Saturday, April 27, 2013

Using Xhydra to hack AIM (Aol Instant Messenger) screen names.

I really Love Backtrack 5 and all the tools it comes with, Metasploit, Xhydra, Nmap, some of the most popular. But there's nothing i enjoy more than the feeling of success, the feeling you get when your hard work finally pays off, and the password goes through. I had a lot of fun doing this as a password pentester back in my younger days. i was surprised at just how easy it was to get peoples passwords using a brute forcer and the right server configuration. i was popular on AIM. i had over 160 friends, and what that meant is that i had over 160 active screen names to try and get the password to!
Here's how it's done.
Fire up a terminal, zenmap and Xhydra

ping smtp.aol.com your output should look like this:
In some circumstances the IP address will be different. i will supply you with the correct one; but hypothetically any IP address will work

step 1. ping smtp.aol.com (64.12.175.136)

step 2. port scan the IP address and verify port 587 (SMTP AUTH) is open

step 3. input data into Xhydra
-target tab-
single target: 64.12.175.136
port: 587
service: smtp


-password tab-
username: programmerdemon (or any screenname)
password: passwordlist (i have my own)
*others can be found in /root/pentest/passwords/wordlist/
*or/root/pentest/passwords/john/password.lst
*or Here 


 -tuning tab-
about 8 tasks should be fine
 -start-

it was my screenname so i didn't show the password. also, you may want to use a proxy. any questions don't hesitate to email.
Thanks! 
 

 

3 comments:

  1. Great post!!! In really had a great time reading it!!! It was really informative, thanks for sharing!!
    Regards,
    windows 8 wallpaper

    ReplyDelete
  2. can you please email how to use proxies?
    also i've followed everything you posted(using both kali and bt5 r3)
    i use wordlist with only 1 password with for my screen name, i know for a fact works. which doesn't pop up when i try your method. it says (1passwrd tried non found). weird?
    any info would be great. thanks for the write up. already bump :-)

    ReplyDelete