How to hack Gmail account?

How to hack Gmail account ?

The Internets MOST ASKED QUESTION OF ALL TIME !
HOW CAN I HACK HOTMAIL/GMAIL/YAHOO/FACEBOOK
OK ?

Here is the “CORRECT” answer,
I’m merely disappointed by the number of technically illiterate people around the world. The most popular question in any hacking related site is “How to hack e-mail” its not tolerated in any security/hacking related forum and if asked you can expect to get a rant from people. the reason is simple because there are NO ways of hacking a e-mail address by easy means and the people who know this fact often get very annoyed when most people don’t understand WHY its NOT POSSIBLE

The hacking of a e-mail is possible when a person who owns the account gets hacked. the other way is to hack them directly from the e-mail servers which is most unlikely because these sites use sophisticated Intrusion Detection and highly skilled consultants who are up to date with exploits and patch’s. unless you are a real professional hacker its highly unlikely you will ever break into a e-mail server.

People MUST understand that there are NO PROGRAMS/SOFTWARE’S that can hack a e-mail password when you enter an e-mail address. to understand this better let me explain you how e-mail works
Lets say you have a gmail account
When you enter your username and password and hit login what happens is your outgoing e-mail server encrypts the login information and sends over the network to its destination which is a gmail server which can ONLY decrypt the encrypted credentials then these were checked against its database and if they match it will re direct you to your mail inbox. to authenticate you with the gmail server, it will send you a cookie ( a text file ) with a session ID to your browser confirming that you are authenticated so the gmail server.
So there was a time when e-mail servers gave the option to NOT to use SSL cause it slows down the e-mail. because of the time it takes to encrypt. it was a “happy time” for the hackers who simply used a wifi hotspot to sniff session ID and break into emails !!! why ? because If anyone sniffs your session ID he can use it to login into you mail WITHOUT the password because the session ID is the proof of authentication as I mentioned earlier ^ but with almost all the e-mail servers NOW use a SSL encryption and the Session ID is also encrypted so by sniffing its NOT possible to decrypt the ID !
So there goes Packet Sniffing 
You may ask so what ? why the encryption cannot be cracked ?
Because The encryption uses Hypertext Transfer Protocol over Secure Socket Layer and public/Private key encryptions technique which is almost impossible to crack. Do some Research on these terms and you will know why its not possible to crack.

So now the next possible way is to somehow hack into the gmail servers and pull the password hash’s and then crack them. well, sadly not many people have succeeded doing it because its highly impossible and way too risky
Now after reading all this you might have a slight idea why I ask people who claim “they can hack any e-mail” to prove it !! so if you can make a program that can somehow bypass all the security and bring the password from the gmail server then you deserve a noble prize !!!

NOW ASK ME HOW TO HACK A E-MAIL ?

Ok you clearly know its almost impossible but the good news is that its possible to hack a individuals computer or a web server. most people lack of common sense and so many people have NO technical knowledge whatsoever. so by hacking them its possible to steal their passwords.

Because we can’t hack the password from the servers but we can hack it from the people who use it..
There are so many ways..
here are some of the methods,

1. Fake Login page – Fake page also known as phishing. This process involves creating a fake login page of a certain e-mail and tweaking the password authentication process so when the user inserts login details it will be sent to the hacker. This is the easiest way to hack when the victim has no technical knowledge.

2. Social Engineering – Humans have certain weaknesses and this process involves exploiting someone’s weakness to retrieve a credential such as a password. for an e.g: There are many incidents in the past like once when a hacker phoned a employee of a company (victim) and identified himself as the Technical Engineer of that company and instructed the employee (victim) to follow a set of FAKE system error checking and eventually received his login password from him by simply convincing him to reveal them. its just simple as that/ it does takes lot of confidence and skill.

3. Keylogger – Its an application which runs hidden from a user in the background and logs/records all the keystrokes of a user. when a user types something it will be recorded and saved. when the system goes online the recorded details will be sent to the hacker. which can contain a e-mail login detail. the keyloggers are outdated and most of them are detected by anti-virus programs. but when used in a LAN network or when the hacker has physical access to a system it proves to be effective. so if your girlfriend/boyfriend is cheating on you this is the way to go.. but I still think smart people don’t keep “cheating related e-mails in their inbox” he he
The downfall of keyloggers are that not many keyloggers can be deployed remotely and they are often picked by anti-virus programs (which can be avoided by using code obfuscation or packing/crypting, changing Entry point..but its more complex)
Another downfall of keylogger is that most of them don’t use any encryption and the data is sent as it is, with a skilled reverse engineer its possible to track down the hacker by breaking the file and analysing the code.

4. Trojans – Programs which are often known as backdoors. these programs are similar to keyloggers but they can execute certain commands sent by the hacker. most Trojans have a built in password stealer which is an application that can steal stored browser passwords. also in addition they have far more sophisticated functions such as webcam capture (YES the hacker can see you when you pick your nose) ability to browse/download/edit your files and folders, audio recording, etc.. different Trojans have different functions. All hacker has to do is create a server and send it to the victim and once the victim opens the file it will drop into the victims system and connect to hackers client. now he can issue commands to his server which is in the victims computer and manipulate it whatever the way he likes.
Trojans are very easy to use and most of them use encryption and security evasion techniques and there are TONS of tutorials all over internet if anyone interested in using them.

I hope I have covered enough information. so next time when you see someone asking “How to hack email” Please point it to this thread. so he/she don’t waste his/her time and money.
My advise is if you have a personal issue such as cheating/breaking up I encourage you to sort them by other means. or maybe Go see a doctor. if she dumped you.

How to hack JomSocial CMS based websites

JomSocial ~ Joomla Shell Upload Vulnerability

You need:
A Shell
Tamper Data
Vulnerable Site
& a Brain

Preparation:
1. Get a shell here. (recommend: c99.php)
2. Download Tamper
3. Find a vuln site. *refer to Dorking*

Dorks:
inurl:/com_community/
inurl:/images/originalvideos/
inurl:/index.php?option=com_community&view=videos

Preparing your Shell:
1. Download a shell.
2. Put it in a folder (ex. “myshell”)
3. Copy the shell to the same folder and rename it to “yourshell.php.flv”
4. Now in your folder you have 2 files, “myshell.php” & “myshell.php.flv”.

Getting Access to site:
1. Register a fake account.
2. Active your fake account.
3. Go to your profile page.
4. Click on Add Video.
5. Choose upload video from computer.
Uploading your Shell:
Upload a video from your computer, please note that if you only see Add video from URL that means the site is not vuln.

The reason for having created a file called “myshell.php.flv”, is to trick the uploader into thinking that you are uploading a FLV file.

Uploading shell:
1. Go to upload page, click on add video.
2. Select Add video.
3. Select Upload from Computer.
4. Browse to your “myshell.php.flv”.
5. Input Title.
**before you click on upload**
6. Firefox -> Tools -> Tamper Data, click on Start Tamper Data.
7. Now click UPLOAD.
8. Tamper data will then show you if you want to tamper, uncheck continue to tamper then click on tamper.
9. Look for “myshell.php.flv” then delete the .flv part meaning you will have “myshell.php” left.
10. SUBMIT.
11. Wait for it, and you will see the successful upload page.
12. Congrats you have uploaded a shell.

Shell location:
1. Go to http://[slave]/images/originalvideos/
2. There you will find folders named in numbers. (yours is most likely the last/bottom folder)
3. Most of the folders will contain .flv, .avi && etc etc.
4. Your folder will contain a random generated name with a PHP file extension.
5. Open your “random.php”

How to find a Vulnerable Website?

How to find a Vulnerable Website?

Common Methods used for Website Hacking
There are lots of methods that can be used to hack a website but most common ones are as follows:

1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI)
4.Directory Traversal attack
5.Local File inclusion(LFI)
6.DDOS attack

Tools:

Acunetix:
Acunetix is one of my favorite tool to find a venerability in any web application It automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.

Nessus:
Nessus is the best unix venerability testing tool and among the best to run on windows. Key features of this software include Remote and local file security checks a client/server architecture with a GTK graphical interface etc.

Retina:
Retina is another Vulnerability Assessment tool,It scans all the hosts on a network and report on any vulnerabilities found.

Metasploit Framework:
The Metasploit Framework is the open source penetration testing framework with the world’s largest database of public and tested exploits.

The ROT Guide to Gandalf XMUX’s by Deicide

The
–=RoT=–
Guide To
GANDALF XMUX’S
———————–
Written by:
Deicide
===========================
*NOTE: While writing this file i assumed that the reader has a working
knowledge of Packet-Switching Networks(Such as Sprintnet, Tymnet & Datapac).
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

The Gandalf XMUX is made by Gandalf Technologies Incorporated. It is
one of the 3 popular systems Gandalf makes, the others being the Starmaster
and the PACX. These systems are very closely knit, as you’ll see later, but
the focus of this g-file is on the XMUX system. I still don’t have a XMUX
manual, so this file will be a bit incomplete, but it will give you a good
sense of the system; How to Identify it, How to Penetrate it, and How to Use
it. There are a number of security flaws in the XMUX, all of which can be
circumvented but frequently are not. Occasionally you will find an
unpassworded console, in that case just move on to the How to Use it section.
The Gandalf systems are very frequently found on all the major
packet-switching networks, as Gandalf’s themselves often serve as network
controllers. Most of the major companies, such as Xerox & Bell Canada, use
XMUX’s, so it is a good idea to become familiar with the system.

How To Find Your XMUX & How To Identify It
——————————————
First of all, if you find an unpassworded XMUX it will tell you by the
herald “Gandalf XMUX Primary Console Menu” followed by the menu itself. Skip
this part for now.
But for the rest of you, you probably still need to find your XMUX, and you
need to know how to identify it.
Before we get further into this, a small amount of knowledge of the whole
scope of the XMUX is needed. Every XMUX is made up of at least 4 parts,
each present on every single XMUX. These parts are called:
– Console
– Fox
– Logger
– Machine
The Console is the actual system, the part that has to be hacked, the part
that contains the information we are attempting to retrieve.
The Fox is a test machine, serving no other purpose except to spout
“THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG 1234567890 DE” over and over
again.
The Logger is displays a line or two of information such as the time & the LCN
called, for the most part unimportant. But it does contain the node name.
The Machine is basically a system information giver. I have yet to discover
all of it’s commands, but S gives some systems stats(including the node name)
and L is an optional command that supplies the user with a system log(which
contains link addresses & UID’s).
All of these can be useful in some way.
The XMUX can be found in a number of ways:
– On a standard NUA(XXXX XXXX)
– On a standard NUA + extention(XXXX XXXX,XXXXXXXX)
– On extentions off of Starmasters & PACXs.(XXXX XXXX,XXXXXXXX)
– On LCN’s(subaddressing) off any other type of system/OS.
??????????????????????????????????????????????????????????????????????????????
NOTE:”Password >” is the password prompt for the XMUX Console, occasionally
proceeded by an operator definable system message such as “Vancouver XMUX”.
To be sure that this is a XMUX prompt, hit . If it returns the message
“Invalid Name
Names must consist of 1 to 8 alphanumeric characters”
Then you are dealing with the XMUX Console.
??????????????????????????????????????????????????????????????????????????????
On a standard NUA it will bring you right to the “Password >” prompt, no
hassles. You can then proceed to the section that deals with hacking the
console.
On a standard NUA + extention, it is not so easy. When you first hit the NUA,
it will give you the “Remote Directive” error message, telling you that you
“forgot” the extention. Now, the error message could mean you forgot the
extention for a VAX, also, but we will assume that it is a XMUX on the NUA.
This is true only a fraction of the time, but try this on every Remote
Directive message, you’ll find a good share of XMUX’s. First of all, try the
LCN(subaddress) of 1 on the NUA. If you come up with the Fox segment of the
XMUX(explained earlier) then you have an XMUX Console on the NUA, it’s just
hiding. If the LCN brings up the Remote Directive message again, then try
the extention of LOGGER on the NUA. If it brings up the XMUX Logger, then
again, the XMUX Console is there, but with a bit of security added on. If you
now know that you are on an XMUX, try the CONSOLE extention. It should bring
you to the “Password >” prompt, or occasionally right inside without needing
a password.
Starmaster’s and PACX’s almost ALWAYS have an XMUX attached on to it. Use the
Starmaster or PACX’s NUA + the extention CONSOLE. It will most likely bring
you to the “Password >” prompt.
The LCN’s off all the other system/OS types is a bit more complicated. You
can either guess,pick the likely ones, or try them all. What this is is an
XMUX in coexistance with another type of system, such as AOS/VS. The most
common way to find these is by adding an LCN of 1 to the NUA of the system.
If it comes up with the XMUX FOX section, then you can be sure an XMUX is
present. To find the XMUX Console, use LCN’s of 4 and above(2 & 3 being Logger
and Machine), up to the LCN of 15(maximum on XMUX). If you still haven’t found
the Console, and it’s returning the Remote Directive error message, now’s the
time to use the CONSOLE extention. In most cases it’ll bring up the
“Password >” prompt, or right into the Console Menu.

HOW TO PENETRATE THE XMUX CONSOLE “PASSWORD >” PROMPT
—————————————————–
To start you off, XMUX Console Passwords MUST be within 1 to 8 alphanumeric
characters. Any combination within that boundary is an acceptable password.
Now, while it is true that the password could be a random letter/number
combination, such as G2Z7SWJ8, and therefore extremely impractical to hack, it
is almost a given that the password is a relevant word or abbreviation, with
not more than one numeric character, which is usually not even included.
Also, you get 4 attempts at a password before being logged off, and remember,
you don’t even need to find a username.
When you first reach the “Password >” prompt it’s a good idea to try the
defaults(in order of occurance):
– Gandalf
– Xmux
– Console
– System
Also, Password(no, really), Network, CPU, Switch & Network are also frequently
found.
Then, if the defaults don’t work, it’s time for a little calculated brute
forcing. If the system has a herald, such as “BenDover Field Communications”
then try everything you possible can thing of that is relevant to the herald,
such as Bendover, Ben, Dover, BDFC, Field, Telecom, etc. Also, combine these
with the defaults, particularly Xmux. As in BenXMUX, or FieldMux, etc.
If there is no herald, or all the thing you can think of to do with the
herald fail as passwords, then it is time to get the node name. The node name
is used very frequently as a password, thus a good thing to try. But where to
get the node name with out getting the password first? It is contained in two
other places other than the Console, with ALWAYS at least one of the
facilities open to you. The Logger(LCN 2, or extention LOGGER) always spurts
out the log name first upon connect. This is always available, i have only
seen one case in which the Logger information was protected, and that was
achieved by wiping it out, which very few people do. The other source is the
Machine(LCN 3, or extention MACHINE), a very handy source of information.
You will recognize the Machine by its “#” prompt. At this prompt type “S” for
system stats. The first thing you see in the system stats is the Node Name.
Also, with machines type “L”. Occasionally it will be set to show the log,
which contains the Link Addresses(usually other netted computers, frequently
Gandalfs) and UID’s as well. Try the Node Name by itself as a password, then
in combination with all the above, such as a combo of Default & Node Name.
If you follow all these above methods, 50% of the time you will find the
password. Remember, people are stupid. An elitist attitude, but it works.
If you don’t get the password, don’t worry, there are many more XMUX’s out
there with poor security, go for those. But before you move on, try the LCN’s
from 4-15, frequently you’ll find another system, often a private PAD or an
outdial.

WHAT TO DO WITH THE XMUX CONSOLE ONCE INSIDE
——————————————–
For those itching to read other people’s mail, or retrieve confidential
files, etc, you will be very disappointed. Although once inside the XMUX
Console you have virtual Superuser status, the commands are all maintenance
related. But, often you will find other systems, quite often networks, PADs,
& outdials from inside.
You will first encounter the primary menu, which looks similar to this:
Gandalf XMUX (date)
Rev(version) Primary Console Menu (time)
Node:(nodename)
Primary Menu:
1. Define
2. Display
3. Maintenance
4. Supervise
5. Exit
Primary selection >

Now, although there are some other useful and interesting features to the
XMUX console, i will only show you the 3 most useful features, those being
Abbreviated Command, Service & Call Status.
Abbreviated Command is an option found in the Define sub-menu. Hit 7 once
inside the Define sub-menu to bring up the Abbreviated Command prompt. Type
a ? to show all the abbreviated commands. If there are none, curse your luck
and move on to the next feature. If there are some, type them in, one at a
time. Each Abbreviated command is really a macro, and a macro of a NUA plus
the subaddressing and data character extension needed to enter the system.
These can be very useful, not only for the NUA & subaddress, but for the fact
that the extension is included. Most times extensions are hard if not
impossible to guess, and the macro throws it right in your face. The
Abbreviated Command is in the format of XXXXXXXXdEXTENSION, in that the X’s
are where the NUA is placed, the EXTENSION is the extension characters, and
the ‘d’ is really where the comma goes to separate the two. So if the
Abbreviated Command was 55500123dabc, the NUA would actually be
– 55500123,abc –
Service is a menu option also from the Define sub-menu. What it enables
you to do is view all the services available, plus their function &
LCN. Type “11” from the define menu, then “?” for a list of the services
available. Console, Fox, Logger & Machine will always be present. Anything
else is a bonus, and should be capitalized upon. For example, if you see
“Modem” as one of the services, then enter “Modem” from the Service
sub-sub-menu to see which LCN the modem is on.
Display Call Status is a handy command used from the Display sub-menu
which gives a log of all the calls the system has handled. In the call log
are the NUA’s of the system that called, often a netted system such as another
Gandalf.

CONCLUSION
———-
Well, that’s all for now..if you have any questions or comments you can
reach me at the RoT HQ’s listed below, or most of the other RoT sites.
BTW, for anybody truly interested in any of the Gandalf types, contact me and
i’ll supply you with the NUA’s for Gandalf Technologie’s BBS &
Employee/Manager Sites…..
Deicide
-=RoT=- H/P Coordinator

-=RoT=- -=RoT=-
WHQ US HQ
6 ŸîîT –ïDäR The Cellar
(604) 824-0317 (401) PRI-VATE

Hacking Xerox

***************************************************************************
* *
* Hacking: X E R O X *
* *
***************************************************************************

Foward:

All information in this file has been taken from either the Xerox computers
themselves or from a person who works for XEROX who’s name is not listed here
for obvious reasons. I questioned the XEROX employee and found out as much
information as I could from him. I tried to get him to tell me how to crash
the computer but he wouldn’t tell me that because it takes money out of his
own pocket cause he gets a percentage of the profit, and when the system
crashes, it messes everything up and then the company loses money.

ThMain Body

Ok , at the prompt of @#ENTER USERCODE PLEASE or just plain @ …
… enter a 6 character employee code. 90% of the time this code will be in
the format of : NNANNN where N = numeric and A = alpha. The XEROX computer
will NOT echo it back to you as you type it , so if you can’t see anything
that you type, don’t worry. Everything is fine.

It will then give you a prompt of #ENTER PASSWORD PLEASE. At that prompt you
should enter a password . This password can be a maximum of 14 characters.
There are certain guidelines for this password. No ” – ” , ” _ ” , etc. will
be used , only letters and numbers. The first character is almost never
numeric.

On inside of the XEROX computer, It is pretty much menu driven. And you
will be able to find out most of what you need to know. There is not much
practical use for hacking XEROX , unless of course you need 1000 or so
printers or something like that.

Disclamer:

Thwriter and original distributer of this file takes no responsibility for
the use [ and/or misuse ] of this file. The writer of this file will not be
named in this article so he cannot be brought up on charges. All I will say
is that the writer is known of only in Dallas. And that is under an alias.
I will not be held responsible for any damages suffered by you or anybody
else… Especially since you don’t know who I am …