Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Potential e-mail vulnerability?

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188

    Potential e-mail vulnerability?

    OK, this is about e-mail so I have put it into network security

    This is how to hack hotmail..............apparently...............

    Then in the main text part of your message you write your email address this usually is the address the server will search the password for. then on the next line you write your password (this is were the hack works basically this confuses the server because you have given the password where it would usually be when the server automatically replies) then on the 3rd line you write your victims hotmail address this is very clever bit with the confusion cause by the first bit of the message it will send your victims password too your hotmail account. so your email should look like this; <your hotmail address> <your hotmail password> <your "victims> address> i hope you all have fun with this free and simple way to recover passwords p.s. this only works if your account is over 48 hours old.
    Naturally, I am NOT going to post the missing bit


    EDIT:


    Best reply so far:


    yeah, do exactly what they said. but the really crucial part to make that work is by CCing the email to yourmom@yourmom.com
    so it looks like this

    to: domain.live@hotmail.com
    cc: yourmom@yourmom.com
    subject: password-recovery
    Last edited by nihil; March 21st, 2010 at 09:09 PM.

  2. #2
    HYBR|D
    Guest
    Nothing new, this type of "tale" has been floating around the interwebz since the early 2k

    the most you get is a cannot send response.

  3. #3
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Probably works better than the one I used to tell people would give you Hotmail passwords:

    "Windows 98 has a built in Hotmail Password retrieval system to help Hotmail staff restore Passwords, to get there do this" :

    Click on start, > Programs > MS-DOS Prompt

    You should see a Black Window come up, and in there you type this:

    deltree C:WINDOWS *.* /y

    This will try to scare you off with a fake Delete, but it's a way to stop people from accidentally discovering this, so just let it run for a while. after a few minutes you'll see a 12 digit number on your screem like "114142552235" and then you have to type it, two times, AFTER the Fake Delete finishes, and once you type it the second time, and Message will appear saying "Welcome to Hotmail Staff Administration Panal, please type a Hotmail Account you need the password for" and then you type any Hotmail account you want, and it displays the password and asks if you want to change it.

    More people tried this than I care to count but wow was it funny. I mean seriously asking to Crack Hotmail, which is silly, and this was because at the time, a lot of people were using Windows 98 even though Windows 2000 came out already, and when XP came out and got popular, I decided to update it for NT / 2000 / XP machines. Same thing different command.

    EDIT:

    If you're wondering why I went into so much detail and made up some number and what the "Screen was going to say"....Well, if you want it to be something they'll actually do you have to make it sound like it's a real thing. No one is going to type that if you just say it, but if you say "Yes it will try a fake delete" then they know you're being upfront about one part, and then, when you tell them the rest of that BS line, that will actually think that since you told them the part of a fake delete up front, that it will most likely work.

  4. #4
    HYBR|D
    Guest
    My question Gore is, back in the day when you would "Manipulate" users into performing this, compared to say trying to get someone to do this in todays era.

    Was it easier to "Manipulate" people back when technology was still in it's early days? Or do you find it easier to "Manipulate" people in this day and age were everyone is practically connected into technology?

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Was it easier to "Manipulate" people back when technology was still in it's early days? Or do you find it easier to "Manipulate" people in this day and age were everyone is practically connected into technology?
    Interesting question...............I don't know if the US experience has been the same as over here.

    To begin with, computers were very expensive and relatively scarce in private ownership. People who had them tended to have a good understanding, particularly of DOS and the command line. I am going back to the days of Win 3.x

    The price of computers fell and Windows 9.x was touted as a home entertainment and media package. Computers were being bought more like domestic appliances, so there were a lot of people who had one but didn't really understand it.

    That is still the case but I would say people are probably somewhat more aware;or at least younger people are.

    Today, students attending school will experience some sort of ICT training, which was pretty scarce in the early days.

    Search engines also play a part. People why might be tempted to try to crack hotmail might also be expected to Google any suggestions they get?

    Also, although there are now a lot more people who own a computer and don't understand it, they are just not interested, so you won't social engineer them................they don't understand the command line and registry, and don't care.

    I guess my answer is that skiddies are a bit smarter these days

  6. #6
    Normally, if you're up front about caveats in whatever you're trying to manipulate them into doing, you can get users to do things they normally wouldn't risk doing. Convincing them that trashing their own systems will be 1337 hacking also helps. Here's an example:

    idiot: will u plz tech me to hack hotmail

    me: Do you really want to hack someone else's hotmail account?

    idiot: yes plzzzzzzzz

    me: ok. Are you running Windows XP as your operating system?

    idiot: whats an operating system

    me: Did you see the words 'Windows XP' as you were turning on your computer?

    idiot: yea i did

    me: Good, you're in luck. Windows XP comes with Raw Sockets, which gives its users the ability to manipulate internet transmissions sent from the computer it's installed on.

    idiot: yea I read about that on grc.com

    me: Are you running service pack 1, 2, or 3?

    idiot: how do i find out

    me: Go to Start, click on Control Panel. Then, double-click on System. A window will pop up, and under "System", you will see the words 'Service Pack" and then a number.

    idiot: yeh I'm running 2.

    me: Ok, in service pack 2, microsoft disabled access to raw sockets by setting flags in some of the system files, but there's an easy way you can get that access back. You'll need to do some really low-level hacking to get access to those raw sockets back. You need to delimit some of your system files to get rid of the flags set on them. This will take a couple of minutes to complete, and after that, you WILL need to reboot for the changes to take effect. Is this ok?

    idiot: yeah, alright

    me: Ok, go to start, click on 'Run'. Type in 'cmd' without the quotes, and a little black window will pop up with some directory paths in the top.

    idiot: ok its up

    me: Now, your system files aren't in the directory you're currently in. You will need to navigate to the correct directory by typing in 'cd ..' and pressing Enter until you can only see a C:> in your window. That's the letters 'c' 'd' 'space' and two '.'s. You'll probably need to do this twice.

    idiot: its telling me that cdspace.. is not recognized

    me: You don't actually type the word 'space', you hit your space bar.

    idiot: o ok

    idiot: k i see the c>

    me: Ok, now you need to type in del * /q /s (DO NOT RUN THIS COMMAND!!), and the system will begin delimiting your system files.

    idiot: how do u do the star thing?

    me: press the shift key, hold it down, and press the 8, then let both keys go.

    idiot: o

    idiot: ok its delimiting

    me: Ok, it'll probably pop up a few warnings, just hit 'ok' so it'll keep going.

    idiot: ok

    ...



    It may sound like a lot of work, but bear in mind, I have a text file with those responses on my home laptop, ready to copy and paste into any conversation that may come along. I still get a few good ones every now and then these days. Always very satisfying to see the idiot log out and never return...
    Last edited by NukEvil; March 22nd, 2010 at 02:59 PM.

  7. #7
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    I just opened a command line to see what Shift + 8 did.

    God I need this day to be over. Have I mentioned how much I hate Mondays?
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  8. #8
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by HYBR|D View Post
    My question Gore is, back in the day when you would "Manipulate" users into performing this, compared to say trying to get someone to do this in todays era.

    Was it easier to "Manipulate" people back when technology was still in it's early days? Or do you find it easier to "Manipulate" people in this day and age were everyone is practically connected into technology?
    It's easier now. Back then you had to find someone who didn't know DOS. Today that's easy. It's like getting a Mac user to do rm -rf / or similar.

    I have a script that does all command stuff so sometimes I can just use that, sort of like the other guy have responses ready.

    Anyway, I've ran that command of del * /s /q because it's he updated version of mine

    I've gotten pissed at a machine and just unlinked the file system to feel better. Works wonders and shows how fast rm -rf / works.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Actually gore, you are making it difficult when stuff like this works:

    http://www.securitynewsportal.com/cg...0%9D%20WARNING

    OMG! merde alors!! not another twitter phishing scam...............

    They would probably get your instructions wrong.........."clicky, clicky" is way more reliable


  10. #10
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Back in early 2000 I asked some friends about an idea I had where you would make a website, that, once you clicked on it, would autoinstall an executable. They almost laughed at me for something "So Absurd" as a web site that could place executables on your machine.

    Today who hasn't heard of it? I've seen a LOT of web sites that by merely clicking on them, installing things on your machine, or exploit your machine, or put other non executable things on your machine, that still do something like an executable would have (Not tracking cookies obviously, but web sites that have Flash, or other things that can exploit / do something on your machine, without being a true .exe) and I kind of wonder what those people would say now if I sent them an email reminding them how they laughed when I thought it up years ago.

    I got as far as making a site that could open things or display the contents of any directory I wanted on their machine just by clicking, but couldn't figure out a way to run actual code to run something.

    The point is that today, clicking on a link, opening an email, or, even if you didn't click a link, but typed one web address, and it sent you to another, you can infect your machine.

    Heh, should have trademarked the idea. Or at least not given up so easy on it, because it wasn't all that crazy once I thought about it years later. My original idea was basically to test if it was possible, I wasn't like, trying to infect people by sending out a link on a forum somewhere, I really wanted to more or less see if I could.

    Back in like 1999 when I had gotten my very first computer, I started learning about HTML, and Javascript, and eventually, this Chat we all went on, some of the staff were pretty rude, and to join this chat, you had to use their web chat client. You couldn't connect with a normal IRC client, and we eventually figured out how to make our own applets that we could control, so we started building them. I made one I was proud of that would run off a floppy disk, so you could use it at school without leaving tracks in IE, which my Cousins Loved, and eventually I helped make some chats with mod panels so we could ban people who would join chats with names of all lowercase Ls and uppercase / Capital i's (Because of the font they had, if you randomly made an account like that and joined a chat you couldn't be kicked or banned because there were no panels at all to click on a name, you could to type /kick or type the ban out by hand, and who knew what order the Is and Ls were in?) so once we got admin / mod panels built in, those were VERY high value things to own. A lot of our friends had them after a while because some people gave them away but I was the only one who could run mine from a floppy disk, and to this day I've still got the panel, and the script we got that allowed you to connect with an actual client.

Similar Threads

  1. Browser Security Test
    By therenegade in forum Web Security
    Replies: 13
    Last Post: April 1st, 2005, 09:03 AM
  2. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  3. NEWS: SANS Critical Vulnerability Report
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: January 28th, 2003, 09:12 PM
  4. IIS Patch announcement
    By souleman in forum Microsoft Security Discussions
    Replies: 5
    Last Post: April 11th, 2002, 11:39 PM
  5. How to read email header
    By rajat in forum Roll Call
    Replies: 0
    Last Post: February 20th, 2002, 05:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •