This page has been robot translated, sorry for typos if any. Original content here.

Breaking soap, using BrutusAET2

MATERIAL IS POSITIONED FOR SIGNIFICANT PURPOSES. AUTHOR RESPONSIBLE FOR NO RESPONSIBILITY

And so, I want to tell you: how to steal a soap dish (e-mail) using the BrutusAET2 program.

Let's get started.

We will need :

1) BrutusAET2 password cracking program, which can be downloaded from here:
http://www.hoobie.net/brutus/brutus-aet2.zip

2) Dictionaries that can be taken from here:
http://www.passwords.ru/dic.php
http://www.insidepro.com/eng/download.shtml
http://www.outpost9.com/files/WordLists.html
http://www.acolytez.com/dict/
http://www.phreak.com/html/wordlists.shtml
http://www.mobilstar.ru/files/dict/

3) Straight arms.

For example, I’ll give a hijacker soap @ yandex.ru.

Setting up the BrutusAET2 password brute force program:

1) Opened the program.
2) In the Target field write pop.yandex.ru
3) In the Type field, select POP3

Connection Options:

1) Port set to 110.
2) We set Connections to a maximum of 60.
3) Timeout set at maximum i.e. 60


POP3 options:
Do not touch =)


Authentication options:


If we want to brute the list of soapboxes , then we need to create a textbook, let's call it users.txt, which means we drop the lists of users there.
For example:
Vasja_pupkin
Abcdefgh
Abcabc

We climb into the program and put a checkmark next to Username.

Use Username: specify the path to the list of users.


Go to the password list ...
We create the text engine words.txt and put the passwords there.
For example:
Password
Pass
123


We climb into the program and choose

Pass mode : Word list
Pass file : specify the path to the password list.


It’s also easy to break the soapboxes on mail.ru, we just put it in Target: pop.mail.ru and the rest is the same.

In general, everything should turn out as in the screenshot:
Hacking Mail

some useful links from me ...

Hashes: decrypting passwords
"Click once to show the spoiler - click again to hide ..."


Dictionaries:
"Click once to show the spoiler - click again to hide ..."

links !!! All links to the World !!!




=================================================== ========================

password entry methods for beginners


Method number 1. "Brutus" / long /

The first method we will have is Brute (Brute Force) - a method of exhaustive search.
What you need:
1. BrutusA2 brute force program (WWWHack or similar)
2. Know the incoming mail address (pop3) of the mail service. See this address in the help or faq sections on the mailer site.
3.A password dictionary (Passwords List) is also desirable.
..
Pros: the password is always selected! (if not according to the dictionary, then by exhaustive search)
Cons: to pick it up with a guarantee - it may take several millennia or millions of years.
..
Recommendations:
Since busting is the longest way, and in order to somehow reduce it, you must:
A. Go and register yourself a box on a mailer that you will brute. When registering, pay attention to the "Password" field. Your task is to find out the requirements of the mail service for the minimum and maximum password length, and the characters used (usually it is written next to the field).
b. Open the password dictionary (I prefer the Raptor program for such purposes), sort the dictionary by password length (from shorter to larger), delete passwords that do not fit in length to the requirements of the mail service, as well as with forbidden characters.
c. Use data from the method of "Collection of information" (see below)
..
Help for those who do not have the Internet:
Brute Force (Conversational: brutal Translation: Brute force) - password selection by brute force. Example for "Direct exhaustive search":
aaa
aab
aac
...
zzx
zzw
zzz
etc.

Example for enumeration "According to the dictionary":
abila
abott
abitz
admin
etc.
Those. since many people use meaningful and easy-to-remember words to remember the password, why do we have to sort through the characters for a long time, if it is faster to sort through the words?
ps Where to get what (mentioned in the method):
BrutusA2 -> http://www.hoobie.net/brutus/brutus-download.html
Raptor -> http://madmax.deny.de/products/raptor/download.htm
pss About passwords that are often chosen - in another, separate, article.



Method number 2. "Collection of information" / requires attention /

What you need:
Search Engines:
http://google.ru
http://ya.ru
http://rambler.ru
http://aport.ru
http://yahoo.com
How to do it:
We hammer our soap in the search and look for where it occurs. We go in and find everything (where it is found, on which site, what I wrote and what I asked, when, under what login) we copy and store it in a notebook for further analysis.
Then we analyze and draw general conclusions about the interests of a person, trying to substitute the found (year of birth, nickname, name, interests, etc.) as a password.
..
Recommendations:
You need to search all the search engines for the full soap my_email@mail.ru and only for the login my_email
Getting to the Forum (finding his username (nickname)): right-click on the image of his Avatar and look at the path of this image (what if he didn’t upload it to the Forum, but used his own one lying on his website? (Although he could take someone else’s )). We also click on his profile and everything that is there is also copied to Notepad (ICQ number and year of birth, interests, etc. can be displayed there). Do not forget in the profile (if any) to click on the link "Find all user messages." Read carefully. Maybe there will be some clue (holding the "Secret Question" in mind). Everything is informative and different from Gyg, Lol, etc. - in Notepad.
If we find his second soap, we go through the search engines again.
The same goes for ICQ (in a circle around search engines). With ICQ, do not forget to look at [forbidden link]
Also do not forget to search by soap and nickname at http://www.icq.com
If he has an original nickname - AmSuPerrR, also go over the search engines. It's just that if he has a standard nickname - Alex, then you are unlikely to quickly sort 12 million pages (although you can try using the syntax of search queries and sorting “search in found”).
When you have probably a decent list of information accumulated in your Notepad, start creating a passwords list for that particular user from it. Moreover: the year of birth should be tried to substitute in different formats. For example, you found that the year of birth 01.01.2005
Try these options:
01012005
010105
112005
1105
Also try the options (where my_email is his username):
my_email2005
my_email05
Or:
his name2005
his name05
etc.
Substituting is easy. Just copy it into Notepad, put it into words in a column, and try to write several options for each found. And after that you can use the Brutus method
You also check the found "second soap" for whether they exist or not. It may turn out that they were registered for a long time, and then the need for them disappeared. Then you register it for yourself, and try to recover the password for Forums, chats, directories, etc. from it.



Method number 3. "Password recovery" / sometimes effective /

How to do it:
First we climb to the mail service and click on the link "Forgot password!" (or similar). We look at what the secret question is.
For example, if it’s “My favorite dish”, then for girls you can try to substitute the word - ice cream
If “Grandmother’s year of birth”, “Passport number”, “Mother’s maiden name” - then try 111, 123, 12345, the year of birth of the one whose password is “reminiscent”, perhaps the answer will be the year of registration of the soap, well, etc. Since there are not often those who know the grandmother’s birth year and remember the mother’s maiden name. With a passport number, it’s more difficult, as some really take it and drive it straight into it. But try 111, 123 anyway ...
Also, the data collected in the "Information Collection" method can help you a lot here.

Added (Eco [L] og):
Sometimes a secret question can be something like this: 1234567qwerty
Then, in some cases, and the answer may be 1234567qwerty
Or a similar one, typed using the "on the clave from the bulldozer" method (picking one up will be almost unrealistic)



Method number 4. "Restore from another service" / in a hurry and you can take the password from soap, and the forum / chat base /

The whole point is that the password for the soap is more difficult to find than the password for the Forum, chat, dating service, shower journal, etc. Those. from those places visited or visited by the one whose soap is “restored”. From here - we go around all sites, forums, etc. that fell into our field of view with the method of "Collection of information." We look at what is there, for example, for the Forum and we are already reducing our task to finding vulnerabilities to this Forum (using the same google.ru)
We have a chance (not a big one, but there is a chance) that the password from the Forum will also work with soap.



Method number 5. "Troyan" / requiring skill /

The method speaks for itself. The task boils down to vparivaniya Troyan or some keyloger thread (which you, accordingly, should have), and expectations from them reports (logs).
Here for vparivaniya methods "Software Vulnerabilities" and "SI / Social Engineering /" will help well



Method number 6. "Software Vulnerabilities" / Required Knowledge /

This is probably more of an auxiliary method for the Trojan method. To steal the Trojan, you need to make a lot of effort. But it will be easier if you know the current vulnerabilities in software. The same browsers, email programs (Outlook, TheBat!, Etc.), possibly ICQ. Then your task will be reduced to tweaking a link to some thread of your site, when a visitor accesses the Trojan through the vulnerability in the Browser and starts up. Or sending a "hurried" formed letter.



Method number 7. "Vulnerability of mail services" / also requiring knowledge or the ability to use a search engine /

The method directly relates to the vulnerability of mail services. They occasionally pop up. Starting from sending a letter, during which the user’s browser will change which thread of the settings, and until the recent feint with the interception of the packet change the password of your mailbox, change it (package) and change the password to the desired box. Well, etc.



Method number 8. “Have hundreds of rubles, friends will wait” / waybill. requires to have work and wm-wallet /

You go to a near-hacker site and ask for a remuneration to "remind" the password. But here be careful when paying, as a lot of people got divorced (but what got divorced - they always were).
..
Recommendations:
Never transfer payment in advance (no one will give a 100% guarantee that the password will not be “reminded" (more precisely, some people can give it, but it will be sideways to them when you pay it - before or after. And they basically take it after completing the order .))
As evidence, do not fake that the letter was sent from the box you need.
Also, do not immediately be conducted when the proof is according to the scheme:
You send any letter to the necessary box, and then (after a while) they send the text of this letter.
As a defense against scammers, you can use the “through the Guarantor” scheme or the scheme which is higher, but slightly corrected:
1.You agree when you will be both online.
2. You send a thread to the soap “required” to you, and the text SHOULD immediately tell you what text you sent.
Then at least there is a guarantee that the soap is under control. But with the transfer of money - negotiate yourself.



Method number 9. "Do not have a hundred rubles, but have a hundred friends" / ability to make acquaintances /

It’s easy to have a good friend (admin, support, or, better, director) working either at the office where the soap is, or providing a hosting / internet office where the soap is.
Well, or, a friend from some thread of the FSB, FAPSI, Office "K" (P) who, at the risk of exceeding their official powers, will find out the password from the support of the postal service and inform you.
This is a very bad and wrong method. And almost very rare (and thank God)
Or have a friend - Forum admin, chat, etc. where people are sitting. If you are not familiar, nothing prevents you from getting to know him ...



Method number 10. "SI / Social Engineering /" / The most accurate method. required the ability to set a task, analyze. preparation required /

Many of the methods described before, one way or another then come down and intersect with this method. The same thing - this method requires some of this other methods (such as "Collecting information", "Vulnerability of mail services", etc.)
This is the most extensive and ramified method. Therefore, right now, briefly, and then I will put it in a separate article.
The general point is to find out the soap password directly from the owner. Or persuade him to perform any actions you need (the same guaranteed launch of the Troyan).
By "learn directly from the owner" it is understood that the host will "tell you" the very same Password. But he will not even understand that without knowing it, he gave it to you (or maybe he will, but then).
ps About the SI method and its sub-methods - next. article (if there is a desire and interest)



Method number 11. "What for is he so needed?" / long but relatively simple method /

The essence of the method is to force the owner to abandon the mailbox voluntarily (sometimes you need to "restore" not to read, but to have the right mailbox). And it’s easier to do this - just periodically spam this box. If the owner of the mailbox doesn’t get too good how to get rid of such spam, then after a couple of weeks he will get tired of scrubbing out the mailbox or cleaning it from a ton of letters and he will abandon it. And mail services are not rubber. And when there will be a limit of space for a box and when it is not visited, then such a box will be deleted over time.



And finally, an alternative method
Method number 12. "Fear" / criminal /

You catch the owner in the gateway ...

by antichat.ru