Dec 3, 2008

*Hacking MSN / Yahoo

a small trick ll worked for me hence posting it here


Hacking MSN is actually VERY simple. Msn is designed to route the connection through a microsoft server while you are chatting. However, when a file is sent, a DCC (direct connection) is created. This was purposely done because otherwise microsoft would waste alot of bandwidth so a direct connection is made. This is your chance. Make a file transfer occur between u and a victim (try to send a big file), open up your command prompt (run "cmd" in NT/XP or "command" in 9X to get into prompt) and run netstat. usually the MSN targets IP would be above port 2000. enjoy.


If u recieve some crap like gux1-43.primus.com as the target, do a reverse DNS lookup on it. However, this occurs very rarely, mostly u will recieve a clear IP.

once u have d IP u can do anything with him by Fingerprinting.

U can protect yourself from this occurring to you by using a proxy with MSN (under connections panel in options).


___________________________________________________________________

Beware

The four most common ways of Hacking Yahoo ids are ..\

1.) Social Engineering
2.) Password Crackers
3.) Using Password Stealing Trojans/Keyloggers
4.) Fake Login Pages
Social Enginnering is actually nothing but trying to know your personal and confidential details and then using it to change your password ..BUT HOW? ok there's a forgot password option with Yahoo which asks for your B'day,Country & Zip Code & later your security question..Now generally lamers who try this mode of Hacking have lots of time to waste ..They will put you into some kinda friendship/emotional trap and try to get all the above mentioned information .It may take 1-2 days or even 1-2 month ...(Really I pitty on such lamers !! ).

Tip 1 : Never use your real information while registering on Yahoo(Infact don't use it anywhere on net)
Now if I talk bout a Hacker's perspective...

1.) The most common Security Question is "What's your Pet name?"..Now most of them answer it with very common pet names..I have put on a" names wordlist "in the worldlists section of the site so try those names n m sure u will crack it....Beside this some lamers confuse their NickName with Pet Names ..so if you know their Nick names u may be lucky lol :-)

2.) As far as country is concerned ..try out those countries which you have never heard of (weird names)...lol ( Probably thats what the smart victim thinks when he chooses a country...lmao) & do check Nepal,Phillipines & Bhutan..they r d most common

3.) Zip codes...123456 /007007/ ..something like this ...coz most of the smart victims are very lazy roflmao ...:-)
The second kinda Hacking attempt is done with the Help of Yahoo Password Crackers...I doubt bout their efficiency bt still some of them r lucky (other way round u r stupid lol)..Password Crackers & Password Changers use Brute Force Technique with their updated wordlists...WHAT IS BRUTE FORCE ?I'll make it simple ..it's like using all possible combinations and permutations on the available data and using it as a password ..You can download some frm the Yahoo Tools Section of the site ....Bt again it takes a hell lot of time to crack a password ....

Tip 2: Always use alphanumeric passwords and try to keep it atleast 8 characters long As far as Hacker's perspective is concerned...
Use the worldlist which has victims B'date,phone number,name,zipcode,lucky color,gf's name lol..words like sexy,love,cool,fun,insane,kill,hate & boss ..(You must have these personal informations or else it may take the shit out of u ..trying to hack ...).Beside this generally ppl use their vehicle number,phone number,social security number,credit card number etc as their passwords...
The third and one of the most frequently used way of hacking or stealing Yahoo password is using trojans and keyloggers ..WHAT ARE TROJANS? hmmm..read the tutorial ..I have already wrtten one ...bt still TROJANS are simple programs with a server part and the client part ..you infect the victims computer with the server part and the server then connects to the client running on your system and sends passwords and vital informations..and KEYLOGGERS are programs which record your keystrokes in a log.txt file and sends that log file to the Hacker...

The two most famous Yahoo Password stealing Trojans are Magic PS 1.5 SE ++ ( use google ) & Smart PS 1.5 SE ..once Infected by these trojans the infected server sends your password to the Hackers Yahoo Messenger id as PM 's ...

How to use MAGIC PS 1.5 ?

Ok download MPS.zip then run the mps.exe in it ...you 'll see an user inteface...check the boxes which read"Send Password" & "Send OS name " ...and then gibe an Yahoo id on which you want the Hacked Passwords to be send ..If you want some icon on it then choose the specified icon from the list and then click "Create MPS" .A server.exe will be made in the same folder or in the temp folder in windows ....Send that file to the victim and once he executes it ..Bingo u Have Hacked him/her lol ....

Tip 3: If you see a regsvr.exe file in you windows folder then u r infected ..Also check the system folder(Win98) system 32 (WinXp)...Restart your windows in DOS Mode and delete the file or press CTRL+ALT+DEL and end that process(regsvr.exe){ Not regsvr32.exe it's a system file }or see the list of files from the combo box of MPS client reading" files after install" and then delete it if you find any of them in the windows/system32 folder.Beware sometimes the new MPS creates the server in more than 1 folder.Also look for tapi1314533.exe in your system32 folder( digits after tapi will vary) ** Only solution which will heal it permanently is to install a good antivirus(Norton 2005 /AVG updates/McAfee) are the best.

Tip 4: If u see a flash of PM window disapperaing as you login into you Yahoo & see some probs with the password field(stars changing with dots or vice-versa ).then its party time u r infected ...

Tip 5: Install a good Firewall /Anti-Hacker Program to kill all remote connections or a good freezer which cleans all fresh installations in your primary drive.
As far as Hacker's perspective is concerned...
Pack/Bind the sender.exe (server) so as to make it undetectable by antivirus and then use the flash icon or the setup icon to spoof your victim .Tell him/her that the .exe file is a software patch or some kinda fun stuff and let him/her execute that file...USE THE SEND FILE option of Yahoo messenger for this coz Yahoo mail is protected by Norton so its gonna eat up your server(If nt packed properly).You can also bind the server with some good softwares and then send it but be carefull that the properties of the MPS trojan are not changed (

The last form of Yahoo Password stealing is done by using FAKE LOGIN PAGES ..Now wht the **** :-) is Fake login Page ?These are cloned pages of the real Yahoo Mail Sign in pages .They look very similar to the real conterparts and really very difficult to distinguish..Once you put inyour real id and password and press the submit button you will be either redirected to some other pasge /invalid login page but the trick had already been played by this time ..your id and password would have been mailed to the Hackers mail id by using a 3rd party SMTP server and you don't even realize that you are HACKED...

Tip 6: Always view the address bar ..If the address bar shows something like http://mail.yahoo.com or http://edit.login.yahoo.com then its the authentic page but if its something different then DONOT login.

Tip 7: Some older versions of IE support url redirecting for eg: http://mail.yahoo.com.profile=urid.123455@www.hackeme.com Now the former portion seems to be like the authentic yahoo server address but the page is being redirected to www.hackme.com so check out the URL well...

Tip8: Geocities is NOT YAHOO ..So don't get carried away ....
As far as Hacker's perspective is concerned...
Many free webhosts provide you with a feedback form option or a form mail option .So if you know a bit of HTML you can use their sever is POST ACTION = "" of the Yahoo Fake Page.Just do "Save As " of the real Yahoo page and then edit it form action section with your freeserver's address..But there's a problem..Generally these pages redirect you to THANK YOU PAGES ..So even if you manage to get the password it's of no use coz until and unless the victim is a reall ass lamer he/she would change his/her password after seeing this page ..So the best thing to do is PHP NUKE Now wats dat ?? okie you should know a bit of PHP $ <-- Values and you can code you own mailer.php and call that mailer the PHP on the submit buttons event ..Also dont forget to add some real looking HTML to your mailer the PHP ( may be a INVALID LOGIN PAGE ..)...

Beside this there's always the fear of Physical Hacking ( Some one can juzz sneak in to see your password while you are typin it ) So be carefull..Some ppl do use Password Changers bt thats similar to Password Crackers which I have mentioned above..
Remember this tutorial only teaches the basic terminology behind yahoo password stealing . Hackers are always smarter than you so you never know .....

0 comments:

Template by - Abul | Daya Earth Blogger Template