Aymen’s Page

Alright, well you’re going to need a computer (It usually helps). And That’s all you need! No tools to download or anything! So now that you’ve gotten one of those, we can begin.

First thing you need to do is go into command. If you don’t know how to do this, go to run, then type in command. Now all we have to do is connect to an e-mail server using telnet, which just happens to be extremely easy!

Ok, for this tutorial we’re going to use hotmail’s server. All you have to do is type in “telnet mail.hotmail.com 25″ without the quotation marks.

Now it should have around 2 lines of text at the top about the server. This means your connected. Now type in HELO (yes, I know that it’s spelled wrong). The server will respond by saying Hello. You sometimes have to do this before you can do anything else. If it displays your IP address, don’t be scared, hotmail didn’t find out what you’re doing, haha. It’s kind of like saying “hello John”, except your computer is represented by your IP address.

Through all of this next part you must not hit enter unless I tell you too.

Once the initial greeting is done, we can begin spoofing. Type

in MAIL FROM: (whoever@whatever.com) This tells the server who’s sending the e-mail.

Now type in RCPT TO: (whoever@whatever.com) This tells the server who to send the e-mail too.

Next thing you do is type in DATA and press enter.

Now type in Subject: (The subject of your e-mail) This tells the server the subject of your e-mail. Then press enter.

Now type in whatever you want to send to the person. This can be fun because you could make your e-mail from say, THE PRESIDENT! Although that’s not something I would suggest… You can also get passwords this way by sending an e-mail to someone as the admin of a site, and then register an account like accountmanager@hotmail.com and have them send the password there.

Finally, type in “.” without the quotations, and your e-mail will be sent.

Blogger’s Not:If this doesont work(it didnt work here),then try this.

www.sharpmail.co.uk .

I nicked this from a forum.Quiet old,it maybe but surely helpful.So,hotmail users better shift to gmail. 

MSN Hotmail users, guard your cookies. A simple technique for accessing Mic*ft’s free e-mail service without a password is in the wild and could be easily exploited.

The trick involves capturing a copy of the victim’s browser cookies file. Once the perpetrator gains two key Hotmail cookies, there’s no way to lock him out because at Hotmail, cookies trump even passwords.

What’s scary about this is that once they have your cookies, they have your account forever. Even if you change your password, they can still get in.

Cookies, the small data files placed on an Internet user’s computer when visiting websites, are primarily used to identify visitors for the purpose of customizing content such as advertising. But many sites, including Hotmail, also rely on cookies for more serious authentication purposes.

For such sites, the cookie is akin to an ATM banking card that doesn’t also require the holder to provide a password. Lose the “card” and you may give up your security.

Cookies were never designed to be an authentication mechanism. But anyone trying to deploy a Web application today doesn’t really have much choice. What’s more, security bugs in Internet Explorer make robbing a remote user of his Hotmail cookies a snap.

At the Web-mail service, a half dozen cookies are written to the hard disk when the user clicks the “keep me signed in” option while logging in to the service. The option is designed to relieve Hotmail users of being nagged for a password each time they check their mail throughout the day.

Two of the cookies, set by MSN.com and named “MSPAuth” and “MSPProf,” are the digital keys that allow an attacker to access the interior pages of a Hotmail account without being prompted to sign in, and to read and send messages from the account and change the account holder’s preferences.

In tests, the Hotmail cookies appeared to stay on the PC unless the user clicked the “Sign Out .NET” button or re-booted the computer. Merely closing the browser did not delete them.

The Hotmail cookie problem could stem from a bug in an optional feature offered by the service. Hotmail enables users to configure a “session expiration” option that promises to “automatically end” the user’s session after a specified time interval.

But even with the expiration option enabled at its most secure setting, testing showed that a cookie could be exported to another computer and still used to authenticate a password-less Hotmail login 24 hours later.

There’s little Mic*ft can do to guard Hotmail users against cookie attacks. Since Hotmail is designed to allow users to access their accounts from any computer anywhere, the service’s authentication cookies do not appear to constrain access based on a user’s Internet Protocol address.

A Hotmail user’s best defense against cookie robbers is to shun the “keep me signed in” option, and to follow Mic*ft’s advice and click the service’s sign-out icon when finished with a Hotmail session.

I hypothesize that the majority of them sign on first thing in the morning and stay logged in to their Hotmail accounts all day. I don’t think they realize this is setting them up to have their identities stolen