Sorry :(

Our Image server is on a maintenance now,
You will not see the image correctly
please check back shortly. . .

Hacking Windows Live Email

Posted by v4L in Security, Tips and Trick, Tutorial | no responses

Is it possible to hacking email especially Windows Live Email? yes of course it's possible. What you need is social engineering technique and also a few social based website. In this tutorial I will show you how someone can get into your email easily without any programming skills.

I have user victim, his email is thesecure@live.com (this is only for testing purpose)

1. The first phase is reconnaisance, just a little looking around to the target from Facebook, Twitter, Foursquare, etc to know his/her email.

Facebook Profile

2. Open the Live mail and try some password(usually DOB or something close to the victim). But if it's didn't worked, just click the forgot password.

Live login page

3. To reset the password you need to provide the victim email address and also input the captcha form like the figure below.

insert username + captcha

4. In the next reset password form, choose to answer some security question. In this section you can fill the information you get from the step 1. Usually some people put their details in Social Networking Website.

Provide user information in live mail

5. If all of the information is correct, I think you will know what next by lloking the picture below. Yeah you already resetting the victim Live mail password with your desired password.

Change new password hacking live mail

6. Then the attacker has sucessfully changed the victim password, what he need is only login to the live mail with the new password.

Attacker sucessfully change the live mail password

7. Yep, the attacker already inside the victim inbox mail. From here, I think he can do anything according to another victim account.

Attacker inside hacking live mail

The above explanation is not easy as you thought, because different user have a different style to secure their information.

Prevention :

1. Do not use question that will be easy to guess for your security question.

2. If the question is looks like a template, such as :

- "what is your mother maid name?"

- "what is your first phone number?"

- "what is your dog name?"

- etc

Do not fill the answer with the real situation, or you can add some characters in front or at the back of your answer, such as "my dog name : blacky%^"

Twitter

Digg Digg