Admin usage and acess
Mpadmin privileges can give you access to the entire server email access from within your box.
In theory this means, you can be the CEO, The accountant, the secretary or use anyone email within the organization, you can send payment request and approve it, you can control the flow of information within the organization, you can set up more official emails or do alot of internal exploits, push malwares to everyone within the organization.
All using admin privileges.
Will share a video guide next on various admin settings that can be useful for silent use of admin boxes.
What to look out for, how to know if someone else is in the box with you and how to deactivate their rules without them knowing it.
How to stay mute in a box
How to properly use rules.
Will also share practical examples after the video guide
let's say we have access to an admin box
"admin@bankroll.com",
and there are three other emails under the company, payroll@bankroll.com, clerk@bankroll.com,info@bankroll.com.
mailbox delegation:
Send as ()
The Send as permission allows the delegate to send an email from this mailbox.
Message will appear to have been sent from this mailbox owner.
This means that when you have access to admin@bankroll.com you can send message on behalf of
payroll@bankroll.com, clerk@bankroll.com,info@bankroll.com.
to enable this click on the admin icon on the box ---> click on advanced settings on the new tab
---> mailbox --> double clcik on the email you wanna add --> on the delegation tab -->
change the permission from (0) to (1).
1 means yes
0 means no
Send on behalf (0)
Send on Behalf permission: This allows the delegate to send email on behalf of this mailbox. The From line in any message
sent by a delegate indicates that the message was sent by the delegate on behalf of the mailbox owner.
This rules sends on behalf, it shows you sent on behalf of the person
we are generally not interested in these permissions, the one we need to pay attention to is...
Read and manage (Full Access) :
The Full Access permission allows a delegate to open this mailbox and behave as the mailbox owner.
you can do everything if you set this permission to true. it will give you total access,to send,add rules, delete message and more.
we should always make sure this is turned on if you need to have full access to the box you are monitoring.
to set this,follow the steps below.
to enable this click on the admin icon on the box ---> click on advanced settings on the new tab
---> mailbox --> double clcik on the email you wanna add --> on the delegation tab --> type the admin you have access to and add it -->
change the "Read and manage (Full Access)" permission from (0) to (1).
Also you can set up mail forwarding from the mailbox, let's say you wanna add a filter for invoice, and you wanna do it from the admin side for
a few reasons. firstly note that settings from the admin console has priority to individual mailbox settings.
this means you as a admin box access holder can take control of a box and overide rules set locally by the box user.
why is this useful? in a scenerio where you gain access to a box's admin and while searching you noticed someone is
in one of the boxes under the company, let's say the person is tracking and monitoring a transaction but the box the person has access to isn't an admin,
so naturally instead of editing the rules he set in place to divert traffic you can silently overide his rules from the admin account you
have access to. it gives you supreme power if you know how to use it. this also should give you perspective that the box you are in, if it's not an admin
someone else could be diverting your work so always pay attention and try to be stealthy in boxes, leave as little trace as possible
because if you set too many rules or leave traces you'd lead another person to your prize in that box.
will share more admin use case because there's alot more you can do with an admin
What are office rules?
They are management tool used to organize and make changes within the box
Rules allow you to move,flag, and respond to email messages automatically.
Create a rule on a message
Right-click an existing message and select Rules > Create Rule.
Select a condition, and what to do with the message based on the condition.
For example, to move messages with a certain title to a specific folder, select the Subject contains condition, select Move the item to folder, select or create a New folder, and then select OK.
When you're done creating the rule, select OK.
To use the rule right away, select the Run this new rule now on messages already in the current folder checkbox, and then select OK.
The message now appears in that folder.
Create a rule from a template
Select File > Manage Rules & Alerts > New Rule.
Select a template.
For example, to flag a message:
Select Flag messages from someone for follow-up.
Edit the rule description.
Select an underlined value, choose the options you want, and then select OK.
Select Next.
Select the conditions, add the relevant information, and then select OK.
Select Next.
Finish the rule setup.
Name the rule, setup rule options, and review the rule description. Click an underlined value to edit.
Select Finish.
Certain rules will only run when Outlook is on. If you get this warning, select OK.
Select OK.
now, to you the sharp hustler what are these rules really for?
They can make your work easier, instead of having to manually watch the box for incoming email you are expecting, you can set rules, these rules can be anything from watching out for an “invoice approval” or certain mail from “account payable”
Rules can enable you to stay stealthy mode and silent in a box. In cases where you set rules but don’t set them properly your job will cast.
Here’s a scenario.
You are expecting a payment request from a mail clubairways@mayfair.com
And you set rules to make sure that when new message from clubairways@mayfair.com comes in, it should be sent to a folder where the original user isn’t active.
Here’s the check list
You set rule for moving the incoming mail
you mark the message as read
You mark the message as read
let’s say you forgot to mark as read
When the message eventually comes in the original user will see a new message alert, and the number will be displayed in the folder you set. This can lead her to your job. She’s see other mails you have diverted or better still check her rules and figure something is up.
But if you already disabled notification for that specific mail you will remain undetected.
Rules have many other practical use like used for monitoring multiple boxes while you focus on other things.
How To Avoid 2FA While Logging In Yahoo❓
It looks like yahoo has increased their security on accounts. It's becoming harder and harder to crack accounts. I'd imagine that buyers are having issues with logging in as well.
If you aren't having issues using yahoos after October 15 2021, then good job, you already know how to use accounts on websites with higher security. However if you are having issues, you should keep reading this guide. You may have never had issues before with using yahoos with the method you have. Sadly, as time goes on, methods die or need some changes to stay relevant.
How to properly use yahoo accounts?
I'm gonna start off by clearing up some misconceptions. Most of the time if you're getting 2fa, the account isn't dead by any means. When I crack accounts the tool I use tells me which accounts have 2fa and which do not. It only flags the login as valid, if it actually logs in and loads the mailbox... So, when you're buying my logs and you're getting 2fa, something you are doing is triggering yahoo's website security.. There is a noticable difference between 2fa triggered by security and 2fa that is set by the account owner. The way to tell the difference between 2fa triggered by security and 2fa the account owner set up is whether or not you've entered a password.
Example 1: You type the email, hit enter, and the next screen pops up to enter the password, and after you do so, then you get 2fa. That account is most likely salvageable as you triggered security.
Example 2: You type the email, hit enter, and 2fa pops up without any chance to enter the password.
That's 2fa from the account owner and the log is dead.
If the log has 2fa from security.. Good news! The log is by no means dead. Give it a few hours and try again while following the guidelines you'll read about in a moment. With that out of the way, here is how to never trigger security aka 2fa ever again.
1) Never use the same IP for more than 3 accounts
Using the same IP is a huge redflag for yahoo's security. I mean think about it, wouldn't it be weird to have an account that has the same 2-3 ips logging into it for years suddenly have at least 2 different IPs logging into it, all within a short timespan? I say 2 different IPs because the proxy used to crack the account also counts.
2) Between each login clear cookies
The way a website keeps yahoo logged in after you close out a browser is via cookies. They're usually encrypted strings of text that is sent to the server of the site you're connecting to that lets it know you were already logged in, and to load up your account. Not clearing these between logins makes yahoo's security suspicious of the traffic. Think of yahoos security like test. It has all of these things it watches out for and everytime you do one of them you get points added to your score. Unfortunately, with this test, you don't want any points. The more you have the worse you've failed the test. After a certain threshold of points is met, yahoo's security will force a 2fa check.
3) Use Firefox and this addon https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
When you login to a website it can gather a lot of data about you via JavaScript. Things like the resolution of your monitor, the size of the browser window, pixel density, your time zone, what fonts you have installed and a whole lot more. What they can do with that information is make a "fingerprint". Now it might not seem like it but that fingerprint is most likely pretty unique. There's a lot of computers in the world, and lot of ways to set them up. To learn more about browser fingerprinting, check out https://amiunique.org/, they offer clear explanations on all of the different facets of fingerprinting and live examples showing what your browser tells websites.
4) Type the username and password, never copy paste
5) try using https://dichvusocks.us it looks like shit but the proxies are computers in a botnet, so they're residential IPs and not datacenter.
6) Don't load https://mail.yahoo.