Ethical Hacking and Version 6
Hacking Email Accounts
News
Source: http://uk.news.yahoo.com/
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Module Objective
This module will familiarize you with:
• • • • • •
EC-Council
Ways Ways of Gett Getting ing Emai Emaill Accoun Accountt Inform Informati ation on Vulne ulnera rab bilit ilitie iess Tools Secu Se curi rity ty Tech Techni niqu ques es Crea Creati ting ng Stro Strong ng Pas Passw swor ords ds gn- n ea
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow
Ways of Getting Email Account Information
Tools
EC-Council
Security Techniques
Sign-in Seal
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Introduction ac ng ema accoun s as ecome a ser ous
rea
Email accounts are the repositories where people store their private information or even their business data
Due to the widespread use of the Internet techniques and tools hacker can access the user ID and email assword
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Ways for Getting Email Account
Stealing Cookies
Phishing
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Stealing Cookies
If a web site uses a cookie, or a browser contains the cookie, then every time you visit that website, the browser transfers the cookie to that website
If a user’s cookie is stolen by an attacker, he/she can mpersonate t e us user If the the data data rese resent nt in the the cook cookie iess is not not encr encr ted ted then after stealing the cookies an attacker can see the information which may contain the username and the password
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Social Engineering “ that relies heavily on human interaction and often involves tricking other people to break normal security procedures.”
Social engineering hackers persuade a target to provide information through a believable trick, rather than infecting a computer with malware through a direct attack Most of the persons unwittingly give away key information in an email or by answering questions over the phone such as names of their their childr children en wife wife email email ID vehicl vehiclee number number and other other sensit sensitive ive information.
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Password Phishing The process of tricking user to disclose user name and password by sen ng a e ema s or sett ng up a e we s te w c m m cs s gn- n pages is called phishing After gaining Username and password, fraudsters can use personal information to:
Charge your credit card Clear your bank account
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Fraudulent e-mail Messages bank asking for updated information
The message provides the target user with a link to a legitimate legitimate site but redirects redirects the user to a spoofed one
That message ask for Login, password, and other sensitive information
Attacker can use this information for hacking email accounts EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
News
Source: http://www.consumeraffairs.com/
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Vulnerabilities:: Web Email Vulnerabilities While using web based email service, after clicking a link present in the email body, it transfers from URL of the current page (webmail URL) to the next page (link present)
This information is transmitted through third party web servers
Information can include: • Emai Emaill addr addres esss • Lo in ID • Actu Actual al nam name EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Vulnerabilities:: Reaper Exploit Vulnerabilities The confidentiality of email can be brought down by the micro virus like Reaper Exploit Reaper Exploit works in the background and hacker This This ex loit loit uses uses the the fun funct ctio iona nali litt of DHTM DHTML L in in Internet Explorer, used by Microsoft outlook
explorer as their HTML engine are vulnerable , from this attack EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Hacking Tools
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Advanced Stealth Email
This program monitors outgoing traffic of the target PC's email client and intercepts all the messages sent from it
Intercepted emails are forwarded to a pre-specified email address
Advanced SER does not intercept emails sent from web-based email services like www.yahoo.com, www.hotmail.com etc
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Mail PassView Mail PassView PassView is a small password-recovery password-recovery tool that that reveals t e passwor s an ot er account eta s or t e o ow ng email clients: • Outl Outloo ook k Expr Expres esss • Microsoft Microsoft Outlook Outlook 2000 2000 (POP3 (POP3 and SMTP SMTP Accounts Accounts only) only) • Microsoft Microsoft Outlook Outlook 2002/2 2002/2003/20 003/2007 07 (POP3, (POP3, IMAP, HTTP HTTP and SMTP SMTP Accounts • Win Windows dows Mail Mail • Ne Nets tsca cape pe 6.x/ 6.x/7. 7.x x • Mozi Mozill lla a Thun Thunde derb rbir ird d • Yahoo! Yahoo! Mail Mail - If the the password password is is saved saved in Yahoo! Yahoo! Messenger Messenger applica application tion • Hotmail/MSN Hotmail/MSN mail - If the the password password is saved saved in MSN MSN Messeng Messenger er application • ma - t e passwor s save y ma ot er ap a pp cat on, oog e Desktop, or by Google Talk EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Mail PassView: Screenshot
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Email Password Recovery Ema Email Pass Passw word ord Recov ecover er Mast Master er is a ro ram that displays logins and passwords for email accounts stored by:
• • • • •
Eudora The Bat! ec y IncrediMail Gmail No Notifier ier
• PocoMail • Forte Agent • • Scribe EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Password Recovery
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Mail Password Mail Password is a universal password recovery tool for POP3 email accounts
It recovers all POP3 email logins and passwords stored on your computer by your email software
Mail Password emulates a POP3 server and the E-mail client returns the password
It supports all email programs, including Outlook, Eudora, The Bat! an more EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Mail Password: Screenshot
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Finder Pro Email Finder Pro extracts business emails from a file or a directory containing
Fast and simple email address extraction utility
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Spider Easy Email Spider Easy is a targeted bulk email mar e ng so ware
Qu c y an automat ca y searc an sp er rom search engine to find e-mail addresses
Integrated with 90 top popular search engines: Yahoo, Google, MSN, AOL, and so on
Fast search search speed allows allows upto 500 email extractio extraction n rea s mu aneous y EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Email Spider Easy: Screenshot
Figure: Email Spider Easy
EC-Council
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
