Courtesy of fravia's searchlores.org
(Ported in March 2000)
Luring lore - 3
How to caper an email account
(With a [digression]: Pseudoanonymous method for dummies)
by A+heist, March 2000
Edited by Fravia+
Well, this is "simple stalking" AND "simple luring" at the same time, I'll let
fravia decide where he wants to include it... so, let's see: first of all you must find
out what your target really loves. Let's imagine he
is very interested in Tina Turner songs, just for the love of it.
Now what you want is NOT ONLY to find out his real IP, don't you, that's
something fairly easy and straightforward that is anyway included in this lesson.
The best "bingo" here is to have
him betraying his complete email address settings, so that we can caper
his account the very moment he comes straight
when he visits your bait.
You may have many good reason to want to read his emails, or
to know his real identity (both very likely once you have access to his emails): why
should such info only be reserved for the people working at -say Yahoo- to perform
their 'insider trading' activities and statistical spionage? Wouldn't you have a moral
right to have a look at the real identity of a spammer? Or of a porn-dealer? They break the
law, you punish. It's so simple, isn't it?
We are goinh to leech some tricks from the proxy people here, and apply them to our
email capering project :)
There is a fairly amount of 'preparatory' work involved, and you will
- a good knowledge of the target you want to lure in order to propose a credible
bait that will have him acting 'without precaution'. (The 'hand that clicks' snapping
before 'the brain that
- he actually having an email provider that -like Yahoo and most of them all -
allows immediate links
inbside the emails (you will understand why in a moment)
- a good bait page, that will not 'stink' even if he is really careful
and visit it through
- a good program to
snatch the data when he comes visiting you, we will use here php3.
- A quick reaction (surveillance) as soon as he does,
so that you can enter his mail and modify his password quickly, while he is still inside
'his' email hosting service.
- a good avatar that the target you want to lure 'trusts'. (This one is an
accessorial ^rerequisite only for more serious and long-term luring or stalking).
Sounds complicated, eh?
First of all try this on email addresses taken from a luser messagegroup, where chance are that two gazillion people will bite
your page coming stright from their email addresses.
This could be your letter for the usenet group alt.fan.madonna: let's take this
posting OT: Tina Turner as
bait and slightly modify it:
So, what are everyone's thoughts on TT?
Here, I just rediscovered her single, "Private Dancer" from '84.
It truly has to be one of the most perfectly crafted pop songs
I've ever heard in my life, honestly right up there with Papa
Don't Preach and Like a Prayer.
Her new album, Twenty-Four Seven, has been in my stereo for
weeks now, and it's one of those that will take months to wear
out. There are at least 6 "highlights" on it.
I have decided to post some of them in mp3 format - for a couple of days -
on my page at linktoyourbaitpage.
for instance with a code like
this one: open source proxy checker
of course you will have put in your baitpage a checker that allows gathering
of referrals (there are tons of them on the web, see the proxy pages)] ~ [I'll soon put above
a working link to DQ's fabulous 'open source proxy checker',
to be published end March, fravia+]
please feel free to visit it and download Tina Turner's songs.
Any other thoughts?
Later, friends of Tina,
Send the snippet above to yourself and check your link above from INSIDE your own
free email provider, and then, once you visit, see what your referral data will be.
As you can see, such a bait should be almost irresistible for any Tina Turner
In the reality, of course, they WILL find on that page some mp3 that you will
have put there (so that
they will spend some
time downloading, while you act), and they will not even SEE
the code that you have there as well, which you will use in order to fish their
referrals from INSIDE their address providers.
The moment you get them, use the URL that you have fetched in the referral and
browse into it. For instance I
had this URL to-day while using yahoo:
when reading one of my mails. (It would be useless to use it now, since my login session has expired).
If you are quick enough (and if you have the bait well loaded with mp3 your target will be
siphoning songs for a while :-) you'll be inside his email box without problems, as long as he is still
if he has set his pc in order NOT to accept cookies (and most of the target that you'll stalk for
real will have such settings per default). YOU on the other hand, will have to have your PC
set for NON accepting cookies, deceiving the filters into believing that you are the same
guy calling from another box.
Now take care, because he may close his connection every moment, so
immediately go to the MASTER page of the account and modify
password AND the emailaddress of reference to one of
yours (that you will of course have gathered
through the usual pseudoanonymous method...
DIGRESSION: Pseudoanonymous method for dummies
Or, "how to have a
free email account that does not smell too much"
ISP account on a free month ride that you will throw away
after the free trial period and never, never, never use again ~
access through chained proxies, proxonomitron+junkbuster, whatever you trust ~
access yahoo "free" email (or whatever provider you want to have) ~ the moment you enlist
you must already have a bogus identity ready -to satisfy yahoo's statistical sniffers-
could be whoever you find on the telephon book or the address of a book à la fravia, o some
petty life found
on web personal pages à la geocities (identity capering) ~ never forget that all
the email you write IS USED by the 'free' account providers: never use this account for sending anything personally related, just for
receiving (and eventually answering) free services confirmation ~ ¿comprehendes?
this will keep your target working for a while in order to regain his account (he will first try the
re-send password method, but the password will be sent to your bogus account and time will
go by before he realizes that... in very advanced cases you'll also take the precaution to
send (trough a proxy) a nice
'official' automated email to your target, apparently from his email-provider, asking him NOT to send the
new password he will have to choose to anyone and telling him at the same time
to allow some days before everything will work :-)
The time span you'll be able to use before he will be able to clear things will be enough to allow you most probably:
To know exactly who your target is.
To know exactly what he is doing and why (useful for nasty spammers)
To 'seed' backdoors in other accounts he may have left trace of on the one you
To read his juicy real letters :)
Ahah, I was jocking all the time, the above tactiques are a no-no-no! You should never read other people's mail!
A+heist, March 2000
(c) 2000: [fravia+], all rights