Gmail/Hotmail/Yahoo... password hacking : do NOT be naive !
Fake websites & programs
You might have seen a lot of websites that offer to hack Gmail or Hotmail or Yahoo or other webmail account password, some claim to hack them using the "expertise" they gained in last X years , some claim to hack it using previously existing loopholes...
Goes same for "Gmail/Yahoo password crackers" or "Hotmail/Gmail password stealers" or "Gmail password hacking" ...
Just type "Gmail/Hotmail password hacker" in Google & see for your self. Countless results of websites who claim to hack Gmail/Yahoo passwords or help you to steal Facebook passwords...
There is NO Gmail/Hotmail/Yahoo Hacking Software, no Site that can hack or crack these webmails.
So ? What's the truth then ? There are no magical techniques
These websites demand $20 to $300 per account for hacking a webmail account and get you...absolutely nothing! DO NOT PAY ! It's a TRAP ! They claim Gmail/Yahoo/Htotmail has a MD5 password : it's bullshit too. These webmails DO NOT USE MD5 for password hashing. They use more complex systems.
As for (fake) Gmail/Yahoo/Hotmail Password cracker "software", any company or website that claims to hack password using software usually show a (fake) MD5 hash of the password which is indecipherable.
Not convinced yet ?
Have a try by yourself : type "hacking gmail/yahoo" in Google, choose one of these crappy website. You'll be asked to enter a webmail email to crack. Enter a fake one like "[email protected]" as the email does not exist in the real life.. these fake websites are sooo magical that they can hack this (ghost) webmail account ! Congratulations...
Ok, fake site/software are all bullshit. But I need to steal a Gmail/Yahoo/Hotmail password !
As any other website or web services (Yahoo, Gmail, Hotmail, Facebook, Twitter, Linkedin,...), it's possible to get credentials using conventional techniques :
- Phishing : use of Fake Login Pages, also known as spoofed or phishing pages. These fake login pages resemble the original login pages of sites like Yahoo, Gmail, etc. The victim is fooled to believe the fake gmail/hotmail page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her gmail/facebook/yahoo/twitter login details are stolen away.
- Keylogging : locally or remotely install a keylogger application on the victim's computer. It records the keystrokes into a log file and then you can use these logs to get required Facebook, Gmail, etc password.
- Primary email address hack / Reset : simply ask Gmail/Hotmail/Yahoo/Twitter/Facebook to send password reset email to the victim's primary email address - of course if this email account is already compromised.
- Social engineering : method of retrieving password or answer of security question simply be quering with the victim. You have to be careful while using this as victim must not be aware of your intention. Just ask him cautiously using your logic.
- Cookie Stealing / Session Hijacking : Google it. See for example FireSheep
- Password re-use : Use of a password for multiple websites. If one website is compromised and database is leaked, the password can be tested against Gmail/Yahoo...
- "Remember my password" : Need access to the computer (physically or remotely) - Modern browser can remember Gmail/Yahoo/Hotmail/.. password if user ask for it. The password can thus be easily retrieved.
Note
We obviously do NOT crack Gmail/Yahoo/Facebook/Hotmail/Twitter password here. DO NOT ask us for, nor anything related to this.