The art of sending this kind emails is known as Email Spoofing.This method used to work successfully in the past, but today it has a very low success rate since Gmail and Yahoo(all major email service providers) blocks the emails that are sent directly from a PC. In this post I have come up with a new way to send anonymous emails (spoofed emails) that has 100% success rate. If you have to successfully send an anonymous email or spoofed email, you should send it using a relay server.
What is a Relay Server?
In simple words, a relay server is an SMTP Server that is trusted by Google or Yahoo as an authorised sender of the email. So, when you send an email using a relay server, the email service providers like Yahoo and Gmail blindly accept the emails and deliver it to the inbox of the recipient. If the SMTP server is not authorised, Google and Yahoo will reject all the emails sent from this SMTP server. This is the reason for which using our own SMTP server to send emails fail.
So What’s Next?
Now all we have to do is, find a trusted SMTP server to Send Spoofed Emails. Usually all the emails that are sent from web hosting providers are trusted and authorised. So, you have to find a free web hosting provider that allows you to send emails. But, most of the free Web Hosts disable the Mail feature and do not allow the users to send emails. This is done just to avoid spamming. However all the paid hosting plans allow you to send any number of emails. Once you find a hosting service that allows to send emails from their servers, it’s just a cakewalk to send anonymous emails. All we have to do is just modify the email headers to insert the spoofed From address field into it.
I have created a PHP script that allows you to send emails from any name and email address of your choice. The script can be found here.
Anonymous Email Sender Script
Here is a step-by-step procedure to setup your own Anonymous Email Sender Script
1. Goto X10 Hosting and register a new account.
2. Download my Anonymous Email Sender Script (sendmail.rar).
3. Login to your FreeWebHostingArea Account and click on File Manager.
4. Upload the sendmail.php, pngimg.php and bg1.PNG files to the server.
5. Set permissions for sendmail.php, pngimg.php and bg1.PNG to 777.
6. Now type the following URL
http://yoursite.x10hosting.com/sendmail.php
NOTE: yoursite must be substituted by the name of the subdomain that you have chosen during the registration process.
7. Use the script to send Anonymous Emails. Enjoy!!!
Tell me whether it worked or not. Please pass your comments…
WARNING: ALL THE INFORMATION PROVIDED IN THIS POST ARE FOR EDUCATIONAL PURPOSE ONLY. I AM NOT RESPONSIBLE FOR ANY MISUSE.
How to Send Anonymous Emails
Gmail Hacking Tool – A New Way to Hack Gmail
A new Gmail hacking tool that is capable of automatically stealing the Gmail IDs of non-encrypted sessions and breaking into Gmail accounts has been presented at the Defcon hackers’ conference in Las Vegas.
Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed this Gmail hacking tool is planning to release the tool in two weeks.
When you log in to Gmail account the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually click the sign out button. When you click sign out this cookie is cleared.Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done.
According to Google this behavior was chosen because of low-bandwidth users, as SLL connections requires high bandwidth.The problem lies with the fact that every time you access anything on Gmail, even an image, your browser also sends your cookie to the website. This makes it possible for a hacker to sniff the traffic on the network to insert an image served from http://mail.google.com and force your browser to send the cookie file, thus getting your session ID. The new Gmail hacking tool is capable of doing this. Once this happens the hacker can log into the account without the need of a password. People checking their e-mail from public wireless hotspots are more likely to get hacked than the ones using secure wired networks.
Perry mentioned that he notified Google about this situation over a year ago and even though eventually it made this option available, he is not happy with the lack of information. “Google did not explain why using this new feature was so important” he said. He continued and explained the implications of not informing the users, “This gives people who routinely log in to Gmail beginning with an https:// session a false sense of security, because they think they’re secure but they’re really not.
“If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.
Common Email Hacking Methods
Gone are the days when email hacking was a sophisticated art. Today any body can access hacking tips through the Internet and start hacking your yahoo or hotmail account. All that is needed is doing a search on google with keywords like “how to hack yahoo”, “hack yahoo messenger”, “hotmail hack program” etc. The following article is not an effort to teach you email hacking, but it has more to do with raising awareness on some common email hacking methods.
Hackers can install keylogger programs in the victim’s computer. This program can spy on what the user types from the keyboard. If you think that you can just uninstall such programs, you are wrong as they are completely hidden. After installation, the hacker will use a password and hot keys to enable the keylogger. He can then use the hot keys and password to access your key entry details.
A keylogger program is widely available on the internet.some of them are listed below
Win-Spy Monitor
Realtime Spy
SpyAgent Stealth
Spy Anywhere
For more information on keyloggers and it’s usage refer my post Hacking an email account.
Even if direct access to your computer is not possible, hackers can still install a key logger from a remote place and access your computer using Remote Administration Tools (RATs).
Another way of getting your password is the use of fake login pages that look exactly like the real one. So, beware of the webpages you visit. Also if you find your computer behaving oddly, there is a chance that some spy program is running. On such occasions it is better to try and remove the malware or reformat the entire hard disk.A detailed Email Hacking tutorial is discussed in the post Hacking an email account.
How to Create a Fake Login Page
In this post I’ll show you how to create a Fake Login Page in simple steps.A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmail etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.
Here in this post I will give a procedure to create a fake login page of Yahoo.com.The same procedure may be followed to create the fake login page of Gmail and other sites.
Due to a large number of requests from my visitors, I have elaborated some of the steps in this post. I have made best effort to explain every point in detail.
Here is a step-by-step procedure to create a fake login page.
STEP 1.
Go to the Yahoo login page by typing the following URL.
mail.yahoo.com
STEP 2.
Once the Yahoo login page is loaded, Save the page as Complete HTML file. (Not as .mht file)
To save the page goto File->Save As
Tip: .mht option is available only in IE 7. So if you you are using some other browser you need not worry.
STEP 3.
Once you save the login page completely, you will see a HTML file and a folder with the name something like this Yahoo! Mail The best web-based email! .
STEP 4.
Make sure that the folder contains the necessary images and other support files.Now rename the Folder to “files“.You may also rename the .HTML file to yahoo.HTML
STEP 5.
Now open the .HTML file using a WordPad.Change the links of all the files present in the folder to /files.
For example you may find something like this in the opened HTML file
src=”Yahoo!%20Mail%20The%20best%20web-based%20email!_files/ma_mail_1.gif”
Rename the above link into
src=”files/ma_mail_1.gif”
Repeat the same procedure for every file contained in the folder by name “files“.
Tip: To search for the links, press Ctrl+F in the opened WordPad and search for “.gif”. Repeat the Step 5 for every .gif file.
action=
you will see something like this
action=https://login.yahoo.com/config/login?
Edit this to
action=http://yoursite.com/login.php
Tip: Open a free account in 110mb.com to create your own site for uploading the Fake Login Page. yoursite.com has to be substituted by the name of your site.For example if your site name is yahooupdate.110mb.com then replace yoursite.com with yahooupdate.110mb.com.
Save the changes to the file.
NOTE: You can write your own code for login.php or search for login.php (Login script) on Google.
yoursite.com Root folder
NOTE: Make sure that your host supports PHP
Tip: 110mb.com supports PHP
STEP 8.
Configure the login.php file to save the entered password onto a .TXT file and redirect the user to original login page (mail.yahoo.com)
Tip: login.php can save the password in any format (not necessarily .TXT format).You can search a php script in Google that can save the password in any format.You may also search a php script that can email the username & password
NOTE: The concept here is to save the password.The format is not important here.
STEP 9.
Distribute the Yahoo.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends.When they login from this fake login page, the login.php will save the username and password onto the .TXT file (or any other format) in your site. Download the file to see the password inside it.
How to Make a Trojan Horse
Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The Trojan is available for download along with the source code at the end of this post. Let’s see how this Trojan works…
Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.
Now lets move to the working of our Trojan
The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the WindowsSystem32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.
The algorithm of the Trojan is as follows
1. Search for the root drive
2. Navigate to WindowsSystem32 on the root drive
3. Create the file named “spceshot.dll”
4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full
5. Once the drive is full, stop the process.
You can download the Trojan along with it’s source code HERE.
How to compile, test and remove the damage?
Compilation:You can use Borland C++ compiler (or equivalent) to compile the Trojan.
Testing:
To test the Trojan, just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.
NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.
How to remove the Damage and free up the space?
To remove the damage and free up the space, just type the following in the “run” dialog box.
%systemroot%system32
Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.
A Closer Look at a Vulnerability in Gmail
Gmail is one of the major webmail service provider across the globe. But as we all know Gmail still carries that 4 letter word BETA. Sometimes we may wonder, why Gmail is still in the testing stage even after years of it’s emergence. Here is one small reason for that.
Gmail follows a strict rule that doesn’t allow it’s users to have their first or the last name contain the term Gmail or Google. That is, while signing up for a new Gmail account the users cannot choose a first or last name that contains the term Gmail or Google. You can see this from the below snapshot.
1. Login to your Gmail account and click on Settings.
2. Select Accounts tab
3. Click on edit info
4. In the Name field, select the second radio button and enter the name of your choice. Click on Save Changes and you’re done!
Now, Gmail accepts any name even if it contains the term Google or Gmail. You can see from the below snapshot
So the bottomline is, if you get any emails that appears to have come from the Gmail Team or similar, don’t trust them! Anyone can send such emails to fool you and take away your personal details. Hope that Gmail will fix this vulnerability as soon as possible to avoid any disasters.
Is your Spouse Cheating? Need to Spy on His/Her Email?
Access Any PC from Anywhere. Spy on Any Email to Find Out the Truth! Award Winning Remote PC Surveillance Software.
Today there exists hundreds of Spy softwares available on the market. Because of this huge diversity of choice, people often get confused about which spy software to choose. Also because of this confusion there is no wonder many people end up buying a substandard product which fail to meet their needs.
To help you come out of this confusion I have decided to write a complete review of one the best spy softwares that I have come accross. The following is the best spy software that I always recommend.
SniperSpy
SniperSpy Full Review
In my experience of more than 6 years I have tested almost 50 spy softwares. Out of these one of my favorite Spy software is SniperSpy. The following are some of the reasons for which I recommend SniperSpy for you.1. SniperSpy can be used to Spy on your local PC as well as a remote PC since it supports remote installation feature.
2. On the whole Internet there exists only a few spy softwares that support remote installation and SniperSpy is the best among them.
3. You can view the LIVE screenshot of the remote computer. Not only screenshots, but also you can see every activity on the remote comuter LIVE.
4. With SniperSpy you can take a complete control of the remote PC. You can logoff, restart or shutdown the remote PC right from your PC.
5. SniperSpy records every activity of the remote computer.
6. SniperSpy is completely stealth and remains undetected.
7. SniperSpy captures every keystroke that is typed. This includes email passwords, login passwords, instant messenger passwords etc.
8. SniperSpy has the ability to bypass any firewall.
How it Works?
After you purchase the SniperSpy software, you will be able to download the a program that allows you to create a remotely deployable module.
To deploy the module you can attach the exe file to any regular email and send to the remote PC. Modules can be dropped into a Word, Wordpad or Works document, or even a ZIP or RAR file. When the module is executed it will not display anything on the screen if you chose the “Do Not Alert User” option during module creation.
After you have sent the email, wait until the remote user checks their email and executes the module. After the module is executed, activity will begin recording immediately. After activity starts recording it will then be uploaded to your personal SniperSpy web space.
Wait about fifteen minutes after the module has been executed. Then login to your online account. You will be able to view any recorded activity there using a secure https connection. Logs are updated every six minutes. No matter where you are, you can log into your SniperSpy account from any Internet connection.
How effective is SniperSpy?
Once you’ve got the module executed on the target machine, it begins logging keystrokes, websites visited, internet searches, file changes, instant message chats, and taking screenshots of computer activity. I decided to install the module remotely on my friend’s laptop. A few hours after it’s successful installation, I was able to login to the control panel to see the screenshots, keystrokes (includes passwords), websites visited and many more. Whenever he used to come online I was able to monitor has activity LIVE. It was quite amazing to sit at my place and watch his activities remotely.
Improvements in the latest version of SniperSpy
In the older versions of Sniperspy the online control panel was pretty slow taking upto a minute to communicate with the remote computer. This was a bit annoying.
But this problem is fixed in the latest version. In fact it’s extremely fast now!
How is SniperSpy different from other spy softwares?
The following features makes SniperSpy stand out from the crowd
1. Sniper Spy is more reliable than other spy softwares since the logs sent will be received and hosted by SniperSpy servers. You need not rely on your email account to receive the logs.
2. SniperSpy offers excellent customer support.
3. SniperSpy has got recognition from media such as CNN, BBC, CBS, Digit etc. Hence it is more reputed and trustworthy.
Verdict: Sniperspy Internet Monitor Software
This review can only give you an idea of just how powerful SniperSpy really is and how it can help you to monitor internet activity. There is not much that can be hidden from SniperSpy and if you visit their website you will get the complete picture.
There are a few computer remote spying programs available but Sniperspy is without doubt one of the best ones you can buy. Customer support is excellent and if you want peace of mind then this will allow you to find out the truth very quickly.
Check SniperSpy out right now and discover for yourself how much is worth to you compared with the few dollars it costs.
You can get SniperSpy from the following link: SniperSpy Homepage
