Is there a way to steal a yahoo cookie just by sending a message to your victim e-mail ?

And if you get a yahoo cookie from a victim , how can you login to his e-mail address ? Through what program ?

sup i gotta few cookie grabbers but they require password lol well look i just got into that cookie shit a few days ago, ive heard of doing a cookie search and i think its hard to find too so good luck with that but i'll tell u if u do get a valid cookie to an ID heres what u can get

cookie for anhkhongcanbiet2008:*2*456 <bot name lol
Y=v=*&n=8tba*ud*p2u4d&l=0d7a7ed620d*84jsqqy/o&p=m2m0c*p0*2000000&r=fb&lg=us&intl=us&np=*; T=z=vrVlDBvxqlDB*7x*ZYZnV7QNDEzBjYzMjY0MzQxMTU-&a=QAE&sk=DAA2F.XZv7Xq0s&d=c2wBTXpZMEFURTBOVEV6TkRNMk5qSS0BYQFRQUUBdGlwAUVaRGswRAF6egF2clZsREJnV0E-

info

------------Decoded Information------------
Cookie Date: 6/**/***8 *0:52:** PM
User Name: anhkhongcanbiet2008
Gender: Male
Year: **86
Age: **
Zip Code: *2*45
Country: United States
Language: English - United States
Content:English - United States
Prompt:

------------Grabbed Information------------
City/State: You don't have any cities selected for weather forecasts. Please click
Alternate E-mail: he fare between the selected cities goes
Aliases: anhkhongcanbiet2008 - chat_pf_*


------------Buddy List------------
cobecodon_kl_7*
cogaiyeu_donphuong
ditimnuaconlai_84200*
dongsong8888
emvancodon_coanhnao
em_o_hcm*
hoalantrang_kephanboi
hoang_phi_hung**8*vp
hongphuc*57
informationtechnology_de%06n
kim_chi8**
ngoisaodoingoi8*7
ngoisaouocmo78*
nguoichanthat*4
nuocmatphitruong_2_4
maimai_yeu8*85%06n
cobekieuky_vuitinh_2005
saobang00000%06n
xanguoi_vangtrangkhoc*6*005
thanh_ngoc_lan_a*k*%06n
colautrang020*
maiyeumainho_240*
got that info from a cookie decoder, i dont know how to get a cookie without the pass besides searching for the cookie but thats hard as hell so i hope this helps u out

Hy , thanks for posting that here . Well i have some cookies too . I got them from someone but he doesn't want to give me the script . So , i started to look for one and/or find something helpful on the WWW but till now , didn't found anything .


Here is a yahoo cookie :

shaq_charon@********** - \'B=a5ls4sl*ou2gj&b=*&s=vf; Q=q*=AACAAAAAAAAAAA--&q2=Q4.Gag--; YMBM=d=&v=*; HP=*; B=aknfdsh*n*nma&b=2; Q=q*=AACAAAAAAAAAeg--&q2=Q*lEag--; F=a=O6BTyOEsvdCZXT6DSYqQKNld_o_rbz20vsm*XOFoKumLM6qCeJkKbQpuz2tr&b=EMyn; C=mg=*; CP=v=60*02&br=i&sp=; LYC=l_v=2&l_lv=*&l_l=0d*h420k_*e*e&l_l_lid=*ffs22g&l_r=dj&l_um=0_0_0_0_0; U=mt=e8c85J2MhYq*GpbVwQvnIm*CcW**MofRIj*YlQ--&ux=af2eDB&un=emetc5jg6igaa; Y=v=*&n=ciqmf24r54r7n&l=i70g_270hed/o&p=m2mvvro0**i60000&jb=*6|47|&iz=2400&r=bs&lg=us&intl=us&np=*; YMBM=d=&v=*; YGCV=d=; T=z=sMsjDBsSBkDBrfo65/4WDF2NDZOBjY2Mk5OTjI0NDI-&a=QAE&sk=DAAyQS.KHm/nvR&d=c2wBTXpFNUFURXhOVGs*T*RVek*6VS0BYQFRQUUBdGlwAVdKU0JhRAF6egFzTXNqREJnV0E-; YM.Gen=i=vaIa6Ur8iCzhU2jjLHpwZz0lUA--&v=*\'



I need a script that can retrieve this information remotely just by sending a hidden message to the victim .

I have the message that need to be sent by e-mail to the fvictim but i don't have the .php script to process grabb the cookie and save it to a .log or .txt file in the same path where the .php is .

Ok im going to give this a shot. By the way the cookie abbove is this decoded:



--------------------------------------------------------

Cookie Created : 2*/**/**7* 00:57:55 GMT
Yahoo-ID : shaq_charon
Gender : Male
Year Of Birth : **86
ZipCode : 2400
Country : Romania
Prompt For Pass :
Language : English - United States
Int. Lang. & Cont. : English - United States
Industry : Other
-------------------------------------------------------

Ill get back when i have something on this.

Why dont you use a rat to steal yahoo cookies from remote computers !

Now don't ask what this RAT means..

Although if you want a complete process of to get into someone's account you could visit after a few days because i am currently preparing the ****** article to be inserted under my personal blog.

If you can have access to remote computer then you could install a logger and then maybe sniff off .lst file from anywhere in the world.

You can sniff it off through project leviathan. It is a good rat for that reason and is open source.

www.evilopinions.com

You can use RAT to hack someone's pc if the victim doesn't have an antivirus . RAT is preaty good . You can gain access to all the data on the PC , you have remote ability to do what ever you want on the victim pc.

Anyway , RAT , compared with a cookie stealer is NOTHING . A cookie stealer exploit sent by e-mail is the best thing you can do to steal someones cookie sesion and then login it with it . It's not recognized by any anti-virus and also it's hidden . LOL .


Hey CARLO , i knew about the cookie . I was logged in her e-mail address few days ago and i didn't had to decript the cookie . I logged in with the cookie : AS IT IS .

Please let me know CARLO if you can help me with the php source code .

Thanks .

Is it posbile to use just java script to steal someones yahoo cookie, or make a java script that can install a key logger that is on a remote server, on victims pc ?

:o :o :o

-> Is it posbile to use javascript or any malicouse script to exploit script in yahoo body ?

-> I need a script that can retrieve this information remotely just by sending a hidden message to the victim .

-> I have the .php script to process grabb the cookie and save it to a .txt file and i have a decoder of yahoo cookies i can give you this if you help me.

Please Help.:o

To many reports of the yahoo cookie grabber, so, yahoo ******* everything. There is another way to hack into yahoo emails but it costs something of $5,000.

;)

i have this cookie.how do i get inside the email.\;

emai me at writhbr@**********
here are the details i have


lidia_miron@yahoo.com4/7/2006B=cn*snjd2akj*q&b=*&s=nk; CP=v=60*02&br=i&sp=; Q=q*=AACAAAAAAAAAAA--&q2=RKpEog--; F=a=uDM0_xQsvbWCXnnXmbc_670phKE*MOPQa8PwuAo7*GVLYA4JnqlCjVjCHjuE&b=dBxW; U=mt=XBAtHZ2MhYqWMzifPYtZlNda*YdVNJBsRJL8mQ--&ux=nzkqEB&un=0d6mcj*2akj4o; Y=v=*&n=0d6mcj*2akj4o&l=b8*80_c8hed/o&p=m2l0a*lb**000700&jb=**|22|&r=ga&lg=us&intl=us&np=*; PH=fn=*V06P6iRJg0CznU-; T=z=mzkqEBm55qEBfDXK.uo/o25MjJPBjYyMU80TjUzMDc-&a=QAE&sk=DAAzAckfF*pneh&d=c2wBTlRVNEFURTFOamd6T*RJME56QS0BYQFRQUUBdGlwAUlSeEE2QQF6egFtemtxRUJnV0E-; C=mg=*; YM.Gen=i=vaIa6Ur8iCzhU2jjLHpwZz0lUHD4a*.O_7c-&v=*

I need a new message , to steal yahoo cookies,because Yahoo is secure now!:D
Or another posibility , about how I can steal the cookie!

There's no way to steal a password using a cookie.

(Gah, sorry mike, I promised I wouldn't post in a thread like this, but this was the only new post, and I was bored)

There's no way to steal a password using a cookie.

(Gah, sorry mike, I promised I wouldn't post in a thread like this, but this was the only new post, and I was bored)

Well actually having a cookie is equally as powerful as having a password in most cases. Webmail services for example include hashed strings of passwords in their cookies to keep users logged in, and if you obtain someone's cookie and use it as your own, you can usually get into their account for a period of time until their session expires. You can't decrypt the cookie, but you can use it.

And also, most websites ARE vulnerable to cookie theft (through XSS). I have found XSS bugs in major websites such as subdomains of aol.com, verizon.com, ccbill.com and others - all of which would let me steal their users' cookies if I sent them an email containing the malicious link. And cookies = accounts.

If you remember, I found a XSS vulnerability in this website itself - all-nettools.com. I created a script which exploits the bug and steals users' cookies and puts them in a file. If you want a demo of this in action without losing your cookies to a log file, try this link (cookie is displayed only to you):

http://a5e6sf5.netfast.org/newpage2.php

Basically, anyone who clicks that link could theoretically lose their account to me if I had logged all cookies. And this is only a forum.

I don't want to bait the people in this thread, but I estimate it would take me less than * hours to find a similar vulnerability in a subdomain of **********. But that would be pointless.

Doesn't Yahoo use MD5? I admit it can be broken, but takes a pretty powerful computer, lots of time, and is probably not going be be cracked by a skidde or a one shot hacker

Doesn't Yahoo use MD5? I admit it can be broken, but takes a pretty powerful computer, lots of time, and is probably not going be be cracked by a skidde or a one shot hacker

Yes as a general rule, one way password hashes can not be reversed.

But what I was saying is you don't even NEED the plaintext password - simply having the cookie and using it in your browser will log you in to the service because the hash is what they use to authenticate you.

I'ma gonna hafta' try that

Ok im going to give this a shot. By the way the cookie abbove is this decoded:




What TOOL you use to Decrypt Yahoo Cookie???...please tell me your method and give me a link a tutorial anything...

...or who know how to decrypt a Yahoo Cookie...I know how to log with them but I need to find more information and the pass .I know for example that n gives the pass but I`m puzzled...Help?

Thx

I think Yahoo uses MD5 encryption, so I would try using John The Ripper if your comfortable with DOS programs. Otherwise use Cain if you like GUIs

I think Yahoo uses MD5 encryption, so I would try using John The Ripper if your comfortable with DOS programs. Otherwise use Cain if you like GUIs


Thx I`ll try them...but I Hope that the One who already decoded will tell us How To?...

...mike*0*, carlo , honda...can you give some help here? :)

Thx I`ll try them...but I Hope that the One who already decoded will tell us How To?...

...mike*0*, carlo , honda...can you give some help here? :)

Cookies aren't meant to be decoded. The passwords and other info contained in them is in the form of a one way hash, and that is all your browser ever sends to the webserver. The server can then check the hashed password against the plaintext or another hash.

Once you have a cookie, you simply use it in your browser to gain access to the account.

Cookies aren't meant to be decoded. The passwords and other info contained in them is in the form of a one way hash, and that is all your browser ever sends to the webserver. The server can then check the hashed password against the plaintext or another hash.

Once you have a cookie, you simply use it in your browser to gain access to the account.


...I know how to use a cookie in a browser and it works fine but the cookie is valid just for 24h and every time I need to grab them...but here in this thread some people decoded and I read some websites that they pretend it`s easy...I know that it`s a one way hash...but...

...once here was a decoder:
http://sec.drorshalev.com//dev/yahoo/vbs.asp

...and some explanations here:
http://sec.drorshalev.com/dev/yahoo/yahooxss.htm

...I think there is a possibility out there :D

Yes its true you can get a password from a cookie. But it will take years to break the hash (usualy md5)

...and can you please tell as how to???...some Ideas????...anything related with that?...you can make a tutorial....:)

Can someone help me , with some tutorials , to make a message , for sending , to steal , cookie?

ok say i have a yahoo cookie and have the info decoded yes i know ya dont need the password but how do ya get into the account with just this?
------------Decoded Information------------
Cookie Date: */*0/**** 7:58:5* PM
User Name: q8rlb008*2lxw7*8_xvklfp7d*u46qi-
Gender:
Year: *2*6
Age: -*22*
Zip Code: 5**7**
Country: United States
Language:
Content:
Prompt:

Just replace the information in your cookies with the new one

Ok im going to give this a shot. By the way the cookie abbove is this decoded:



--------------------------------------------------------

Cookie Created : 2*/**/**7* 00:57:55 GMT
Yahoo-ID : shaq_charon
Gender : Male
Year Of Birth : **86
ZipCode : 2400
Country : Romania
Prompt For Pass :
Language : English - United States
Int. Lang. & Cont. : English - United States
Industry : Other
-------------------------------------------------------

Ill get back when i have something on this.


Can you still decrypt these cookies?
Do you have a tool? I only find broken links..