TUCoPS :: Web :: Specific Sites :: hhotmail.txt

Hacking Hotmail

     _|_|_|  _|        _|     _| _|     _|  _|     _|    _|_|_|   _|      _|_|_|
     _|      _|      _|  _|  _| _| _|  _| _| _|  _|  _|  _|   _|  _|      _|
     _|_|    _|      _|_|_|  _|    _|  _|    _|  _|_|_|  _|_|_|   _|      _|_|
     _|      _|      _|  _|  _|    _|  _|    _|  _|  _|  _|   _|  _|      _|
     _|      _|_|_|  _|  _|  _|    _|  _|    _|  _|  _|  _|_|_|   _|_|_|  _|_|_|

                  _|_|_|   _|  _|  _|_|_|  _|_|_|  _|_|_|  _|_|_|
                  _|   _|  _|  _|  _|      _|      _|      _|
                  _|_|_|   _|_|_|  _|_|    _|      _|_|    _|_|_|
                  _|       _|  _|  _|      _|      _|          _|
                  _|       _|  _|  _|_|_|  _|_|_|  _|_|_|  _|_|_|

                         Another one bites the crust


Title:      |||| "Hacking" Hotmail ||||

Date:       April 30, 1998 {Rev. 2, 11-19-98)
Author:     rootwurm



they've fixed it.  this text is obsolete.  quit reading it.  i don't know another way (yet).

don't email me about hotmail.  thanks :-)


Please verify that the following information is correct BEFORE emailing me and telling
me you can't get it to work.



Now, lemme 'splain what i mean...

	An IP address is just a numerical identification for any computer on the internet.  
Everyone has one though it's not always unique.  If you don't have a basic understanding of how 
the net works, you don't deserve to hack anyway, but some of us need motivation to learn, so 
i'll let you read this anyway :-P

	Most intranets that allow internet access do this either through a proxy server, or 
some form of 'all-in-one' net access.  for instance, at my school we have 7 fiber optic T1 lines
that allow access to the internet from different workstations in the district.  whenever someone
at my school logs onto the internet, they get the ip address of
Anytime anyone at my school logs into their hotmail account, they leave themselves wide open.

	The other circumstance that must be met is that they must either be still logged into
their hotmail account, or they must have less than 10 minutes of idle time.  Hotmail 
automatically logs people out who have not done anything for 10 minutes (this makes the hack
a bit more difficult, and i think the 10 minute limit was done for this reason)

Ok, lets say all circumstances are met and you see that hackmyaccount@hotmail.com is logged in
next to you on an intranet computer.  You know they have the same ip address, and they're sending
a letter to their grandma telling her that the opiate shipment is here from florida so you know
they're still active.  simply goto the url:


that's it, other methods are explained below, but i think people just wanted a program that
would automagically hack someone's account.  get real.  there are plenty of methods of hacking
hotmail, i just don't have time to explain them to dumbasses who are too lame to even read the
fact that you have to have the same ip address and they have to be logged in.

i apologize if i've offended you, but please, think twice before you go off being a complete
moron and making yourself look bad.

if you've emailed me saying 'this doesn't work' only to find out you didn't read everything then
please, do me a favor  (Now, this may be a new concept for you, and it may be painful at first,
but lots of people do it everyday and i hear it's quite enjoyable.) just THINK about shit for
a second.  I know, i know, i'm asking too much, but please...if ignorance was painful, 80% of
the population would live on valium.

(not that i'm a genius, but at least i can tie my own shoes)

quoth the rootwurm, nevermore.

++++++++++++++++The old text++++++++++++++++

Hotmail is a very great thing.  And i kinda dislike telling people how to hack such a great
system, but hey, we're the flammable pheces. (nuff said :-)

as you know, when you try to login to hotmail with a username, it doesn't check to see if it
exsists or not.  if you want to know whether or not a username really exsists, then just goto
http://www.hotmail.com/cgi-bin//start/theirusername/.  if the username exsists, then it will say
"Logged out, try loggin back in" but if it doesn't, it will give you some weird server error.

now for the hack-

in order for this to work, two things must happen.

        1.  The user must be logged in.
        2.  You must have the same IP address as them.

there is no getting around this, sorry.  let me lay down a scenerio for you, so you can get an
idea when this might be useful.

        You're sitting in class, browsing the net.  You're on a schoolwide network that lets
        you get on the net.  the person next to you is reading their hotmail, and you can
        see that their usename is ilovetohunt@hotmail.com.  now is your chance to load up
        the same page they're looking at to read their mail, delete their mail, etc.

here's the easy way:

just look at their username and goto: http://www.hotmail.com/cgi-bin//start/theirusername/
where "theirusername" is their username (how about THAT logic, huh!)


goto www.hotmail.com and login with YOUR account as usual.  right click in the main frame (the
one that says "you have 0 new messages in your INBOX" and add it to your bookmarks (this is only
temporary).  then click LogOut.  It will ask you if you want to login as another user, and you 
do.  put their login name (in the example above, their login name is ilovetohunt, not 
ilovetohunt@hotmail.com) and press login.

now it asks you for a password, just click the ENTER button and it will say "sorry invalid 
username/password combination."  the ip address in the top should be something like this:

now, the thing that interests us is the numbers right after their username 
(e.g.  now just goto the bookmark you just set.

replace your username with their username, and replace the DISK=number with their number.



now hit enter, and you will see their page.  you can now browse their folders, read any
of their mail, and delete anything you wish (don't delete their shit, though...it's not nice)

======How it works======

when a person logs into hotmail, it grabs their page from a different server and posts it so they
can see it.  it also puts on there something like "don't show this to anybody unless they are
from the same ip"

after the person logs out, it puts the page back on that server which can only be retrieved
by a password (their hotmail password)

when you goto http://www.hotmail.com/cgi-bin/start/theirusername/ or
while they're logged on, you're just retrieveing the page because it's now open to the "public"
if you have the same ip address as them.

that's it, if you have any questions, pray.  if that fails, email me (rootwurm@pheces.org)


rootwurm (rootwurm@pheces.org)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH