Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 22
Members Online: 2

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Page 2 of 2 < 1 2
Author

RE: Injecting session cookies

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 05-09-08 22:04
hacker2k wrote:
Why would you go through that trouble? If you rooted them, you could just sniff the traffic and get their UN/PW.


Why would you go through that trouble? If you rooted them, you could just use a keylogger and get their UN/PW.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Injecting session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 22:08
spyware wrote:
hacker2k wrote:
Why would you go through that trouble? If you rooted them, you could just sniff the traffic and get their UN/PW.


Why would you go through that trouble? If you rooted them, you could just use a keylogger and get their UN/PW.


But why would you root them if you are going to use a keylogger? You can just email them a keylogger.

Edit:
And because keyloggers aren't fun. And, because keyloggers could be detected.

Edited by on 05-09-08 22:12
Author

RE: Injecting session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 22:24
hacker2k wrote:
spyware wrote:
hacker2k wrote:
Why would you go through that trouble? If you rooted them, you could just sniff the traffic and get their UN/PW.


Why would you go through that trouble? If you rooted them, you could just use a keylogger and get their UN/PW.


But why would you root them if you are going to use a keylogger? You can just email them a keylogger.

Edit:
And because keyloggers aren't fun. And, because keyloggers could be detected.


Why in the hell would you set up remote attacks targeting the computer you already rooted... dumbass


Author

RE: Injecting session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 22:28
stdio wrote:
And because keyloggers aren't fun. And, because keyloggers could be detected.


Why in the hell would you set up remote attacks targeting the computer you already rooted... dumbass[/quote]

Yeah, that's why I said, "Why would you root them if you are going to use a keylogger?" You don't need to.
Author

RE: Injecting session cookies

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 05-09-08 22:30
Sniffing traffic means obtaining possibly encrypted data. Keylogging means direct results, character-per-character readouts.

Do the math.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Injecting session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 22:33
spyware wrote:
Sniffing traffic means obtaining possibly encrypted data. Keylogging means direct results, character-per-character readouts.

Do the math.


I see, but then what's the point of rooting the box?
Author

RE: Injecting session cookies

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 05-09-08 22:34
hacker2k wrote:
I see, but then what's the point of rooting the box?


Getting to set up a keylogger without 3rd party interaction. You don't need outbound connection in order to obtain the logs (if you can hold the box, that is).



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Injecting session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 22:37
spyware wrote:
hacker2k wrote:
I see, but then what's the point of rooting the box?


Getting to set up a keylogger without 3rd party interaction. You don't need outbound connection in order to obtain the logs (if you can hold the box, that is).


Ahh, I see. Didn't think about that.
Author

RE: Injecting session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 00:20
It could just be easier to fond a blind sql vuln in the site, get the whole list of session IDs and IPs/referers/geohashes/whatever and spoof the lot till you find admin.


Author

RE: Injecting session cookies

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 06-09-08 00:27
jjbutler88 wrote:
It could just be easier to fond a blind sql vuln in the site, get the whole list of session IDs and IPs/referers/geohashes/whatever and spoof the lot till you find admin.


Good luck spoofing an IP.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Injecting session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 00:59
Okay, so, let's recap... the only thing initially contained within your cookies, from your session, is the session ID itself. I just verified this to be sure, so don't argue. The problem is preventing session hijacking... and the solution above (tracking SessID / IP in a db) works well. However, I believe there may be an even better solution by using the session_regenerate_id() PHP function.

http://us2.php.ne. . .ate-id.php

Quite simply, if you have an include at the top of your source on all authenticated pages that checks for certain session variables (not cookie variables) and regenerates the session id on each page load... you reduce the amount of time that the person holding the stolen session id has to actually use it.

Of course, this does nothing against preventing theft of credentials. Don't think there will ever be a "cure" for that one.

jjbutler88 wrote:
It could just be easier to fond a blind sql vuln in the site, get the whole list of session IDs and IPs/referers/geohashes/whatever and spoof the lot till you find admin.

... and this is why I'd rather regenerate sessions than store the crap in a db. The less static the information is, the less chance of it being exploited.




Edited by on 06-09-08 01:01
Author

RE: Injecting session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 02:47
chronicburst wrote:
Yea that's good to know. So could you root Alice's computer and use it as a proxy and inject the cookie. Because the cookie is in the database would it be reused? I don't see why a cookie would be reused unless if it were authenticate by the IP, which it would be. And then the cookie changes every so often.


Pardon if it's a dumb question, but what exactly does it mean to root someone's computer?

Edit: New question. I'm attempting to session hijack the session of my second account, so I'm using the same computer, same IP address, changed user-agent switcher so that it would match the correct browser... and it still didn't work. Then I noticed that, possibly related, Tamper Data was showing a new request header, named "If-None-Match". The corresponding value is 32 hexadecimal digits long. I could try messing around with it, but I think the real question is why is it there? (If it's relevant.) Any ideas where to start my investigation?

Edited by on 06-09-08 04:02
Author

RE: Injecting session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-08 05:32
Karrot wrote:
<snip>
...request header, named "If-None-Match". ... Any ideas where to start my investigation?


This looks promising: http://www.google.com/search?hl=en&q=if-none-match+header&btnG=Google+Search&aq=1&oq=If-None-Match+h

Read.


Page 2 of 2 < 1 2