Find us on Google+ Bypass The Security: Real Ways To Hack Any Email Password

Tuesday 6 November 2012

Real Ways To Hack Any Email Password



Ways To Hack An Email Password
With my experience, I can tell you that there are only three ways to hack email password for a normal person like us. I'm not talking about guys like "Jonathan James", "Adrian Lamo", "Kevin Mitnick" who broke into NASA computers, Confidential records and National Defense Warning System respectively. They are extraordinary or we can say god gifted. Now coming to the point. The possible methods are :
  1. Keylogging
  2. Phishing
  3. Session Hijacking
Keylogging: Easiest Way to Hack Email
Keylogging is the easiest way to gain access to any email account. Keylogging involves the use of a small software program called the keylogger (also called as a spy software). This keylogger, when installed on a given computer, will capture each and every keystroke typed on the keyboard including passwords. Keylogger operates in a complete stealth mode and thus remains undetected.
The use of keyloggers doesn’t demand any special knowledge. So, anyone with a basic knowledge of computer can install and use the keylogger. To hack the password, all you need to do is just install it on the computer of the target user. Once the victim logs into his Gmail account from his/her computer, the login details (username and password) are captured and stored instantly. You can later access the stored logs to find out the password.
FAQs About Keyloggers:

I don’t have physical access to the target computer, what can I do?
You need not worry! Since both SniperSpy and WinSpy offers Remote Installation Feature, it is possible to remotely install the keylogger on the target computer.

How it Works?
1.    After you download it, you will be able to create the installation module. You need to email this module to the remote user as an attachment. You can easily drop the installation module onto a word document or an image file so as to hide it’s identity.
2.    When the remote user opens the attachment, it will get installed silently and the monitoring process will begin. The keystrokes are captured and uploaded to the SniperSpy servers continuously.
3.    You can login to your online account (you get this after purchase) to see the logs which contains the password.
NOTE: If you have physical access to the target computer, you can simply install the module by yourself without the need to email it as an attachment.

The working of Winspy is same as that of SniperSpy.
Can I be traced back for installing the keylogger?
No. The victim will never come to know about it’s presence on his/her computer. This is because, after the installation, the software will run in a total stealth mode. Unlike other spy programs, it will never show up in start-menu, start-up, program files, add/remove programs or task manager. Thus, you need not worry about being traced back.
What are the other features of SniperSpy software?
·         With SniperSpy, you can gain access to any password protected account including Yahoo, Gmail, Hotmail, MySpace, Facebook etc.
·         This software will not only capture passwords, but will also take screenshots and record chat conversations.
Comparison between SniperSpy and Winspy:

Which One to Choose?
Both SniperSpy and Winspy stands head-to-head in terms of features and cost. Winspy offers 10 computer license which means you can monitor upto 10 different computers for just $39.95 but does not support MAC.
On the other hand SniperSpy supports MAC, provides very good technical support after sales but for $39.95, you can monitor only one computer. So, it is up to you to choose the one that better match your needs.


Phishing:
Phishing is a way to capture sensitive information such as usernames, passwords and credit card details. Phishing usually involves the use of a fake login page (or fake website) whose look and feel is almost identical to that of the legitimate websites like Gmail, Yahoo and Hotmail. When the users try to login from these fake pages and enter their passwords there, the login details are stolen away by the hacker. The victim is tricked to believe this fake login page to be the real one. But once he/she enters the password there, the login details end up falling in the hands of the hacker.
However, creating a fake login page and taking it online to successfully hack the password is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. In addition to that, carrying out a phishing attack is a serious criminal offence. So, if you are new to the concept of hacking passwords, then I recommend using the keyloggers as they are the easiest the safest way.
How to Perform Phishing Attack?


Session Hijacking

Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.
The session ID is normally stored within a cookie or URL. For most communications,authentication procedures are carried out at set up. Session hijacking takes advantage of that practice by intruding in real time, during a session. The intrusion may or may not be detectable, depending on the user's level of technical knowledge and the nature of the attack. If a Web site does not respond in the normal or expected way to user input or stops responding altogether for an unknown reason, session hijacking is a possible cause.
Different Session Hijacking methods:

Session stealing can be performed by the following methods :


1. Session fixation:  
In this method, the Hacker sets a user's session id to known victim. For example, Hacker will send email to known victim  with a link that contains a particular session id. If the victim followed that link, the hacker can use that session and gain access.                                                                                                                                   

2. Session SideJacking(session Sniffing):  
In this method, the attacker use packet sniffing to and steal the Session cookie.  In order to prevent this, some websites use SSL(encrypts the session).  but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client.
Unsecured Hotspots are vulnerable to this type of Session Hijacking.


3. Client-side attacks (XSS, Malicious JavaScript Codes, Trojans, etc):
Hacker can steal the Session by running the Malicious Javascript codes in client system.  Usually hackers attack some websites using XSS and insert their own Malicious Javascript codes.
In client point view it is trusted website, he will visit the website.  When victim visit the link , Malicious Javascript will executed.  It will steal the Session cookies and other confidential data.


4. Physical access:
If the hacker has physical access, it is easy for him to steal the Session.  Usually this will occur in public cafe.  In public cafe , one use login to some websites(facebook, gmail).  A hacker come after victim can steal the session cookies.

I'll explain session hijacking also in upcoming posts. I'm not explaining everything here because my blog will become a bit messy. And another reason is Noob hackers who will face problems understanding posts like phishing, session hijacking, etc. Let them have some basic knowledge first.

If you have problems regarding something, you can pass comments. I'll try to solve 'em.

No comments:

Post a Comment