I spent one morning looking at Yahoo’s mail security …here’s what I’ve found and how I did it…..
I created an account whilst dialed into sify(ISP). I logged out and closed my browser. On reopening the browser I pasted in the following URL:
http://mail.yahoo.com/py/ymTop.py?y=1
and this took me back to my account with out any error messages or prompts for a login. I then closed my browser, disconnected from SIFY (ISP)and dialed into Sancharnet(ISP). When connected I opened my browser and pasted the same URL:And was taken back to my mail-box! This made me think there must be a cookie controlling this…sure enough there it was. (1 of 3)
One, the user@mail.yahoo.com cookie in the rough looks like this :
YM.Login
id%3dreIvr96lzVC4g%26s id%3dtMZu7cDVk5V9e%250a%26ts%3dX%2588B%2540
%25f5%2517%25cd%2599%25dc%253f%259c%25c1Y
mail.yahoo.com/
0
4227368448
29309637
2474945552
29188238
*
YM.Pref
farm%3d1%26silo%3dms4%26
email%3dmail-name%40yahoo.com%26head%3dbrief %26fwd%3dattach%26fontsz
%3dnormal%26msgwidth%3d72%26order%3ddown%26inc%3d5 0%26goto
%3dmsgmail.yahoo.com/
0422736844829309637247514555229188238*
but with all the Hex stripped out it slightly more managable:
[YM.Login]
id=reIvr96lzVC4g &< br>sid=tMZu7cDVk5V9e%0a &
ts=X%88B%40%f5%17%cd%99%dc%3f%9c%c1Y
mail.yahoo.com/0422736844829309637247494555229188238*
[YM.Pref]
farm=1 & silo=ms4 & email=mail-name@yahoo.com &
head=brief & fwd=attach & fontsz=normal &
msgwidth=72 & o rder=down & inc=50 & goto=msg
mail.yahoo.com/
0
4227368448
29309637
2475145552
29188238
*
After being logged off for around an hour I reconnected to the Internet and pasted that URL again and got back in……this made me suspicious. I clicked on exit and checked the whole “exit” document. Down the bottom I found a link :
Log off completely.
Nice of them to warn you and put it way down the bottom. Most new users will not realise that the log off process is a double action if you log off “completely” then the cookie is removed from the Temporary Internet Files directory.
What does all this mean ?
Security wise if you can get physical access to a machine that someone has used to collect their mail and not done the double log off then you can access their account perhaps ad infinitum (I don’t know yet if the cookie has a TTL so to speak). In practice this means you’ll be cracking a friend’s, work (or school) colleague’s or family member’s account. Good for snooping on your girlfriend’s e-mail activities too. Unfortunately you can’t copy it to a floppy disk and save it in your own computer’s Temporary Internet Files directory because of the “Embarrassed …What you’d need to do is copy it to a floppy anyway…so you’ve got what info you need…then, now here’s the complicated part :
Set your own PC up as a web server as well as a DNS server (if you’ve got NT Server your laughing). Create a DNS entry for mail.yahoo.com and use the loopback (127.0. 0.1). Then create an html file with the necessary script to impart a cookie with this same information. Connect to mail.yahoo.com (you’ll actually loop back) and the cookie will be downloaded to the Temp Net files Directory….
A big hassle to do…probably easier to watch them type their password but it’s knowing how it can be done..that’s the important thing. Btw, just for any of you jokers out there…I’ve modified the security identifier and the e-mail account name etc….I’m not gonna give you a copy of my real cookie then tell you how to exploit it…get real. There’ll be other ways to crack yahoo, of course….this is just my offering on the matter…for now anyway.
i didnt understand any thing
even i did’nt understand a thing
i also did not understand anything.
sorry frnd none of ur tricks and tips work
…..i think this is just a way to bring in people….
Learn Basic programming so that you can understand!You suck people!Go away here!
bit complicated for me
plz can one help me out on this???
i don’t understand please explain in easy way to understand how to hack a yahoo email id
I didn’t get a thing that you’ve been saying. O_O
Well I need help because i forgot my yahoo email password and i need to get it back. Can this help?
HOLY FUCK are u people retarded this is the easyest fucking paragraph to read you people must be like 5 god…
i m not understanding your typical language.plzzzz describe simple and short language.thanks
dude .. shame on you .. non of this shit works .. if any one wanna learn hacking just contact me ..
dsfsfs
what is he saying????????
hi i need a hacking software(proagent1.2proratrpc)
plz tel the website where i fonud it…plz rep me…
<?@
COOKIEZ !!!!!!!!!!!!!
OH, MY GOD! IF YOU DON’T UNDERSTAND, WTF ARE YOU DOING HERE? YOU GOT YOUR COMPUTER 2 YEARS AGO AND YOU WANT TO LEARN HACKING. omg YOU HAVE TO SPEND ABOUT 10 YEARS TO UNDERSTAND THE TRUE COMPUTER CODES AND STUFF. grow up, men!
GOT IT.AND DID IT
Thanks!
My brother u tell me this trick
ITS WORKING
I M VERY HAPPY
thnx for the help good advise!
how can i download apr-h4s softwere free