Friday, 18 June 2010

Tutorial 1 - Hacking The Email Password of a Pop Account

Tutorial 1 - Hacking The Email Password of a Pop Account

I'm going to get straight into the first, and simplest attack you can carry out with Cain: Acquiring someone's email pop account password.

1. You need to be on the wireless network of the computer you are targeting.

2. You need to have Cain's configuration set up as in Tutorial 1.

3. The target must not be using ssl-pop (this is very unusual so you should be fine).

The following is a step by step guide to capturing the pop password (a lot of the early steps will be used for further tutorials):
Open Cain and go to the 'Sniffer' tab along the top row. Make sure you also turn on the sniffer, using the icon in the top left which looks like a little network card.
Right click in the empty grid below and select 'Scan Mac Addresses'. Choose 'All hosts in my subnet'.
A list of IPs, MAC addresses, computer names and (empty) user names will appear. If you know the computer name you want to target, great. If you need the user name however, simply right click on the computer you are interested in and select 'Resolve Host Name'.
Now you are ready to begin ARP poisoning your target. There are many explanations of poisoning but I will not go into it in detail here as it will detract from the tutorial. Essentially, you are telling the server that you are the target's computer, while telling the target that you are the server. In this way all traffic from the target is passed through you before reaching the server...and vice versa.
Click on the APR tab along the bottom left row of icons.
Make sure your mouse cursor clicks in the top one of the two empty grids. Then click on the blue plus arrow on the top row of icons.
You will be presented with a list of IPs, MACs and names in the left grid. Select the one which corresponds to your server, usually called 'Home' or the name of your internet provider's router. It should stand out.
Then in the right hand grid, select the computer you want to target. Click OK.
To begin ARP poisoning your target, click on the radiation type symbol in the top left, next to the sniffer symbol - which you will have turned on a while back.
You should now see traffic begin to accumulate in the grid underneath - if there isn't any then either your target is on a sneaky break and turned off their computer, or perhaps you have not selected the correct device as in Tutorial 1.
All that now remains is to wait until your target either checks their email through Outlook (or similar like thunderbird etc) or sends an email.
Now click on the tab called 'Passwords' on the bottom row. You will probably see lots of http entries popping up - don't worry about these for now.
Watch the 'pop3' and 'smtp' entries (you don't have to sit and watch constantly, you might get a bit bored!).
Sooner or later an entry will appear in one or both of those fields. It will contain the username and password of the pop email account.
This method has been tried and tested on many occasions as part of our network security probes. It's worked every time, and usually very fast, as people like to check their emails often.

As with any of these posts, if you are having trouble, leave a comment here and I will reply to you as soon as possible.


Copyright 2009 Jason Hart. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan