HOW TO HACK A GMAIL ACCOUNT OR PASSWORD

As i always start my tutorial with brief introduction about the topic, so let’s discuss again what actually is phishing.

What is Phishing?

Phishing in normal words is a word derived from the word fishing. As in fishing we make a trap for the fish to get caught similarly in case of Phishing we make a trap to hack the user password. Phish basically means fake, things that are deviating from original product. Technically Phishing is a technique to hack victims account password using the phish or fake pages. In phishing we sent the fake page links to the victim in spoofed manner so that we will not able to recognize that the page is real or fake. Now when victim enters his credentials in the fake page two different process occurs simultaneously. First it writes a log file having username and password and second process redirects the user to the original website page with username entered and displaying password is incorrect. 

How to recognize Phish Pages?

There are two ways to recognize the Phish pages and both depends on the awareness of the user. There are some other ways also to protect yourself from Phishing but as we Prevention is better that cure. If you know how its done then surely you will also know what are its loopholes and how can we detect it.

Ways to recognize Phish Page:

1. Check the Address bar, if the URL you are visiting does not match with the original website link then its a fake page.

2. If you are a great coder or understands HTML well then you can easily revert back the attack and check the hackers hacked log file. But if you by mistake entered your own details it cannot be deleted. For this you need to use IDM and run the website grabber. There in log file you can see all details of the accounts that hacker has hacked.

What’s new features in this Gmail phisher?

Since its a new phisher so friends there should be something new in it. Isn’t it. Yups, what do you think i have added in this phisher. 

I have added few awesome features in this phisher and list is below:

1. Incorrect password shown page bug removed

Previously what happens when user login using phisher it redirects to the original page and displays password is incorrect. But now it doesn’t show that but even do more smarter thing… As for phishing account we have to sent the email to victim, and now if victim has read the mail that means he is already login so what i have done i have utilized the cookie hack and result is guess what, when victim login using fake page he login’s in to his own original account without even showing any message or anything. Technically its called Tabnabbing another name of advanced Phishing.

2. Log File Contains more additional Information

I am sure you will love this information what more log file contains. Previously it only contains the username and password. Now log file contains all the cookie details along with IP address of the victim. And now why it becomes more significant. Previously what happens some good people means people that know phishing technique login’s through the Phish page but enters the wrong credentials and use some abusive words in login. Now when they type that also i will get their Magic cookie or simply called session cookie and IP address that i can use to hack their PC and account.

Steps to Hack Gmail Account Password Online:

 1. Download the Gmail Phisher (Click here to Download).

2. Extract the rar file and now you will get three files namely:

• Index.htm
• Isoftdl_log.txt
• next.php

3. Now go to Free Hosting website (click here to go to free hosting website) and register a new account on it.

4. After registering Go to File Manager on the website and Create a new directory name it as Gmail of whatever you want.

5. Now double Click on the directory to open it and click on Upload. Now browse the three different files one by one from three upload boxes and click on upload.

6. Now Open the Index.htm page and you will see your fake page which looks absolutely similar to Gmail original page. Below is the Snapshot of Fake Gmail Page:

                              How to hack Gmail account password online : Fake Page

7. You can directly send the above URL  to the victim but its quite detectable. So we need to spoof it. So that become little bit difficult for victim to recognize it. For that visit tk domain maker website(click here to visit).

 8. Now Send the Spoofed link in the mail to the victim

9. Now when user login using the fake page the data in log file is written which will look like below:

                                         How to hack gmail password : Log file

10. That’s all friends now you have the user name password of the victim.

HOW TO HACK GMAIL ACCOUNT

With Gmail being one of the most widely used email services across the globe, it has also become a favorite place for many to engage in secret relationships and exchange cheating messages. As a result, sometimes it becomes inevitable for people to hack the email account of their spouse or girlfriend so as to reveal the secret. So, it’s no wonder why many people want to know “how to hack a Gmail account”.

In this post, I am going to tell you some of the Real and Working ways to hack a Gmail account. However, before that, I want to make you aware of the common myths and scams associated with email hacking.

1. There is no readymade software program that can hack Gmail with just a click of a button. So, stay away from those websites that are waiting to rip off your pockets by selling fake products.

2. Most of the email hacking services on the Internet claim to hack Gmail password for just a small fee of say $100. I have personally tested many of those services and all I can tell you that they are nothing more than a scam.

With my experience of over 8 years in the field of ethical hacking and security, I can tell you that there are only two ways to hack Gmail password. They are:

1. Keylogging

2. Phishing

Keylogging: Easiest Way to Hack Gmail

Keylogging is the easiest way to gain access to any email account. Keylogging involves the use of a small program/software called the keylogger (also called as a spy software). This keylogger, when installed on a given computer, will capture each and every keystroke typed on the keyboard including passwords. Keylogger operates in a complete stealth mode and thus remains undetected.

The use of keyloggers doesn’t demand any special knowledge. So, anyone with a basic knowledge of computer can install and use the keylogger. To hack the password, all you need to do is, just install it on the computer of the target user. Once the victim logs into his Gmail account from his/her computer, the login details (username & password) are captured and stored instantly. You can later access the stored logs to find out the password.

But what if you do not have physical access to the computer?

Well, you need not worry since I am going to suggest one of the best keylogger program that supports installation on a local computer as well as a remote computer. I recommend the following keylogger as the best:

• SniperSpy – for Windows (Tested)

 

• SniperSpy – for Mac (Tested)

If you do not have physical access then you need to use the remote installation feature to remotely deploy the kelogger.

 

Phishing: 

Phishing is a way to attempt to capture sensitive information such as usernames, passwords and credit card details. Phishing usually involves the use of a fake login page (or fake website) whose look and feel is almost identical to that of the legitimate websites like Gmail, Yahoo and Hotmail. When the users try to login from these fake pages and enter their passwords there, the login details are stolen away by the hacker.

However, creating a fake login page and taking it online to successfully hack a Gmail password is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. In addition to that, carrying out a phishing attack is a serious criminal offence. So if you are new to the concept of hacking passwords, then I recommend using the keyloggers as they are the easiest the safest way.

MULTI LOGIN IN YAHOO WITHOUT ANY SOFTWARE

You can login with multiple id’s on the same yahoo messenger without any download or patch .

Follow these steps :

1. Go to Start —-> Run . Type regedit, then enter .

2.Navigate to HKEY_CURRENT_USER ——–> Software —>yahoo —–>pager—->Test

3.On the right page , right-click and choose new Dword value .

4.Rename it as Plural.

5.Double click and assign a decimal value of 1.

Its done!!
Now close registry and restart yahoo messenger and try Multiple Login

REVEAL ANY PASSWORDS USING JAVASCRIPTS

Reveal ANY Passwords Using Javascript

Want to Reveal the Passwords Hidden Behind Asterisk (****) ?

Follow the steps given below-

1) Open the Login Page of any website. (eg. http://mail.yahoo.com)

2) Type your ‘Username’ and ‘Password’.

3) Copy and paste the JavaScript code given below into your browser’s address bar and press ‘Enter’.
javascript: alert(document.getElementById(‘Passwd’).value);

4) As soon as you press ‘Enter’, A window pops up showing Password typed by you..!

Note :- This trick may not be working with firefox.

HACK A GMAIL,YAHOO,AOL ACCOUNTS

HOW TO HACK AOL®, YAHOO® AND HOTMAIL®
We get numerous calls from people who want to recover AOL®, Yahoo® or Hotmail® or other online and email passwords. We do not do this type of work. Many of these people claim that they have lost their passwords because they have been hacked and now need to get their password back. As we have reviewed information on the web, we found very little real information about the actual techniques that could be used to hack these services. So we decided to pull together a detailed explanation.
What follows is a detailed explanation of the methodologies involved. We do not condone any illegal activity and we clearly mention in this article techniques that are illegal. Sometimes these methods are known as “Phishing.”

THE HOAX
Let’s dispose of one technique that is absolutely a hoax (meaning a fraud: something intended to deceive; deliberate trickery intended to gain an advantage.) If you see a newsgroup post or web page with something like the following, it is a hoax and will not work.
: : : (([[THIS REALLY WORKS ]])) : : :
(1) send an E-mail to passwordrecovery@yourdomainhere.com
(2) In the subject box type the screenname of the person whose password you wish to steal
(3) In the message box type the following: /cgi-bin/start?v703&login.USER=passmachine&class=supervisor&f={your aol password}&f=27586&javascript=ACTIVE&rsa
(4) Send the e-mail with priority set to “high” (red ! in some mailprograms)
(5) wait 2-3 minutes and check your mail
(6) Read the message.-Where YOUR password was typed before, NOW, the password of the screenname in the code string is there!!!
Why does this work? It´s a special decryption-server that AOL-employees can use to decrypt passwords.The aolbackdoor account is a bot that reads your authentification from the message body and identifiying you as a valid AOL Staff-member, you will get the password mailed back to you. The trick is that this Bot´s script seems to be a little bit buggy and it automatically recogises you as an supervisor (AOL-Staff member), even if you use a normal AOL account. This means, that EVERYONE having a valid AOL account can hack as many other accounts as he wants.
This is just a scam to steal your password and may explain some of the calls we get from people saying they were hacked. Never give your password to anyone. No legitimate web service or customer service representative will ask for it or need it. There is no magic email address or series of commands that will reveal the passwords of users.
 
LOCALLY STORED PASSWORDS
Most browsers, including Internet Explorer® and Netscape®, the AOL® client, and Windows® Dial-Up Connections allow you the option to store passwords. These passwords are stored on the local machine and (depending upon where and how it is stored) there is usually a method of recovering these passwords. Storing any password locally is insecure and may allow the password to be recovered by anyone who has access to the local machine. While we are not currently aware of any program to recover locally stored AOL® passwords, we do not recommend that these are secure. Software does exist that can recover most of the other types of locally stored passwords.
 
TROJAN
A Trojan is a program that is sent to a user that allows an attacker to control functions of the target computer, recover information from the target or to delete or damage files on the target. The name Trojan is given because the program will usually come attached to some other program or file that entices you to run it. There are a wide variety of Trojans any number of which can be programmed to capture passwords as they are typed and to email or transmit them to a third party. To protect yourself against Trojans, you should never execute or download software or files that are not from a trusted source. It is critical that anyone working on internet use a virus protection program (which should catch most Trojans.) Note that since a Trojan requires the password to be typed or stored in order to be recovered, this is not an effective way to recover your own password. It could explain, however, how someone could lose their password to a hacker. Sending someone a Trojan program is certainly illegal and we do not recommend or condone this activity. A Trojan is unlikely to be effective in recovering a particular account password since it requires the target to install it. However, hackers will often bulk mail Trojans to thousands of people in the hope that a small percentage will get caught. Legitimate account holders who may have been caught by a Trojan and can authenticate themselves should contact their service provider to have their account passwords reset.
 
KEYLOGGER
A keylogger is a program or piece of hardware that records all keyboard keystrokes to an encrypted file which can then be read later. Based on the order of the keystrokes, it is usually easy to identify the password(s) from the file later. Like the Trojan, this also requires that someone actually type the password. Keyloggers come in two types: hardware and software. A hardware keylogger can be fitted between the keyboard cable and the computer and can be activated with a few keystrokes. It is then left in place until after the password that you are looking to recover is typed. Later it is removed and the file of keystrokes is examined for the password. A hardware keylogger is undectable by anti-virus software. A software keylogger is installed on a system and effectively has the same function, however, it is a little bit more complex to use since it must be installed to run stealthily to be effective. A keylogger could be used to steal a password from someone who is using an office computer or sharing a computer. It is possible that installing and using such a device or piece of software could be illegal depending upon whether the target has a presumption of privacy when using the computer on which the keylogger is installed.
IMPERSONATIONIt is possible to impersonate a program on a computer by launching windows that look like something else. For instance, let’s say you login to the MSN® service and visit a website (in this case a hostile website.) It would be possible for this website to pop-up some windows that look like something else. They could look almost identical to windows that an inexperienced user might expect from his local computer. The user could be fooled into submitting information to the hostile website. For instance, consider the effect of seeing the following series of windows:
If these could trick you into entering your password, then you could end-up sending your password to the attacker. Windows such as these could be created to mirror virtually any program or series of actions. Your browser will likely identify your operating system and your IP address might identify your ISP. Therefore, a hostile website could target you with a series of screen shots that look exactly as they should on your system. The key is that the screen shots are not coming from your system, but are coming from the hostile website. First, creating such a hostile website is probably fraudulent and illegal. We do not recommend or condone this activity. To protect yourself against this type of attack, make sure to configure your browser for high security and enable warnings for any code that is executed on your system.
 
SNIFFINGIf two people do not share the same computer, but do share the same network, it may be possible for one to sniff the others’ packets as they sign-on. The traffic between your computer and the internet site you are accessing may be able to be recorded and decrypted or “played-back.” This is not a simple attack to execute, but is possible if two people are close to one another and share a hub. Again, this is likely to be illegal and we do not condone this activity.
 
BRUTE-FORCE ATTACKMany people want to find software to perform a brute-force attack. This is really impractical. It would take hundreds of thousands of years to attempt any kind of reasonable brute-force attack on AOL®, Yahoo® or Hotmail® and this would expand exponentially if the password is longer than the minimum length. Using multiple computers or multiple sessions could reduce this to merely thousands of years. This is highly illegal since these services own the servers on which an account is hosted. Even if you are hacking your own account, you don’t own the servers and the service is going to monitor and log this activity. It is extremely unlikely that you could recover a password in this way, but it is extremely likely that you’d be arrested and prosecuted for doing this.
 
SOCIAL ENGINEERING
Social engineering is the name given to the art of attacking the person, rather than the computer or system. The basic principle is that many people can be talked into giving someone else their id and password if they think it is someone that they can trust. For instance, I might call someone and say I was from AOL and that I was finally getting around to responding to their technical support question. I would then ask you to describe the problem that you are having and tell you that we have a solution. However, I just need to verify the account. Can you give me the username and password again? A surprising number of people would fall for this obvious scam. There is no limit as to how elaborate this can be. The more information that is given by the caller, the more realistic or believable the call is. Again, never give your password to anyone. No legitimate customer service representative will ask for this information.
These are the basic methods that we are aware of for hacking an AOL®, Yahoo®, Hotmail® or any other dial-up or on-line password. Hopefully this will answer some questions and help you protect yourself against these attacks