Social Engineering and email account cracking


Social engineering is an art of science that makes use of some psychological tricks on users to get the information you want. Looks very simple but it requires patience, approach towards the target, should be quick to respond and many more… In this article we will discuss some of the possibilities of social engineering to crack email accounts and some ways to overcome such attacks.

I think many of the enthusiastic people who want to become hackers have visited websites that contain many tutorials like "Hacking Hotmail", "Hacking Yahoo!" etc… But actually all these texts are useless and they trick on the users who want to learn hacking. Let's see an article I saw before written by Risabhdara for ASTALAVISTA.
Verfication Auto Bot
This method is probably the lamest, least known but also the most sucessful method of hacking hotmail.
***************************************************
By continuing on down this letter you agree that Hack_Attack69 will not be held responsible for any misuse of information within these pages. This letter is purely for educational use. If your intentions are similar proceed but if not you will be held responsible for your own mistakes.
Hello Hotmail users.There have been many attempts to hack hotmail.com. Unfortunately all of them have failed, EXCEPT this one. I though have found out a revolutionary way to hack hotmail. And might I add it's as easy as ABC. After 8 months of research we have found the broken link. VerificationAutoBot to be exact. VerificationAutoBot@hotmail.com is a bot, an auto bot. You send it a letter and within a week it will send you one back. The ULTIMATE hack for hotmail is as follows:
First send a letter to verificationautobot@hotmail.com, second within the Subject heading place the word "Password" (not in quotes but has to have a capital P) this way the automated bot recognizes what you are after. Then in the text field place the name of the person at hotmail that you want to hack (Do not put @hotmail.com after their name). No capital letters are to be put in this place. Then skip three (3) lines and place your own hotmail account information such as: "My login:My password" (a semicolon makes it easier for the bot to recognize). This way the bot can verify that your account actually exists. And then supplies you with the password for the person's account that you want it for. Here is an example:
--------------------------------------------------------------------------------
To: verificationautobot@hotmail.com
bcc:
cc:
Subject: Password
login of the person you want to hack
yourlogin:yourpassword
--------------------------------------------------------------------------------

This IS the only way to hack hotmail. Use it with care.
Thank You Hack_Attack69
***************************************************
After reading the above article if you give that a try, you're caught. You are just revealing your username and password for the person at verificationautobot@hotmail.com. The above is a social engineering trick played by the author of this article.

If you ever saw some article saying about the "Auto password reminders" of Hotmail, they are all useless. The people at Hotmail or Yahoo! are not fools to install such servers. Below are some of the tricks you can do on users to get some info for password cracking.

1) To know some information about an user, the best way is to chat with that person.
# If the victim is a newbie mostly he will use the same username as his password (Even I too when four years back did the same ;))
# If the age of the victim is between 15-30, above 90% users will be using his/her lover or spouse's name as their password.
# Some others use their pet's name, their job title, their DOB, their place of living etc.. as their password.

You can gain such information during chat time. Below is an example of such tricks used by me during chat-time in an Indian room.

Me: hi
Victim: hi
Me: how r u?
Victim: fine. What abt u?
Me: Very fine J
Me: Where r u 4m?
Victim: I am from Hyderabad.
Me: I am also from Hyderabad.
Me: where in Hyderabad??
Victim: gr8
Victim: Somajiguda
Me: Today is my birthday
Victim: Oh! Many many happy returns of the day
Me: Tnx
Me: What is your DOB?
Victim: DOB???????????
Me: Date of Birth
Victim: 22/2/1979
Me: Oh god! My girl friend's B'day was also the same day.
Victim: I C
Me: Do you have any g friends?
Victim: ya. Neeta
Me: Ok.
Me: gtg now
Me: bye

From the above conversation we have sufficient information to crack his email account. Let's see what information have we collected.

$ From his screen name we can know his email address
$ The victim said that he is from Somajiguda, Hyderabad. I know the postal code of Somajiguda, it is 500082
$ Saying today is my birthday I got this date of birth
$ Also I got his girl friend's name

Afterwards I went to the homepage of the mail service he is using and clicked "Forgot Password". In the next page it requested to give the date of birth and his postal code. Fortunately the service he is using doesn't ask any secret questions, it just shown up the current password.

But this method may not work all the times. You have to quickly gather the information you want.

2) The second and one of the best ways is to design a fake login screen for the email account the victim is using. You can find a lot of services on the net providing the CGI send mail accounts for free. Using these scripts you can easily get the username and password of the user directly to your email account when ever an user logs in through those screens.

But for making him to logon through your screens you must use some social engineering tricks and send an email to him.

3) Another way is to make the person, who is reading your article about hacking hotmail, a victim. Just as I've mentioned above, the trick played by Risabhdara.

There may be many other methods to reach your target. There are the ones I know and I use and I've succeeded.

 

Credits


by assassin007
http://www.hrvg.tk