Gmail Password Recovery is a tool that will search your PC for encrypted Gmail passwords, extract them, decrypt and decode them and display them in a readable format. The following locations are known to store Gmail passwords:

• Google Talk
• Gmail Notifier
• Google Desktop
• Picasa
• Google Photos Screensaver
• Internet Explorer
• Mozilla Firefox

This Cracking tool will work provided the password you are trying to recover is saved on your local PC under the current login and you are able to login automatically without entering your password. In any case, if you are trying to recover the password you have long forgotten, download Gmail Password Recovery.
[eminimall]
Note: The Passwords Shown in the Image have been Changed so Please Don’t Try it. They are just for Demonstration

Download Link:

http://w18.easy-share.com/1702541173.html

Make FREE calls quickly

Simply type gizmocall.com/18005551212 into your browsers address bar.
(put the number you want to dial in place of 18005551212)

Make FREE calls to landline and mobile phones in over 60 countries by participating in the All Calls Free plan.

Users NEW to the All Calls Free plan get 20 minutes of free calling simply by getting ONE friend to sign up for a new Gizmo account. There are no commitments and no hidden fees.

Get Started Now!

1. Tell a friend to download Gizmo5 and have them add their phone number to their profile.
   
2. Add each other to your contact lists and you can call that person for FREE using Gizmo5.
   
3. Be sure to make at least 1 Gizmo5 to Gizmo5 call per week or your free minutes will expire.
   

• Download Softwares

1	poivY	Rates		Kuwait
2	VoipBuster	Rates		Thailand
3	VoipStunt	Rates		UK, USA
4	InternetCalls	Rates		Egypt, Pakistan
5	InterVoip	Rates		Iraq, Lebanon, Palestine, Qatar, Sudan
6	LowrateVoip	Rates		Bangladesh, Jordan, Indonesia, Iraq, Malaysia Thailand, UK, USA
7	FreeCall	Rates		Russia
8	SMSListo	Rates		Sudan, Syria, China
9	WebCallDirect	Rates		India, Pakistan, Philippines, Malaysia
10	JustVoip	Rates		Russia
11	12Voip	Rates		Bahrain, China, Sri Lanka
12	DialNow	Rates	Phone-to-Phone	Use if you live in a FREE Call Country!.
13	nonoh	Rates	Phone-to-Phone	Use if you live in a FREE Call Country!.
14	VoipWise	Rates
15	BudgetSIP	Rates		We create your SIP account.
16	Calleasy	Rates	Phone-to-Phone	Web Call
17	SIPDiscount	Rates	for SIP Devices
18	SMSdiscount	Rates		India, Morocco, Turkey
19	VoipCheap	Rates
20	VoIPRaider	Rates

So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .

If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options. In Gmail to view the headers there is a option show original in the menu at the top-right corner of the message.

Below are listed the headers of an actual spam message I received. I’ve changed my email address and the name of my server for obvious reasons. I’ve also double spaced the headers to make them more readable.

Return-Path: <s359dyxtt@yahoo.com>

X-Original-To: davar@example.com

Delivered-To: davar@example.com

Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for <davar@example.com>; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

Message-ID: <n5-l067n7z$46-z$-n@eo2.32574>

From: “Maricela Paulson” <s359dyxtt@yahoo.com>

Reply-To: “Maricela Paulson” <s359dyxtt@yahoo.com>

To: davar@example.com

Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels…isha

Date: Sun, 16 Nov 2003 19:42:31 +0200

X-Mailer: Internet Mail Service (5.5.2650.21)

X-Priority: 3

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary=”MIMEStream=_0+211404_90873633350646_4032088448″

According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn’t come from yahoo’s email service.

The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.

Here’s is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.

davar@nqh9k:[/home/davar] $whois 12.218.172.108

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 – 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 – 12.218.175.255

# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searching ARIN’s WHOIS database.

I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.

davar@nqh9k:[/home/davar] $nslookup 12.218.172.108

Server: localhost
Address: 127.0.0.1

Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108

Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom’s web site.

There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host’s IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.

A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.

But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header.

This advisory introduces an alternative method of obtaining the initial sequence number from some common trusted services.  The attack presented here does not require the attacker to open multiple connections, or flood a port on the trusted host to complete the attack.  The only requirement is that
source routed packets can be injected into the target network with fake source addresses.

This advisory assumes that the reader already has an understanding of how TCP sequence number prediction attacks are implemented.

The impact of this advisory is greatly diminished due to the large number of organizations which block source routed packets and packets with addresses inside of their networks.  Therefore we present the information as more of a ‘heads up’ message for the technically inclined, and to re-iterate that
the randomization of TCP sequence numbers is not an effective solution
against this attack.

Technical Details
~~~~~~~~~~~~~~~~~

The problem occurs when particular network daemons accept connections with source routing enabled, and proceed to disable any source routing options on the connection.  The connection is allowed to continue, however the reverse route is no longer used.  An example attack can launched against the in.rshd daemon, which on most systems will retrieve the socket options
via getsockopt() and then turn off any dangerous options via setsockopt().

An example attack follows.

Host A is the trusted host
Host B is the target host
Host C is the attacker

Host C initiates a source routed connection to in.rshd on host B, pretending
to be host A.

Host C spoofing Host A         <SYN>    –>  Host B in.rshd

Host B receives the initial SYN packet, creates a new PCB (protocol control block) and associates the route with the PCB.  Host B responds, using the reverse route, sending back a SYN/ACK with the sequence number.

Host C spoofing Host A  <–  <SYN/ACK>       Host B in.rshd

Host C responds, still spoofing host A, acknowledging the sequence number. Source routing options are not required on this packet.

Host C spoofing Host A         <ACK>    –>  Host B in.rshd

We now have an established connection, the accept() call completes, and control is now passed to the in.rshd daemon.  The daemon now does IP options checking and determines that we have initiated a source routed connection.  The daemon now turns off this option, and any packets sent
thereafter will be sent to the real host A, no longer using the reverse route which we have specified.  Normally this would be safe, however the attacking host now knows what the next sequence number will be.  Knowing this sequence number, we can now send a spoofed packet without the source
routing options enabled, pretending to originate from Host A, and our command will be executed.

In some conditions the flooding of a port on the real host A is required if larger ammounts of data are sent, to prevent the real host A from responding with an RST.  This is not required in most cases when performing this attack against in.rshd due to the small ammount of data transmitted.

It should be noted that the sequence number is obtained before accept() has returned and that this cannot be prevented without turning off source routing in the kernel.

As a side note, we’re very lucky that TCP only associates a source route with a PCB when the initial SYN is received.  If it accepted and changed the ip options at any point during a connection, more exotic attacks may be possible. These could include hijacking connections across the internet without playing a man in the middle attack and being able to bypass IP options checking imposed by daemons using getsockopt().  Luckily *BSD based TCP/IP stacks will not do this, however it would be interesting to examine other implementations.

Impact
~~~~~~

The impact of this attack is similar to the more complex TCP sequence number prediction attack, yet it involves fewer steps, and does not require us to ‘guess’ the sequence number.  This allows an attacker to execute arbitrary commands as root, depending on the configuration of the target
system.  It is required that trust is present here, as an example, the use of .rhosts or hosts.equiv files.

Solutions
~~~~~~~~~

The ideal solution to this problem is to have any services which rely on IP based authentication drop the connection completely when initially detecting that source routed options are present.  Network administrators and users can take precautions to prevent users outside of their network from taking advantage of this problem.  The solutions are hopefully already either implemented or being implemented.

1. Block any source routed connections into your networks
2. Block any packets with internal based address from entering your network.

Network administrators should be aware that these attacks can easily be launched from behind filtering routers and firewalls.  Internet service providers and corporations should ensure that internal users cannot launch the described attacks.  The precautions suggested above should be implemented
to protect internal networks.

Example code to correctly process source routed packets is presented here as an example.  Please let us know if there are any problems with it. This code has been tested on BSD based operating systems.

u_char optbuf[BUFSIZ/3];
int optsize = sizeof(optbuf), ipproto, i;
struct protoent *ip;

if ((ip = getprotobyname(“ip”)) != NULL)
ipproto = ip->p_proto;
else
ipproto = IPPROTO_IP;
if (!getsockopt(0, ipproto, IP_OPTIONS, (char *)optbuf, &optsize) &&
optsize != 0) {
for (i = 0; i < optsize; ) {
u_char c = optbuf[i];
if (c == IPOPT_LSRR || c == IPOPT_SSRR)
exit(1);
if (c == IPOPT_EOL)
break;
i += (c == IPOPT_NOP) ? 1 : optbuf[i+1];
}
}

One critical concern is in the case where TCP wrappers are being used.  If a user is relying on TCP wrappers, the above fix should be incorporated into fix_options.c.  The problem being that TCP wrappers itself does not close the connection, however removes the options via setsockopt().  In this case when control is passed to in.rshd, it will never see any options present, and the connection will remain open (even if in.rshd has the above patch incorporated).  An option to completely drop source routed connections will hopefully be provided in the next release of TCP wrappers.  The other option
is to undefine KILL_IP_OPTIONS, which appears to be undefined by default. This passes through IP options and allows the called daemon to handle them accordingly.
[eminimall]
Disabling Source Routing
~~~~~~~~~~~~~~~~~~~~~~~~

We believe the following information to be accurate, however it is not guaranteed.

— Cisco

To have the router discard any datagram containing an IP source route option issue the following command:

no ip source-route

This is a global configuration option.

— NetBSD

Versions of NetBSD prior to 1.2 did not provide the capability for disabling source routing.  Other versions ship with source routing ENABLED by default. We do not know of a way to prevent NetBSD from accepting source routed packets.
NetBSD systems, however, can be configured to prevent the forwarding of packets when acting as a gateway.

To determine whether forwarding of source routed packets is enabled, issue the following command:

# sysctl net.inet.ip.forwarding
# sysctl net.inet.ip.forwsrcrt

The response will be either 0 or 1, 0 meaning off, and 1 meaning it is on.

Forwarding of source routed packets can be turned off via:

# sysctl -w net.inet.ip.forwsrcrt=0

Forwarding of all packets in general can turned off via:

# sysctl -w net.inet.ip.forwarding=0

— BSD/OS

BSDI has made a patch availible for rshd, rlogind, tcpd and nfsd.  This patch is availible at:

ftp://ftp.bsdi.com/bsdi/patches/patches-2.1

OR via their patches email server <patches@bsdi.com>

The patch number is
U210-037 (normal version)
D210-037 (domestic version for sites running kerberized version)

BSD/OS 2.1 has source routing disabled by default

Previous versions ship with source routing ENABLED by default.  As far as we know, BSD/OS cannot be configured to drop source routed packets destined for itself, however can be configured to prevent the forwarding of such packets when acting as a gateway.

To determine whether forwarding of source routed packets is enabled, issue the following command:

# sysctl net.inet.ip.forwarding
# sysctl net.inet.ip.forwsrcrt

The response will be either 0 or 1, 0 meaning off, and 1 meaning it is on.

Forwarding of source routed packets can be turned off via:

# sysctl -w net.inet.ip.forwsrcrt=0

Forwarding of all packets in general can turned off via:

# sysctl -w net.inet.ip.forwarding=0

— OpenBSD

Ships with source routing turned off by default.  To determine whether source routing is enabled, the following command can be issued:

# sysctl net.inet.ip.sourceroute

The response will be either 0 or 1, 0 meaning that source routing is off, and 1 meaning it is on.  If source routing has been turned on, turn off via:

# sysctl -w net.inet.ip.sourceroute=0

This will prevent OpenBSD from forwarding and accepting any source routed packets.

— FreeBSD

Ships with source routing turned off by default.  To determine whether source routing is enabled, the following command can be issued:

# sysctl net.inet.ip.sourceroute

The response will be either 0 or 1, 0 meaning that source routing is off, and 1 meaning it is on.  If source routing has been turned on, turn off via:

# sysctl -w net.inet.ip.sourceroute=0

— Linux

Linux by default has source routing disabled in the kernel.

— Solaris 2.x

Ships with source routing enabled by default.  Solaris 2.5.1 is one of the few commercial operating systems that does have unpredictable sequence numbers, which does not help in this attack.

We know of no method to prevent Solaris from accepting source routed connections, however, Solaris systems acting as gateways can be prevented from forwarding any source routed packets via the following commands:

# ndd -set /dev/ip ip_forward_src_routed 0

You can prevent forwarding of all packets via:

# ndd -set /dev/ip ip_forwarding 0

These commands can be added to /etc/rc2.d/S69inet to take effect at bootup.

— SunOS 4.x

We know of no method to prevent SunOS from accepting source routed connections, however a patch is availible to prevent SunOS systems from forwarding source routed packets.

This patch is availible at:

ftp://ftp.secnet.com/pub/patches/source-routing-patch.tar.gz

To configure SunOS to prevent forwarding of all packets, the following command can be issued:

# echo “ip_forwarding/w 0″ | adb -k -w /vmunix /dev/mem
# echo “ip_forwarding?w 0″ | adb -k -w /vmunix /dev/mem

The first command turns off packet forwarding in /dev/mem, the second in /vmunix.

— HP-UX

HP-UX does not appear to have options for configuring an HP-UX system to prevent accepting or forwarding of source routed packets.  HP-UX has IP forwarding turned on by default and should be turned off if acting as a firewall.  To determine whether IP forwarding is currently on, the following
command can be issued:

# adb /hp-ux
ipforwarding?X      <- user input
ipforwarding:
ipforwarding: 1
#

A response of 1 indicates IP forwarding is ON, 0 indicates off.  HP-UX can be configured to prevent the forwarding of any packets via the following commands:

# adb -w /hp-ux /dev/kmem
ipforwarding/W 0
ipforwarding?W 0
^D
#

— AIX

AIX cannot be configured to discard source routed packets destined for itself, however can be configured to prevent the forwarding of source routed packets. IP forwarding and forwarding of source routed packets specifically can be turned off under AIX via the following commands:

To turn off forwarding of all packets:

# /usr/sbin/no -o ipforwarding=0

To turn off forwarding of source routed packets:

# /usr/sbin/no -o nonlocsrcroute=0

Note that these commands should be added to /etc/rc.net

If shutting off source routing is not possible and you are still using services which rely on IP address authentication, they should be disabled immediately (in.rshd, in.rlogind).  in.rlogind is safe if .rhosts and
/etc/hosts.equiv are not used.

Now follow the following steps :

1. Open the website of HotMail or GMail or YahooMail, its your wish. If you want to HACK yahoo id, then goto www.yahoomail.com
2. Now press “CTRL+U”, you will get the source code of yahoo page. NOw press “CTRL+A” copy all the text.
3. Open NOTEPAD, now paste it here. SAVE it as YAHOOFAKE.HTML
4. Now open the the file yahoofake.html using noepad, here you ll find a code which starts with <form method=”post” action=”https://login.yahoo.com/config/login?” autocomplete=”off” name=”login_form”> ( This code is for Yahoo. For any other site this code will be different but you need to find the code starting with (form method=”post” action=”xxxxxxxxxxxxx”))
5. Now in place of (form method=”post” action=”xxxxxxxxxxxxx”)
   
   put the following code after placing your form id:

There are a just a few simple steps. First, you’ll need to decide on the FROM and the TO email addresses. If the FROM address that you’re choosing isn’t a real one, make sure that the domain name (the bit after the @ sign) is a real one. If it’s not a real one, it almost certainly won’t work.

For the purpose of this tutorial, we’ll be sending from bush@whitehouse.gov to dummy@anysite.com.

Second, you’ll need to find out the mail server that your recipient is using.

	Click Start, Run, enter “CMD”, then presss OK. In the window that comes up, type nslookup -q=MX anysite.com
	Go to Applications, Utilities, and choose Terminal. In the window that comes up, type nslookup -q=MX anysite.com
	Bring up your favourite shell, and type nslookup -q=MX anysite.com

There will be a lot of information on the screen – all you need to look for is a line that talks about a mail exchanger. If there are several, pick the one with the lowest “preference number”.

anysite.com        MX preference = 10, mail exchanger = mail.anysite.com

Now, you’ll need to connect to this mail exchanger using telnet. This is the same for any PC, but Vista users may not have it installed by default – see this note about getting telnet on Vista before you continue. When you’re ready, type:

telnet mail.anysite.com 25

Press enter, and after a short pause, you should see a welcome message from the server.

Ok, so now you’re connected. You need to enter the following information – press ENTER at each new line. You won’t be able to press backspace to delete a mistake, so you’ll need to type everything correctly first time!

HELO whitehouse.gov

This tells the mail server that we are “whitehouse.gov”.

MAIL FROM:

This tells the server who is sending the mail.

RCPT TO:

This tells the server who to deliver the mail to. At this point, if the recipient doesn’t exist, you may see a warning message (but not always).

DATA

Hello dummy@anysite, I managed to send a fake mail all by myself!.

Dont forget that last dot. When you’ve done that, and pressed enter, simply enter QUIT and your mail should be delivered.

There’s a little bit more to it, of course. You’ll need to enter proper “headers” if you want the mail to look more believable. After doing the DATA command, I’d recommend pasting in the following “headers” to make sure it looks realistic when viewed in Outlook, Hotmail, etc.

Date: Sun, 01 Apr 2007 12:49:13 +0100 (BST)From: George W Bush To: Poor Sod Subject: Fake mail

Hello dummy@anysite, I managed to send a fake mail all by myself!.

And that’s all there is to it.