VoyForums
[ Show ]
Support VoyForums
[ Shrink ]
VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 12:38:04 09/12/00 Tue
Author: CyberStalker
Subject: I hacked yahoo accounts!!

I spent one morning looking at Yahoo's mail security ...here's what I've found and how I did it.....

I created an account whilst dialed into Pipex. I logged out and closed my browser. On reopening the browser I pasted in the following URL:

ht tp://mail.yahoo.com/py/ymTop.py?y=1

and this took me back to my account with out any error messages or prompts for a login. I then closed my browser, disconnected from Pipex and dialed
into Globalnet. When connected I opened my browser and pasted th e same URL:
And was taken back to my mail-box! This made me think there must be a cookie controlling this...sure enough there it was. (1 of 3)

One, the user@mail.yahoo.com cookie in the rough looks like this :


YM.Login
id%3dreIvr96lzVC4g%26s id%3dtMZu7cDVk5V9e%250a%26ts%3dX%2588B%2540
%25f5%2517%25cd%2599%25dc%253f%259c%25c1Y
mail.yahoo.com/
0
4227368448

29309637
2474945552
29188238
*
YM.Pref
farm%3d1%26silo%3dms4%26
email%3dmail-name%40yahoo.com%26head%3dbrief %26fwd%3dattach%26fontsz
%3dnormal%26msgwidth%3d72%26order%3ddown%26inc%3d50%26goto
%3dmsgmail.yahoo.com/
0422736844829309637247514555229188238*
but with all the Hex stripped out it slightly more managable:

[YM.Login]
id=reIvr96lzVC4g &< br>sid=tMZu7cDVk5V9e%0a &
ts=X%88B%40%f5%17%cd%99%dc%3f%9c%c1Y
mail.yahoo.com/0422736844829309637247494555229188238*


[YM.Pref]
farm=1 & silo=ms4 & email=mail-name@yahoo.com &
head=brief & fwd=attach & fontsz=normal &
msgwidth=72 & o rder=down & inc=50 & goto=msg
mail.yahoo.com/
0
4227368448
29309637
2475145552
29188238
*


After being logged off for around an hour I reconnected to the Internet and pasted that URL again and got back in......this made me suspic ious. I clicked on exit and checked the whole "exit" document. Down the bottom I found a link :

Log off completely.


Nice of them to warn you and put it way down the bottom. Most new users will not realise that the log off process is a double actio n...if you log off "completely" then the cookie is removed from the Temporay Internet Files directory.

What does all this mean ?
Security wise if you can get physical access to a machine that someone has used to collect their mail and not done the d ouble log off then you can
access their account perhaps ad infinitum. (I don't know yet if the cookie has a TTL so to speak.) In practice this means you'll be cracking a friend's,
work (or school) colleague's or family member's account. Good for s nooping on your girlfriend's e-mail activities too.... . Unfortunately
you can't copy it to a floppy disk and save it in your own computer's Temporary Internet Files directory because of the ":" ...What you'd need to do is copy it to a flo ppy anyway...so you've got what info you need...then, now here's the complicated part :

Set your own PC up as a webserver as well as a DNS server (if you've got NT Server your laughing). Create a DNS entry for mail.yahoo.com and use the loopback (127.0. 0.1). Then create an htm file with the necessary script to impart a cookie with this same
information. Connect to mail.yahoo.com (you'll actually loopback) and the cookie will be downloaded to the Temp Net files Directory....

A big hassle to do...pr obably easier to watch them type their password ;o) but it's knowing how it can be done..that's the important thing. Btw, just for any of you jokers out there...I've modified the security identifier and the e-mail account name etc....I'm not gonna give yo u a copy of my real cookie then tell you how to exploit it...get real ;o) There'll be other ways to crack yahoo, of course....this is just my offering on the matter...for now anyway.

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Replies:

Post a message:
This forum requires an account to post.
[ Create Account ]
[ Login ]
[ Contact Forum Admin ]

Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.