This is a step by step article that includes source code and files for the most common method used to steal myspace.com accounts. Learn the signs so that you do not fall victim.
Myspace.com has obviously become quite the phenomenon, and many people have reported that they have lost control over there accounts or had there accounts stolen. Many wonder how this can happen. Well it is actually quite simple and could be avoided if myspace.com got rid of the embed tag that they use.
First you will need to obtain the files. You can find them here: http://rapidshare.de/files/13724658/MySpac...r-WDYL.zip.html
Part 1 - configuring redirect.fla (The attacker needs shock wave flash)
1) The attacker changes "name_of_cookie" to a unique name
The cookie is used to prevent the same person from constantly getting the log in screen.
2) Then the attacker will change "http://some_server_here.com/" to a server which will store the fake myspace login screen called "index.htm".
3) the attacker then outputs and saves the shock wave movie
4) Then the attacker will upload the shock wave movie to a server, usually a free host or a server that has been previously hijacked.
Part 2 - The fake MySpace login screen
1) The attacker uploads the index.htm to the server that was set in the shock wave movie before and the save.php to the same location.
Part 3 - The attack
1) The attacker will post a comment on MySpace using an embed tag to embed the shock wave movie
2) The passwords should slowly build in "out.txt" ... unless the read/write chmods weren't set correctly
The fake login screen looks like this :
0 comments:
Post a Comment