NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.



OK, so you wanna get someone's hotmail password? Whether you are interested in generally understanding more about hacking, just getting revenge on someone, or are bored or for whatever other reasons you might be reading this, um... I forgot what I was gonna say heh. OK nevermind here we go.

Before you start reading about how to actually get hotmail passwords you have to remember some things:

- Never do this kind of stuff from work/school

- Remember that Hotmail probably has huge logs (depending on the method you use) of what you have done... etc

- If you start doing this for money and the cops hear of it and decide to take your PC, even if you have deleted the 'evidence' it can always be easily recovered. Never be confident.

- Remember now recently hacking has been considered an act of terrorism sometimes and terrorsim these days is dealt with extremely severly.

- It's not a good idea generally to tell many people about this. I read once a file with the rule 'Only tell people you trust with your life'.
 

Methods

Some methods listed depend on how gullible the victim is, and/or if you can gain physical access to their PC...etc

1) This is the easiest way I guess. If you are present when your victim is typing his/her password, try peeping over their shoulder lol.

2) If you have physical access to the machine they use to access their account usually, try installing a keylogger (you can download them from anywhere on the net) These secretly record all keystrokes on the computer. If it records it in a simple text file, then search for their username and see what comes right after it. Remember that if they mistype it and use 'del' or 'backspace' it might be a little tricky for you.

3) If you have physical access to the machine your victim usually uses, and their password is saved in MSN for example or something like Outlook but as asterisks (*) then download 'Snadboy's Revelation' (v. small program) which will easily reveal the password.

4) On a spy site once, I saw a little device you plug your keyboard in, and then you plug that into your PC, where your keyboard usually plugs in. Hardly noticable and not too expensive so you might wanna look out for it if you are paranoid. It was able to record the last 36,000 keys pressed I think.

5) If your victim ever types their password in a space where it doesn't get changed into asterisks (*) (I don't know why or where that would ever be the case) then if you have a 'Van Eck Phreaking' Device then you could watch their screen from a remote location. Van Eck phreaking is when you catch the electromagnetic field that the monitor emits and reproduce the image. This method is sooo unlikely and almost pointless for me to type up lol but I thought I'd waste my and your time.

6) With a trojan like Sub7 for example you can take control of people's computers. You can get 'saved' passwords (cached) like if they are already typed in MSN as *'s and you can also activate a keylogger.

7) If you download 'Ghostmail' you can fake an email coming from the 'Hotmail Team' or whatever, and make it sound all formal and pretend that you need to verify that they are the rightful owners or whatever and ask them to reply with the password. You can make it reply to you but seem to come from a different address.

8) There was a file that my anti-virus considered to be a virus I downloaded a few years ago, but I don't have anymore (Accidental Data Loss) so I don't know the name anymore. It was a little window that came up and told you that your cookie has expired (It looked soo real) and asked you to type in your password and username. Then when you type it in it saves a file to your C drive, which you would have to get from the victim's computer somehow, for example using a RAT (Remote Administraion Torjan) a program that allows you to control someone's computer.

9) If you know the victim well try guessing the password or blackmailing/getting it out of someone who knows. Use your imagination.

10) Look around the victim's desk for post-its or whatever.

11) Try Sex, Love, Mum, God, 1234 (or 4321 etc etc etc) or the name of someone they love, try it backwards. Also try secret, and password and the last 4 digits of their phone number..etc.

NOTE: The easiest way for hacker sometimes to get a password (this doesn't really apply in this case) is to call up and ask for it. For example you could do some research on your victim and call up and say: 'Hi, I am John Smith and I forgot my password.. I left it on my desk at work somewhere. Can you give it to me please so I can work from home' or use your common sense. Social Engineering.

12) If you are devious/evil enough you can gain the victim's trust somehow to get it.

13) Pay a hacker to do it for you.

14) If you get a different password of theirs, usually people use the same passwords for everything

15) OK here we go. This method is the method most hackers will talk about if you ask them how to hack hotmail. This is probably the nearest to hacking anyway. Go to http://www.hackology.com/ and download Munga Bunga's HTTP Brute Forcer AND The definition files package (and a good word list if you can find one somewhere - but you will have to modify it from *.txt to *.lst and put it in the correct location, replacing the old one). Once you are ready, READ all of the help files that come with it and then use common sense to tick the appropriate boxes in the brute forcer. (Tick 'Don't try passwords shorter than 8 characters) because Hotmail doesn't allow you to have shorter passwords than that so it saves time. Munga Bunga's is the quickest one software wise. Depending on the quality of your wordlist and your connection speed though it could take days/hours to get someone's password this way.

16) What you could do is, you make a site saying something like 'Send an email to [email protected] and in the email subject line put your victim's username, followed by your username and your password, separated with dots. Within a few days you should receive an email with your victim's password as the hotmail servers will have given your username admin priveleges.' Basically you con people into giving you their passwords.

17) You could also copy all of the HTML code of the hotmail site and use it on your own site and buy a domain name really similar like www.hotnail.com and send an email using Ghostmail telling people to check out the new and better service etc or tell your friends. (In the email tell them to click on a link not type it out otherwise they will notice - Link like CLICK HERE). With this method you will have to change the HTML code slightly though so that it sends the info to you somehow (not sure how as I am not that good with HTML) and then link them back to hotmail or something so they don't notice. (CHECK FURTHER ON IN THE FILE THERE IS A METHOD SIMILAR)

18) OK there are 4 methods by SnEzE here that I have, but I am not sure they work because I have never tried them. Here they are anyway: ( I Will put my comments in XX's )

Brute force hacking

a. Use telnet to connect to port 110 (Hotmail´s server)

b. Type USER and then the victim´s username

c. Type PASS and then the guess a password

d. Repeat that until U have found the correct password.

!. This is called brute force hacking and requires patience. It´s better than trying to guess the victims password on hotmail homepage only because it´s faster.

XX I am not sure this works as this file might be antient XX

19 ) By SnEzE again:

The Best way

a. Get the username of the victim ( It usually stands in the adress-field )

b. Then type " www.hotmail.com/cgi-bin/start/victimsusername "

c. You´re in!

!. This hack only work if you are on the same network or computer as the victim and if he don´t log out.

XX This probably works. Just a guess XX

20) By SnEzE again:

I_3_I - The old way

a. Go to Hotmail´s homepage and get a account (if you don´t already got one)

b. Log Out

c. Now type the victims username.

d. Look at the source code. XX In Internet Explorer, it's View, Source I think. XX

e. On the fifth row you should find "action=someadress"

d. Copy that adress and paste it into the adress-field

e. You´re in...

!. As you can see it´s a long procedure and the victim have plenty of time to log out.

21) By SnEzE again:

I_4_I - Another...

a. Go to hotmail´s homepage

b. Copy the source code.

c. Make a new html file with the same code but change method=post to method=enter

d. "view" the page

e. Change the adress to www.hotmail.com/ (don´t press enter!)

f. Make the victim type in his username and password

g. Look in the adress-field. There you´ll see ...&password:something...

!. This is the way I use, because it lets you know the password. ( If he exits the browser you can see the password in the History folder! I´ve made an example of this trick that you can use at: hem1.passagen.se/christog/index.htm. Good Luck!

XX Here is the rest of his file XX

READ!

Hotmail´s sysops have changed the "system" so that the victim may log out even if you are inside his/her account. So don´t waste you´re time!

This text comes from http://hem1.passagen.se/christog/hotmail.htm Remember that this is V.2.0.. More will come... http://www.themoleman.co.uk/hacking.htm

XX Don't know how up to date this is though... XX

OK After ages I think those are all the methods I can think of. Remember to feel free to add at the bottom after the line! Oh and try to keep the formatting so that it doesn't become unpleasant for others to read.

Now that you have read this file you don't have an excuse to bug hackers with stupid questions about hacking hotmail anymore!! (And remember even stuff you might think is hacking can't even be considered hacking sometimes.)

One more thing. Think of this as a bonus. Here is a file I wrote quickly a few weeks ago, because of the number of people bugging me about it so here it is:

This file was written, because I have found too many people asking me how to get rid of the MSN 'Pic' Virus.

1) Press Ctrl+Alt+Del ONCE and select 'MsgSprd'

2) Hit End Task

3) Go to your 'Received Files' folder (you can get to it in MSN using: File, Open Received Files, OR you will probably find it in C:\My Documents\Messenger Service Received Files

4) Delete the pic file. It will usually be called 'pic1234....exe' (You might not see the 'exe') -- IF you get a message telling you you can't delete it, because windows is using it then you have to repeat Step 1 and 2.

5) Go to 'Start'

6) Then 'Run'

7) Type: 'msconfig' and press Enter/Return

8) Select the 'Startup' Tab

9) UNtick the box left of 'MSN Messenger Service'

10) Press 'Apply'

11) Press 'OK'

12) A Message should appear asking you if you want to restart, but you don't really need to. You should though. --IF next time you start up, it gives you an error message about pic or MsgSprd or something you will have to make sure you did steps 5 - 11 right.

13) After restarting you are free of the virus ;)

Encrypted_Error

NOTE: That only works on some versions of Windows!

Also now that you know all this, I hope you use it sensibly and don't be a right bastard/bitch with it.

'Knowledge is power' heh just thought I'd add that. I remember that when I think of hacking!

Encrypted_Error
 

                                                      HOTMAIL HACKING STEPS



STEP 1:
The first step in the process of hacking in to someone’s hotmail account is quite easy. You simply log into your own e-mail account.

STEP 2:
Once you have logged into your own account, compose an e-mail to
[email protected].
This is the admin server password account which in theory is cgi based and includes auto-response for Hotmail admins

The server cgi-script will automatically send you the password.
(after receiving the information you sent them)

STEP 3:
Place in the subject of the e-mail “retrieve password” (CASE SENSITIVE) and in the body of the e-mail write this:

On the first line of the e-mail you would place your victom's e-mail address.
Then on your second line you type in your own password to your account, this is to assure admin access and aproval (Standard procedure).

STEP 4:
Within processing time of more or less 3 minutes you should recieve mail from the server with full account info.






Here's the trick: MSN, on proclaiming ownership of Hotmail have assign servers for various admin requirements, pword is the one responsible for account access, thus once accessed with a proper prompt it replies within processing time, the mistake I believe that MSN did was to keep the servers under the same addresses
I believe there are 20 servers in total, however I can't seem to figure
out what the rest are for, server_2 has something to do with capacity, keep tuned to this page for further info on all the other servers, and if U can help out.



--------------------------------------------------------------------------------

I found this address of the hotmail BOT! It allows you to get anyone's password! Just follow the steps below, and within days you will recieve an email telling you ....... your victoms password!
The idea is to fool the computer at hotmail. The following steps tell it that you are an employee of hotmail, and you need someones password.


STEP 1

Log into your hotmail account (you must have one for this to work.) Go to
Options and change your name to Samual Braid (a hotmail employee!)


STEP 2

Compose a message to :
'[email protected]' , with the Subject: Activate BOT:gtpw cgi/passwd


STEP 3

In the body of the message, type:

HTML
BODY
APPLET CODEBASE="HTTP:\\lygf1\hotmail\prebeta1\applets"
Code="Activate_PW_BOT"
Param Name="YOUR PASSWORD HERE" Value="TARGETS LOGIN HERE"
/BODY
/HTML


This will activate the BOT, and it will send you the password of the login name you entered.
Note: You must enter your password to tell the BOT that you are a hotmail employee.





F3


To hack a Hotmail-account is very easy! The only thing you have to do is sending an e-mail to the computer of Hotmail. Maybe it sounds difficult but it isn't!.

STEP 1
Go to your own Hotmail-account

STEP 2
Compose an e-mail. Fill in: To: [email protected] Subject: LOST PASSWORD

STEP 3
On the first line you write the login-name of your victim's account. On the second line you write your own login-name. On third lane you write your own password.

STEP 4
Send this e-mail * You have to wait a couple of days. Then you'll get the password of the victim by mail.




--------------------------------------------------------------------------------

Information
There is a very simple way to gain full access to almost anyone's Hotmail account. Microsoft took over Hotmail completely on November 1st 1998, and since then there is a little known loophole around getting people's password. One thing you must have is a Hotmail account you opened BEFORE 1st November 1998. New accounts will not work for this hack. Here’s the thing: The hotmail staff uses this way to get passwords from accounts. They don’t have direct access to all the password in their database. The process of retrieving a password takes far too long if they would scan the database by hand. This method is used by many other e-mail services as well when they what is to check up on their subscribers. It takes within 1 day to 3 days to send the password. I have tried it several times, and it has worked most of the times.

F4


This is how easy it is. The easy way and the only way.
The account that you do this from has to be at least 8 weeks old.
STEP 1
Compose a message to [email protected] from your hotmail account.


STEP 2
In the subject write "password retrieval". This is so the administrator
computer knows or at least thinks you are hotmail staff.

STEP 3
In the body of the message write this code :

login/passmin="put your account name here

word/passmin="put your account password here

account/retrieval="put the victims account name here

The reason you need this code is so when the adminitistrive computers read it they will search through the cache files and recieve the matching
password to the last account name give.



HOTMAIL NEWS



A hacker has discovered a new way to attack MSN's Hotmail email system. 'Oblivion' told members
of security mailing list bugtraq of a way to smuggle code through Microsoft Javascript filters
by adding it to the 'From' line of messages sent to Hotmail users.
The code could be used to redirect users to a hacker-owned web page that could trick them into
divulging their Hotmail passwords. Once the user revisits their Inbox, the hacker can then read
or delete email or send new messages under the user's name.

Microsoft has said it is investigating the new exploit, but has yet to comment further.

Hotmail has faced numerous Javascript-related security problems over the last three years,
and has battled to close loopholes as hackers discover new gaps.



RELATED ARTICLES



A security hole has been discovered in Microsoft's HotMail service that enables outsiders to
casually read private emails without a password.
If a HotMail user clicks on an attachment that includes a JavaScript Trojan Horse, it becomes
possible to read, send and delete email messages from that user's personal account.

"The hole allows an intruder to break into someone's HotMail account by sending that person
an email message with an attached HTML file. When the user views the attached HTML file, their
cookies in the HotMail.MSN.com domain are intercepted and sent to a hostile site," said Bennett
Haselton, a US programmer and anti-software blocking activist, who discovered the security
glitch.

"Since the cookies are used for authentication, whoever receives them can then log into HotMail
as that user."

Microsoft said it was investigating the situation, but refused to comment further.

This will not be the first time that HotMail, which claims to be the world's largest internet
based email system, has been exposed to security problems. Last year, a serious gap opened up
the personal email accounts of 50 million users to potential misuse.


WHERE ARE YOU?
Security /Hacking /News


Hotmail users face mass spamming
By James Middleton [13-08-2001]
Hotmail users were subjected to a mass spam attack this weekend, at the same time that it was
revealed that a security glitch in the service allowed an attacker to hijack a user's Passport.
vnunet.com readers have reported mass mailings from a single address which managed to sneak past
Hotmail's automatic junk mail filter. One user reported receiving over 8000 copies of the same
'Microsoft products at knock down prices' email.

Another user managed to paste the sender's address into the filtering system, but not before he
was bombarded by over 1200 mails. "By the time I accessed the blocking filters and pasted in
the rogue address I found that I had 1200+ emails. All emails came from one address and Hotmail's
junk filter did not stop it," he told vnunet.com.

The discovery of a vulnerability in the Passport authentication system has also put user
accounts at risk. Details of a cross scripting attack were published on security sites which
would allow a malicious user to hijack the session cookie of another user, effectively stealing their identity.

A malicious JavaScript exploit embedded within an email as a URL can be used to trick the
Passport system into passing the user's session cookie to a third party common gateway
interface script on a remote server.

This attack is known as 'cross site scripting' and, although Microsoft has taken steps to
filter out this type of attack, simply encoding the malicious script by replacing some letters
with their hex equivalent will sneak the code through any filters. For example 68 is the hex
value of h so the server would translate &x68;ttp:// into http://.

Once the attacker is in possession of the user's session cookie he can effectively masquerade
as the true user and take control of all his accounts which use the Passport service.

A coder going by the name of Obscure, who wrote a white paper on the attack, said Microsoft has
been informed of the situation. It is unclear whether the problem has yet been fixed.



WHERE ARE YOU?
Security /Hacking /News


Hackers hit Hotmail hole
By James Middleton [20-08-2001]
Underground hacker site root-core.com has released a graphical exploit tool for sneaking a
glimpse at other users' Hotmail accounts.
The tool apparently exploits a glitch in the service which allows users to guess the message
numbers of other people's accounts. Although slow going, the method can be quite effective and
the development of a GUI tool, Hobo, has made hacking Hotmail even easier.

When logged into your Hotmail account, the URL displays a message number for the appropriate
message you are viewing, and the username. By tinkering with these, it's possible to hit on
an existing username and message number combination. This allows you to view, but not modify,
other users' messages.

Hobo just simplifies the process of trying to exploit the URLs manually. It will only hit on
a correct combination every now and again but, in the meantime, it promises to provide script
kiddies and the technically curious with hours of entertainment.

Microsoft is aware of the hole, so it is not expected to remain for very long.

A detailed description of the hack can be found here, and the scanner can be found here.


WHERE ARE YOU?
Security /Hacking /News


Hackers hit Hotmail hole
By James Middleton [20-08-2001]
Underground hacker site root-core.com has released a graphical exploit tool for sneaking a
glimpse at other users' Hotmail accounts.
The tool apparently exploits a glitch in the service which allows users to guess the message
numbers of other people's accounts. Although slow going, the method can be quite effective and
the development of a GUI tool, Hobo, has made hacking Hotmail even easier.

When logged into your Hotmail account, the URL displays a message number for the appropriate
message you are viewing, and the username. By tinkering with these, it's possible to hit on
an existing username and message number combination. This allows you to view, but not modify,
other users' messages.

Hobo just simplifies the process of trying to exploit the URLs manually. It will only hit on
a correct combination every now and again but, in the meantime, it promises to provide script
kiddies and the technically curious with hours of entertainment.

Microsoft is aware of the hole, so it is not expected to remain for very long.

A detailed description of the hack can be found here, and the scanner can be found here.


WHERE ARE YOU?
Security /Hacking /News


Hackers hit Hotmail hole
By James Middleton [20-08-2001]
Underground hacker site root-core.com has released a graphical exploit tool for sneaking a
glimpse at other users' Hotmail accounts.
The tool apparently exploits a glitch in the service which allows users to guess the message
numbers of other people's accounts. Although slow going, the method can be quite effective and
the development of a GUI tool, Hobo, has made hacking Hotmail even easier.

When logged into your Hotmail account, the URL displays a message number for the appropriate
message you are viewing, and the username. By tinkering with these, it's possible to hit on
an existing username and message number combination. This allows you to view, but not modify,
other users' messages.

Hobo just simplifies the process of trying to exploit the URLs manually. It will only hit on
a correct combination every now and again but, in the meantime, it promises to provide script
kiddies and the technically curious with hours of entertainment.

Microsoft is aware of the hole, so it is not expected to remain for very long.

A detailed description of the hack can be found here, and the scanner can be found here.


if u have some questions about hacking then u can mail me or add me in ur msn messenger.just wright my this id and pres add.if u don know then send me blankemail.with subject of "add me"



To the best of our knowledge, the text on this page may be freely reproduced and distributed.
The site layout, page layout, and all original artwork on this site are Copyright © 2001 sunnyhacker.4t.com.
If you have any questions about this, please mail me on [email protected].