This page has been robot translated, sorry for typos if any. Original content here.

How can you steal soap, or a saga of human stupidity.

There is no limit to human stupidity
Non limitus homius dibilus

Here in the forum the conversation went, about hacking e-mail, everyone wants to foul each other, to find out passwords, such as to stick .. So I decided to write an article on this topic .. Or rather, to systematize the existing ones. Now they are in the internet just in bulk, and all the same. Let me think, I will collect everything in a bunch ... Yes, and questions about "breaking another's soap" will be reduced ...

So, the method is the 1st.
The most common way. It is based on the following. All of us are people with you, right? We all have the same weaknesses, shortcomings, we all make purely human mistakes. That's what the science of glorious social engineering is based on. So, it's shorter. The hacker can write a message to the victim about the following content: "Postal service @ mail.ru cleans accounts." If you do not want your account to be deleted, reply to this email with your username and password in the "Subject" field in the following format: username ; password " . You will ask, why in a field the subject? I answer. Of course, this is not necessary. Simply the victim will think that the robot will receive a letter for automatic processing, and the robot has more confidence. Instead of cleaning your accounts, you can think of something else: they say that your mailbox is sending out virus / spam mail, send a password, otherwise your account will be deleted ... In short, you can just make up a damn .. Hm, I almost forgot! The letter can be written with a plausible soap, such as admin@mail.ru, support@mail.ru, webmaster@mail.ru ... Also, the hacker can use some anonymizer or send a letter by telnet-client, indicating in the header "address reply "(reply-to) your soap. Thus, in the field "from whom" the victim sees, for example, admin@mail.ru, but when answering the letter the answer will go to the specified e-mail.

Method 2-nd.
An attacker can register where the thread is, for example, a page with a title like "We break someone else's soap" and send a link to the victim allegedly on a hacker's page ... On the page itself there can be text of the type
"There are several MILLION users on mail.ru There is a percentage that has a weak memory and dull brains to remember your password and often these peppers are faced with the problem of forgetting the password So even a small percentage of the more than a million crowd of soapbox owners is also a peculiar crowd , which requires its passwords, there are all sorts of a la system "Forgot password" in which you are asked the answer to a secret question, the data you entered during registration, etc. But the most interesting is that it is not a person who is engaged in this, but a machine, i.e. it is usual I'm a programmer !!!! And if there's a program, there's a hole in it. Now let's get down to a description of the specific actions.
Everything is simple. At the address pass_repair@mail.ru sits a mail-robot that analyzes requests for password recovery and, depending on this, either refines your data, or immediately sends a password. On the site there is a form for filling with all possible parameters, which is then sent to the robot with a special Subject. The trick is that if not one but two requests are shoved into the sub-report, the last box will be checked, and the information will be sent to the second one! So we move our brains ... That's right! We send two requests: in one we inform infu about the box of the victim, in the second infu about his (we all know about our own;))

So, we want to break off vasya_pupkin@mail.ru
Our account hacker@mail.ru password qwerty
We write a letter to the robot on pass_repair@mail.ru
Subject: login = vasya_pupkin & pass = & answer =; login = hacker & pass = qwerty & answer =

Those. the first time we insert in the subject of the letter request for a box-victim - vasya_pupkin@mail.ru: login = vasya_pupkin & pass = & answer =
And then, through the semicolon, the second request, with your data, which the robot will check and make sure that they are correct!
login = hacker & pass = qwerty & answer =
Total: the subject of the message looks like this:
login = vasya_pupkin & pass = & answer =; login = hacker & pass = qwerty & answer =
All, wait for the pass on your soap !!! "

Noticed the catch? well done! for "nevyhavshih" explain ... hacker just create your own mailbox on the mail server with a name like pass_repair@mail.ru. Now the passwords of the whole pack fly to him on the soap! Do you understand? Well, the main thing is not to yawn after him .. just quickly change the secret password / answer, the address of the transfer (and ~ 99%, that there is the same pass!)

Method 3-rd.
Most people can not keep their passwords in the head, so they often use the same passwords. Huh, are there thoughts? I hope so, but for the others I explain. The hacker writes a letter to the victim proposing to join a thread of society, the club, to participate in the lottery. The letter asks you to indicate the nickname for joining the ranks, the hackers of chat rooms, for example;) and the password to confirm his identity. If the victim is stupid enough, and the burglar knows enough about her / his interests and can guess where he wants to enter, then the probability that an answer to the letter will come ~ 90%. The probability that it will coincide with the pass from the box is ~ 50-70%. The chances are pretty good.
Well, the basis of the social. I told you, like, the engineering. Think! .. We are all potential victims! We go further.

4th Method. Brute force method.
From the title everything is clear and understandable.
First, the hacker can try to sort through the passes manually, standard. Type qwerty, pass, gfhjklm, 123, etc. The method is pretty dumb and the chances of success endlessly end up to zero. Would you do that? That's right and the hacker would not be either! .. The cracker can use the prog to scan passwords, brutus for example. After setting up, he simply starts it and goes to bed;) But if yuzvere did not drive a standard pass - it will take a lot of time! And on the dial, it's better not to try ...;)
Further.

Method 5-th. Receiving a pass through the Forgotten Password Recovery service.
You know about the existence of such things? Made for sclerotics, well, it's used .. you know. ;)
The attacker learns about the victim as much as possible. Through ICQ (in the inf.), If there is time, and the main desire (and in the event that the victim is male), can correspond with a woman's nickname with him ... In a word, ways doh ... er ... much shorter! ;) After he goes to the recovery page, he drives in all the received information and waits, waits, waits ...;) This method is most suitable for mail.ru, they are very well taken care of about all sorts of maras that can not hold the pass in the head ! ..

The 6th method. Not hacking like getting a pass, but hacking as getting access to the box.
Long and windy. But more or less effective.
So, after choosing the victim, the hacker starts sending out spam emails on his behalf. If someone complains about it, there is a possibility that his account will be deleted. But perhaps the hacker will not want to wait for someone to roll the complaint. In this case, he can take any anonymizer or list of proxies and from various people start to send the admin of the complaint. Here, like, this bad man spit my box / sends porn / calls to violence, etc. In the end, the box crashed. And the main thing is not to miss this moment. Once removed - the cracker registers under the username of the victim. All mail will be referenced there, but it will not be read by the owner, but by the hacker ...;)

Another couple of ways:
1. You can sacrifice a backdoor to the victim. After that, she is completely in the greedy hands of a hacker.
2. A hacker can write a letter to which the victim can not fail to respond. Mats there are some thread .. And how to get an answer, in the header looks ip, checks for the balls. If there is, then tyrits files in which the postman keeps passwords, if the victim checks through the browser, tyrit necessary cookies.

Among other things, you can break the box (as well as the provider or site), knowing well the holes - through which you can drag passwords or something else. For this, the hacker should try to get to himself where necessary. This, of course, is difficult, so social engineering (wrestling) is a very good way! Recommendation of the best sobs ..

Draw conclusions, gentlemen ...
Do not communicate with dubious fans on ICQ! ;)
Before answering a dubious letter, look in the headline if the address "vasya@pupkin.ru" is not listed in the "Reply-To" field, instead of the president@whitehouse.gov, from which you, allegedly, received a letter.
How to view the title? It's very simple ... If you read the mail directly on the server, from the browser, for example to @ mail.ru, then all you need to do is click on the link "header". A page that resembles the one in which you usually read the mail will be loaded, but instead of the letter, its title will be indicated. In the mail client "The Bat!" To read the header you need to press a key combination + + . In Outlook, you can do this by selecting an email in the folder and selecting Properties-Details from the right-click menu. I myself have never used it and I do not advise you, there are many holes, and in terms of opportunities and bells and whistles it is inferior to many customers.
Another tip: do not use the same password everywhere. The best password is a password like dg # Kn $ or Y # $ hGJ. Such that it could not be picked up by a banal search. To generate random passwords, I can advise the Password Generator program. Everything is extremely simple there. Choose the length of the password, the characters you want to use in it, the randomness factor of the characters (the more, the more real the word, eg gerosvaxa instead of mpwkmscxv), press the "Generate" pimp and choose whatever you like from the list! And those who have a tight memory, I advise you to write the passwords not on your computer, but to get a notebook to prevent them from being stolen.

What does the title consist of?
Consider this example:
Received: from mail.bieberdorf.edu (mail.bieberdorf.edu [124.211.3.78]) by mailhost.immense-isp.com (8.8.5 / 8.7.2) with ESMTP id LAA20869 for; Tue, 18 Mar 1997 14:39:24 -0800 (PST)
Received: from alpha.bieberdorf.edu (alpha.bieberdorf.edu [124.211.3.11]) by mail.bieberdorf.edu (8.8.5) id 004A21; Tue, Mar 18 1997 14:36:17 -0800 (PST)
From: rth@bieberdorf.edu (RT Hood)
To: tmh@immense-isp.com
Date: Tue, Mar 18 1997 14:36:14 PST
Message-Id:
X-Mailer: Loris v2.32
Subject: Lunch today?

We will perform a line-by-line analysis of these headings and find out what exactly each of them means:

Received: from mail.bieberdorf.edu
This email was received from a computer called mail.bieberdorf.edu ...

(mail.bieberdorf.edu [124.211.3.78])
... and which is really called mail.bieberdorf.edu (ie, it identified itself correctly) and its IP address is 124.211.3.78.

by mailhost.immense-isp.com (8.8.5 / 8.7.2)
The computer received the message mailhost.immense-isp.com; on it worked the program sendmail version 8.8.5 / 8.7.2 (if you do not know what these numbers mean - do not pay attention to them).

with ESMTP id LAA20869
The receiving computer assigned the message the identification number LAA20869. (This information will be used only on this computer if its administrator needs to find this message in the protocols, for all others it usually does not matter.)

for ;
The message is addressed to tmh@immense-isp.com. Note that this header is not associated with the line "To:".

Tue, 18 Mar 1997 14:39:24 -0800 (PST)
The letter was sent on Tuesday, March 18, 1997 at 14:39:24 on Pacific Standard Time (PST - Pacific Standard Time), lagging behind the Greenwich time zone for 8 hours, from where it came from "-0800".

Received: from alpha.bieberdorf.edu (alpha.bieberdorf.edu [124.211.3.11]) by mail.bieberdorf.edu (8.8.5) id 004A21; Tue, Mar 18 1997 14:36:17 -0800 (PST)
This line indicates the transfer of the letter from alpha.bieberdorf.edu (computer rth) to mail.bieberdorf.edu; this transfer occurred at 14:36:17 Pacific time. The sending machine was called alpha.bieberdorf.edu, its real name is also alpha.bieberdorf.edu and its IP address is 124.211.3.11. The sendmail version 8.8.5 runs on the bibdorld mail server and it assigned the letter 004A21 for its internal needs.

From: rth@bieberdorf.edu (RT Hood)
The letter was sent from rth@bieberdorf.edu, who gave his real name: RT Hood.

To: tmh@immense-isp.com
The letter was addressed to tmh@immense-isp.com.

Date: Tue, Mar 18 1997 14:36:14 PST
The report was created on Tuesday, March 18, 1997 at 14:36:14 Pacific Time.

Message-Id:
The message was assigned this identification number (by the machine mail.bieberdorf.edu). This number is different from the SMTP and ESMTP ID numbers in the "Received:" headers because it is assigned to the letter "for life", while the remaining numbers are associated with the specific operation of sending a message on a particular machine, so these numbers do not have no sense for the rest of the machines. Sometimes (as in this example) the Message-Id number contains the sender's address, but more often it does not carry any visible meaning.

X-Mailer: Loris v2.32
The message was sent by Loris version 2.32.

Subject: Lunch today?
Speaks for itself.