Jump to content

Hacking: Social Networking Facebook, Youtube, Myspace Etc.


Recommended Posts

Posted

WELCOME TO HACKING: SOCIAL NETWORKING

Thank you all for viewing this article, for this is very important for ANY hacker/penetration tester looking to exploit social networking.

Let's start out with what many hackers/penetration testers get stuck when it comes to hacking these networks.

  1. There is no perimeter!
  2. There are thousands of servers!
  3. Phishing is outdated, and will soon be ridden of by social networks!

This is VERY common with hackers/penetration testers because hacking is usually about Phishing, Hash Cracking, and TCP/HTTP trafficking.

But with social networks is a whole different kind of system, in reality social networking is nothing more then an online application.

So, think back to your days of learning HTML, Java, C, C++, PHP as you know you can tell the machine/compiler to do ANYTHING you wanted as long as you knew how to do it, correct?

Well, social networking works the exact same way! But you need to understand HOW to use database.

I'm going to use a simple example; Google/YouTube, the easiest one's to exploit. What I want you to do is log-in to your account on YouTube.

Look at the top where it says, matchid. That is the ID of the profile and the session, (As your SHOULD know) so what does this mean? ALL SOCIAL NETWORKING IS CODE INJECTABLE!

Yes, that is true! In EVERY social network is a session AND profile ID that is viewable to the public. Your job as a penetration tester/hacker is to know how to get the session/profile ID so you can code inject it into the website.

So, it's time to start thinking like a computer scientist. I'm going to use my YouTube example to show you how it works, so your profile has a ?feature=guide at the end of http://www.youtube.com/user/whateveryournameis. And it doesn't show ?feature=guide on other profiles, so that must mean ?feature=guide is the gateway to the session ID and the profile ID.

There you will find his/her session and profile ID and you can use things like Greasemonkey to exploit the ID, alright now that you have an understanding on how to do it. I want you to review these steps in order to apply them other places than YouTube, here's a list of things I want you to try.

  • - Log-in to your account and look at source of your profile.
  • - Compare your source to the victims source.
  • -Find out what is different until you found the ID's.
  • -Find a way to replace the victims ID by finding the Admin ID for the profile and editing the source code in things like notepad, microsoft word ETC.
  • - Once you've found the admin ID and replaced the victims ID with your admin ID keep all other HTML as the victim's profile.
  • - Load the code and HTML into a code injector.

Thank you for reading! Post something that YOU'VE discover for other social networks, I've found many including; Facebook, YouTube, Google, Yahoo ETC. But as you know, I'm not a script kiddie trainer.

Posted (edited)

WELCOME TO HACKING: SOCIAL NETWORKING

Thank you all for viewing this article, for this is very important for ANY hacker/penetration tester looking to exploit social networking.

Let's start out with what many hackers/penetration testers get stuck when it comes to hacking these networks.

  1. There is no perimeter!
  2. There are thousands of servers!
  3. Phishing is outdated, and will soon be ridden of by social networks!

This is VERY common with hackers/penetration testers because hacking is usually about Phishing, Hash Cracking, and TCP/HTTP trafficking.

But with social networks is a whole different kind of system, in reality social networking is nothing more then an online application.

So, think back to your days of learning HTML, Java, C, C++, PHP as you know you can tell the machine/compiler to do ANYTHING you wanted as long as you knew how to do it, correct?

Well, social networking works the exact same way! But you need to understand HOW to use database.

I'm going to use a simple example; Google/YouTube, the easiest one's to exploit. What I want you to do is log-in to your account on YouTube.

Look at the top where it says, matchid. That is the ID of the profile and the session, (As your SHOULD know) so what does this mean? ALL SOCIAL NETWORKING IS CODE INJECTABLE!

Yes, that is true! In EVERY social network is a session AND profile ID that is viewable to the public. Your job as a penetration tester/hacker is to know how to get the session/profile ID so you can code inject it into the website.

So, it's time to start thinking like a computer scientist. I'm going to use my YouTube example to show you how it works, so your profile has a ?feature=guide at the end of http://www.youtube.com/user/whateveryournameis. And it doesn't show ?feature=guide on other profiles, so that must mean ?feature=guide is the gateway to the session ID and the profile ID.

There you will find his/her session and profile ID and you can use things like Greasemonkey to exploit the ID, alright now that you have an understanding on how to do it. I want you to review these steps in order to apply them other places than YouTube, here's a list of things I want you to try.

  • - Log-in to your account and look at source of your profile.
  • - Compare your source to the victims source.
  • -Find out what is different until you found the ID's.
  • -Find a way to replace the victims ID by finding the Admin ID for the profile and editing the source code in things like notepad, microsoft word ETC.
  • - Once you've found the admin ID and replaced the victims ID with your admin ID keep all other HTML as the victim's profile.
  • - Load the code and HTML into a code injector.

Thank you for reading! Post something that YOU'VE discover for other social networks, I've found many including; Facebook, YouTube, Google, Yahoo ETC. But as you know, I'm not a script kiddie trainer.

I found it also helps if you control the ISP. LOL Then you beat the second device authen by controlling the other device. All of which is illegal.

Edited by Rich

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...