How to Get Password Hackers

Password theft, account takeover, it is often the case in the cyber world. It's not a difficult thing to do, but many of the newbie who just kept wondering .. "How do I get the other person's email password?" Or the most frequent questions I receive is .. "How do you get my password?": P

For questions that this article was written, hopefully you can add insight and open your mind about the importance of keeping the
accounts in vulnerable places.

How to get it?

There are many ways to get a password. Some of them do not require special skills. Here are the ways of the most common and most frequently used:

[1]. Social Engineering

[2]. KeyLogger

[3]. Web Spoofing

[4]. Block Email

[5]. Password Cracking

[6]. Session Hijacking

[7]. Being a Proxy Server

[8]. Failure to take advantage of the use of User Features


[9]. Googling

[1]. Social Engineering

Social Engineering is the name of a technique of collecting information by utilizing the gap victim psychology. Or maybe it should also be said as "fraud": P Social Engineering requires patience and caution to the unsuspecting victim. We are required to be creative and able to think like the victim.

Social Engineering is the art of "force" others to do things according to your expectations or desires. Of course "coercion" does not explicitly or outside the normal behavior is typical of the victim.

Humans tend to believe or easily swayed toward someone who has a big name, never (or are trying) to help, and have the words or a convincing performance. This is often used principal social engineering to ensnare his victims. Often the perpetrator make a condition that we have some addiction kepadanya.Ya, we unknowingly he conditioned us on an issue and make (as if - if only) that he can overcome that problem. Thus, we would tend to do what he instructed without feeling suspicious.

Social Engineering is sometimes a serious threat. It seems there is no connection with technology, social engineering but still skeptical as feasible can be fatal for your system. Why?? Because after all a computer still can not get away from humans. Yes, there is no single system komputerpun on this earth that can escape from human intervention. your defense as much as anything, if you are already controlled by the attacker through social engineering, then maybe you are the one who opened the entrance to the attacker.

[2]. KeyLogger

KeyLogger is a software that can record user activities. The results were used to record stored in the form of text or images. KeyLogger work by tapping the keyboard user. This application is able to identify sensitive forms such as a password form.

There is a safe way to avoid keyloger:

1. Use a password with special characters such as !@#$%^&*(){}[]. Most keyloger will ignore these characters so that the perpetrator (keyloger installer) will not get the actual password.

2. Prepare your password from home, save in the form of text. We want to enter a password, copy-paste tingal ajah. Keyloger will read your password by tapping the keyboard. But this risky way. Why? because when you make a copy, your data will be stored on the clipboard. We have found many free software that can display the data in the clipboard.

[3]. Web Spoofing

Still remember the case of some customers pecurian Account Bank BCA? Yes, that's one good example of Web spoofing. The essence of this technique is to use a user error when typing a website address into the address bar. Basically, Web Spoofing is an attempt to deceive the victim into thinking he is accessing a particular site, but it's not.

In the case of BCA, the perpetrator makes the site very similar and identical to the original site so that the victim will not be fooled in doubt fill in sensitive information such as user name and password. In fact, because the site is a scam site, then all this valuable information recorded by the fake Web server, which is owned by the perpetrator.

[4]. Block Email

Block email? Yes, and very easy to do this. One way is to use mailsnarf contained in dsniff utilities. How it works is by blocking Mailsnarf data packets through the Internet and arranged them into an email intact.

Mailsnift is Dsniff and software work on the basis of WinPcap (equivalent to the Linux libcap) is a library that captures data packets. Packets captured will be stored in a file by Windump, while MailSnarf act Dsniff and further analyze the data packets and display the password (dsniff) or email content (mailsnarf).

[5]. Password Cracking

"Hacking while sleeping." Was the phrase commonly used by people who do password cracking. Why? Because in general dibuthkan a long time to perform password cracking. Could for hours, even for days - days! It all depends on the target, whether the target using a common password, password length unusual character, or a combination of passwords with special characters.

One of the commonly used software to do this is by using Brutus, one of the remote password cracker software is quite popular. Brutus works with technical dictionary attack or bruce-force attack on http ports, POP3, ftp, telnet, and NetBIOS.

Dictionary attacks try to work with words in the dictionary passwords. While brute - force attack try to work with all combinations of letters, numbers, or characters.

Brute Force Atack working very slow and takes a long time depending on the type of computer specifications and character length password. We have had many sites that closed access to access to the login attempt constantly to no avail.

If you want to do Cracking passwords, please choose - choose their own applications on page Member -

[6]. Session Hjacking

Session hijacking is more widespread today among the attackers. Session Hijacking usually done by doing imitation cookies. So in essence, we must be able to imitate the victim's cookies to get their login session.

So how do I get the victim's cookies?

1. By analysis Cookies.

This method is relatively difficult to do.

2. Stealing Cokies.

For example The Attacker wants to obtain the account A. The Attacker can easily make such a script that inserted Java script in the email to be sent to the victim opens the email korban.Saat it, subconsciously stolen and cookies will be recorded onto a Web server using a PHP script.

These days most often the target of a Friendster account. There are inserting a Scipt through testimonials, there is a paste in his own profile to steal the victim's cookies and so forth. I have tips for this:

1. Do not use the Internet Explorer browser

We want to open other people's profiles, do not use Internet Explorer. Write down the address you want to come along the profile view, first logout of your account and remove all cookies, then open your Friendster profile goals.

2. Check the source code

When receiving testimonials, please check your source code. Is there are foreign script or word which is identical with such counterfeiting:

"HACKED", "defaced", "Owned" .. etc. ..

If in doubt ... .... ajah reject ..

3. LOGOUT suddenly.

Alert when without a good reason you are suddenly logged off automatically from your account. When you are asked to enter a username and password, your addressbar preview! whether you are on the proper or not. Check the source code on the form tersebut.Lihat page action, where your information will be sent.

Actual session hijacking can be prevented if only the service provider notice the following things:

1. Assign a unique session identifier

2. Define the random pattern identifier system

3. Session identifier is independent

4. Session identifier that can be mapped to the connection

client side.

Another phenomenon is that, until now this article was published, it is often found that users who do not sign out after opening the account. Thus, people who use the computer and open the same website that has been opened by the first person will be automatically logged into the victim's account.

[7]. Being a Proxy Server

We can gather information with a proxy server for the victim to be able to surf. With a proxy server, the identity of the surfer can be ours.

[8]. Failure to take advantage of the user in the use of features


Each browser must have features intended for convenience and comfort of users in the surf. Among them is the existence of the cache and Password Manager.

On the Internet of course a lot of websites whose content is not changed within a few days (for example Well, for a site like this cache be very useful. Cache will store the files so that future browsing if you visit the site again to the browser no longer have to download a second time from the server so that every page of your site that has previously opened will open more quickly. All that is usually governed by the header time to live.

Well, what about the sites of news providers are always up to date? For such sites, time to live it will be set = 0 so that later you will continue to download every time a visit.

Not comfortable enough? Yes, but the threat began to emerge. Try now you explore the options related to the cache in your browser. Of course you can see that there are facilities to determine how much temporary files that can be stored on disk. Search also the location where the files will be saved.

Try to open the folder, you will see the files html & image files from sites you've visited. In the IE browser, you can see the location of the cache files by exploring the Tools menu -> Internet options -> Settings

Then what can be found?? anyway just the files "trash"?? Hmm ... now let you copy all the files there into a folder. Then open one of htmlnya file. If the public computer, you can see what sites have been accessed by the person before you.

Hmm .. just by looking at your temporary files can even see the password and etc.. I met lots of sites that store passwords and display them on the url. Of course you also must have often read in many tutorials.

Most current browsers have a facility for storing passwords. For example when meggunakan Mozilla Firefox, you'll often receive a confirmation dialog box asking if you want your password saved or not by PasswordManager.Kebanyakan users tend to choose the YES option, either knowingly, or did they not know (read: do not want to know ) what the purpose of the dialogue box.

Others who then use the browser that can very easily get the password by entering the victim's Tools menu -> Options -> Security -> Saved passwords.

Another example is the password wand facilities owned by the Opera browser. When you enter a user name and password in a form and pressing the submit button, an opera by default will be asked to confirm to you whether you want the browser to save your id and password or not. Again and again ... most netter careless, they tend to select the option "YES".

So?? Others who then use a browser that can see what sites have been accessed by the user, point your browser to the site, place the cursor on a form the user name, press [ALT] + [ENTER] and BOOOMM!! Why? Do not be surprised yet!! Hehehe .. will automatically login with your user name filled in full with the victims password; D (It's fun enough ..

This is only a small example, the feature-firtur explore other browsers!

[9]. Googling Many sites have collapsed, passwords and numbers - credit card numbers stolen from the behavior of people who used to menyalahgunaan miracle, it's easy dilakukan.Hanya by typing certain keywords associated with a user name and password, you can harvest hundreds of user passwords via google. But now it seems you have to bite the fingers if you use the above; D

Do not be sad before because Google has just spawned a new product, the Google Code Search. New threat began to emerge, "the smart" is now able to crawl up to the archive files that are in a public web server directory. Be careful who had a habit to store important information in it (passwords, and other valuable information) should begin now eliminated the habit. Always protect folders sensitive to your site can live longer. Kalo nggak yach ... .. wait ajah anyone using the new product is to dredge google sensitive information from the web server. and if it had happened ... so be prepared .. "Playground" you will be taken over by it ..

What's on Your Mind...

My Blog List


guest book

ShoutMix chat widget