the complete hackpack

8/4/2019 The Complete HackPack

1/18

Pratpurch

2010

the complete

HackPackfor Facebook, Gmail and Yahoo Accounts


2/18

Disclaimer

The following is intended for educational purpose only. The

article only discusses certain ways of the being hacked in

detail. I sincerely hope to educate people about the

possibilities of losing their passwords to the hackers through

this article.

This document is helpful to its readers in knowing the ways

the hackers crack their passwords, thus making them aware of

their tricks. This would be immensely useful to the readers in

keeping their accounts safe. My only motto behind making this

is to educate the readers about the hacking techniques.

I dont take any responsibility of the misuse of the knowledge

gained through this tutorial by anyone. As the author of this

book, I wish to warn my readers that hacking is a highly

unethical activity and considered illegal in many states, also

subjected to legal action. However, the readers are solely

responsible for their own actions.

- Pratpurch


3/18

You have been warned


4/18

Contents

Introduction

Overview

Requirements

Phase-I

Making the website

Making the page

Phase-II

Putting the page up on internet

Configuring the page

Building a proper link for the page

Phase-III

Knowing your victim

Setting up the trap

Receiving the prize err, password!


5/18

Introduction

There are commonly three methods of hacking passwords.

They are discussed as follows.

Key Loggers: They are the special softwares called thespywares installed on the computer without the consent

of the owner of the computer. These scripts stay stealth

on the computer and keep track of all the key strokes and

usage of applications then store the details in log files.

These log files are mailed to the hacker time to time as

configured by him without the knowledge of the victim.

Database Injection: This is a technique of gaining accessinto the database where the passwords are stored. The

textboxes, where the usernames and the passwords areentered, act like a window to the database. Hackers use

special codes in place of the username & password fields

and get into the database. This is highly unlikely to work

in case of the systems adapted by Google, Yahoo, etc... as

they only store the encrypted password.

Fake Page:This is the method in which the hacker throwsa fake login page at the victim and if the victim falls for

that, the password entered by him in the fake page is

received by the hacker.

The method we discuss in this tutorial is based on the thirdand my favourite, the Fake Page method.


6/18

Overview

Internet giants like Facebook or Gmail uses a very high level of

security. This is a four layer security protocol what we aretalking about. Each of the layers is the best in itself and hence

makes it almost impossible for anyone to get into the account

without the proper password.

But remember, we are using a fake page method. So we dont

really have to worry about the security protocols anymore.

Our concentration, in this tutorial, would be to make a fake

page that can fool the person we are kidding with!

Making a fake login page is very easy but dont think just

saving the real login page will do. Of course, that would be the

first step. But, there are a series of steps that are required to

be taken as to make the fake page save and send the

password to you and the victim to his desired destination.

When a victim is given a link of the fake page, it is to be made

sure that the page carries him to the appropriate webpage

after feeding the password. Otherwise, the victim would get

suspicious and may change his password and never click the

link again.

There are mainly three important phases for the execution of

this method. They are discussed in detail in the following

pages


7/18

Requirements

1.A website2.A hosting account3.Basic knowledge of HTML4.Cunning skills5.Knowledge of the victims interests

If you already have the first two requirements, you are already

half way through the process.

If you dont have a website or a hosting account, stick with me

right from the phase-I of the tutorial.

If you dont have any knowledge of HTML, dont worry, just

follow this document carefully and youll be fine.

Well, I am sure that you have the fourth requirement.Otherwise, you wont be reading this at all!

If you dont have much knowledge about the persons

interests you want to hack, you can always read their profiles

on those social networking sites.


8/18

Phase-I

Making the website

Phase-I corresponds to making a website and have a hosting

account set up where you can mount the fake page. A website

has to be made before you make a fake page.

To make the required website, follow these steps

1.Select a name for the website. Preferably a tricky name likemc995 or sn144 or such an alphanumeric term. The name

should be like that because when we mount the fake page

on this website, it looks more real with the URL.

2.Open the websiteco.ccand register the name of thewebsite you decided. We consider sn144.co.cc as an

example in this document.

3.Click on the manage domain tab to set up the domain.4.Here, name-servers are to be updated in this page5.Meanwhile, openfreehostia.com(or any other hosting

account you know) and register for a free hosting plan for

the domain you just created. Soon, you will get an email

containing the login and name-servers details.

6.Find the name-servers in the email and update them in theco.cc account (in step 4).

7.Open thefreehostia control panel (login details in theemail). Click on the Elephante free scripts in the web tools.
http://co.cc/http://co.cc/http://freehostia.com/http://freehostia.com/http://freehostia.com/http://freehostia.com/http://co.cc/


9/18


10/18

Making the fake page

Its time for making the fake page. It requires a lot of labour

for doing that. Lucky for you, I have attached the pages that I

have already made. All you have to do is to just open the file

and make little changes.

I have attached all fake pages of Facebook, Gmail and

Yahoomail that I have. There are two kinds of changes you

have to make to those pages. One is a permanent that you

dont have to change ever again and another one is what youll

have to change every time you change a victim. You can learn

about the permanent change here. The other kind of changes

is discussed in the Configuration of fake page section.

This change is about supplying the fake page the required tags

(lines of code) that are responsible for saving the entered

password and sending it to us. To find the code, you have to

open the webpage that I asked you to bookmark in the

previous section. After opening the page, open its source page

by clicking Ctrl+U. This shortcut works in many browsers. The

pages source can also be viewed by right clicking on it and

choosing the required option.


11/18

The source contains hundreds of lines. Scroll down and

identify the part of the code that contains the following in red

(ABCD is not initially present, must be added to the code later).


12/18

Phase-II

Putting the fake page up on internet

It is easy from here on. To put the fake page up on the internet

you have to login to yourfreehostia account (or any other

hosting account you registered in) that you created in the first

phase while creating the website. Open the file manager and

make three different new folders namely google, ymailandfacebook.com in the home directory. Upload the Gmail and

Google accounts fake pages into the folder google. Upload

the yahoomails fake page into the ymailfolder. There are two

files for facebook fake page. Both of them should be uploaded

into thefacebook.com folder. Read the READ ME I provided.Make sure this is done only after the making that permanent

change in the fake pages.

This step puts the fake pages up on the internet. Now the fake

is visible to the world on the following addresses

http://your-website-name/google/Google%20verify.htm

http://your-website-name/ymail/Yahoo%20verify.htm

http://y-w-n/facebook.com/Login%20%20%20Facebook.htm

Example: http://sn144.co.cc/ymail/yahoomail.htm


13/18

Configuring the fake page

The fake page is ready. But before you use it on your victim,

you have to configure it such a way that it asks for his

password. Only then, he would feel that is a genuinely asked

page and submit his password in the password field.

To configure the fake page, open thefreehostia account (or

the hosting account). Open the file manager and reach the

uploaded fake page. Open the page using the code editor. This

opens the source code of the page. Hit Cntl+F and find the

word PRATPURCH. They may be more than one. Replace them

everywhere with your victims username and save it. When

you open the link of this page, you will find a webpage that is

asking for your victims password. Configure gmail andyahoomail fake page in this same way.

Configuring the facebooks page is little different. It is same

until the previous step except for you write the exact profile

name of your victim instead of his username. Then hit Cntl+F

and find the word PRATPIC. Replace this word with the imageURL of your victims facebook profile pictures thumbnail.

IMPORTANT: The thumbnail is different from the profile

picture, should not be mistaken. It is the smaller form of the

profile picture which can be found on the victims wall. The

thumbnails URL can be obtained by right clicking on it andselecting Copy Image URL.


14/18

Building the proper link for the fake page

Building a proper link for the page is necessary because when

you send the link http://sn144.co.cc/ymail/yahoomail.htm to

your victim, he will easily get suspicious about the safety of

the link. If he is a HTML literate, he will easily know that it is

an uploaded page and never click it.

Hence we have to disguise the link of the fake page into

another form before sending it to the victim. This is very easy.

All you need is to open any of the following websites

- http://bit.ly- http://tiny.cc

I personally recommend the bit.ly. Copy the link of the fake

page on the clipboard and paste it in the large field on bit.lys

home page. Click on Shorten. This will give a short URL that is a

substitute for the fake pages link. You can check, the short

URL will also direct to the fake page just as the original one.

Make sure that you dont make any change in the folder or thefile names of the fake page onfreehostia (hosting account). In

case you do, the previous bit.ly short link will no longer work.

You will have to create another bit.ly link for the new address

of the fake page.

The short link will look like

http://bit.ly/xxxxx
http://bit.ly/http://bit.ly/http://tiny.cc/http://tiny.cc/http://tiny.cc/http://bit.ly/


15/18


16/18

Receiving the prize

After all this effort of making websites and fake pages, the

password what you get in the end is not less than a prize!

The password entered by your victim will be delivered to you

instantly in your inbox of the email you provided in the

contact form 7settings page (in the step 12 ofMaking the

website, Phase-I). The password will be the subject of the

email. The emails body will not contain anything. You can set

up how you want to receive the password by the settings of

the contact form 7. [your-name] is the code for the password. I

have set it such a way that it is displayed as the subject of the

mail. You can make changes as you want by putting this code

in the body of the email.

The concept behind this method is that the contact form 7

delivers anything that is entered in its fields to the email

provided. I have interfaced the contact form with the fake

page. Now, the password field in the fake page acts as the

contact form 7field and anything entered in it will bedelivered to you in the email the way you set it up in the

contact form 7settings.


17/18


18/18

Good luck

Contact

[email protected]

the complete hackpack

Documents