Re: [Full-disclosure] Hack-Mail.net or similar site
[First, sorry for spawning a new thread -- I just joined the list to post this] About 2 weeks ago, I decided to have them "hack" my account. I just got a not-too-poorly-done spoof email for an email login portal/ greeting card mashup. Granted, GMail would never actually do something like this, but it's enough to fool the layperson. http://www.123greetingsecards.com/greet_view/YOURACCOUNTNAME=gmail.html Tried msn.html and yahoo.html -- no go. smime.p7s Description: S/MIME cryptographic signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack-Mail.net or similar site
From: Augusto Pereyra Subject: Re: [Full-disclosure] Hack-Mail.net or similar site Date: Tue, 15 Sep 2009 02:11:59 -0300 > I think this service is fake. > > To make some portal like this only you need a php form with the > following fields: Account to Hack, Account to send password > > Some client fill this form and three days later the server send a > spoofed mail acting like they have the password of the account > requested in previous form. When the client put his fait in this kind > of cheat pay the cash and maybe some kind of trash is sended to his > account. > > When the client in cheated is too late. Now the owners of the site > have his 20 buck. > > I was tested it and the mail doesn't become from yahoo server. The > mail become from bebobox.com > > My english sucks! Sorry Thank you for taking the time testing the service and sharing your experiences and don't worry about your English! :) maxigas ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack-Mail.net or similar site
I think this service is fake. To make some portal like this only you need a php form with the following fields: Account to Hack, Account to send password Some client fill this form and three days later the server send a spoofed mail acting like they have the password of the account requested in previous form. When the client put his fait in this kind of cheat pay the cash and maybe some kind of trash is sended to his account. When the client in cheated is too late. Now the owners of the site have his 20 buck. I was tested it and the mail doesn't become from yahoo server. The mail become from bebobox.com My english sucks! Sorry On Mon, Sep 14, 2009 at 7:43 PM, maxigas wrote: > From: mamo > Subject: Re: [Full-disclosure] Hack-Mail.net or similar site > Date: Mon, 14 Sep 2009 23:20:24 +0200 > >> On Sat, Sep 12, 2009 at 7:08 PM, Andrew Farmer wrote: >>> >>> So, in other words, they're spoofing From addresses for profit. Clever. >> >> I never tried them. I will just for fun (with my email address). >> Perhaps they are doing something more smart (like brute forcing with >> dictionary, use some virus or web attack or something else). >> >> Mamo > > tell us how it went, my guess was also that they are just setting that from= > address and that's > it, so you don't get a working password after all. but i have no 20$ to test > it. :f > > maxigas > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack-Mail.net or similar site
From: mamo Subject: Re: [Full-disclosure] Hack-Mail.net or similar site Date: Mon, 14 Sep 2009 23:20:24 +0200 > On Sat, Sep 12, 2009 at 7:08 PM, Andrew Farmer wrote: >> >> So, in other words, they're spoofing From addresses for profit. Clever. > > I never tried them. I will just for fun (with my email address). > Perhaps they are doing something more smart (like brute forcing with > dictionary, use some virus or web attack or something else). > > Mamo tell us how it went, my guess was also that they are just setting that from= address and that's it, so you don't get a working password after all. but i have no 20$ to test it. :f maxigas ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack-Mail.net or similar site
On Sat, Sep 12, 2009 at 7:08 PM, Andrew Farmer wrote: > > So, in other words, they're spoofing From addresses for profit. Clever. I never tried them. I will just for fun (with my email address). Perhaps they are doing something more smart (like brute forcing with dictionary, use some virus or web attack or something else). Mamo ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack-Mail.net or similar site
On 11 Sep 2009, at 02:46, mamo wrote: > What do you think of web site like Hack-Mail.net or similar one? > Do they really work and how? hack-mail.net/howitworks.html: > After about three to four days, you will get an email from the > account you wanted to hack. This email acts as proof we have hacked > the account. The email will be sent from within the vistims account. > It will contain information on the next step to purchase the > password from us. Please check that the email was sent from the > exact email address you wanted to hack. This email will NOT appear > in the 'sent' folder, so they will never know they have been hacked. So, in other words, they're spoofing From addresses for profit. Clever. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack-Mail.net or similar site
How could you question them? They "Are Completely annonymous"! 2009/9/12 TheLearner > Sounds like a sting operation. > > I mean, can you read this? They're talking to you like putting > hacked password in white text on white paper makes it less illegal > and somehow legit. > > A shakespear script? > > Those sites are set up to find people who want to break federal > law. I'm 100% if you go through the process and buy it you'll be > indicted. > > TheLearner > aka > mrx > > On Fri, 11 Sep 2009 09:46:27 + mamo wrote: > >Hello, > > > >What do you think of web site like Hack-Mail.net or similar one? > >Do they really work and how? > > > >Thank you, > > Mamo > > > >___ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Hack-Mail.net or similar site
Sounds like a sting operation. I mean, can you read this? They're talking to you like putting hacked password in white text on white paper makes it less illegal and somehow legit. A shakespear script? Those sites are set up to find people who want to break federal law. I'm 100% if you go through the process and buy it you'll be indicted. TheLearner aka mrx On Fri, 11 Sep 2009 09:46:27 + mamo wrote: >Hello, > >What do you think of web site like Hack-Mail.net or similar one? >Do they really work and how? > >Thank you, > Mamo > >___ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/