Copy Link
Add to Bookmark
Report
Syndicate Power Action Issue 11
--->>>><<<<------------------------------>>>><<<<---
SYNDICATE POWER ACTION - WWW.SOLJO.ORG/SPACT
--->>>><<<<------------------------------>>>><<<<---
%%%%%%%%%> %%%%%%%%%| %%%%%%%%%| %%%%%%%> %%%%%%%%
%%%| %%%| %%%| %%%| %%%| %%%| %%%|
%%%%%%%%%| %%%%%%%%%| %%%| %%%| %%%| %%%|
%%%| %%%| %%%%%%%%%| %%%| %%%|
<%%%%%%%%| %%%| %%%| %%%| %%%%%%%> %%%|
T h E A C T I S F O R A C T I O N
--->>>><--------------------------------------------
nHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHn.
.MS?MMMMMMMMMMMMMMMMMM?MM~MMMMMMMMMSHMMMMMMMM(?"~\
MMMMMH?MMMMMMMX*MM?MMX%MM/MMMMMM"HMMMMMMMMMMMMMMH
MMMMMMMMMMMMMMMMMX*MX*MMMX?MMMMM(M!XMMMMMMMMMMMMMMMX
XMC)?MMMMMMMMMMMMMMMhX?!?MMMMX#MM!MXMMMMMMMMMMMML '~
'\ MMMMMMMMMMMMMMMMMMMMMMMM!~`````-`~!?MMMM)MMMMMMMMx
`~""MMM)MMMMMMMMMMMMMMMHhHH!~ `#MM(MMMMMMMMMM>
HM!HMMMMMMMMMMMMMMMM*?)?` `"MMMMMMMMMX .
XM!MMMMMMMMMMMMMMMMMMM?~ 'MMMMMMMM:..xx!`
M!MMMMMMMMMMMMMMMMMXH! MMMMXMMP"`
\!MMMMMMMSMHHHMM?XMM?~ -:::xx.. M?XMM?".x(
MXMMMMMMMMMM!XHMMMM": ... `"%x XHHHMMM*"
\!MMMMMMMM?XMMMMMMX!'~L '%%%+:. ` ..MMMMM"
'HMMMMMM?HMMMMM*XM! h ~\).^\~ .%""`MM?"
'MMMMMMMMMMMMMXMMM! -X +%%!.MMMXk
?MMMMMMMMMMMXMMMMM `. ~ `""'XMMMMX
!MMMMMMMMMMMMMMMMMX. ' XMkMMX>
XMMMMMMMMMMMMMMM?MXXXx.-` XXMMM!
MMMMMMMMMMMMMMMMXMXXXXXXx. ~~ MMMMM ------
XMMMMMMMMMMMM?MMXXXXXXXXX!` '+^ .MMM!P |
'MMM!MMMMMMMMMi?M!"` `~%HHHHxx. xMMMM" CHIX DIG HAX0RZ!
:MMMMMMMMMMMMMMM" `\XMM .MMMMM
XMMMMMMMMMX?MM! `( HMMMMM
XMMMM)MMM" \~ 'MMMMM*
'MMMMfMMM" \~ XMMM*
.MMMMMXMM" ^ `MMM
XMMMM!MM" MM>
HMMMMXM~ MM>
?MMMMM~ Xf%
MMMMf %% \
4MMM %
`M %
% %
% %
% ! %
% ! %
% % !?%.
% % X. %%.
% % X! %%.
% % '! %.
% % !! %.
% % '! `%
% % !>
--->>>><--------------------------------------------
FIRE AND FORGET EZINE!
--->>>><--------------------------------------------
ISSUE #ELEVEN - <fwaggle> yeah but try as i might i
can't manage to get one up ;)
--->>>><--------------------------------------------
THE SPACT Newsletter [22/11/04] [Sabbat of Samhain]
--->>>><--------------------------------------------
[13:26] <Ezra> how far is she in her pregnancy
[13:26] <Ezra> ?
[13:26] <fwaggle> umm
[13:26] <fwaggle> she's fat?
--->>>><------------<<<InTro!>>>--------------------
The SPACT news letter; short news, reviews, gossip
and love in miniature from the SOL crew. For more
of the same check out the other publications
distributed on www.soljo.org. I know we said
every Friday, but, huh, well, like we give a fuck!
--->>>><------------<<<SoL NeWs>>-------------------
Moved Boxen
=/=/=/=/=/=
We have recently changed the boxen that is hosting
a lot of our shitniz. So for example the SOL Forum
and WOD London forum re still experiencing
technical problems. These will be fixed as soon
as possible.
--->>>><------------<<<Quoteage>>-------------------
Cuss
=/=/
"I don't like you yeah... I don't like your flex.
Standard." - Jon.
Quote Of The Week
=/=/=/=/=/=/=/=/=
<@dawoker> my manager dropped by and told me to stop
#using things like "my president is an assclown" in
string testing for some of our code. - www.bash.org
Irony
=/=/=
"While a large office was being constructed, a steel
beam fell on a laptop that contained the plans for
the building." - BBC News.
Another Great Security Concious Idea From M$
=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/
1. Open as many TCP ports as you can between 6891 and
6900.
2. Configure the TCP ports so that sockets on a port
remain open for an extended period of time.
[Taken Fromhttp://help.msn.com/EN_US/HelpWindow_
msg.asp? INI=Messengerv62DL.ini&H_VER=1.7&Topic=
Messenger_CONC_ AboutSlowFileTransfer.htm&H_APP=
MSN%20Messenger&ContactUs=]
--->>>><---------<<<Articulation>>---------------
FAQ: How do I "hack" Hotmail? - fwaggle
=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=
This is one of the most awful questions we ever
get asked, and it generally happens about once a
week. The reasons vary, but not as widely as you
might think - they almost always fit a certain
pattern with certain keywords being replaced at
will to disguise the message as we hopefully won't
realise how formulaic it actually is.
Anyway, there generally isn't at any given time a
"magic fireball" that will get you into your
friend's hotmail account. Every so often a hole
will appear, and they're generally tricky to
execute and almost always require a certain amount
of target stupidity. And chances are you won't
get ahold of it before it's fixed, so just give
up on that right now.
So what's a budding hotmail "hacker" to do then?
Well since most every hotmail vulnerability I've
seen involves a level of stupidity amongst the
target, and despite the fact we've had nearly a
decade of high-density media coverage of computer
security issues there still are a lot of stupid
users out there ripe for the picking - let's
discuss that. It's basically called "abusing
the stupid factor" but to most it's generally
known as social engineering.
Note firstly that this doesn't make you a
hacker. Note second that it's probably illegal
depending on where you live. Note third that
we'll not be held responsible for anything that
you do and this article is merely for
theoretical purposes to answer what seems to be
a burning question to a small portion of the
internet community and we'll be on our way.
A crash course in Social Engineering
The full wonders of social engineering are
well outside the scope of this article, but
we can quickly skate over this topic that some
people consider tantamount to "hacking people's
minds". Simply put, social engineering is
saying things that people want to hear before
they will provide you with something they
shouldn't. You can confuse them, be deceitful,
be intimidating, whatever you need to do to
get the information out of someone - and if
you're doing it over the phone it's not as
easy as it sounds. It generally takes a lot
of bravado and some experience, and you need
to think like a chess player.
In the case of hotmail, we'll generally be
doing it over the internet unless you know
your target personally. Let's first analyse
the angle of attack before we start worrying
about trivial things such as how to get the
information you need.
Hotmail and other web services
While the majority of our requests for webmail
help are about hotmail, this article
theoretically applies to any web based service
that uses the same techniques for user
verification. With a little modification
you could apply it to all manner of things.
The first thing you need to do is enumerate
what exactly it is that you need. At the
time of writing, Hotmail has a two-step
password reset process. For step #1, all you
need to know is the person's email address
(surprise) and where they live down to the
zip code. Getting this information out of
someone is often tricky, but it's not impossible.
For step #2, all you need is the answer to
their "secret question" but before you can
do this you need to know what the secret
question is - meaning you need the other
information first. The secret question is
usually something like "what is your favourite
pet's name?" which if you craft the
conversation just right, most people
will think nothing of disclosing.
Target Acquired
Now that you know what you need, it's time to
go about getting it. The only idiot-proof advice
I can give is be patient. Now you must learn
as much as you can about your target. Most of
the information that you'll need will be easily
to get out of the person, until you get to the
zipcode. You could of course use the zipcode
as your first point of attack - you know the
way some phreaks think they're being cute by
asking others what area code they're in? And
then they look on their little sheet and are
like "Long Beach, nice"? Well depending on
your target's demographics (fancy talk for
where they live and what they do) you might
be able to pass this off as being cute.
Never under estimate the power of impersonation.
Get to know the target and figure out what they
would be attracted to and emulate that (easiest
if done online). If they're an early teen boy,
pretend to be a girl (don't laugh, you'd be
amazed at the information you can nail out of
someone). If they're a hacker wannabe, pretend
you'll mentor them (after all, you aren't a
wannabe, right? *chortle*). If they're into
nascar pretend you have the largest collection
of memorabilia in Kansas.
This may take some research, but it's worth the
time and effort especially if you go very slow.
Step #1 is to acquire the zip code by any means
necessary. If the person has a domain, try the
one that's listed in their whois information for
a start. Tell them you have a cool device that
tells you how far they are away from you (google
for zipdy if they want you to pony up with an
answer). Whatever works.
Hook, line and sinker
Hopefully now you are armed with a zipcode, and
possibly even some answers to what might be their
secret question. Browse on over to Hotmail's lost
password page, and enter their email address, country,
state and zipcode. If you don't have the state,
you should be able to look it up either online
or maybe in a phone book. Click submit and cross
your fingers.
With any luck it should pop up with a secret
question and a password/confirm password box.
Now let's work on that secret question, unless
you already know it in which case you can skip
to the next major subheading.
If the question is for example "favourite pet's
name" simply pretend to be an animal lover. Go
on and on for hours about your favourite dog and
how the neighbour ran over him in his Hummer and
you were shattered for life. This will almost
always (from a girl anyway) instigate a much longer
rant about her favourite pet - which will almost
always be named in the first paragraph but so
as not to arouse suspicion you'll need to listen
to it all anyway.
Whatever the question is, think of a way to
extract the answer out of the person. Maiden
name? Pretend you know the person's parents.
With just a little thought it's really not hard.
Here comes the money shot!
Go back to your lost password page, and fill in
all the information and cross your fingers. With
a sprinkling of luck you'll be greeted with the
other person's hotmail account for you to perform
your evil deeds. Not that anyone would actually
carry this out of course, what with the legal
ramifications and whatnot.
There are of course some problems with this
technique. Firstly, Hotmail are bound to change.
Secondly, if you don't want to do hotmail and
want to do say, Yahoo! it will need some
changing too. Thirdly, you will often get
someone who's information you just can't get,
or it's wrong. IE, someone who uses another
answer for their secret question - you will
have a hard time extracting that from them.
Your mileage may vary.
I want to hack my wife/girlfriend/husband/
boyfriend's Hotmail!
The problem I have with this question is that
after reading the above guide it should be
painfully obvious that if you indeed have a
relationship with this person, then you should
be armed with all the information you need
anyway. So if you do, knock your socks off.
If you don't, shut the hell up and come up
with a better story.
Wait! I don't want to change their password!
well, at the moment that part is up to you. You
could always pretend you're a hotmail employee
(after all you do have access to their account
now) and tell them you need to reset their
password before they get in, and ask them what
it is. Your mileage may vary, I've never actually
put this into practice (other than testing it
on a fake email account an associate setup) so
I haven't put too much thought into getting
away with it. The rest is up to you, should
you decide to do something silly.
---
fwaggle
fwaggle@hungryhacker.com
www.hungryhacker.com
--->>>><-------<<<Links of The Moment>>-------------
http://www.sorryeverybody.com
http://www.deanesmay.com/archives/001149.html
http://www.suave-boards.com
http://www.infiltration.org/
--->>>><--------------------------------------------
ALL COnTENtS CopYRIGHT THe SyNdICATE oF LoNdoN & ThE
SoLJO 2004. EMAIL EDiTOR@SoLJO.ORG TO CONTACT.
--->>>><--------------------------------------------
PArT Of ThE SYnDIcaTE OF LONDON PROPaGanDA mAChinE.
---------------------<<<EoF!>>----------------------