“pleez, pleez, PLEEZ teach me how to hack a Hotmail Account!!!”
-unidentified IRC user
From here on in you walk alone. Neither little_v OR Black Sun Research Facility AND its members will be responsible for what you do with the information presented here. Do not use this information to impress your “l33t0_b0rit0″ friends. Do not operate in shower. Objects in article may be closer than they appear.
Note: If you see (x), where x is a number, it means that this term is defined at (x) at the bottom of this article.
The purpose of this article is NOT, I repeat, NOT to teach someone how to “hack an email account”. It’s true purpose is actually MUCH more devious. The purpose of this and all other articles in the “An Exploit Explained: ” series is to teach readers about various web technologies, and the basics of security and exploiting. I will try to give you a hands-on, learn as you go type of education in computer security. Sound good??? Then let’s get in to it!!
On Wednesday, Sept. 22 1999, yet another bleary day in the life of little v, the following message was sent to my inbox:
Subject: Yet another major Hotmail security hole -
Date: Wed Sep 22 1999 10:48:04
Author: Georgi Guninski
Yet another major Hotmail security hole - injecting
There is a major security flaw in Hotmail which allows
works both on Internet Explorer 5.0 (guess IE 4.x)
and Netscape Communicator 4.x. Hotmail filters the
does not filter properly the following case:
So the following HTML is executed <IMG
if the user has enabled automatically loading of
images (most users have).
Probably this may be used in other HTML tags.
email message allows for example displaying a fake
login screen where the user enters his password
which is then stolen. I don't want to make a scary
demonstration, but I am sure it is also possible to
read user's messages, to send messages from user's
name and doing other mischief. Hotmail deliberately
attacks, but obviously there are holes. It is much
easier to exploit this vulnerability if the user uses
Internet Explorer 5.0. AFAIK this is not a browser
problem, it is Hotmail's problem.
The code is:
first message in your Inbox is from :
Ok, don’t puke, I’m going to explain what just happened in a fashion that even your dog can understand.
What is this all about?
This important part of this posting to the Bugtraq(1) (http://www.securityfocus.com) mailing list is the actual exploit(2).
The exploit would be:
first message in your Inbox is from :
What does it do?
How does it work?
What else can I do with this hole in Hotmail’s Security?
This code opens a window with Darknet’s main page in it when the hotmail user opens your mail:
Note that the above code could point to any page at all (even one that simulates hotmail’s “you have been logged out” screen. *wink* *wink* HINT HINT ;-) )
This code opens 100 windows with Darknet’s main page in it (tee hee! self promotion is good!):
The rest is up to you, my friend. By the way, if Hotmail finds a way to make this exploit null and void, please don’t mail me, as I probably already know. Just keep looking for the next big exploit, and then when you’ve found it, you may tell me.
(1) Bugtraq – A mailing list where people publicize holes and exploits in various softwares. I highly suggest that you subscribe at http://www.securityfocus.com.
(2) Exploit – Webster’s dictionary sez: ” exploit (eks’ploit’) – an act remarkable for brilliance or daring; bold deed”. Wow. Think of that the next time you steal someone’s ICQ password.
(5) ASCII – A standard for characters on and beyond the normal keyboard.
(2) http://come.to/the-lamer – they have some fake hotmail pages that will make you think you were logged out for some reason and ask you to input your password. They also have some tutorials on how to use these pages, etc’ etc’ etc’.
From Blacksun – Updated by Darknet