Gmail Cookie Stealing And Session Hijacking Part 1

Well I have posted lots of articles on Phishing and keylogging, but today I would like to throw some light on a very useful method which hackers use to hack gmail, facebook and other email accounts i.e. Stealing.  One of the reasons why I am writing this article as there are lots of newbies having lots of misconceptions related to cookie stealing and session hijacking, So I hope this tutorial cover all those misconception and if not all most of them.

What is a Cookie?

A cookie is a piece of code which is used to authenticate a user on a website, In other words when ever you login to a website such as Facebook, Gmail, Orkut etc your browser assigns you a cookie which basically tells the browser that for how long the user should be logged it, Apart of authentication purpose a cookie can be used for variety of different purposes, If you would like to know more about cookie stealing kindly google it up.

What is a Session Token?

After an authentication is completed , A webserver hands the browser a session token which is used because a webserver needs a way to recognize between different connections, If a hacker could capture your session token then it's a cakewalk for the hacker to hack into your gmail, facebook or any other account.

What is a Session Hijacking Attack?

A session hijacking attack is basically an act of capturing session token and injecting it into your own browser to gain acess to victims account.

What is a Cookie Stealer?

A cookie stealer is basically a script used to steal victims authentication cookies, Now for a cookie stealing process to work the website or the webpage should be vulnerable to an XSS attack, This is the most common and widely known misconception among newbies.

How the stealing process work?

1. The attacker creates a PHP script and uploades it to a webhosting site.

2. The attacker then asks the victim to visit that particular link containing the PHP code.

3. Once the victim visits it his/her authentication cookie is saved in a .txt file.

4. Next the attacker uses a cookieinjector or a cookie editor, There are lots of firefox addons, google chrome extensions to do the work for you. Personally I use Cookie manager v1.5.1 as it's quite user friendly.

You can also use the webdeveloper toolbar to do the work for you.

5. The attacker replaces his own cookies with the victims cookies as a result of which the victims session is hijacking

Why it does not work on a website which is not vulnerable to XSS?

It's due to the browser's same origin policy, and according to it the browsers don't allow the javascripts to acess the cookies.

Gmail GX Cookie

By now I believe that I might have cleared lots of misconceptions related to cookie stealing, but all of those information is only good for you if you try to do it practically,  So let's get to the main topic.

In gmail the cookie which authenticates users is called a GX cookie, Now as we cannot use a cookie stealer as by now we don't know any XSS vulnerability in gmail, So if you are on a LAN  you can use wireshark or any other packet sniffer to steal gmail Unsecured GX cookie and use it to gain acess.

Will this hack always work?

Well this trick won't work on all Gmail accounts and as Gmail now offers End to End https:// encryption, Which encrypts the session token so even if we could get our hands on the GX cookie it's useless, but if a user has turned off the End to End https:// encryption in gmail it can work for sure.

I hope you have liked the post uptill now, I will cover the method to steal gmail gx cookies and using it to hack gmail accounts in the next post, So stay tuned !.


Update:Part2 has been published, You can read it here

Telecommunication Network Hacking And Security

Hacking does not only mean to deface a website or steal to someone confidential information, you have heard so many times about computer network security or just computer security but what about Telecommunication security or Telecommunication network security. Well there is so many articles on computer security but this time I have decided to write on Telecommunication network security.



Telecommunication has a broad field and it contain different areas like Optical fiber network, mobile and wireless network and satellite network etc. We have considered wireless network specially for GSM network, GSM or global system for mobile communication is a  2G network but when it provides GPRS (data) service it can call 2.5G network.

The 1G network or AMPS has so many vulnerabilities like eavesdropping and handset cloning because it was work on analog domain while the 2G network works on digital environment and  uses different sort of encryption algorithm to protect the data.

It is good practice to first describe the initial architecture of GSM network so that you can easily understand the security holes. Now consider the basic diagram. 

SIM  Subscriber Identity Module        HLR  Home Location Register
MS   Mobile Station                    VLR  Vistor Location Register
BTS  Base Transceiver Station          EIR  Equipment Identity Register
BSC  Base Station Controller           AC   Authentication Center
MSC  Mobile services Switching Center  PSTN Public Switched Telecomm Network
VLR  Visitor Location Register         ISDN Integrated Services Digital Network

Just like a computer network, GSM network also use some authentication process to allow SIM (user) to enter into the network, just assume there are 4 operator that provides GSM services and you have purchased a connection from 1 service provider, now it does not mean that your mobile phone cannot detect the signal of other three network, your cell phone can get the signal of 4 operators but it only can connect to the network of that appropriate SIM because the network identify its user by SIM.

Understand The Phenomena Of Authentication In GSM

The SIM (Subscriber Identity Module) is a small and smart card contain both programming and information. SIM contain a temporary cipher key for encryption, temporary subscriber identity(TIMSI) and International Mobile Subscriber Identity (IMSI). It also contain a PIN (Personal Identification Number) and a PUK (PIN unblocking key).

SIM stores a 128-bit authentication key provided by the service provider, IMSI is a unique 15-digit number that has a three part.

• Mobile Country Code (MCC)
• Mobile Network Code(MNC)
• Mobile Subscriber Identity (MSIN)

Now as you have seen the importance of IMSI, if you have a IMSI of another user than you can identify yourself on the network by the identity of the other user (So dangerous).

But what, is authentication a only way to crack into GSM network? answer is no.

The air interface i mean Um interface between the handset and BTS is encrypted by A5 algorithm but the interface between BTS to BSC and BSC to MSC is usually does not encrypted and normally uses Microwave link or in cases it uses optical fiber link or depends on the geographical area. So the point is that if someone start sniffing on that link so the GSM has not defined any standard to protect this sniffing, so now you can understand the main hole in GSM network.

About The Author:

This guest post has been written by Irfan Shakeel, Irfan is a Telecommunication engineer and a IT security Geek,  Irfan wrote so many article for different blogs and he is currently running a blog related to Ethical Hacking and Penetration testing. 

Facebook Dislike Button - Beware, Scam Spreading

A new facebook scam message is spreading rapidly and has gone viral among the facebook users,  It looks like that Facebook has became most favorite play ground for spammers, After the Dad Catches Daughter on Webcam scam it seems like Facebook Dislike button has gone viral, Here is the screenshot of the Facebook dislike button scam message:

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

 Now as you can see from the above screen shot the link "Activate Dislike Button" looks genuine and it appears to be where the Share button is placed. Once the victim clicks on the "Activate Dislike Button", He arrives on a page where it asks to paste a JavaScript on to his/her address bar. Once the victim does that, The same message get's posted on his/her wall.

How It Works?

As I told you above that the "Activate Dislike Button" appears where the "share" button is usually placed, This is all because of the javascript, The Javscript which the victim pastes in his/her address bar actually renames the "Share" button to "Activate Dislike Button" but the functionality of the button is same due to which the message get's posted on the victims wall.

Is it a Virus?

Yes it is, When I clicked on the "Activate Dislike Button" it brought me a to page where I was asked to paste the javascript, suddenly my Antivirus(AVG) popped up indicating the virus to be some kind of "Social Engineering(Security)type 1710" virus.

It looks to me as it's a part of russian malware, Which once executed properly will leak your email passwords like Facebook, Yahoo, hotmail, Ebay, Paypal etc to the hacker.

Virtox Virus Mis-belief

Some of websites I came across which were telling that it's a Virtox virus, but the truth is that there is no such virus known as "Virtox" and it might be made up by a person who started this scam

Low Antivrus Detection Rate


I used Virus total's URL scanner for analyzing it and I was really shocked to see the antivirus detection rate to be as low as 5/42, Here is the screenshot:

Warning

This whole testing process was performed in a virtual environment, Don't Attempt to try it on your own computer or you will result in infecting your self, If you think that you have been infected, Scan your system with a Good Antivirus.

Hope you have liked my post and I hope in you won't fall for these scams in your near future, If you want to reproduce this article, make sure you give the credit to the original author and the website.If you would like to know more about facebook scams kindly Join our Facebook Fan Page.

What Is Doxing? - Doxing And It's Uses

First, let me explain what Doxing is. Doxing is the process of gaining information about someone or something by using sources on the Internet and using basic deduction skills. Its name is derived from “Documents” and in short it is the retrieval of “Documents” on a person or company.


You’re probably thinking, “Okay, so basically it’s getting information from searching someone’s email on Google right?” in a sense yes, but there are actually easier ways to get someone’s information online. The most popular and most common method is to use a website called Pipl (http://www.pipl.com/). Pipl allows you to search for full names, emails, usernames, and even phone numbers, thus making it a very useful tool for hackers. Another source hackers can use is Facebook (http://www.facebook.com). Sure, Facebook allows full name searches, but most hackers aren’t using it for its name search; they’re using it for its email search.


The main goal when Doxing is to find the target’s email (if you don’t have it). Your email is essentially your passport online; you sign up for websites using it, you have personal information on it, and if someone has access to it, they can essentially pretend to be you online. Once the hacker has the email, all he has to do is put it into Facebook or Pipl and he will be able to find you, assuming the email he has is connected to some account you have online. On the flipside of this, in order to find your email, the hacker either has to guess your email, befriend you on Facebook,or, hack one of your vulnerable friends and view your email that way. Once he’s done that, you’re in trouble.


Now, you’re probably thinking, “How’s he going to hack me with just my email?” well, that’s where Doxing comes in handy. If he can view your Facebook account, or he can find some other bit of information about you using Pipl, he can do what’s called reverting. Reverting is the process of using the target’s email’s recovery questions to gain access to the target’s email. Now, you may be thinking, “How’s he gonna guess my recovery question answers?” well, take a second look at your recovery questions and ask yourself, “Can someone find this answer online?” If you answered yes, then you’re vulnerable to reverting.
Any hacker reading this, that didn't previously know about reverting, would probably look at this and say

“This would never work!” but you have to remember… we’re all humans, and we all make mistakes. Surprisingly, this method works more often than you’d think, but it is not for anyone who is lazy. Doxers tend to spend a while searching around the web for information that they can use.


Chances are, you’ve made some mistakes online, and if a skilled Doxer finds that mistake, then you’re in trouble. The Doxing method is based purely on the ability of the hacker to recognize valuable information about his target and use this information to his benefit. It is also based around the idea that, “The more you know about your target, the easier it will be to find his or her flaws.”

How can you insure that you won’t be Doxed? Well, as the Internet becomes more and more useful and addicting, it will become harder to not get Doxed. The main issue for most victims is their security questions, and their password security. If a victim has a very easy-to-find recovery question, then the victim will be easily reverted within a matter of seconds. Also, if the victim has a simple password, it could get brute forced simply by using a wordlist that applies to the victim’s interests, likes, and fancies (of course, this method is not as popular).


So, the main rule to not getting hacked is: Have secure passwords, and almost impossible to guess recovery questions. The main rule to not getting Doxed is… to just stay off the Internet; but, who wants to do that?

About The Author

This was a guest post by David from www.MrCracker.com, where david writes related to hacking and security stuff, David also hosts a hacker podcast called Crackercast.

DAD CATCHES DAUGHTERS ON WEBCAM - Beware Facebook Viral Scam

As Facebook is one of the most widely used social networking website around, It is being hit by lots of viral scams, Today I just came across one of those viral scams when one of my friend on facebook shared a link on his wall, "[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI", The title of the link looked suspicious to me so i thought to figure out exactly what was going around.

[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI[LINK]two naughty girls get caught in the WORST moment while making a vid on their webcam! omg!!

When I clicked on it, I was redirected to a page where I was asked to click a button to play the video, The moment I saw it I noticed that it was a flash file and was not a real video.

This was just to fool the users and making them download the adobe flash plugin in order to play the video, Once I clicked on the button "Download Codec", A file named Freecodec.exe started to download, which made me think if it's a keylogger or a trojan but the file happened to be clean according to the "No virus thanks 32 Scanner".

Ultimately I was redirected to a webpage which was promoting a tool called Profile Stylez and the Freecodec.exe was the installation file for the Profile Stylez tool.

After viewing the source code of the page I found the following line of code which was responsible for spreading the link to your facebook wall, Any one with the basic knowledge of Html and IFrame would certainly know what this code is exactly doing, Here we actually discover a vulnerability in like.php code which abuses users trust for viral spreading of the links.

<iframe allowtransparency="true" frameborder="0" scrolling="no" src="http://www.facebook.com/plugins/like.php?href=www.blackinfopages.com%2Fi?4dcef0f134a10&amp;send=true&amp;layout=standard&amp;width=450&amp;show_faces=true&amp;action=like&amp;colorscheme=light&amp;font&amp;height=80" style="border: none; height: 80px; overflow: hidden; width: 450px;"></iframe>

Lastly I scanned the file Freecodec.exe on http://www.virustotal.com as I was a bit unsatisfied Novirusthanks due to my experience in past and guess what Symantec antivirus and VBA32 recognized it as a Trojan.Dropper.

Master Plan

So according to me the master plan was actually promote the tool and at the same time install malware in to victims computer and control their computers at the same time.

Security Measures

• Avoid clicking on those posts titles which have words such as "OMG, WOW, DAMN" they are most likely to do the same thing
• Always install any kind of Plugins and codecs from the official website, You might be installing malware along with the plugin.
• Always scan a file with an online virus scanner such as virustotal before running it on your own computer.

Hope you have liked my post and I hope in you won't fall for these scams in your near future, If you want to reproduce this article, make sure you give the credit to the original author and the website.

If you would like to know more about facebook scams kindly Join our Facebook Fan Page.

Can I Become A Good Hacker Without A Prior Knowledge Of Programming??

"Can I become a good hacker without knowning Programming?", "Is Programming necessary for learning how to hack", I usually get these question asked almost daily, There have been lots of debates on this topic, Some think that it's necessary while others think that it's not necessary at all, So I thought to write a post on this topic explaining my views if programming is necessary for becoming a hacker or not.

The answer is that it depends:

Why it's not necessary?

In early 90's the best hackers were known as those who were best at the knowledge of programming and the reason for that was probably that almost every thing was based on a command line so it was for sure that if some one is a good hacker he is surely a good programmer.

However the definition of hackers sort of changed after the beginning of 21'ST century, One could become a fairly good hacker without any knowledge of programming, This reason for that is because now a days there are lots of ready made tools which helps you to compromise a machine without any knowledge of Programming, Take an example of "Havij", Havij is a small software which helps you automate the process of SQL Injection and helps you extract sensitive database information in seconds where it may take hours in some cases to extract it, If you still don't agree with me try answering the following question:

Does it matter if an elite hacker writes a buffer overflow or a script kiddy runs a tool if the target system gets compromised anyway?

Where It's Necessary?

It's true that many good hackers are technology buffs and are curious about how things work, this is where you need to have prior knowledge of Programming in order to know how things work.

Another reason is why you should probably learn Programming is that you can write your own exploit (An exploit is a peice of code which can be used to gain access to the target machine using a specific vulnerability), which is the single most important thing which will separate you from rest of the script kiddies out there and most of the times some of the exploit codes comes with several code mistakes which are kept by Elite hackers themselves to prevent script kiddies or people with very little knowledge of hacking to run it.

In Short:

You can become a fairly good hacker without having a prior knowledge of programming but if you want take your hacking skills to the next level I will recommend you to learn Programming now the question which might arise in your mind is that what Programming languages should I learn?, I will cover it in my upcoming posts.

Feel free to express your views on the topic, Whether you agree with me or not?

An Introduction To Keyloggers, RATS And Malware

If you are one of our facebook fans than the chances are that you might have heard that I will be launching my newset book very soon, So the wait is finally over, Today I have decided to launch my new book "An Introduction To Keyloggers, RATS And Malware", The book is completly dedicated to newbies who are looking forward to play with keyloggers, Rats and various other forms of malware or are curious to know how they can protect their PC's from getting infected with Trojan, worms and other forms of viruses.

The book takes you right from the beginning from basics to some advanced types of attacks too, In this book I have also reviewed various types of best keyloggers out there so you can find it easier to to choose the best one according to your needs.

How Much Does it cost?

Well here is the best part , unlike my other products such as "A Beginners Guide To Ethical hacking" and "Facebook Hacking Course" i have decided to give this e-book for free, The reason why I am giving this e-book for free is because lots of people cannot afford the costs of my products, so I don't want any one to miss the chance of getting hands on it.

My aim is to create awareness among the individual related to Ethical Hacking and Security, This is probably the reason why I am running this blog in the first place. Every single day thousands of people fall for these types of attacks and end up loosing their sensitive data such as their username and passwords and in the worse case some of them end up loosing their credit card numbers too.

By reading this e-book I am very confident that you will be able to protect your computer from most of these types of attacks.

You can download the book here