How to Break Into Email Accounts
If You Have Physical Access
I will start off
with options you have if you have physical access to the computer of the user
that you are targeting, because it is a lot easier if you do. One option you
have, that you will hear a lot if you ask this question, and anybody bothers to
answer is to use a keylogger.
A keylogger is an excellent option, and probably the easiest. There are a lot of
keyloggers out there, ranging from hardware keyloggers, to software keyloggers.
For this task, you won't need to buy a hardware keylogger, since the only
advantage to a hardware one is that you can grab passwords that are given to
access a certain local user on the operating system used. There are a lot of
software keyloggers out there, and you can feel free to check out www.google.com
to look at your options. I will go ahead and toss a couple of keyloggers out to
try for those of you who seem allergic to search engines.
One option you have that is good for a free keylogger is Perfect Keylogger
(which you can find at
www.blazingtools.com/bpk.html). It
works just fine, and has some nice options to keep it hidden from your average
end user (computer user).
Another option you have, which is probably
the best one you can get is Ghost
Keylogger. It has a lot of options
that will allow you to get the results of this program remotely (it will email
you the results). However, this is not a free keylogger, so if you are wanting
to get a copy you can look on the file sharing networks for a copy of the
program, and the serial number for it (look on
www.zeropaid.com
for different file sharing clients you can try).
Once you have whatever keylogger you are going to use downloaded, just install
it onto the computer you are wanting to monitor, and wait till next time they
login to their email account. You will then have the password for the account.
Another option you have if they use Outlook to access their email account, is to
copy the *.dbx files for their Outlook account onto a floppy, and extract the
emails at home (the dbx file stores the files stored in each Outlook folder on a
given account, meaning the received and sent emails). When you are on the
computer of the user you are targeting, look in
C:\Windows\ApplicationData\Identities\{ACblahblahblah}\Microsoft\
OutlookExpress\ and copy all the .dbx files onto a floppy. Then when you take
the .dbx files back to your house, use DBXtract to extract the messages from
these files. Check out the link below to download this program....
www.download-freeware-shareware.com/Freeware-Internet.php?Type=4171
Another option
you have if you have physical access is to execute a RAT (Remote Administration
Tool, you may know these programs as trojans) server on the computer. Of course,
you do not have to have physical access to go this route, but it helps. What you
must understand is that these tools are known threats, and the popular ones are
quickly detected by antivirus software, and thusly taken care of. Even ISPs
block incoming/outgoing traffic from the most popular ports used by these
programs.
One newcomer in the RAT market that you should know about is Project Leviathan.
This program uses already existing services to host it's service, instead of
opening up an entirely new port. This allows it to hide itself from any port
detection tool/software firewall that may be in place. This of course will not
guarantee that it's server program will not be detected by any antivirus
software used (actually, if the user has kept up with his/her signature tables,
then it WILL be detected), but it will give you more of a chance of holding
access. Search the engines to download Project Leviathan...
Once you have downloaded this tool, follow
the instructions listed to install and use this program. However, since this RAT
is a command line tool, you will still need another program set up on the user's
computer in order to catch the desired password. For this, you can use Password
Logger.. Google it
Once you have this downloaded, set it up on the targeted computer. The program
will remain hidden, while logging any types of passwords into a .lst file in the
same directory that you executed it on. Therefore, you can access this *.lst
file through Project Leviathan remotely in order to retrieve the user's email
password remotely. Well that pretty much concludes it for this section. At this
very moment I can practically hear a lot of you thinking to yourselves "But, but
I don't HAVE physical access!". No reason to worry, that's what the next section
is for...
If You Don't Have
Physical Access
Well of course most of you out there will say that you don't have physical
access to your target's computer. That's fine, there still are ways you can gain
access into the desired email account without having to have any sort of
physical access. For this we are going to go back onto the RAT topic, to explain
methods that can be used to fool the user into running the server portion of the
RAT (again, a RAT is a trojan) of your choice. Well first we will discuss the
basic "send file" technique. This is simply convincing the user of the account
you want to access to execute the server portion of your RAT.
To make this convincing, what you will
want to do is bind the server.exe to another *.exe file in order to not raise
any doubt when the program appears to do nothing when it is executed. For this
you can use the tool like any exe file to bind it into another program (make it
something like a small game)...
On a side note, make sure the RAT of your choice is a good choice. The program
mentioned in the previous section would not be good in this case, since you do
need physical access in order to set it up. You will have to find the program of
your choice yourself (meaning please don't ask around for any, people consider
that annoying behavior).
If you don't like any of those, I'm afraid you are going to have to go to
www.google.com, and look for some yourself. Search for something like "optix pro
download", or any specific trojan. If you look long enough, among all the virus
notification/help pages, you should come across a site with a list of RATs for
you to use (you are going to eventually have to learn how to navigate a search
engine, you can't depend on handouts forever). Now back to the topic at hand,
you will want to send this file to the specified user through an instant
messaging service.
The reason why is that you need the ip address of the user in order to connect
with the newly established server. Yahoo! Messenger, AOL Instant Messenger, it
really doesn't matter. What you will do is send the file to the user. Now while
this transfer is going on you will go to Start, then Run, type in "command", and
press Enter. Once the msdos prompt is open, type in "netstat -n", and again,
press enter. You will see a list of ip addresses from left to right. The address
you will be looking for will be on the right, and the port it's established on
will depend on the instant messaging service you are using. With MSN Messenger
it will be remote port 6891, with AOL Instant Messenger it will be remote port
2153, with ICQ it will be remote port 1102, 2431, 2439, 2440, or 2476, and with
Yahoo! Messenger it will be remote port 1614.
So once you spot the established
connection with the file transfer remote port, then you will take note of the ip
address associated with that port. So once the transfer is complete, and the
user has executed the server portion of the RAT, then you can use the client
portion to sniff out his/her password the next time he/she logs on to his/her
account.
Don't think you can get him/her to accept a file from you? Can you at least get
him/her to access a certain web page? Then maybe this next technique is
something you should look into.
Currently Internet Explorer is quite
vulnerable to an exploit that allows you to drop and execute .exe files via
malicious scripting within an html document. For this what you will want to do
is set up a web page, make sure to actually put something within this page so
that the visitor doesn't get too entirely suspicious, and then imbed the below
script into your web page so that the server portion of the RAT of your choice
is dropped and executed onto the victim's computer...
While you are at it, you will also want to set up an ip logger on the web page
so that you can grab the ip address of the user so that you can connect to the
newly established server. Here is the source for a php ip logger you can use on
your page...
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=539&lngWId=8
Just insert this source into your page along with the exedrop script, and you
are set. Just convince the user to go to this page, and wait till the next time
they type in their email password. However, what do you do if you can not
contact this user in any way to do any of the above tricks. Well, then you
definately have your work cut out for you. It doesn't make the task impossible,
but it makes it pretty damn close to it. For this we will want to try info
cracking. Info cracking is the process of trying to gather enough information on
the user to go through the "Forgot my Password" page, to gain access into the
email account.
If you happen to know the user personally, then it helps out a lot. You would
then be able to get through the birthday/ zipcode questions with ease, and with
a little mental backtracking, or social engineering (talking) out the
information from the user be able to get past the secret question. However, what
do you do if you do not have this luxury? Well in this case you will have to do
a little detective work to fish out the information you need.
First off, if a profile is available for the user, look at the profile to see if
you can get any information from the profile. Many times users will put
information into their profile, that may help you with cracking the account
through the "Forgot my Password" page (where they live, their age, their
birthday if you are lucky). If no information is provided then what you will
want to do is get on an account that the user does not know about, and try to
strike conversation with the user. Just talk to him/her for a little while, and
inconspicuously get this information out of the user (inconspicuously as in
don't act like you are trying to put together a census, just make casual talk
with the user and every once in a while ask questions like "When is your
birthday?" and "Where do you live?", and then respond with simple, casual
answers).
Once you have enough information to get
past the first page, fill those parts out, and go to the next page to find out
what the secret question is. Once you have the secret question, you will want to
keep making casual conversation with the user and SLOWLY build up to asking a
question that would help you answer the secret question. Don't try to get all
the information you need in one night or you will look suspicious. Patience is a
virtue when info cracking. Just slowly build up to this question. For example,
if the secret question is something like "What is my dog's name?", then you
would keep talking with the user, and eventually ask him/her "So how many dogs
do you have? ...Oh, that's nice. What are their names?". The user will most
likely not even remember anything about his/her secret question, so will most
likely not find such a question suspicious at all (as long as you keep it
inconspicuous). So there you go, with a few choice words and a little given
time, you have just gotten the user to tell you everything you need to know to
break into his/her email account. The problem with this method is that once you
go through the "Forgot my Password" page, the password will be changed, and the
new password will be given to you. This will of course deny the original user
access to his/her own account. But the point of this task is to get YOU access,
so it really shouldn't matter. Anyways, that concludes it for this tutorial.
Good luck...