Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 20
Members Online: 2

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

LAN session hijacking, log into anyones accounts.

Infam0us
Member



Posts: 153
Location: 0x080484c6
Joined: 06.09.07
Rank:
Apprentice
Posted on 05-09-08 02:44
I changed my mind Ill go ahead and explain the session piggy backing, everyone needs to learn to use tools. Just dont use them without having a clue how they work and take credit for others hard work. :whoa:

You can steal the session of any other user on your Local Area Network. This includes schools, work, home, someone else's home, someone else's work, someone else's school.
I dont know how many know about this but this is a hacking forum so I will share the info.

It is possible to hijack an account of any user on any website that uses sessions. If Bob is on the same LAN as me and he logs into his Gmail from his office, and I am sifting out the proper information from the network traffic, I am also logged into his Gmail. This is done by sniffing out the proper cookies, session data and URL's from the network traffic on the LAN.

There is a tool called hamster (cookie injector) and an excellent sniffer called ferret, ferret is referred to as a network sniffer on steroids. Using these 2 tools together (hamster and ferret) you can do amazing things. These tools were written by Robert Graham (CEO Errata Security) and he showed the power of his tools at the Black Hat 2007, around August 2nd, 2007. The tool ferret sniffs out all cookie and session data from the network and the tool hamster prepares them (in a great easy to use web interface) for cloning. With these tools you can connect to any wifi hotspot and use anyones account that they log into or have live sessions for while on the hotspot.

Extremely dangerous but also extremely fun Grin.

I have tried this out (of course on my own network..) and I must say it is quite amazing. I have had problems with yahoo though, you must click the IP you want then click yahoo.com and after you see the account you are logged into you need to delete all the cookies from your browser (i use cookie editor (firefox addon)) and then click the mail and go into the account.

Google has protections against this by making you re-enter any password information before editing any account information..

I believe BT3 also has something similar (wifizoo) I thnik? But I am still using BT2 because I love it so much so I think I will stick with ferret and hamster for now :happy:

These tools can be downloaded here,
http://www.errata. . .acking.zip

Anyway this is a great set of tools and just thought I would share them with everyone who didnt know about them previously.


"Never memorize what you can look up in books." -Albert Einstein
www.rohitab.com/discuss/style_emoticons/default/suicide_anim.gif
[img]http://www.hellboundhackers.org/fusion_infusions/buddy_panel/buddy_delete.php?id=2783[/img]


[img]javasc ript:alert(document.cookie);[/img]
Author

RE: LAN session hijacking, log into anyones accounts.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 02:59
Nice thread Grin


Author

RE: LAN session hijacking, log into anyones accounts.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 03:10
You know, if you had written this up as an article, it would've been better than 75% of the articles we currently have...

Not that that's saying much, but I thought I'd mention it. Thanks for the input on that subject.


Author

RE: LAN session hijacking, log into anyones accounts.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 03:46
Hey umm. I almost feel this could be... Too, lets say, harmful to be public. Imagine the little school boy who wants his A in Bio or something and well, uses these tools to capture the session cookies of his teachers grading session and then changes his grades. Highly likely to happen. Lets at least convert this thread into articles because many people seem to not read them. I remember I use to not, I was dumb. They are filllllled with information.


Author

RE: LAN session hijacking, log into anyones accounts.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 03:55
chronicburst wrote:
Hey umm. I almost feel this could be... Too, lets say, harmful to be public. Imagine the little school boy who wants his A in Bio or something and well, uses these tools to capture the session cookies of his teachers grading session and then changes his grades.


Yeah, and the little bastard will get found out because young people don't have one thing that helps us: experience.


Lets at least convert this thread into articles because many people seem to not read them. I remember I use to not, I was dumb. They are filllllled with information.


Umm... you were reading the articles here? 95% of them are crap.


Author

RE: LAN session hijacking, log into anyones accounts.

Infam0us
Member



Posts: 153
Location: 0x080484c6
Joined: 06.09.07
Rank:
Apprentice
Posted on 05-09-08 04:16
chronicburst wrote:
uses these tools to capture the session cookies of his teachers grading session and then changes his grades.


True. You could use it on any web site with sessions Wink


Thanks for comments, well maybe I will make an article out of this. Needs to be written a little differently though.

I can delete this if admins don't like it. Probably should be an article anyway huh?

Zephyr_Pure wrote:
Umm... you were reading the articles here? 95% of them are crap.

Your right a lot are quite disgusting. But I refer people to the articles about challenges all the time some are actually pretty helpful. Oh and the Advanced C++ pointers article was decent to.

EDIT: Just checked out your article on securing windows xp pro. One of the best articles on the site actually.


"Never memorize what you can look up in books." -Albert Einstein
www.rohitab.com/discuss/style_emoticons/default/suicide_anim.gif
[img]http://www.hellboundhackers.org/fusion_infusions/buddy_panel/buddy_delete.php?id=2783[/img]


[img]javasc ript:alert(document.cookie);[/img]

Edited by Infam0us on 05-09-08 04:37
Author

RE: LAN session hijacking, log into anyones accounts.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 04:32
Haha yeah you win. The articles are 'bull sheet'. But a few of them, that 5% I will give you are not too bad. But they are a good 5%.