AN0N3M0US C0D3 Posted May 5, 2012 Share Posted May 5, 2012 WELCOME TO HACKING: SOCIAL NETWORKING Thank you all for viewing this article, for this is very important for ANY hacker/penetration tester looking to exploit social networking. Let's start out with what many hackers/penetration testers get stuck when it comes to hacking these networks. There is no perimeter! There are thousands of servers! Phishing is outdated, and will soon be ridden of by social networks! This is VERY common with hackers/penetration testers because hacking is usually about Phishing, Hash Cracking, and TCP/HTTP trafficking. But with social networks is a whole different kind of system, in reality social networking is nothing more then an online application. So, think back to your days of learning HTML, Java, C, C++, PHP as you know you can tell the machine/compiler to do ANYTHING you wanted as long as you knew how to do it, correct? Well, social networking works the exact same way! But you need to understand HOW to use database. I'm going to use a simple example; Google/YouTube, the easiest one's to exploit. What I want you to do is log-in to your account on YouTube. - Go to your profile/channel. - You will find in your address bar http://www.youtube.com/user/whateveryournameis?feature=guide - NOTICE: The ?feature=guide - Right Click< View Source Look at the top where it says, matchid. That is the ID of the profile and the session, (As your SHOULD know) so what does this mean? ALL SOCIAL NETWORKING IS CODE INJECTABLE! Yes, that is true! In EVERY social network is a session AND profile ID that is viewable to the public. Your job as a penetration tester/hacker is to know how to get the session/profile ID so you can code inject it into the website. So, it's time to start thinking like a computer scientist. I'm going to use my YouTube example to show you how it works, so your profile has a ?feature=guide at the end of http://www.youtube.com/user/whateveryournameis. And it doesn't show ?feature=guide on other profiles, so that must mean ?feature=guide is the gateway to the session ID and the profile ID. - For YouTube you need to paste ?feature=guide at the end of the victime Ex: http://www.youtube.com/user/personyouwantohack - Ex: http://www.youtube.com/user/whateveryournameis?feature=guide Right click > View source. There you will find his/her session and profile ID and you can use things like Greasemonkey to exploit the ID, alright now that you have an understanding on how to do it. I want you to review these steps in order to apply them other places than YouTube, here's a list of things I want you to try. - Log-in to your account and look at source of your profile. - Compare your source to the victims source. -Find out what is different until you found the ID's. -Find a way to replace the victims ID by finding the Admin ID for the profile and editing the source code in things like notepad, microsoft word ETC. - Once you've found the admin ID and replaced the victims ID with your admin ID keep all other HTML as the victim's profile. - Load the code and HTML into a code injector. Thank you for reading! Post something that YOU'VE discover for other social networks, I've found many including; Facebook, YouTube, Google, Yahoo ETC. But as you know, I'm not a script kiddie trainer. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.