Twenty Year Anniversary

hackyahoo.htm

hackyahoo.htm
Posted Aug 17, 1999

No information is available for this file.

tags | paper
MD5 | 5a64b40db2c6de34eda2f945c83769cb

hackyahoo.htm

Change Mirror Download
<html>
<head><title>Yahoo Mail hacking - an FYI</title>
</head>
<body bgcolor="#eeeeee" text="#000000" >
</center><br><p>
<UL>I spent one morning looking at Yahoo's mail security ...here's what I've found and how I did it.....<p><br>I created an account whilst dialed into Pipex. I logged out and closed my browser. On reopening the browser I pasted in the following URL:<p>ht

tp://mail.yahoo.com/py/ymTop.py?y=1<p>and this took me back to my account with out any error messages or prompts for a login. I then closed my browser, disconnected from Pipex and dialed <br>into Globalnet. When connected I opened my browser and pasted th

e same URL:<br>And was taken back to my mail-box! This made me think there must be a cookie controlling this...sure enough there it was. (1 of 3)<p>One, the user@mail.yahoo.com cookie in the rough looks like this :<p><br>YM.Login<br>id%3dreIvr96lzVC4g%26s

id%3dtMZu7cDVk5V9e%250a%26ts%3dX%2588B%2540<br>%25f5%2517%25cd%2599%25dc%253f%259c%25c1Y<br>mail.yahoo.com/<br>0<br>4227368448<p>29309637<br>2474945552<br>29188238<br>*<br>YM.Pref<br>farm%3d1%26silo%3dms4%26<br>email%3dmail-name%40yahoo.com%26head%3dbrief

%26fwd%3dattach%26fontsz<BR>%3dnormal%26msgwidth%3d72%26order%3ddown%26inc%3d50%26goto<BR>%3dmsgmail.yahoo.com/<BR>0422736844829309637247514555229188238* <BR>but with all the Hex stripped out it slightly more managable:<p>[YM.Login]<br>id=reIvr96lzVC4g &<

br>sid=tMZu7cDVk5V9e%0a &<br>ts=X%88B%40%f5%17%cd%99%dc%3f%9c%c1Y<br>mail.yahoo.com/0422736844829309637247494555229188238*<p><br>[YM.Pref]<br>farm=1 & silo=ms4 & email=mail-name@yahoo.com & <br>head=brief & fwd=attach & fontsz=normal & <br>msgwidth=72 & o

rder=down & inc=50 & goto=msg<br>mail.yahoo.com/<br>0<br>4227368448<br>29309637<br>2475145552<br>29188238<br>*<p><br>After being logged off for around an hour I reconnected to the Internet and pasted that URL again and got back in......this made me suspic

ious. I clicked on exit and checked the whole "exit" document. Down the bottom I found a link :<p>Log off completely.<p><br>Nice of them to warn you and put it way down the bottom. Most new users will not realise that the log off process is a double actio

n...if you log off "completely" then the cookie is removed from the Temporay Internet Files directory.<p>What does all this mean ?<br>Security wise if you can get physical access to a machine that someone has used to collect their mail and not done the d

ouble log off then you can <br>access their account perhaps ad infinitum. (I don't know yet if the cookie has a TTL so to speak.) In practice this means you'll be cracking a friend's,<br>work (or school) colleague's or family member's account. Good for s

nooping on your girlfriend's e-mail activities too.... <evil cackle>. Unfortunately<br>you can't copy it to a floppy disk and save it in your own computer's Temporary Internet Files directory because of the ":" ...What you'd need to do is copy it to a flo

ppy anyway...so you've got what info you need...then, now here's the complicated part :<p>Set your own PC up as a webserver as well as a DNS server (if you've got NT Server your laughing). Create a DNS entry for mail.yahoo.com and use the loopback (127.0.

0.1). Then create an htm file with the necessary script to impart a cookie with this same <br>information. Connect to mail.yahoo.com (you'll actually loopback) and the cookie will be downloaded to the Temp Net files Directory....<p>A big hassle to do...pr

obably easier to watch them type their password ;o) but it's knowing how it can be done..that's the important thing. Btw, just for any of you jokers out there...I've modified the security identifier and the e-mail account name etc....I'm not gonna give yo

u a copy of my real cookie then tell you how to exploit it...get real ;o) There'll be other ways to crack yahoo, of course....this is just my offering on the matter...for now anyway.<p>
<br>
</body></html>

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    2 Files
  • 23
    Apr 23rd
    17 Files
  • 24
    Apr 24th
    36 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    31 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close