Sunday, September 18, 2011

HACK Gmail : Social Engineering Method

Hi

Hacking gmail is not an easy task, but social engineering method can make it quite easy. The outline of method is this: we will impersonate as our victim and claim to gmail that my account is hacked,tricking the system to give away the password resetting option and hence allowing us to enter the account of the victim.
For this, we need some information about the victim:
  • creation month and year of account
  • Five commonly contacted people.
  • Labels used(usually people do not change them so you can try the standard ones if you have no idea about them).
  • Other google products used and their approximate months of start.
  • any older password (may be able to break in without it, but the more the better)
Let's start:

1.Go to gmail.com and click on "Can't access your account?"
2.Now enter victim's Email address and word verification on the next screen.


3.On the next screen try to identify the recovery email addresses. For example, in this image one could easily identify that for the second option the service used is "live.com" and the first part is usually common.Don't worry gmail will help you by filling in the blanks :P




4.Now click on "Verify your identity" instead of continue.

5. On the next screen enter answers to as many questions as possible.
 6. Now submit and wait for an email from gmail allowing you to reset victim's password.


How to Keep Yourself Safe:
You cannot do much except for keeping your recovery address secret and changing your default labels.


Enjoy and Please comment :)