. I’m going to give you the key of the world of hotmail hacking.

Phishing Pages and the tricks of phishers
I thought let’s start easy and easy is phishing.Phishing pages are internet inlog pages that look exactly like the real login page with only 2 differents. Phishing pages are logging your username and password and are located on a other server.For example you have a phishing page of hotmail.com and you host it on your own server the link would be as :


[Only Registered And Activated Users Can See Links]

for example and if someone will login on your website you will be able to read his email+password in the log(mostly a text file where the phishing page save’s all the stolen passwords). Ofcourse allot of people won’t login in a website that has an different domain so that’s why phishers come up with techniques so people will login on their phishing page, and I’m going too tell you a few.

Redirect
Redirect is some script on a website that sends people too another website.So if you find a redirect on hotmail website you can put your website in the url of the redirect. So people will see it starts with hotmail.com blablabla and think it’s safe to login.I’ll show you a old nog fixed redirect in hotmail
Code:
Example :


[Only Registered And Activated Users Can See Links]

See the domain


[Only Registered And Activated Users Can See Links]

you just put your scampage here and give someone this link. He see’s the hotmail.com and thinkgs it’s safe to click and too login.And viola you got the victim his msn password and your in.

Social engineering like the script kiddy’s
Some script kiddy’s come up with a easy way to hack people without any real knowledge of hacking. They say on a noob forum that they know how to hack a email account little example of the scam.

Hello i know how to hack hotmail.com ,i didn’t believed it but i tryed and now i can hack every email adres i want.Reason why i’m telling i hacked enough emails and i knew this for a long time so i share it with the people.You can hack someone this way.You send a computer a email adres with the folow details and with the numbers because else the computer doesn’t recognize the mail. And after sending your get the password in a few day’s in your inbox.


78585667-email has to be hacked-8655657-VICTIMSNAME-7867868776-youremail-87879879778-yourpassword-67686876

Of course this technique isn’t that impressive but trust me allot of people are dumb enough. Because allot of people that chat the whole day on msn are happy when their computer startup and then they use all their computer knowledge to push on the msn icon.Yeah you wil learn when you know how to bring scams good you can use social engineering for scams to pish everyone, the biggest hackers all time used allot of social engineering a famous example of a hacker is kevin mitnick, in the movie based on his life(Hackers2) you see some social engineering skills too.

Social engineering for Phishers
Phishers are people that steal money and acount details with social engineering and new phishing technique’s. This group has allot of way’s to scam people and have many private technique’s to do the job.I will give you a example of a technique that allot of phishers use.Because phishers have more knowledge they do a whole research on a person.Name, Adres , Etc. When he has all the information he needs, the phisher is sending a fake mail with a anonymous mailer script .With the anonymous mailer the phisher can use every email adres as “sender” so someone else his email will come up like magic as sender of the email.So the phisher sends a fake “information email from hotmail.com” that looks like the real email with the victimes details.The email say’s that if this acount is still in use they have too login in the msn portal or else they will close the acount. And they have to login on the website with the phishing page that works in combination with a redirect bug in the hotmail website.This mostly works really good.(ofcourse real social engineering problems with this technique will look really professional.

The little Children technique
Little children that want to be hackers to be cool for friends are using this simple technique.Still you need some social engineering skills for it. Example of how this technique works.The “little child” wants to hack the victims email adres by answer their secret question. For example the secret question “what is the name of my favorite pat”. Now the hacker will going to start a chat about his own pat’s with the victim, mostly the victim is going too chat about his pat’s and will tell the hacker the name of his favorite.Now the hacker is still talking with the victim about other subjects so it looks like a normal conversation and he forget the subject over pants.Next day his email is hacked and the victim gave information and got hacked. This technique really works well if your good in social engineering

Alternative Phishing
This is one of the best technique’s their is in the phishing scene but not that famous.What a hacker does is write a few evil codes too the hosts file.Now when the victim type’s hotmail.com in internet explorer he will come automatic on the phishing page that logs his acount details.But in the url he just see’s hotmail.com so he thinks it is the real website.Perfect Phishing if you ask me.Allot hackers built in backdoors in tools to let them do things like this.A few criminal organizations are writing big worms too edit the hosts file too steal inlog details. How this working exactly ?

Step 1 : Go to "C:\windows\system32\drivers\etc\" and you will see a file named "hosts"
Step 2 : Upload your phishing page of hotmail.com
Step 3 : ping your scam page and use the IP as URL and if he come’s on your scam page it’s good
Step 4 : Now write a tool that add this line too the hosts file: “yourphishingpageip hotmail.com” (without “”)

A example is: 64.233.183.99 hotmail.com.

Tools and information about msn password recover.
The hacktools scene noticed too how much information people store in their inbox and got intrested in hacking hotmail and if it could be done with one tool.And now i can say too you yeah it is possible to hack msn’s with one hacktool.A hacktool i once made just used a simlair technique as Msn Password recovery application do.It’s recovering the login details from the computer and decrypts the password and sends this information too my email adres.You see msnhackers aren’t a urban legend anymore. Other famous password hackers are “Msn hacker gold”.Some people even made fake login tools that pretend too be the real msnmsgr.exe (Msn messenger) that logs your password on a web server.

Information about Msn password recovery.
The questions allot of people in the hack scene ask allot is “where are the msn passwords located on my computer” and i’m going too learn you where.And with what protection there protected. And give you a little information about how they make simple msn password stealers.Ps : for the people that have never heard of registery please stop reading this tutorial right now and go learn it you lazy bastard.

• For early versions of MSN Messengers up to and including 5.0
This passwords where stored in the registery encrypted with base64.So just type “base64 decrypter” in google and copy/past the encrypter password and jackpot. The password is in the key “Password.NET Messenger Service” path: (HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger ).

• For MSN Messenger 6.0 - 7.0:
Microsoft started to use the internal encryption function CryptUnprotectData to store the saved passwords for MSN Messenger. So the password is better protected. The changes in the password storage mechanism for MSN Messenger 7.0 in Win XP and 2003 included adding the entropy value, which is based on credui.dll GUID.

• For MSN Messenger 7.5:
When 7.5 came out people noticed msn was gotten a little hackers paranoid and changed the password algorithm again. since now Credentials manager is used (Windows password manager) along with a dynamic salt value and entropy. Credentials manager data is stored in the following registry path:
(HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\ . The stored msn password is encrypted with “Microsoft Enhanced Cryptographic Provider v1.0”.This information i founded in the assambly of the file “msidcrl.dll” located in the msn folder.This file save’s the hotmail password.

Using Msn Password recovery for hacking
To abuse this is quit simple. Just make a decrypter for the encryption of the msn password.And let him send the password too a .php file and sends it too your email.quit easy but not that many used technique.The only app i saw that used this is MultiPass.

Personal Message Bug
Not a long time ago people found a bug in msn, the famous “personal Message bug”.I’m gonna easy explain the bug.You fill in a line of letters/symbols in your personal message, msn then logs you automatic off and you can’t login again either. Here 2 examples of the bug if you put this in your personal message you can’t login anymore.


Bug 1 :
n—a_Á—ay±m—aÁÇáç±Çáß±Çá§ÁaÇáDZOÇá—±Ç᧱Çár***6553 3;
***65533;***65533;
***65533;ÁÇ á+NÇ áLáÇá

Bug 2:
(Error) 'A

Now some hackers discovered a social engineering technique with this bug.They told people that there email would be totally invisible if they put the bug line in their personal message.People did that and when they contact the hacker with a other email adres then the hackers says you can’t fix it without knowing pro coding etc.. but he offers to fix it for them but then i needs the password..victim give his password...jackpot !

Solution :
Delete everything in this folders.


C:\Documents And Settings\<USERNAME>\Local Settings\Application Data\Mcft\Windows Live Contacts\<EMAIL>

C:\Documents And Settings\<USERNAME>\Local Settings\Application Data\Mcft\MSN Messenger\<EMAIL>

C:\Documents And Settings\<USERNAME>\Local Settings\Application Data\Mcft\Messenger\<EMAIL>

XSS ( Cross Site Scripting)
I ain’t going to talk allot about this because their are way too many tutorials about this.Gonna keep it short.Some hackers search the live.nl website for XSS bugs, so they can run javascript and steal cookies.And then they edit their own headers making hotmail believe their the victim and then they get acces too the inbox.

Note : the only adresses that have usefull cookies are live.nl and msn.com.

Hotmail XSS Tutorials Link : Code:


[Only Registered And Activated Users Can See Links]

[Only Registered And Activated Users Can See Links]

Phish hotmail employers
This is a technique that is often used by people that don’t know **** about hacking.But this people are king in social engineering because they manipulate the hotmail employers to get the password.Here’s how they do it. Code:

1) Of course you need to know the victims email adres
2) Find a myspace, hyves or a other internet profile of your victim
3) mail msn
4) Just say you have forgotten your password pretend that you are your victim.
5) msn will send your a list of information you need to fill in, use the internet profile
6) send email, and later you get a email you can edit the password or the password is already changed and you get it in your inbox.



And trust me you won’t believe your eyes because it works.

Hacking databases
If you hacked a database from a forum you can see the password hashes and their email. Crack some password hashes and try the password of the forum on their email 80% chance that it is the same one.

Fake MsnHackers
Some scriptkiddys make fake msnhacker tools.Where you have too fill in your own email + password asswell of course this tools is only coded too steal their password.

End word

I hope you all liked this tut.I know their allot more hacking going on but I can’t explain everything some things you still need to discover on your own. And remember that if you have a little fantasy you can think of allot more password stealing technique’s because the possibility’s are endless never forgot that.

REV937
05-24-2009, 06:59 AM
Good read,thanks for it.

Lil Nickk
05-24-2009, 07:23 AM
damn, thats a lotta stuff to read. but ima try

Nike000
07-13-2009, 03:09 AM
thanx for the info....