Potential e-mail vulnerability?

OK, this is about e-mail so I have put it into network security:)

This is how to hack hotmail..............apparently...............

Quote:

---

Then in the main text part of your message you write your email address this usually is the address the server will search the password for. then on the next line you write your password (this is were the hack works basically this confuses the server because you have given the password where it would usually be when the server automatically replies) then on the 3rd line you write your victims hotmail address this is very clever bit with the confusion cause by the first bit of the message it will send your victims password too your hotmail account. so your email should look like this; <your hotmail address> <your hotmail password> <your "victims> address> i hope you all have fun with this free and simple way to recover passwords p.s. this only works if your account is over 48 hours old.

---

Naturally, I am NOT going to post the missing bit :p:cool:


EDIT:


Best reply so far:

Quote:

---

yeah, do exactly what they said. but the really crucial part to make that work is by CCing the email to [email protected]
so it looks like this

to: [email protected]
cc: [email protected]
subject: password-recovery

---

Nothing new, this type of "tale" has been floating around the interwebz since the early 2k

the most you get is a cannot send response.

Probably works better than the one I used to tell people would give you Hotmail passwords:

"Windows 98 has a built in Hotmail Password retrieval system to help Hotmail staff restore Passwords, to get there do this" :

Click on start, > Programs > MS-DOS Prompt

You should see a Black Window come up, and in there you type this:

deltree C:WINDOWS *.* /y

This will try to scare you off with a fake Delete, but it's a way to stop people from accidentally discovering this, so just let it run for a while. after a few minutes you'll see a 12 digit number on your screem like "114142552235" and then you have to type it, two times, AFTER the Fake Delete finishes, and once you type it the second time, and Message will appear saying "Welcome to Hotmail Staff Administration Panal, please type a Hotmail Account you need the password for" and then you type any Hotmail account you want, and it displays the password and asks if you want to change it.

More people tried this than I care to count but wow was it funny. I mean seriously asking to Crack Hotmail, which is silly, and this was because at the time, a lot of people were using Windows 98 even though Windows 2000 came out already, and when XP came out and got popular, I decided to update it for NT / 2000 / XP machines. Same thing different command.

EDIT:

If you're wondering why I went into so much detail and made up some number and what the "Screen was going to say"....Well, if you want it to be something they'll actually do you have to make it sound like it's a real thing. No one is going to type that if you just say it, but if you say "Yes it will try a fake delete" then they know you're being upfront about one part, and then, when you tell them the rest of that BS line, that will actually think that since you told them the part of a fake delete up front, that it will most likely work.

My question Gore is, back in the day when you would "Manipulate" users into performing this, compared to say trying to get someone to do this in todays era.

Was it easier to "Manipulate" people back when technology was still in it's early days? Or do you find it easier to "Manipulate" people in this day and age were everyone is practically connected into technology?

Quote:

---

Was it easier to "Manipulate" people back when technology was still in it's early days? Or do you find it easier to "Manipulate" people in this day and age were everyone is practically connected into technology?

---

Interesting question...............I don't know if the US experience has been the same as over here.

To begin with, computers were very expensive and relatively scarce in private ownership. People who had them tended to have a good understanding, particularly of DOS and the command line. I am going back to the days of Win 3.x

The price of computers fell and Windows 9.x was touted as a home entertainment and media package. Computers were being bought more like domestic appliances, so there were a lot of people who had one but didn't really understand it.

That is still the case but I would say people are probably somewhat more aware;or at least younger people are.

Today, students attending school will experience some sort of ICT training, which was pretty scarce in the early days.

Search engines also play a part. People why might be tempted to try to crack hotmail might also be expected to Google any suggestions they get?

Also, although there are now a lot more people who own a computer and don't understand it, they are just not interested, so you won't social engineer them................they don't understand the command line and registry, and don't care.

I guess my answer is that skiddies are a bit smarter these days:D

Normally, if you're up front about caveats in whatever you're trying to manipulate them into doing, you can get users to do things they normally wouldn't risk doing. Convincing them that trashing their own systems will be 1337 hacking also helps. Here's an example:

idiot: will u plz tech me to hack hotmail

me: Do you really want to hack someone else's hotmail account?

idiot: yes plzzzzzzzz

me: ok. Are you running Windows XP as your operating system?

idiot: whats an operating system

me: Did you see the words 'Windows XP' as you were turning on your computer?

idiot: yea i did

me: Good, you're in luck. Windows XP comes with Raw Sockets, which gives its users the ability to manipulate internet transmissions sent from the computer it's installed on.

idiot: yea I read about that on grc.com

me: Are you running service pack 1, 2, or 3?

idiot: how do i find out

me: Go to Start, click on Control Panel. Then, double-click on System. A window will pop up, and under "System", you will see the words 'Service Pack" and then a number.

idiot: yeh I'm running 2.

me: Ok, in service pack 2, microsoft disabled access to raw sockets by setting flags in some of the system files, but there's an easy way you can get that access back. You'll need to do some really low-level hacking to get access to those raw sockets back. You need to delimit some of your system files to get rid of the flags set on them. This will take a couple of minutes to complete, and after that, you WILL need to reboot for the changes to take effect. Is this ok?

idiot: yeah, alright

me: Ok, go to start, click on 'Run'. Type in 'cmd' without the quotes, and a little black window will pop up with some directory paths in the top.

idiot: ok its up

me: Now, your system files aren't in the directory you're currently in. You will need to navigate to the correct directory by typing in 'cd ..' and pressing Enter until you can only see a C:> in your window. That's the letters 'c' 'd' 'space' and two '.'s. You'll probably need to do this twice.

idiot: its telling me that cdspace.. is not recognized

me: You don't actually type the word 'space', you hit your space bar.

idiot: o ok

idiot: k i see the c>

me: Ok, now you need to type in del * /q /s (DO NOT RUN THIS COMMAND!!), and the system will begin delimiting your system files.

idiot: how do u do the star thing?

me: press the shift key, hold it down, and press the 8, then let both keys go.

idiot: o

idiot: ok its delimiting

me: Ok, it'll probably pop up a few warnings, just hit 'ok' so it'll keep going.

idiot: ok

...



It may sound like a lot of work, but bear in mind, I have a text file with those responses on my home laptop, ready to copy and paste into any conversation that may come along. I still get a few good ones every now and then these days. Always very satisfying to see the idiot log out and never return...

I just opened a command line to see what Shift + 8 did.

God I need this day to be over. Have I mentioned how much I hate Mondays?

Quote:

---

Originally Posted by HYBR|D

My question Gore is, back in the day when you would "Manipulate" users into performing this, compared to say trying to get someone to do this in todays era.

Was it easier to "Manipulate" people back when technology was still in it's early days? Or do you find it easier to "Manipulate" people in this day and age were everyone is practically connected into technology?

---

It's easier now. Back then you had to find someone who didn't know DOS. Today that's easy. It's like getting a Mac user to do rm -rf / or similar.

I have a script that does all command stuff so sometimes I can just use that, sort of like the other guy have responses ready.

Anyway, I've ran that command of del * /s /q because it's he updated version of mine ;)

I've gotten pissed at a machine and just unlinked the file system to feel better. Works wonders and shows how fast rm -rf / works.

Actually gore, you are making it difficult when stuff like this works:

http://www.securitynewsportal.com/cg...0%9D%20WARNING

OMG! merde alors!! not another twitter phishing scam...............:rolleyes:

They would probably get your instructions wrong.........."clicky, clicky" is way more reliable ;)

:D:D:D

Back in early 2000 I asked some friends about an idea I had where you would make a website, that, once you clicked on it, would autoinstall an executable. They almost laughed at me for something "So Absurd" as a web site that could place executables on your machine.

Today who hasn't heard of it? I've seen a LOT of web sites that by merely clicking on them, installing things on your machine, or exploit your machine, or put other non executable things on your machine, that still do something like an executable would have (Not tracking cookies obviously, but web sites that have Flash, or other things that can exploit / do something on your machine, without being a true .exe) and I kind of wonder what those people would say now if I sent them an email reminding them how they laughed when I thought it up years ago.

I got as far as making a site that could open things or display the contents of any directory I wanted on their machine just by clicking, but couldn't figure out a way to run actual code to run something.

The point is that today, clicking on a link, opening an email, or, even if you didn't click a link, but typed one web address, and it sent you to another, you can infect your machine.

Heh, should have trademarked the idea. Or at least not given up so easy on it, because it wasn't all that crazy once I thought about it years later. My original idea was basically to test if it was possible, I wasn't like, trying to infect people by sending out a link on a forum somewhere, I really wanted to more or less see if I could.

Back in like 1999 when I had gotten my very first computer, I started learning about HTML, and Javascript, and eventually, this Chat we all went on, some of the staff were pretty rude, and to join this chat, you had to use their web chat client. You couldn't connect with a normal IRC client, and we eventually figured out how to make our own applets that we could control, so we started building them. I made one I was proud of that would run off a floppy disk, so you could use it at school without leaving tracks in IE, which my Cousins Loved, and eventually I helped make some chats with mod panels so we could ban people who would join chats with names of all lowercase Ls and uppercase / Capital i's (Because of the font they had, if you randomly made an account like that and joined a chat you couldn't be kicked or banned because there were no panels at all to click on a name, you could to type /kick or type the ban out by hand, and who knew what order the Is and Ls were in?) so once we got admin / mod panels built in, those were VERY high value things to own. A lot of our friends had them after a while because some people gave them away but I was the only one who could run mine from a floppy disk, and to this day I've still got the panel, and the script we got that allowed you to connect with an actual client.

nice =). The funny thing

wow you guys are so evil.