Email Accounts Hacking Method - How To Hack Email Accounts

The Basic level Hacking is Email Account Hacking. Everyone like to do first email account hacking only. So here is the tutorial for budding hackers about email Hacking.

There are different types of Email Account Hacking . Here is some of them :

  1.  Social Engineering

  2.  Phishing
  3.  Brute Force Attack
  4.  Keylogger
  5.  Guessing the Answer for the Security Question

Social Engineering:

Social engineering takes advantage of the weakest link in any organization’s

information security defenses: people. Social engineering is
“people hacking” and involves maliciously exploiting the trusting nature of
human beings to obtain information that can be used for personal gain.

Social engineering is one of the toughest hacks to perpetrate because it takes
great skill to come across as trustworthy to a stranger. It’s also by far the
toughest hack to protect against because people are involved.

Social Engineering is different from Physical Security exploits . In social engineering hackers will analyze about
victim. Hackers will send mail to victim. The contents will be related to the victim.

Eg:

✓ False support personnel claim that they need to install a patch or new
version of software on a user’s computer, talk the user into downloading
the software, and obtain remote control of the system.
✓ False vendors claim to need to update the organization’s accounting
package or phone system, ask for the administrator password, and
obtain full access.
✓ Phishing e-mails sent by external attackers gather user IDs and passwords
of unsuspecting recipients. Hackers then use those passwords to
gain access to bank accounts and more. A related attack exploits crosssite
scripting on Web forms.
✓ False employees notify the security desk that they have lost their keys
to the computer room, receive a set of keys from security, and obtain
unauthorized access to physical and electronic information.

Phishing WebPage:

It is a fake webpage which looks similar to the original page of the website. Using this WebPage we can easily get the Password of victims. The process involved in creating Phishing webpage are,
✓ First Visit the Website which is associated with the email id. Copy the Source code.
✓ Edit the the Source code such that it will store the password for you.
✓ Upload the Webpage to any free webhosting sites. (don't select a famous hosting site,they will find that
your page is fake). Try uploading through the proxy server.



Guessing the Answer for Security Question:

Do you remember that the mail sites will ask for the security questions to retrieve the mail account? You can hack the mail account simply guessing the answer. If the victim is your friend ,then it may very easy to hack.



Brute Force Attack:

                                  

A famous and traditional attacking method . In this method ,the password will be found by trying all possible passwords with any program or software.

Keyloggers:

It is one of the spyware which will capture what you type in the keyboard. so whenever you type the username and password ,it will simply capture.

It is software program which will be attached with any softwares and send to victim. While victim install the software ,the keylogger also start to work.
 

Set up your own Lab for practicing SQL injection and XSS : Ethical Hacking

I hope you learned about the Sql injection and XSS from BTS. But you may curious to practice the SQLi and XSS attacks. we know that doing the attack on third-party website is crime. So how can we do the practice? Here is the solution for you friends. Why shouldn't set up your own web application ? Yes, you can setup your own Pen Testing lab for practicing the XSS and SQLi vulnerabilities.

When i surf in the internet, i come to know about the "Damn Vulnerable Web App (DVWA)". It is one of web application that used for practicing your Ethical hacking/Pen Testing skills in legal way.

Download this web Application from here:
http://www.dvwa.co.uk/

For Installing the this application, you will need XAMPP server.

The installation procedure :

Using this application , you can also practice:


* LFI /RFI (File Inclusion methods)
* Command Execution
* Upload Script
* Login Brute Force

Hacking Autorun.inf virus attack|Is autorun.inf virus?

When i studied second year(cse), my friends told that autorun.inf is virus. I thought so. Because my antivirus blocks autorun.inf files. In third year when i search about autorun.inf file in net, i realize about the auto run file.

Today i bring some files from my college system. When i insert the pen drive in my system, there are lot of exe files.They are viruses. I delete all of them. Finally i opened the autorun.inf file in notepad and saw the instructions. Then only i remembered that i forget to post about autorun file. This article will give you complete details about the autorun.inf file.
This is the instructions that saved in the infected(call virus programs) autorun.inf file:




[Autorun]
Open=RECYCLER\QqFvXcB.exe
Explore=RECYCLER\QqFvXcB.exe
AutoPlay=RECYCLER\QqFvXcB.exe
shell\Open\Command=RECYCLER\QqFvXcB.exe
shell\Open\Default=1
shell\Explore\command=RECYCLER\QqFvXcB.exe
shell\Autoplay\Command=RECYCLER\QqFvXcB.exe




is autorun.inf virus file? no. Then why antivirus block the autorun.inf files? Go ahead to know the full details about auto run file.

Introduction to Autorun.inf File:
Auto run is file that triggers other programs,documents ,other files to be opened when the cd or pen drives are inserted. Simpy triggers.

When cd or pen drives are inserted, windows will search for the autorun.inf file and follow the instructions of autorun.inf file(instructions have written inside the autorun.inf file).

How to create Autorun file?
Open notepad
type this command:

[Autorun]

save the file as "autorun.inf" (select all files, not text )

Complete Syntax and instructions inside the Autorun file:
Basic syntax must be inside the autorun.inf file is :

[Autorun]

This will be used to identify the the file as autorun.

OPEN=
This will specify which application should be opened when the cd or pen drive is opened

Example:

open=virus.exe

This will launch the virus.exe file when cd or pen drive is opened. The file should be in root directory.
if the file is in any other sub directories ,then we have to specify it.

Open=RECYCLER\Virus.exe

Explore=
Nothing big difference. if you right click and select explore option in cd or pen drive. This command will be run.

AutoPlay=
Same as the above , but it will launch the the program when auto played.


SHELL\VERB =

The SHELL\VERB command adds a custom command to the drive's shortcut menu. This custom command can for example be used to launch an application on the CD/DVD.

Example:


shell\Open\Command=RECYCLER\QqFvXcB.exe
shell\Open\Default=1
shell\Explore\command=RECYCLER\QqFvXcB.exe
shell\Autoplay\Command=RECYCLER\QqFvXcB.exe





Use a series of shell commands to specify one or more entries in the pop-up menu that appears when the user right-clicks on the CD icon. (The shell entries supplement the open command.)

Icon=
Change the icon of your pen drive or cd. you can use .ico,.bmp images(also .exe,.dll)

Example:

icon=breakthesecurity.ico

Label=

Specifies a text label to displayed for this CD in Explorer
Note that using the LABEL option can lead to problems displaying the selected ICON under Windows XP.

Example:

Label=Ethical hacking



Why Antivirus Block Autorun.inf file?
From above ,you come to know that autorun.inf file is not virus. But why antivirus blocks it? Because as i told autorun file call or launch any application or exe files. It will lead to virus attack. If the autorun.inf is blocked,then there is no way to launch the virus code.

Autorun is not virus but it can call virus files.