New Post

Rss

Friday, April 22, 2011
Hack email accounts or passwords using session cookies

Hack email accounts or passwords using session cookies

Hi friends, welcome back today i will explain you how to hack email accounts and passwords of almost each and every website using session cookies. In my previous article i have explained you about session hijacking. Today i will show you the practical implementation of session hijacking that how can we take over others sessions and hack his email accounts and other website passwords. In this tutorial of hacking email accounts using session cookies, i will explain you with the help of yahoo account. I will tell you how to hack yahoo account using session cookies.

What are Session Cookies or Magic Cookie or Session ID?
Lets discuss this in very simple language, Whenever we login in our account, it generates a unique string that contains the path of automatic login for particular time then after that limited time it expires by itself.
Note its life is only up to when your web browser is open. If you close your web browser it will be get deleted(Its latest up gradation in cookie's field for providing more security).
Now this unique string or simply called Magic cookie is stored at two places first copy is stored on server(of which we cannot do anything) and second is stored in our web browser in form of cookie.
This cookie is destroyed by three ways first is when you close your web browser, second is when you sign out of your account and third is if you left your account open for more than 20 minutes idle.


How to access the cookies on local system?
As i am explaining this tutorial for hacking yahoo email account. So in your web browser just open yahoo.com and login into your account.
After that type the below code exactly and then press enter:
javascript:alert(document.cookie);
Now a popup box will appear showing the cookies something like this:
How to hack email account using session cookies

Now create one fake account on yahoo.com and login in that account and retrieve the cookie in same manner and notice the changes in session ID's.

For hacking the session cookies we first need the session cookies of the victim and its quite simple to get the session cookies of the victim. You just need to send him one link as soon as he clicks on that we will get his session cookie.

After hacking the session cookies, we can use stolen session cookie to login into victim's account even without providing username and password as i already explained that session hacking removes the authentication on the server as we have the AUTO LOGIN cookie. In this type of attack when victim sign out , then hacker will also sign out. But in case of YAHOO its little bit different, when victim signout but attacker still have the access to his account. Yahoo maintains the session for 24 hours and then destroy the session ID's from its server.


How to Steal the Session Cookies?
1. Go to the any Free Web hosting server Website which supports PHP and register.

2. Download the Cookie stealer files:

3. Now upload the four files on the website and create one empty directory naming Cookies as shown below:

hack session cookies using cookie stealer

4. Now Send the link of yahoo.php to victim. Now what will happen when user clicks on the yahoo.php is that its cookies are get stored into directory Cookies and simultaneously he is redirected to his account.

5. Now open the link Hacked.PHP to access the cookies. In my files the password is "password". You need to put that to access the files.

hacked email account

6. You must have got the username of victim's account. Simply Click on it and it would take you to inbox of victim's yahoo account without asking for any password.


hacked account cookie details

Now it doesn't matter if victim signs out from his account, you would remain logged into it.

Note:
You can try this attack by using two browsers. Sign into yahoo account in one browser and run the code. Then sign in through other browser using stolen session.

In my next article, I will explain you how to decode the cookies. In this tutorial you will get the cookies only which are in encypted form. You will be able to login but you will not know what information it contains. As we are professional hackers we must know each and everything, so wait till next article..

Hope you all have liked it.... IF you have any queries ask me....
Please comment...

Tuesday, April 12, 2011
Session Hijacking : How to hack online Sessions

Session Hijacking : How to hack online Sessions

Hello friends, i am back and from now onwards we will explore the most advanced Hacking Techniques. One of them is Session Hijacking. In today's tutorial we will discuss How to hack the online sessions using Session Hijacking. In today's Hacking class, i will explain basics of Session Hijacking like What is session Hijacking and Different types of Session Hijacking attacks and different methods to Hijack the sessions. In my next tutorial that is tomorrow i will explain you in Detail How to Hijack the Sessions and what tools you will need to Hijack the active sessions. So friends read on...

How to hack online sessions, session hijacking
How Session Hijacking works


What is Session Hijacking?
Let's discuss them in common term's, Session Hijacking by the name only it suggests that we are hacking someone's active session and trying to exploit it by taking the unauthorized access over their computer system or Network. So Session Hijacking is the exploitation of valid computer or network session. Sometimes technical guys also call this HTTP cookie theft or more correctly Magic Cookie Hack. Now you guys surely be thinking what is Magic Cookie.
Magic cookie is simply a cookie that is used to authenticate the user on remote server or simply computer. In general, cookies are used to maintain the sessions on the websites and store the remote address of the website. So in Session Hijacking what Hacker does is that he tries to steal the Magic cookies of the active session that's why its called HTTP cookie Theft. Nowadays several websites has started using HTTPS cookies simply called encrypted cookies. But we all know If encrypter exits so its decrypter also :P..

Session Hijacking is the process of taking over a existing active session. One of the main reason for Hijacking the session is to bypass the authentication process and gain the access to the machine. Since the session is already active so there is no need of re-authenticating and the hacker can easily access the resources and sensitive information like passwords, bank details and much more. 

Different Types of Session Hijacking
Session Hijacking involves two types of attacks :
1. Active attack
2. Passive attack

In Passive attack, the hacker Hijacks a session, but just sits back and watches and records all the traffic that is being sent from the computer or received by the computer. This is useful for finding the sensitive information like username passwords of websites, windows and much more...

In Active attack, hacker finds the active session and takes over it. This is done by forcing one of the parties offline which is usually achieved by DDOS attack (Distributed Denial of service attack) . Now the hacker takes control over the active session and executes the commands on the system that either give him the sensitive information such as passwords or allow him to login at later time.
 There are also some hybrid attacks, where the attacker watches a session for while and then becomes active by taking it over. Another way is to watch the session and periodically inject data into the active session without actually taking it over.

Methods to Hijack Sessions
 There are four main methods used to perpetrate a session hijack. These are:

  • Session fixation, where the attacker sets a user's session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
  • Session sidejacking, where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.
  • Alternatively, an attacker with physical access can simply attempt to steal the session key by, for example, obtaining the file or memory contents of the appropriate part of either the user's computer or the server.
  • Cross-site scripting, where the attacker tricks the user's computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.
That's all for today tomorrow we will discuss in detail How to do the Session Hijacking practically. 
I hope you all like this...
If you have any queries ask me in form of comments...
How to Enable Registry disabled by Administrator

How to Enable Registry disabled by Administrator

Hello friends, today i will explain you the solution of very common problem that usually users face i.e whenever you try to open registry editor you get an error message "Registry has been disabled by Your Administrator". It's a very common problem and its solution is also quite simple if you know playing with registry. My main motive is not to provide or directly feed you the solution. I want that you should explore the things. So Let's explore the registry... 

Enable registry disabled by admiistrator or admin
Enable Registry Disabled by Administrator

 
What is Registry?
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user interface and third party applications all make use of the registry. The registry also provides a means to access counters for profiling system performance.
I know most of you know that registry is called the "BRAIN OF WINDOWS" which store all the information in form of registry keys or technically we call them DWORD or STRING or BINARY or MULTI-STRING values which stores the data into the data in the form the name suggests. 


How to enable the Registry disabled by Administrator?
The following message usually displayed when your system is infected by some virus that changes the registry value and hence you get an error message displaying " Registry is disable by Admin". So to fix it you also have to edit the registry but since your registry has been disabled so you cannot directly access it. For this you need to create one registry file that will update the dword value into the registry database.

Steps to enable registry:
1. Open the Notepad.
2. Copy the below code and paste into the notepad.

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

3. Now save the Notepad file as "anything.reg"(without quotes) and remember to select the file type as all files while saving otherwise you will not been able to execute it.

4. Now Close the file and open by double click on file and then click ok.




How to Do it using GPEDIT.MSC
Just follow this:
Start -> Run -> gpedit.msc -> User Configuration -> Administrative Templates -> System -> Prevent access to registry editing tools -> Right Click Properties -> Disabled

That's all the simple hack to Enable the Registry disabled by Administrator. Isn't that simple...

I hope you all have liked it... If you have any queries ask me in form of comments.

Designed by Hackingloops.