Well, I believe that you will not misuse this article. Better use it for defending yourself.
There was a time when serious vulnerabilities used to exist in the servers which led to their exploitation and further leakage of login credentials. But the technology has advanced and this hack is confined basically to 2-3 methods which I believe is not so sexy if i may say. It takes a bit of social engineering, a bit of phishing and a few Gray cells. Normally, email hacks occur due to lack of experience and knowledge of the victim. The methods followed are :
1. Fake Login Pages / Phishing
2. Trojan / keyloggers.
Fake Login Page
I am using Orkut as the example. The process is almost similar for yahoo mail etc…
First step is to create an account on any free web space provider, like http://110mb.com or http://20m.com. after you sign in , you will get a URL like: http://username.110mb.com where username is your preferred username. Be sure your host supports PHP. 110mb.com supports PHP, unsure about 20m.com. Now, if know a bit php coding, code a login script for you and save it as login.php, even if you don’t know PHP coding you can get the login script by googling. Still, if you don’t get it ASK FOR IT. You may want to try PhishCreate v2. Download it from :
Now, Fire up your browser and load orkut.com , Save the page as html and open the saved page in a text editor. Search for :
replace it with action=http://username.110mb.com/login.php and save the page as html say orkut.html.
Now, upload orkut.html and login.php on your newly created website: “http://username.110mb.com“. Now, try visiting http://username.110mb.com/orkut.html and you will be greeted with a similar looking orkut login page. Input the credentials and login to your control panel of your website, you will find a new html file having the username and password.
Evil is to spread http://username.110mb.com/orkut.html and gather credentials. Please don’t.
One important thing is your account on 110mb.com could get deleted within hours since 110mb.com is smart in detecting fake login scripts. I am unsure about 20m.com. SCREEN SHOTS :
Now, Click file manager. The screen you would get is :
Now, Click on Upload files. You will be presented this screen :
Click on Browse and upload the proper files. You may use all the three boxes to upload three different files.
See, the whole action is simple, you just need to guide the victim to login his credentials into your web page. The article is strictly for educational purpose.
Will cover the second method later , may be in next post !