Microsoft Outlook

HackWannabe

Ok guys, i really need your help here...!
So, im doing my dissertation on digital security and my project supervisor has asked me to demonstrate an attack on a network for the presentation part of it. So I was thinking it would be pretty cool if i could hack into the lecturer's email account! All i no is that they are Outlook accounts.
Basically, what i need is someone, to explain to me (in plain english) exactly how to do this. I no its a lot to ask but im really desperate!!
Or alternatively, if anyone could come up with any suggestions of other easier attacks i could demonstrate, this would be great.

Please help!!

Kali

I really wouldnt advise that as a "cool thing to do"... instead simply play around with a few network sniffers (ethereal or the like) and display the fact that the vast majority of information transmitted is in plain text, and that the data load of any particular packet could contain passwords or important information.

Easiest way to demonstrate this is to have three computers connected to a hub, one acting as a test mail server, one as a client, and run the packet sniffer on the third machine.. client checks his mail and hey presto youve got his password...

but dont go actually trying to hack any real network or mail accounts. not a good idea and your lecturers will NOT be impressed.

zAbbo

What kinda email server, i think they(dkit) use OWA, which i assume they havent changed over to the squrrel mail that the students use. First things first find out what version they`re using linky here
throws up " Version 5.5 SP4", search for any vulnerabilities on this version.

Anyway thats seems quite high level if you never messed with "security" before.

Easier attacks would be DoS attacks of some sort. I`m sure all of this would have to be done in a controlled environment

HackWannabe

The problem with a DoS attack Baz is that i really dont want to make some website crash. At least with a hacking attack, i can go in and out without any real harm done. You see my problem?

zAbbo

Originally posted by HackWannabe
The problem with a DoS attack Baz is that i really dont want to make some website crash.

website/server whatever

I dont think the merit will be on "hey look at what i can do" but more so on the vulnerabilities that exist and the methods that can be used to achieve the information that would allow an attack, so they have an email server, you can show how easy it is to find the IP address, then run a port scan on the server....etc.

Im not sure what aspect you`re taking this project from, but im sure the college has adaquate intrusion detection to trace/track any hax attempts(well the *nix machine will). Maybe tou could run something like Kali mentioned, more of a controlled environment.

theciscokid

DoS attacks are so low, the scum of the internet.. zombies controlling zombies

boy i hate them :rolleyes:

Capt'n Midnight

Dissertations - that's your cover story ??

Hacking into someones email account - especially when it could contain sensitive correspondence like results / requests etc. - I'd reckon it's the sort of thing you could easily and justifiably get expelled for.

And even if the Lecturer agreed you would still have to get an OK from IT and HR..

BTW: you KNOW(SP) very little if you say it's outlook
Outlook express
Outlook / SMTP
Outlook Exchange or other LADP etc. etc.

Thin Ice mate - if you haven't thought the implications through. Find out from you lecturer what is acceptable before going any further - a test environment is needed - you DON'T want to succede in a hack attack on a production network.

zoro

yeah i agree with MC here .... if anything, see if it'd be possible to have an account setup for this purpose

or even better do it on your own machine!

Ryaner

The packet sniffer would work wonders if the Outlook account is moveable. Ie they can log into multiple pc and get their full inbox. If this is the case, you can, in effect, sniff all the packets going to an email inbox and get outlook on your machine to open them. There is programs for doing this thru a kind of site mirror as such but it will really depend on how the log in for outlook takes place.
I agree with Kali tho. Setup a test network and send email and sniff them. It's alot easier and safer. Collages have a very very big backlash at people who try to hack them or abuse their systems

Capt'n Midnight

BTW Exchange server can use secure connections.

Ryaner

Originally posted by Capt'n Midnight
BTW Exchange server can use secure connections.

Std outlook connections on roaming outlook account (ie ones that the login details are kept with the system login) tend to be mainly plain text with no security