Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Google Cookies?

Google Cookies? 9 years 1 month ago #23493

  • cyberoidx
  • cyberoidx's Avatar
  • Offline
  • Frequent Member
  • Posts: 49
  • Karma: 0
My google cookie just got stolen :(

(Cant believe how EASY it is to exploit the cookies using orkut.com just run a stuid J/S code for doc.cookie, use a cookie switcher and access is granted)

I've switched passwords and done eerything under the sun, but the guy yet has access.

So i wanted to know how long does it take for the google cookie to expire (i've heard reports of "till 2023" / 2 years / and two weeks

Can someone tell me which one is the valid one?
Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
The administrator has disabled public write access.

Re: Google Cookies? 9 years 1 month ago #23497

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi there,

Whats the cookie used for and how did you spot that its been compromised (just interested) ?

I will do some enquiries on how to expire it.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Google Cookies? 9 years 1 month ago #23498

  • cyberoidx
  • cyberoidx's Avatar
  • Offline
  • Frequent Member
  • Posts: 49
  • Karma: 0
Well, when you are using orkut, just use the document.cookie syntax to get the cookie. After this aarently there are many Programs that allow you to take your cookie and switch the art that is required.

I have chnaged my password 3 or 4 times, but the Person yet has acccess.. the only thing i can do is expect the best, and wait for 2 weeks, which the google login page specifies as the time out Period.

I found that manik29.lenhost.info/ has PHP pages that steal the code and store them in some database.
Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
The administrator has disabled public write access.

Re: Google Cookies? 9 years 1 month ago #23499

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
How do you know that the person has access ? It seems like a bit of a security hole if you can change your password and the cookie stil doesn't pick up this fact.

You say you executed a script which allowed this person to gain access to the cookie ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Google Cookies? 9 years 1 month ago #23500

  • cyberoidx
  • cyberoidx's Avatar
  • Offline
  • Frequent Member
  • Posts: 49
  • Karma: 0
The page had a javascipt that was executed to pickup the cookie.

I know that usually changing the password should fix the problems. But its not working in this case :( I've changed it 4 times already.

Pretty sure no keyloggers on my system... ran ProcessXP and autoruns to doublecheck.
Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
The administrator has disabled public write access.

Re: Google Cookies? 9 years 1 month ago #23501

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Not 100% sure how you know that changing the password hasn't worked ? Do you mean that its not reprompting for the password after you changed it or the cookie hasn't changed.

I can see how you know that the cookie has been compromised if there javascript executed but how do you know access can still be gained now you have changed the password ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup