Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: AIM hijacking

  1. #1

    Lightbulb AIM hijacking


    I have a question regarding AIM. How does session hijacking work? I'm not necessarily asking how to do it, just how it works. I have found little on Google. I just don't see how it's possible to gain control of someone's AOL/AIM account without a keylogger, and maybe even without a trojan virus. Anyone know how this works?

  2. #2
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Session hijacking can be a number of things but mainly its all about sitting on your ass for awhile studying network traffic with a sniffer then abuseing the services that communicate with it all.

    A shity example but I'll make things simple.

    Client ---- Sniffed router or who knows what ----- server

    There.... yeah I told ya it was a shity example.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    IMO anyone using AOL and/or AIM is just a (l)user...............AOL Time Warner...............a marriage made in hell?...............they will go into liquidation within 12 months IMO...the death of dinosaurs?

    Then you problem will be pure history

    In the meantime, please look at: http://www.bitdefender.com/


    Cheers

  4. #4
    Senior Member
    Join Date
    Jun 2002
    Posts
    311
    if your talking about kicking them off of AIM, theres several exploits that people use to do that-

    Aim Exploits

    Im going to trust that this is for educational purposes..


    Nihil - http://www.bitdefender.com/ (you forgot the period in front of www )

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    Session hijacking works by a couple of pricipals. When you send information it doesn't all go in one big piece. It gets broken up into smaller pieces. These pieces have sequence numbers attached to them. Basically the computer says the last packet I recieved was 5 the next one I should expect is 6. Someone sniffing the traffic could do a sequence prediction and guess the next number in the sequence. If they can guess the next number in the sequence they can fool the other machine into thinking that they are who they have been talking to and continue communication with the attacker instead of the other machine. It is actually not an easy attack to pull off, it is made easier with programs that help automate the sequence prediction but it can still be a pretty tricky attack. This is one reason why you should never use telnet. Also, you would have to be in close proximity to sniff the traffic between the 2 communicating parties and without getting into it to deep, often the machine that had its identity stolen needs to be taken off the wire, otherwise it can start communicating with the other host again.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Posts
    301
    nihil. I believe AOL Time Warner split up already. Dont have anything useful to post on this subject just wanted to make it known.

    PeacE
    -BoB
    #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
    ($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
    Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
    ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    just reading the thread prompted the reply, I havent searched the rest of the site, so if its elsewhere, I apologize in advance...
    My wife was looking at her buddies info and one of them had a link that read "whoaaa....Look what I found, click here"
    so....
    she did, and
    Took me almost six hours to remove all the crap it loaded. The antivirus caught the trojans, but the malware was amazing. just stuffed it to the gills, added to her desktop, menus, browser bars etc. The site the link pointed to was www.talkstocks.net (DO NOT click that less you feel like cleaning your machine or have HEAVY antimalware software deployed.)
    I contacted the ISP that owns that ip address and they will be investigating, so this may be a dead link already. But the important thing is it also changed her profile/buddy info to have that same quote and link. So this hooks into AIM as well. Ive looked for specifics as to what did that part but havent found it yet, but thought Id give a heads up, if you see that in someones buddy info, fight the curiousity and DONT click.

    Is it just me or is browser hijacking and malware seem to be stepped up a lot these days?
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    Well it all leads back to money. They are trying to get people to visit their sites to buy something or whatever. They are worthless pieces of crap.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    BWAHAHAHA... I clicked on the link you provided, avenger_jcc, and it said "Sorry, your browser is not WIN32 compatible". Schmucks.

    Browser hijacking on the windows platform is easy to do with the inclusion/use of IE. It may seem more prevelant because users are more willing to complain about it (and are being heard this time). I think this has been going on for a while. Perhaps recent changes in IE have made it somewhat easier.

    By entering the site, http://www.realphx.com, you agree that you authorize an automatic install of our adware which will create a link to RealPhx.com, in place of your current America Online Instant Messenger (AIM) profile and change your internet start-page to http://www.RealPhx.com. The adware will automatically install a file called av.exe on your computer. This program IS NOT a virus, worm, nor trojan horse. It is simply adware. This file will not harm your computer nor will it delete your files.
    *note if you are a windows/IE user and you click on one of those links, I don't want to hear about it. You have been warned.

    Interesting terms that one "agrees" to.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    yeah my wife was asking why her computer is all smut now, and as soon as she said "it all started when I clicked this link" I just hung my head.
    I hope that the ISP they are leasing from nails them for it though, but the almighty dollar may be more powerful than doing the right thing....
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •