Friday, September 14, 2012

Hacking email addresses using zenmap, xhydra and a wordlist.

I have setup a rogue email account on a web server that i own a lease to. What we are going to do is find the IP address to the server that sends the mail, scan for open ports to mail services (Pop3 & SMTP) input the data into Hydra and in return bruteforce for the password.
 I have done this on many occasions as a security tester and what i have found is that MOST people use the same password for everything. That's why it's important to keep your email password exclusive. What i have found in 90% of the time is that people have everything linked to their main email address. Online banking, website registration and Facebook to name a few. All you have to do after gaining access to an important email account is a little detective work along with some "forgot password" forms and then you pretty must own the E-Identity. I'm going to show you how to prevent this from happening to yourself and your clients. 
Please note these are real hacking methods that are going to be tested on real servers. One of the IP's i'm going to release correlates to a godaddy hosted server, and even though anyone can find this i want to say i do not condone black hat hacking, nor do i advise anyone to use these methods for malicious use. Lets Get Started

www.brotherspropertymanagement.com will be our target for example.

In backtrack 5, Fire up a Terminal, Zenmap and Hydra-GTK.

ping the desired web server:
 we see a secureserver hostname along with the IP. Typically in this instance i would run a zenmap scan on it.
However no mail server is returned. This is a practical example of where we can be de-railed because the mail server is different from the one we scanned. but with a little research we can easily find the mail server AND SETTINGS on google using the hostname.
 We have found the link for email setup. You will only need to do this if the web server is hosted by a product like godaddy. In some situations the web server will include all services to run the website and some back end things like FTP,HTTP,POP,SMTP & MYSQL.
click the link
 Those are the settings. Now we see we have 2 options. pop.secureserver.net and smtpout.secureserver.net. Please keep this in mind, These 2 servers HOST ALL MAIL on godaddy websites. This is dangerous because if you really wanted to you could scan a range of godaddy ip's, visit the websites, copy the email addresses, make a list to bruteforce. This is why i strongly advise a secure password.
Lets choose SMTP. It's not encrypted, doesn't kick us off after a few attempts of password breaking AND ITS FAST, SUPER FAST.
ping smtpout.secureserver.net a few times and you will see the ip is different. it really doesn't matter so open Xhydra and configure like this:
single target: smtpout.secureserver.net (this is the mail server)
port: 25 (this is default unencrypted SMTP port)
protocol: smtp (simple mail transfer protocol)
as always check off show attempts.


on the passwords tab for username you always want the full user with the @domain.com in the end our user is
rogueaccount@brotherspropertymanagement.com
select your password list. refer to my Last Post on how to find a wordlist in backtrack.
Or Click Here for Wordlist

Goto the start tab and click start.

Then we have success. I will be remove the rogue account so you little bastards don't try any funny business.


RECAP:
1. Find Target
2. Find SMTP Mail Server
3. Input data to Hydra
4. Crack Away  






code SMRRARMWCNXT  


6 comments:

  1. the best is to get rainbow crack list and crack within 180 seconds !

    ReplyDelete
  2. how to find the username for xHydra?

    ReplyDelete
  3. Hi Clients!

    We have fresh and valid usa ssn leads
    100% good and valid leads
    *If you have any trust issue before any deal you may get few to test
    *Every leads are well checked and available 24 hours

    ****Contact Me****
    *ICQ :748957107

    *Gmail :taimoorh944@gmail.com


    Cost for Premuim lead $5 for each
    Cost for normal lead $2 for each
    Price can be negotiable if order in bulk

    *please contact soon!
    *I hope a long term deal
    *Thank You

    ReplyDelete
  4. Covid-19 Relief Deals

    Money Transfers

    bank login

    bank transfer

    writing cheques

    transfer to cc ...

    track 1 and 2 with pin

    Sell Fresh CVV - Western Union Transfer - Bank Login - Card Dumps - Paypal - Ship

    Fresh Cards, Selling Dumps, Cvvs, Fullz

    Tickets,Hotels,Credit card topup...Paypal transfer, Mailer,Smtp,western union login,

    Book Flight Online

    SELL CVV GOOD And HACK BIG CVV GOOD Credit Card

    Fresh Cards. Selling Dumps, Cvvs, Fullz.Tickets,Hotels,Credit cards


    Sell Cvv(cc) - Wu Transfer - Card Dumps - Bank login/paypal

    And many more other hacking services

    contact me : hackerw169@gmail.com
    ICQ: 699 396 818


    - I have account paypal with good balance

    - I hope u good customers and will be long-term cooperation


    Prices Western Union Online Transfer


    -Transfer(Eu,Uk,Asia,Canada,Us,France,Germany,Italy and very

    easy to do African)

    - 200$ = 1500$ (MTCN and sender name + country sender)

    - 350$ = 4000$ (MTCN and sender name + country sender)

    - 500$ = 6000$ (MTCN and sender name + country sender)

    - 600$ = 8000$ (MTCN and sender name + country sender)

    Then i will do transfer's for you, After about 30 mins you'll have

    MTCN and sender name + country sender


    - Dumps prices

    - Tracks 1&2 US = 85$ per 1

    - Tracks 1&2 UK = 100$ per 1

    - Tracks 1&2 CA / AU = 110$ per 1

    - Tracks 1&2 EU = 120$ per 1


    Bank Logins Prices US UK CA AU EU


    - Bank Us : ( HALIFAX,BOA,CHASE,Wells Fargo...)

    . Balance 5000$ = 250$

    . Balance 8000$ = 400$

    . Balance 12000$ = 600$

    . Balance 15000$ = 800$

    . Balance 20000$ = 1000$

    - Bank UK : ( LLOYDS TSB,BARCLAYS,Standard Chartered,HSBC...)

    . Balance 5000 GBP = 300 GBP

    . Balance 12000 GBP = 600 GBP

    . Balance 16000 GBP = 700 GBP

    . Balance 20000 GBP = 1000 GBP

    . Balance 30000 GBP = 1200 GBP


    contact me : hackerw169@gmail.com
    ICQ: 699 396 818

    ReplyDelete
  5. Covid-19 Relief Deals

    Money Transfers

    bank login

    bank transfer

    writing cheques

    transfer to cc ...

    track 1 and 2 with pin

    Sell Fresh CVV - Western Union Transfer - Bank Login - Card Dumps - Paypal - Ship

    Fresh Cards, Selling Dumps, Cvvs, Fullz

    Tickets,Hotels,Credit card topup...Paypal transfer, Mailer,Smtp,western union login,

    Book Flight Online

    SELL CVV GOOD And HACK BIG CVV GOOD Credit Card

    Fresh Cards. Selling Dumps, Cvvs, Fullz.Tickets,Hotels,Credit cards


    Sell Cvv(cc) - Wu Transfer - Card Dumps - Bank login/paypal

    And many more other hacking services

    contact me : hackerw169@gmail.com
    ICQ: 699 396 818


    - I have account paypal with good balance

    - I hope u good customers and will be long-term cooperation


    Prices Western Union Online Transfer


    -Transfer(Eu,Uk,Asia,Canada,Us,France,Germany,Italy and very

    easy to do African)

    - 200$ = 1500$ (MTCN and sender name + country sender)

    - 350$ = 4000$ (MTCN and sender name + country sender)

    - 500$ = 6000$ (MTCN and sender name + country sender)

    - 600$ = 8000$ (MTCN and sender name + country sender)

    Then i will do transfer's for you, After about 30 mins you'll have

    MTCN and sender name + country sender


    - Dumps prices

    - Tracks 1&2 US = 85$ per 1

    - Tracks 1&2 UK = 100$ per 1

    - Tracks 1&2 CA / AU = 110$ per 1

    - Tracks 1&2 EU = 120$ per 1


    Bank Logins Prices US UK CA AU EU


    - Bank Us : ( HALIFAX,BOA,CHASE,Wells Fargo...)

    . Balance 5000$ = 250$

    . Balance 8000$ = 400$

    . Balance 12000$ = 600$

    . Balance 15000$ = 800$

    . Balance 20000$ = 1000$

    - Bank UK : ( LLOYDS TSB,BARCLAYS,Standard Chartered,HSBC...)

    . Balance 5000 GBP = 300 GBP

    . Balance 12000 GBP = 600 GBP

    . Balance 16000 GBP = 700 GBP

    . Balance 20000 GBP = 1000 GBP

    . Balance 30000 GBP = 1200 GBP


    contact me : hackerw169@gmail.com
    ICQ: 699 396 818

    ReplyDelete
  6. Hi Clients!

    We have the fresh and valid USA ssn leads and dead fullz
    99% connectivity with quality
    *If you have any trust issue before any deal you may get few to test
    *Every leads are well checked and available 24 hours
    *Fully cooperate with clients

    *Format of Fullz/leads/profiles
    °First & last Name
    °SSN
    °DOB
    °(DRIVING LICENSE NUMBER)
    °ADDRESS
    (ZIP CODE,STATE,CITY)
    °PHONE NUMBER
    °EMAIL ADDRESS
    °REFERENCE DETAILS
    °BANK ACCOUNT DETAILS

    ****Contact Me****
    *ICQ :748957107

    *Gmail :taimoorh944@gmail.com

    lead cost $2 for each
    Price can be negotiable if order in bulk

    *please contact soon!
    *I hope a long term deal
    *Thank You

    ReplyDelete