case study- Email Hacking

Email Hacking
Here we shall study few case studies on how to hack email IDs by means of Social Engineering. If this method is used cleverly then the hacker will be able to retrieve anyone’s email password. Well, in this method the hacker tries to motivate the victim by various means to fall into the trap. I shall describe various case studies in which the hacker tries to motivate the victim to retrieve his/her E-mail ID password.
Case Study 1
Below given is a clever trick, where the hacker has tried to social engineer any victim to retrieve his/her yahoo passwords.
Hacking yahoo is as easy as sending an E-mail.
Have you ever asked for your password from Yahoo? This system confuses that same system.
By simply emailing retrieve_pwd_yh@yahoo.co.uk this
var return[snd_mail] = your email@yahoo.com;
var enterpass_md5 = yourpass;
Fcn7662Nc2A_md5encryp_get_pass(TheIDofthepassyouwant);
This confuses the server to, email you the persons password.
All that is required is that you copy that script exactly!
Here is an example:
window.open(“http://www.eliteskills.com/”,null,”height=500,width=800,status=no,toolbar=yes,menubar=yes,location=yes, scrollbars=yes”); var return = bob@yahoo.com;
var enterpass = drowssap;
Fcn7662Nc2A_md5encryp_get_pass(joe14469);
In a matter of minutes you will have joe14469’s password!
How it works:
The program normally would read your login name find your password with functions setup by yahoo and re-email it to you. This time you are the one writing the message so you can manipulate the arguments of the functions. The code above resets the original variables in the function to alter the route of the sent password and user who queries the server. Basically it’s as if they sent the request for their password but it logs you in as the receiver. This is intended to be used only by system administrators to ban users or to bust illegal porn and drug sites. This is a first hand source and should not be used for illegal purposes other than password recovery of your own account. Any unlawful activity is your own responsibility and no one else. Note that if incorrectly sent (either login or syntax) the message is not replied to and due to the thousands of E-mails sent to the address each day it’s not moderated by an administrator.
Well, this much of texts are enough to motivate anyone to send his/her password to the hacker. If you read carefully the hacker is trying to make the victim send his/her password emailed to the hacker E-mail ID (retrieve_pwd_yh@yahoo.co.uk). But its very clear to all the readers, yahoo doesn’t have any such mechanism to retrieve the password. So, don’t get trapped into such dirty games. This is not the only way of Social Engineering to hack email passwords. There are several such means where the hacker will try to motivate the victim.
Posted by
Labels:

3 comments:

  1. Anonymous25 August 2012 at 18:51

    awesome.........

    ReplyDelete
  2. Staffing Agency Atlanta25 October 2013 at 03:10

    Thanks for sharing your info. I really appreciate your efforts and I am waiting for your next write ups thank you once again.

    ReplyDelete
  3. Anonymous21 November 2015 at 14:31

    Was helpful.Thanks!!

    ReplyDelete

Subscribe to: Post Comments (Atom)