The most depressing thing about email accounts
is that they are so unprotected. People tend to use
easy passwords and lame security questions. They
tell themselves, "hey, if anyone does get in, big deal."
Big deal? Actually yes, it's a very big deal.
Think
about it. How many other accounts do you have linked to
your email? Practically every site requires an external
email to make an account. The problem lies mainly in the
"forgot password?" button on most sites. many of them
just ask some simple piece of info when clicked on, while
most depend on sending you your password through your
external email account.
So doesn't it make sense, if you
were trying to access someone else's internet accounts,
that they best place to get access to is their email?
The rest will just fall into place.
Of course, search engines make this as easy as it is.
Let's look at an example. let's say you wanted to get
access to your friends myspace account. First we'll need
to find out what email account they use to access their
myspace look at their
myspace. what screennames do they use? maybe their account
is www.myspace.com/aguywholikesgettinghacked. Well,
google that name, and variants of it, see what you find.
Maybe you'll find some account for an MMORPG site that
uses the same name, and it has an email displayed. let's
say the email is aguywholikestogethacked@yahoo.com.
Now you could go to myspace and "search by email." if it
comes up with your friends page, then congrats, you've
now found out what email account he uses to log in.
Now is when the email's lame security comes into play.
If you click on the "forgot password" tab of yahoo.com,
there are two ways to get it back. first, is to find out
what external email they use for yahoo (repeat first steps)
then access that email. Second, enter info and get it reset.
This is the easiest.
Most of people's information is on the internet, somwhere.
The trick is to find the info you need. Birthdate is quite
easy, especailly if looking at their myspace, xanga, etc.
zip codes are easier. if you know what town or city they live in, you can google that town for its zip codes, and enter them one by one till you find the one they're under. Security questions are the toughest part, and yet, still not that difficult.
If it's their mother's maiden name for example, there are plenty of ways to get this information. For most of what I've seen, birth records are usually somewhere in google. If the person was born before theyre parents were married, you will find her maiden name there. If not an easy fix, you will be required to do some digging. it may be a while before you discover this info. But alas, if this
is someone you know, or are in the same town with, social engineering and just asking questions can get you the information you need. Easier questions, like their pet's name, is usually in a blog somewhere or something you could get out of someone they know. the greatest tool in information gathering is social engineering.
(Side note: the worst email security i've seen was in hacking a .com . WHOISing the site, i found the hosting site and login email used for this site. as I went to the email account, I tried simple passwords first. Oh. My. God. the password was, you guessed it, "password." then i preceeded to deface the site as a joke on my friend, the owner
of the site, who to this day still doesn't know how i did it.)
Once having access to the email, go back to myspace.com and click "forgot password" and it will sent their pass to their email, and once you have it, memorize it and delete the email.
While having access, don't be shy to look at other emails. Not personal, of course, but emails from other .coms. perhaps they recieved an email from dell.com. why not try the same tactics to get their password to dell?
All of this can be dangerous if you reset the password, cause they'll know something was wrong. Never hack two accounts in one day, always wait, so that they think one had nothing to do with the other.
I've hacked countless of accounts this way, it's proven to be a great tool in my hacking career. The hardest part is learning how to find information, but its a skill that can be mastered. Having read all of this, I hope you've learned the dangers in email, and at least try to prevent easy access to your email accounts. For example,change your
security questions to things even your closest friends couldn't know.
Cast your vote on this article *Note: the order of the votes has been reversed.
By: pat6 - 07:15 pm Wednesday September 19th, 2007
nice nice. makes me wanna try some of this...9/10
By: lordofwhee - 07:22 pm Wednesday September 19th, 2007
One of those articles that makes me want to go out and spend a few hours trying it out, fail miserably, learn everything I can on the subject, and try again and again for a month, until I'm either successful, or find something new to waste my time on.
Whether this is a good thing is debatable, so 8/10.
By: shaqywacky - 08:40 pm Wednesday September 19th, 2007
i tried it and i turned out that the person dint have the email address that he was using for his myspace, so i made it and have everything
thanks
By: hacker101master - 09:07 pm Wednesday September 19th, 2007
I was laughing when I read this because its exactly what I would have said, this is pretty much common sense but still very useful. If you have a chance go to Myspace and hit the "search" link then type "hacked" for display name of profiles to see a gallery of hacked profiles its very interesting.
By: mshamsuddeen2 - 09:30 pm Wednesday September 19th, 2007
Great post, very nicely tuned
By: dialup_haxor - 11:42 pm Wednesday September 19th, 2007
Nice article, really makes a point, which sadly a lot of people overlook.
By: HoleSystem - 12:09 am Thursday September 20th, 2007
I don't need to think about it when I already found out it myself.
Nice article 8/10.
By: vicarious - 05:08 am Thursday September 20th, 2007
Excellent article, one of the best lately. Great, motivating point which is a great wakeup call. 10/10
9/10 for the simple fact that a noob somewhere just learned how to dig further for info on said target using commonly used websites.
By: Lilpyro10 - 06:05 pm Friday September 21st, 2007
GREAT article! I did this to my friend in 10 minutes, he totally freaked out. It's kinda of scary how insecure people can be. He has now completely increased his security, which I am glad about. Very scary stuff. In minutes I had access to accounts of every sort. 10/10
By: godfather - 03:54 am Saturday September 22nd, 2007
nice article,
but who is so stupid to set his password to the value 'password' ?
he must be very stupid!
:p
8/10
By: Blind-Summit - 05:56 am Saturday September 22nd, 2007
This is useless. People that have insecure passwords really don't have any worthwile information. The most you can do is read some personal emails, mess around with their myspace pages. As soon as I read "MySpace" I knew this article was worthless. Anyone that has information to hide will know enough about security to stop you kiddies from getting in. Having said that, the novelty of defacing website is never dead.
By: thetrojan01 - 01:40 pm Saturday September 22nd, 2007
10/10 Excellent article my friend! ... For the "secret question" way:
Do some SE ;)
By: oblivioth - 04:51 pm Saturday September 22nd, 2007
I did the exact same thing to my friend a week and a half ago; his security question was "what was ur first school" and it took me literally seconds to figure out what it was :D
Myspace hacking? lame!
And guys... if you call yourselves "hackers" i think that you should think of a way to keep all of your password in one place with one main password which is not simple!
If you really use that question shit to get your password back (just in case9 you should go kill yourself!
And why in the world would you want to hack myspace accounts? Is there ANY gain for you? "Haha This site was hacked by w/e"
SO FUCKING WHAT?!?
Lame article and it should be deleted
1/10
By: iandude - 11:26 am Sunday September 23rd, 2007
@Stoney: the point is to learn to find information, and use it to your advantage. too many people who call themselves hackers, (probably people like you) dont know how to do this anymore. People like Kevin Mitnick hacked everything this way, trust me.
To find information, yes. Telling the new guys here how to go about hacking random sites, no. And why would you bring up Kevin Mitnick into this? He did most of his so called hacks with SE, big deal.
I was telling you that this article teaches the new guys here that hacking is just guessing password and hacking random sites. For the record; it's not!)
And yes, i still think that this article is 1/10
Very interesting article... But most people know this kind of footprinting already. 7/10
By: iandude - 12:11 am Monday September 24th, 2007
@Stoney: I spoke of kevin cause back in his day it seemed hacking was more about being smart. today you kids just find pre-made hacks and use them, sounds fun. I mean I suppose I could write an article covering XSSing and SQL, but where's the invention or excitement? Hell half the articles on here are tuts to beating the missions, or how to use telnet. ALL how-tos of technical stuff, there is no hacking involved.
@Spawn-Killa: thats only if you do it that way, this was just an example. and no, they usually dont relate it to you. I should write a new article centering on finding information, cause it seems half the people who read this didnt get the point.
@
By: xenomaster - 03:00 am Monday September 24th, 2007
A decent article, however using the Term "myspace" around here begs to be flamed, so dont be suprised. I will admit though I have used these methods to great success in the past. Performing a "google" background check on someone and watching their face as they read all you can find on them by just an email address is rather amusing. 6/10
Due to a valid up-to-date password list, 7 out of 10 people use passwords that are already cracked.
i give this document 7/10.
By: angelics - 05:00 pm Tuesday September 25th, 2007
You know, you said something very interesting, you used a command called whois, how do you use that command? i've been trying t ofigure that out. Please message me.
thanx.
By: iandude - 09:52 pm Tuesday September 25th, 2007
@angelics: in linux its a command, but when i use it im usually running windows, so i use a website to do it. google it.
By: loyab - 08:54 am Thursday September 27th, 2007
THE AMAZING SO FAR IS HELPING MY FRIEND TO HACK ALL HIS FRIEND ONLINE PASSWORD
sorry, but i can picture the sort of people trying this as declaring themselves as a '1337 H4x0r' to various people without actually knowing in the slightest how computers work.
im not flaming, dont get me wrong, a lot of people may find a use for this as the lazy way, but its social engineering at best, and no way is it gonna be considered hacking
This site is the collective work of the
HackThisSite staff. Please don't reproduce in part or whole without permission.
Page Generated: Thu, 28 Aug 2008 17:57:59 -0500 Exec:
12
