Friday, August 6, 2010

Hacking E-mails


For educational purpose only. Crypto will never be responsible for any damage caused by this information.

E-mail hacking means to get the login credentials of the e-mail account of the victim.
The email hacking can be done by using following techniques :
1. Phishing/Using fake login pages
2. Social Engineering
3. Using Keylogger

Now I explain you all these techniques briefly :

1. Phishing/Using Fake login pages :

In this technique the attacker usually creates a Fake login page of a website and send this page to victim. When victim uses this page to login, then all login details that are Username and password are sent to Attacker. The Attacker usually uploads that fake page and sends the link to that page to Victim. The link is mainly sent via e-mail, it can be sent in other means too like during chatting. Usually Attacker fools the victim by creating some story so that Victim clicks on that link. Usually the linked sent to victim is scrambled to hide the detail and to fool the victim. Scrambling is done by using hexadecimal characters in URL link. Basically scrambled URL is used along with some javascript code snippet. The attacker send the javascript code which contains scrambled URL , and attacker asks victim to put that javascript code in address bar of his/her browser. Now when victim enters that javascript code in his/her browser and hit enter then, the victim maybe redirected to that scrambled URL address or it may also steal cookie from victim's machine and sent to attacker, it basically depends what function is defined by attacker that his/her javascript code would perform.
Here is an example of scrambling:
Consider a sample url like: http://www.fakewebsite.com

now this simple URL can be scrambled as following representation :

ht%20%2B%20tp%3A%2F%2Fwww.fakewebsite.com

Now lets us break this scrambled URL.
First let us consider first part ht%20%2B%20tp ---------------> (eq. 1)

in this %20 is basically a hexadecimal character that is for Space. %2B is for + sign. And + sign is the addition operator it will combine two strings or letters. Now if u replace %20 with space & %2B with + in above equation(eq 1.) we get :
ht + tp
and then after '+' operator will combine it to http hence it is the protocol used to access webpages.
http ------------------------------>(eq 2.)

Now let us inspect the second part of scrambled URL.
%3A%2F%2Fwww.fakewebsite.com ------------------------>(eq 3.)

Here %3A is hexadecimal character that represents a semicolon (:) , and %2F is hexadecimal character that represents a slash (/). Now if u replace %3A with : (semicolon) and replace %2F with / (slash) we get following result :

://www.fakewebsite.com --------------------------->(eq 4.)

Now by combining eq. (2) and eq.(4) we get following result:
http://www.fakewebsite.com

Thus we learn that how ht%20+%20tp%3A%2F%2Fwww.fakewebsite.com converts to http://www.fakewebsite.com . So now you can understand how an Attacker can scramble the URL to fool the victim and hide original URL.
Below is a chart where u can see all hexadecimal values of characters. :



How Attacker attacks ?
Attacker may send victim a mail that you have won a lottery please click on this link to claim the prize. As soon as victim clicks the link the, victim is directed to fake page created by attacker. This page requires victim to login in order to complete further procedure. So victim enters his/her username and password and gets hacked. Attacker may also try to ask victim to
enter Bank account details. So, this is the main way how Fake pages work.
Sometimes Attacker may ask victim to download the fake page from the attachment from email and ask to login through it.

Creating Fake pages ?
I am not going in detail ok.
Fake pages can be created easily. You need to know HTML. The attacker edits the source code of legal/genuine webpage and then creates fake page. Source code can be easily seen by using view sourcecode option of browser. You can save any webpage and then use tool like Macromedia Dreamweaver to edit webpages easily. Basically the login pages contains GET or POST method to retrieve data entered by the user during login process. This data is then sent over the network to the server. So, now what Attacker does is he/she edit the GET/POST filed and redirect the data to go to his/her fake page rather than let it going to genuine/legal server.
You don't need server for this , there are many web hosting sites that can provide you this service for free, google them. Search for Free web hosting sites.
If you feel that creating fake webpage is quite complex then you can get ready made fake pages from internet. Search for free fake page download in google.
Don't forget to use scrambling of URL to foll the victim.

2. Social Engineering :
In order to know Social Engineering you have to read the post that I have already posted about the detail technique here: Click Here

3. Using keylogger :
In order to know about keyloggers you need to read this post : Click Here


No comments:

Post a Comment