Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   Hacking Gmail account using GX cookie (http://www.go4expert.com/articles/hacking-gmail-account-using-gx-cookie-t15474/)

pop3_zxcv 12Dec2008 16:29

Hacking Gmail account using GX cookie
 
Disclaimer: This post is only for education purpose.

Introduction



Hacking web application was always curious for the script kiddies. And hacking free web email account is every geek first attempt. The method which I will describe in this post is not new; the same method can be applied to yahoo and other free web email services too.

The method we will be using is cookie stealing and replaying the same back to the Gmail server. There are many ways you can steal cookie, one of them is XSS (Cross site scripting) discussed by other is earlier post. But we won’t be using any XSS here, in our part of attack we will use some local tool to steal cookie and use that cookie to get an access to Gmail account.

Assumption:
  • You are in Local Area Network (LAN) in a switched / wireless environment : example : office , cyber café, Mall etc.
  • You know basic networking.

Tool used for this attack:
  • Cain & Abel
  • Network Miner
  • Firefox web browser with Cookie Editor add-ons

Attack in detail:

We assume you are connected to LAN/Wireless network. Our main goal is to capture Gmail GX cookie from the network. We can only capture cookie when someone is actually using his gmail. I’ve noticed normally in lunch time in office, or during shift start people normally check their emails. If you are in cyber café or in Mall then there are more chances of catching people using Gmail.

We will go step by step,
If you are using Wireless network then you can skip this Step A.

A] Using Cain to do ARP poisoning and routing:



Switch allows unicast traffic mainly to pass through its ports. When X and Y are communicating eachother in switch network then Z will not come to know what X & Y are communicating, so inorder to sniff that communication you would have to poison ARP table of switch for X & Y. In Wireless you don’t have to do poisoning because Wireless Access points act like HUB which forwards any communication to all its ports (recipients).
  • Start Cain from Start > Program > Cain > Cain
  • Click on Start/Stop Snigger tool icon from the tool bar, we will first scan the network to see what all IPs are used in the network and this list will also help us to launch an attack on the victim.
  • Then click on Sniffer Tab then Host Tab below. Right click within that spreadsheet and click on Scan Mac Addresses, from the Target section select
All hosts in my subnet and then press Ok. This will list all host connected in your network. You will notice you won’t see your Physical IP of your machine in that list.
How to check your physical IP ?
> Click on start > Run type cmd and press enter, in the command prompt type
Ipconfig and enter. This should show your IP address assign to your PC.
It will have following outputs:


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : xyz.com
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Main thing to know here is your IP address and your Default Gateway.

Make a note of your IP Address & default gateway. From Cain you will see list of IP addresses, here you have to choose any free IP address which is not used anywhere. We assume IP 192.168.1.10 is not used anywhere in the network.

  • Click on Configure > APR > Use Spoof ed IP and MAC Address > IP
Type in 192.168.1.10 and from the poisoning section click on “Use ARP request Packets” and click on OK.

  • Within the Sniffer Tab , below click on APR Tab, from the left hand side click on APR and now click on the right hand top spreadsheet then click on plus sign tool from top. The moment you click that it will show you list of IP address on left hand side. Here we will target the victim IP address and the default gateway.

The purpose is to do ARP poisoning between victim and the default gateway and route the victim traffic via your machine. From the left side click on Victim IP address, we assume victim is using 192.168.1.15. The moment you click on victim IP you will see remaining list on the right hand side here you have to select default gateway IP address i.e. 192.168.1.1 then click on OK.
  • Finally, Click on Start/Stop Sniffer tool menu once again and next click on Start/Stop APR. This will start poisoning victim and default gateway.

B] Using Network Miner to capture cookie in plain text



We are using Network miner to capture cookie, but Network miner can be used for manythings from capturing text , image, HTTP parameters, files. Network Miner is normally used in Passive reconnaissance to collect IP, domain and OS finger print of the connected device to your machine. If you don’t have Network miner you can use any other sniffer available like Wireshark, Iris network scanner, NetWitness etc.

We are using This tool because of its ease to use.

  • Open Network Miner by clicking its exe (pls note it requires .Net framework to work).
  • From the “---Select network adaptor in the list---“ click on down arrow and select your adaptor If you are using Ethernet wired network then your adaptor would have Ethernet name and IP address of your machine and if you are using wireless then adaptor name would contain wireless and your IP address. Select the one which you are using and click on start.
Important thing before you start this make sure you are not browsing any websites, or using any Instant Mesaging and you have cleared all cookies from firefox.
  • Click on Credential Tab above. This tab will capture all HTTP cookies , pay a close look on “Host” column you should see somewhere mail.google.com. If you could locate mail.google.com entry then in the same entry right click at Username column and click on “copy username” then open notepad and paste the copied content there.
  • Remove word wrap from notepad and search for GX in the line. Cookie which you have captured will contain many cookies from gmail each would be separated by semicolon (;) GX cookie will start with GX= and will end with semicolon you would have to copy everything between = and semicolon
Example : GX= axcvb1mzdwkfefv ; ßcopy only axcvb1mzdwkfefv

Now we have captured GX cookie its time now to use this cookie and replay the attack and log in to victim email id, for this we will use firefox and cookie editor add-ons.

C] Using Firefox & cookie Editor to replay attack.



  • Open Firefox and log in your gmail email account.
  • from firefox click on Tools > cookie Editor.
  • In the filter box type .google.com and Press Filter and from below list search for cookiename GX. If you locate GX then double click on that GX cookie and then from content box delete everything and paste your captured GX cookie from stepB.4 and click on save and then close.
  • From the Address bar of Firefox type mail.google.com and press enter, this should replay victim GX cookie to Gmail server and you would get logged in to victim Gmail email account.
  • Sorry! You can’t change password with cookie attack.

How to be saved from this kind of attack?
Google has provided a way out for this attack where you can use secure cookie instead of unsecure cookie. You can enable secure cookie option to always use https from Gmail settings.
Settings > Browser connection > Always use https


------

pop3.

NDL 21Dec2008 13:07

Re: Hacking Gmail account using GX cookie
 
looks good

Bhullarz 27Dec2008 00:45

Re: Hacking Gmail account using GX cookie
 
What are the chances that you will be caught by Google People while implementing this technique ?

Alex1239 5Jan2009 10:53

Re: Hacking Gmail account using GX cookie
 
nice indepth tute.....well done.

shabbir 6Jan2009 12:25

Re: Hacking Gmail account using GX cookie
 
Nomination for article of the month for December 2008 Started.

Sorgun 9Jan2009 22:05

Re: Hacking Gmail account using GX cookie
 
Hello. First, thanks for posting these instructions, as they're clear, direct and simple to follow. I'm curious as to why, however, I am unable to get it to work. I even did a test run using the GX cookie from a separate gmail account that I captured from a different email address, saved onto notepad, and then following the steps of C, directly copied it into the GX content section, however it still won't load that account. Thoughts?

pop3_zxcv 12Jan2009 12:27

Re: Hacking Gmail account using GX cookie
 
Sorgun:

If you have captured successfully GX cookie then it should work no matter you are using same PC or different PC in same or different network.

Idea behind this is as long as you have unsecure GX cookie you would be able to replay this attack.

Assume you have captured unsecure GX cookie and you are loged in to your Gmail account. Be at the page of your Gmail account open Cookie Editor and replace GX cookie and being there on that page in Address bar you would have to type mail.google.com and press enter.

This method will not work if victim has also enabled "Always use https" option from Gmail mail account settings.

I've checked this methods works fine till now....

As per my findings for yahoo you have to replace cookie B , Y and T and type mail.yahoo.com on the same address bar.

shabbir 19Jan2009 09:39

Re: Hacking Gmail account using GX cookie
 
Its among the Article of the month and votes can make it win, so start Voting for article of the month for December 2008

sachin_idt 19Jan2009 13:49

Re: Hacking Gmail account using GX cookie
 
Its very good...

ram123 19Jan2009 14:04

Re: Hacking Gmail account using GX cookie
 
Really Good.

sachin_idt 19Jan2009 14:19

Re: Hacking Gmail account using GX cookie
 
It works with yahoo as well...

immortal 25Jan2009 08:27

Re: Hacking Gmail account using GX cookie
 
Very good very good but in a simple way as well u can just also use a ARP attack with FULL ARP GOING


not half but FULL

and it will then send pass then u should know what to do after that although this method hardly does work its just another one to think about

good job on the post

TriG0rZ 25Jan2009 21:11

Re: Hacking Gmail account using GX cookie
 
awesome thanks

yasirhs 26Jan2009 05:58

Re: Hacking Gmail account using GX cookie
 
awesome!!!

Xintruder 28Jan2009 08:52

Re: Hacking Gmail account using GX cookie
 
Hello, thank you for your effort.
I liked the way you presented the material. I might try applying it at some time, it seems fun.

I have a question though:
Can this type of hacking ever be ethical?

pop3_zxcv 28Jan2009 12:32

Re: Hacking Gmail account using GX cookie
 
Xintruder:

Nop. This is not ethical., but it will help you to know the concept and how to protect it. Sniffing in IDS/IPS will invoke Traps..so don't even try this in your office..

pop3.

rajdaan 3Mar2009 14:58

Re: Hacking Gmail account using GX cookie
 
good work..................

nordic 26May2009 22:59

Re: Hacking Gmail account using GX cookie
 
Really well done - thanks!

I have WiFi and can get the GX cookies on the laptop that runs NetworkMiner; and then get connected to gmail.

And I can see my other laptop, but am unable to get the cookies. Any advice?

reagan 25Mar2010 15:42

Re: Hacking Gmail account using GX cookie
 
i also have a wireless internet connection.please can any one tell me how to hack other wireless networks so that i can use their internet for free

seangtz 26Mar2010 09:47

Re: Hacking Gmail account using GX cookie
 
Good information...Is there anyway to come to know that our gmail account has been hacked?

shabbir 26Mar2010 10:01

Re: Hacking Gmail account using GX cookie
 
Quote:

Originally Posted by seangtz (Post 66274)
Good information...Is there anyway to come to know that our gmail account has been hacked?

In the footer always check the last 5 IPs from where you account is being accessed.

sathish_kasi 26Mar2010 16:47

Re: Hacking Gmail account using GX cookie
 
Hello Guru's

nice to see ur post........
i need one help from u ppls........

my gmail id is hacked.......
now only realize how is happened that time i logged in and using torrent.... in mozila firefox....not only that i always save my password in browser itself.........

ok let come to point

one person hack my id and he cahenges my password, secondary email, security questions... i reported to google and fill the forms..on their i gave my email id, old password, frequently contacted email id's, orkut account url, orkut's previous user name,account creation month and year and last successful login date month year.......and my piccasa account creation date....and youtube account creation and labels of my account and so on..........but i get the mail from google we can't restore the account...............i couldn't find my activation code of hacked account........


one important thing last night i seen that person using my id........ while my cousin logged into his account in the chat list the id is avail for chat am try chat him when i ping he went invisible.......

is there is anyway to recover my account........my contact email id is sathishtechkasi(at)gmail(dot)com.......plz mail me.

i dont want to know how to hack i need my id only........becoz this one is official id i registered everything with this id only plz try to help me am not a genius too plz consider my request.............

thanks

sathish kasinathan:mad::mean::embarasse:nonod::crazy::emba rasse:shout:

enerst 18May2010 20:45

Re: Hacking Gmail account using GX cookie
 
Hello All,

Please reply me for tools i want to be buy toosl or if any body know who can be supplying me good smtp, any good type of mailer and email leads fresh ones please give my email to the person please the person must be sombody with good tools if you are also very good in webmail hacking please do reply ony good hacking bro should reply me, a sincere and understandable person, i will do more things with the person after i get his reply via yahoo chat my email is (jaccy_luv@yahoo.com)

I really need genuine persons.

Thanks and God bless you all hackers as you contribute and help me your Friend.

King Enerst

enerst 18May2010 20:50

Re: Hacking webmail account
 
I am Enerst please brothers send me a website i can be using to hack webmail, email leads or site that upgrades their email leads from time to time, smtp, mailers, or credict card but am not to concered about credict card but really not to serious about credict cards this eis my email (jaccy_luv@yahoo.com) get back to me by chatting with me on yahoo of if yu have this things i have listed i can by buying from you it is very important to me but i need a sincere and free in mind brother.

Thanks as you chat with me on yahoo messager

My Name is King Enerst
Thanks And Bless You

aungkyawzin 4Jun2011 13:29

Re: Hacking Gmail account using GX cookie
 
I Like that

joker.N7 8Jun2011 17:36

Re: Hacking Gmail account using GX cookie
 
thanks very much

cofiholic 13Jul2011 21:15

Re: Hacking Gmail account using GX cookie
 
Hi guys,

I need to access my blogger account for I want to remove my posts (and my name). Problem is I already deleted my gmail account. I think the email that I used is just a username for blogger. Therefore, does that mean I can still use that email address to log on to blogger? Is there any chance you can help me hack my old email address? Forgot the password already.

Thanks a lot!

Scripting 25Jul2011 13:07

Re: Hacking Gmail account using GX cookie
 
Nice basic tut !

lonerusher 14Aug2011 06:43

Re: Hacking Gmail account using GX cookie
 
copied from isoftdl which is my website...I originally wrote this article around 2 years back in sept 2009.

shabbir 14Aug2011 10:29

Re: Hacking Gmail account using GX cookie
 
Quote:

Originally Posted by lonerusher (Post 86026)
copied from isoftdl which is my website...I originally wrote this article around 2 years back in sept 2009.

This article is live here since 2008

Scripting 20Aug2011 16:03

Re: Hacking Gmail account using GX cookie
 
Quote:

Originally Posted by shabbir (Post 86028)
This article is live here since 2008

Lulz ...

aero eagles 19Jan2012 18:46

Re: Hacking Gmail account using GX cookie
 
Good Idea

cena525 6Jun2012 19:16

Re: Hacking Gmail account using GX cookie
 
great sharing...

nafo 23Oct2012 12:47

Re: Hacking Gmail account using GX cookie
 
Thanks for the good tutorial ,but maybe you have some good tutorial for Linux ?
Thanks

bvhllshtbtchn 15Jan2013 07:24

Re: Hacking Gmail account using GX cookie
 
Can't the the GX cookie :/
Does the person need to be in the same state as you?

flipmedia 20Jul2014 21:03

Re: Hacking Gmail account using GX cookie
 
1 Attachment(s)
Dear Friends,
I am newbie in using the tool NetworkMiner . I am using windows 7 Ultimate . But I cannot select
the wireless socket , I got following error in attachment . Please help me with a solution . The Firefox plugin also not shown in Browser too . Any other editor for changing cookies?


Please look the attached image



Thanks
Anes


All times are GMT +5.5. The time now is 06:51.