lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <43FAD0D6.8000906@gmail.com>
Date: Tue, 21 Feb 2006 03:35:34 -0500
From: Nexus <nexus.logik@...il.com>
To: bugtraq@...urityfocus.com
Subject: grab cookie information with Melange Chat Server 1.10


A common problem has been found by many sites running the Melange Chat 
Server (Here on out states as m-chat). M-Chat is a simple IRC like chat 
program for private websites. it can be ran from a java script, by using 
the browser to connect to the host on port 6666 (hence 
www.host.com:6666). However this service also allows for a telnet 
session to be connect in order to use the server and here in lies the 
problem.

By logging into M-chat through a telnet connection, one is able to 
monitor the http connections comming in on that port. In most cases the 
person logging on using the browser based chat has their entire header 
displayed to any currently in a raw telnet session. Below is a a short 
article of this big being put into se on a effect hack.


Source: http://www.oh2600.com/forum/viewtopic.php?t=43

By: Nexus

Background:

What is Aimforum.com?

Aimforum.com Is/Was a rather popular America Online Instant Messanger 
Forum. The site has a large gathering of rather intelligent young kids. 
However the forum is now seeing hard time......


Why was it hacked?

As such would happen AimForum.com's new onwer did not see eye to eye 
with the older vetern members of the Forum. The forum, which was a 
underground forum talking about "illegal AIM" activities was converted 
over to a open public system with no illegal posts or chatter were 
permitted, was bound to cause conflict. After many many member being 
banned a few people had decided to take the matter witihin their own 
hands and prove a point, which would lead to a call to the 
FBI........here is how it was done


Many sites today run a low level chat system known as Melange Chat, 
better known as M-Chat which server as a simple inner site IRC server. 
Aimforum.com is no different in this matter. A major flaw with M-chat is 
that when it is access via a web browser it displays critical cookie 
information to anyone witin the server. By simply telneting to 
www.site.com:6666 <http://www.site.com:6666> one can site within the 
telnet session and wait.......

Step One: Setting the trap

The "Hackers" logged into the M-Chat via telnet. They sat and waited for 
their target to get online.......Now once the Admin was online, a simple 
IM to him offering a link to www.aimforum.com:6666 
<http://www.aimforum.com:6666> was all that was needed, the admin was 
sent right to the M-chat port and this cookie and browser header was 
then displayed within the M-chat channel.

Step Two: Putting the information to use.

Now that they aquired the admin's header information, it was time for 
them to put things into action. They husseled to their firefox directory 
(as it was a firefox cookie) and cleared their entire cookie cache, then 
would open Firefox, and log into aimforum.com with their own( or a 
hacked, didn't matter) account. This would allow them to get the cookie 
set. Once the cookie was grabbed they closed firefox, openned the cookie 
file and edited the "bbuser" field from 3315(which is the normal user 
level) to 419, i think it was(which is the admin user level) and then 
changed the "bbhash" from whatever it was they had to the admins hash. 
Now with this all done they now have the same cookie information as the 
targeted admin did.....It was time for the third and final step

Step Three: Executing the Hack

Having the same cookie information as the said Admin, they simply only 
needed to open their Firefox, and direct themselves back to 
www.aimforum.com. <http://www.aimforum.com.> And in the instant was 
greeted with the "Welcome [Username Removed]" They were in....

Now from here they could have done anything, a simple new thread to say 
"blah blah you were explioted" or anything else to prove their point and 
get out....But they decided to take a more Destructive approch to their 
plans. As the small team of kids went through the newly hacked forum 
they began to delete threads, posts and information. Years of topics, 
and useful information was gone in minutes. From here the exploit was 
done and they felt satisfied, but it was not over, they had to prove 
even further that they were "l33t h3x0r d00ds" they created a new 
announcement on the forum which was dsiplayed on the front page 
annoucnign they(using their handles/usernames) had hacked and owned the 
forum.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ