1. How do online accounts hacked using Session Hijacking? Explained View

Yesterday I have written an article how an Yahoo account using Session Cookies Hacking.. though in that article Session Hijacking has only informative ideas which makes today to think more about and let me write an another article describing whole… about what are the session cookies what are the methods or the types…

In this today’s article we will discuss more about online session hacking and session hacking attacks and different methods of Hijack the Sessions.

Though in the previous article I have already explained what the session cookies are but here I am posting it again just to recal…

Session Cookies are the string stored when we tends to login our account. But with unfortunate with hackers luck these strings have very short span of life i.e. gets automatically deleted after a set period of time. Now the question where these strings are stored -  In any situation there are only two places where these keys gets stored first one is itself the server and the second one is the browser cookies. And the destruction takes place at three ways first is when you close your web browser, second is when you sign out of your account and third is if you left your account open for more than 20 minutes idle. In general, cookies are used to maintain the sessions on the websites and store the remote address of the website.

Now when these session cookies are exploited in any ways to gain unauthorized access over any computer system or network then this whole process is termed as Session Hijacking.Sometime if said more technically it is called the HTTP Cookie Theft or Magic Cooke Theft… Nowadays several websites has started using HTTPS cookies simply called encrypted cookies. But we all know If encrypter exits so its decrypter also…

So now the question arises why the session cookie is hijacked and how it helps a hacker to gain access over to a system…

As it has already been mentioned that Session Cookies are the responsible keys to a person authentication so if any one gets these id… then he can easily bypass the authentication process and gain the access to the machine.  It would not require any reauthentication because the session is already active so the hacker can easily access the resources and sensitive information like passwords, bank details and much more. Isn’t this very terrific…

As we have got information what these “Session Cookies” are now let we see what are the ways…..

Session Hijacking involves two types of attacks :

1. Active attack

2. Passive attack

First Avtive Attack; in this type of attack Hackers tries to find an active session and takes control over it by forcing one of the parties makind offline forcibely. This is generally achieved by DDOS attack (Distributed Denial of service attack). Once if a hacker taken over this under his control then he can executes the commands on the system that either give him the sensitive information such as passwords or allow him to login at later time. Though the mentioned is the most common but there are also a hybrid attack , here the attacker watches a session for while and then becomes active by taking it over. Another way is to watch the session and periodically inject data into the active session without actually taking it over.

Now lets we Come to Passive attacks; in this type of attack a hacker Hijacks a session, but just sits back and watches and records all the traffic that is being sent from the computer or received by the computer. This is useful for finding the sensitive information like username passwords of websites, windows and much more…

As you learned the whole what Session hacking are and its types. Now its turn to Methods Involved; There are four main methods used to perpetrate a session hijack. These are:

• Session fixation, where the attacker sets a user’s session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
• Session sidejacking, where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised. Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.
• Alternatively, an attacker with physical access can simply attempt to steal the session key by, for example, obtaining the file or memory contents of the appropriate part of either the user’s computer or the server.
• Cross-site scripting, where the attacker tricks the user’s computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.

HowTo: Bypass Megavideo Time Limit

Are you annoyed and frustrated with Megavideo’s time limit? Don’t worry, I’ll show you how you can bypass that limit and let you enjoy watching your video or movie without any interruptions. Megavideo is one of the best and one of the most popular video sharing sites in the Internet. The problem about watching movies on Megavideo is that there is a 72-minute time limit and once you hit the limit, the video stops and you get this message:

Some movies are more than 72 minutes long, some are even 2-3 hours long so once you hit the time limit, you can’t continue watching the movie anymore. Sucks doesn’t it? Today, I’m gonna share with you a few methods on how to bypass the Megavideo time limit.
DISCLAIMER: These are workarounds suggested by other users. I do not endorse them and I haven’t tried all of the methods listed below. PERFORM THE METHODS AT YOUR OWN RISK.
Method 1 – Work Offline

1. Open the video that you want to watch on Megavideo. Click the Play button and when it starts playing, click on the Pause button to let it buffer.
2. Wait until the video is done loading/buffering to 100%.
3. Click on Work Offline and watch the video.
Mozilla Firefox
- Click on File > Work Offline.
Internet Explorer 7 & 8
- Click on Tools > Work Offline.
[Remember to unclick the Work Offline button once you're done watching]
Method 2 – Block Cookies
1. Clear your web browser’s cache and delete cookies.
2. Block cookies.
Mozilla Firefox
- Click on Tools > Page Info.
- Click on the Permissions tab. Under Set Cookies, if Use Default is checked, uncheck it then select Block.
Internet Explorer 7 & 8
- Click on Tools > Internet Options.
- Click on the Privacy tab.
- Click on Sites.
- Under “Address of Website“, type “megavideo.com” (without the quotes), click Block.
- Repeat the previous step and this time type “www.megavideo.com“, click Block.
3. Disconnect your modem and wait for about 10 seconds before reconnecting it.
4. Continue watching the video.
Method 3 – Download
(You’ll need Mozilla Firefox for this one.)

1. Install the DownloadHelper addon and restart Firefox.
2. Go to Megavideo and open the video that you want to watch and click Play.
3. Once the video starts buffering, the DownloadHelper icon would start revolving. Click on the small arrow beside it then click on the .flv file and it will prompt you to save the file to your computer. You can rename the file if you want and choose where you want it to be saved.
4. Watch the video with VLC Media Player or Applian FLV player.
Method 4 – Illimitux addon
(You’ll need Mozilla Firefox for this one.)
1. Install the Illimitux addon and restart Firefox.
2. Go to Megavideo and open the video that you want to watch.
3. Click on the Illimitux icon (lower right corner of Firefox) and you will be directed to another page where you can watch the video without any time limits.
Caution: This add-on has not been reviewed by Mozilla. Be careful when installing third-party software that might harm your computer.
Method 5 – Megastreaming.org
1. Go to Megavideo and copy the URL of the video that you want to watch. (example: http://www.megavideo.com/?v=Q7UK1BVI)
2. Open http://megastreaming.org/.
3. Paste the URL of the video you want to watch on the space provided and click Play.
Method 6 – Lyke.co.cc
1. Go to Megavideo and copy the URL of the video that you want to watch. (example: http://www.megavideo.com/?v=Q7UK1BVI)
2. Open http://lyke.co.cc/.
3. Paste the URL of the video you want to watch on the space below “Remove Time Limit” and click Watch.
Method 7 – No More 72 Mins
1. Go to Megavideo and copy the URL of the video that you want to watch. (example: http://www.megavideo.com/?v=Q7UK1BVI)
2. Open http://megavideonotimelimit.com/.
3. Paste the URL of the video you want to watch on the space provided and click Watch The Video.
Just choose any of the methods listed above which you think suits you best, follow the instructions and you’ll be able to enjoy watching videos and movies on Megavideo without any time limits or restrictions.
If you know of any other way or alternatives on how to bypass the Megavideo time limit, please share it with us so we can include it on this list.

Netbios Hacking

THIS NETBIOS HACKING GUIDE WILL TELL YOU ABOUT HACKING REMOTE COMPUTER AND GAINING ACCESS TO IT’S HARD-DISK OR PRINTER. NETBIOS HACK IS THE EASIEST WAY TO BREAK INTO A REMOTE COMPUTER.
STEP-BY-STEP NETBIOS HACKING PROCEDURE
1.Open command prompt
2. In the command prompt use the “net view” command

( OR YOU CAN ALSO USE “NB Scanner” OPTION IN “IP TOOLS” SOFTWARE BY ENTERING RANGE OF IP ADDRESSS. BY THIS METHOD YOU CAN SCAN NUMBER OF COMPUTERS AT A TIME).

Example: C:\>net view \\219.64.55.112

 

The above is an example for operation using command prompt. “net view” is one of the netbios command to view the shared resources of the remote computer. Here “219.64.55.112″ is an IP address of remote computer that is to be hacked through Netbios. You have to substitute a vlaid IP address in it’s place. If succeeded a list of HARD-DISK DRIVES & PRINTERS are shown. If not an error message is displayed. So repeat the procedure 2 with a different IP address.
3. After succeeding, use the “net use” command in the command prompt. The “net use” is another netbios command which makes it possible to hack remote drives or printers.

Example-1:
C:\>net use D: \\219.64.55.112\F
Example-2:
C:\>net use G: \\219.64.55.112\SharedDocs
Example-3:
C:\>net use I: \\219.64.55.112\Myprint

 

 

NOTE: In Examples 1,2 & 3, D:,G: & I: are the Network Drive Names that are to be created on your computer to access remote computer’s hard-disk.

NOTE: GIVE DRIVE NAMES THAT ARE NOT USED BY ANY OTHER DRIVES INCLUDING HARD-DISK DRIVES, FLOPPY DRIVES AND ROM-DRIVES ON YOUR COMPUTER. THAT IS, IF YOU HAVE C: & D: AS HARD DIRVES, A: AS FLOPPY DIVE AND E: AS CD-DRIVE, GIVE F: AS YOUR SHARED DRIVE IN THE COMMAND PROMPT

F:,”SharedDocs” are the names of remote computer’s hard-disk’s drives that you want to hack. “Myprint” is the name of remote computer’s printer. These are displayed after giving “net use” command. “219.64.55.112″ is the IP address of remote computer that you want to hack.
4. After succeeding your computer will give a message that “The command completed successfully“. Once you get the above message you are only one step away from hacking the computer.
Now open “My Computer” you will see a new “Hard-Disk drive”(Shared) with the specified name. You can open it and access remote computer’s Hard-Drive. You can copy files, music, folders etc. from victim’s hard-drive. You can delete/modify data on victim’s hard-drive only if WRITE-ACCESS is enabled on victim’s system. You can access files/folders quickly through “Command Prompt”.

 

NOTE: If Remote Computer’s Firewall Is Enabled Your Computer Will Not Succeed In Gaining Access To Remote Computer Through Netbios. That is Netbios Hacking Is Not Possible In This Situation.(An Error Message Is Displayed). So Repeat The Procedure 2,3 With Different IP Address.

HAPPY NETBOS HACKING!!

Hack BSNL Broadband for Speed

If you are a BSNL broadband user, chances are that you are facing frequent DNS issues. Their DNS servers are just unresponsive. The look up takes a long duration and many times just time out. The solution? There is small hack on BSNL for this. Use third party DNS servers instead of BSNL DNS servers or run your own one like djbdns. The easiest options is to use OpenDNS. Just reconfigure your network to use the following DNS servers:

208.67.222.222
208.67.220.220

Detailed instructions specific to operating system or your BSNL modem are available in the OpenDNS website itself. After I reconfigured my BSNL modem to use the above 2 IP addresses, my DNS problems just vanished! Other ‘freebies’ that come with OpenDNS are phishing filters and automatic URL correction. Even if your service provider’s DNS servers are working fine, you can still use OpenDNS just for these two special features. After you hack BSNL DNS servers, you will see a noticeable improvement in your broadband speed.