Now, before I state my question, let me make this clear: I have no intention of using any of the programs I mention in this post, and have no intention of doing some dumbass illegal shit like a "script kiddie", if you guys still use that term.
Anywho, I keep hearing friends of mine, or just random people talking about how they are "badass hackers" or whatever, despite their complete lack of knowledge about how anything on the computer actually works, because they can "hack into anybody's e-mail" using some sort of program they downloaded from who knows where. I've seen videos on youtube advertising programs such as these, some for free some for sale. They were named things like "such and such password retrieval" or "xyz e-mail hacker". These videos apparently aren't made for people with any understanding of programming, networking, or cryptography whatsoever. They don't really explain how the program is supposed to work, but simply say "all you have to do is enter the e-mail address and press [whatever button], and there's the password", essentially selling it rather than teaching about it.
From what I've seen, I've been able to gather a bit of info on how I believe these programs work.
1. (The part I really can't understand) The program connects to yahoo, msn, or whatever, and somehow downloads the password hash for the chosen e-mail address.
2. The program either tries to bruteforce the password itself, or submits it to a server that the program's creator owns with a heck-of-a set of rainbow tables.
Now, what really confuses me, is this: if there is some sort of security flaw in Yahoo, MSN, Gmail, or any of the big names in webmail, that allowed anyone to download the password hash for any given e-mail address, something would show up in the server's logs and the flaw would quickly be patched. This does not seem to be the case.
What I can
understand is a different, but similar program that works in essentially the same way, but claims only to be able to acquire passwords for e-mail accounts accessed by users of the computer on which the program is being run. My assumption is that the program looks for a cookie left by one of these sites, and then extracts the MD5 hash from that, continuing the then bruteforce the password in the same fashion as the other programs appear to do it.
If anyone could shed some light on this for me, that would be super-duper fantastically awesomely cool and great.