Author Topic: New FireFox/AIM Exploit?  (Read 5147 times)

0 Members and 1 Guest are viewing this topic.

Offline Screenor

  • Hero Member
  • *****
  • Posts: 1611
  • My own little world.
    • View Profile
New FireFox/AIM Exploit?
« on: December 19, 2005, 11:51:02 am »
Well, browsing the myg0t forum as I do daily, someone posted something I found actually really interesting, just wanted some comfirmation on it of some sort.

http://forums.myg0t.com/showthread.php?p=289027#post289027

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: New FireFox/AIM Exploit?
« Reply #1 on: December 19, 2005, 12:58:34 pm »
You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

   1. You are not logged in. Fill in the form at the bottom of this page and try again.
   2. You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
   3. If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: New FireFox/AIM Exploit?
« Reply #2 on: December 19, 2005, 01:03:14 pm »
100% agreed with Ergot. Mind copying/pasting it here, or taking a screenshot of it, scr33n0r?
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: New FireFox/AIM Exploit?
« Reply #3 on: December 19, 2005, 02:42:31 pm »
I have seen nothing about this in recent news, so it's probably not true. 

Plus, I make it a point not to trust any website that has a '0' in its name.  I have my reasons!

All that's happened lately is new IIS, Excel, and PHPMyAdmin vulnerabilities, but those have new ones every week, so no worries there. 

Offline Screenor

  • Hero Member
  • *****
  • Posts: 1611
  • My own little world.
    • View Profile
Re: New FireFox/AIM Exploit?
« Reply #4 on: December 19, 2005, 04:32:48 pm »
Original Post:
Quote
myg0t owned me -_-
Dont know why.... but I got a pm on AIM from MAKONG OF myg0t saying:

MAKONG of myg0t (4:01:58 AM): www.****s.org
MAKONG of myg0t (4:02:01 AM): Fucking Owns makong
S o a d L i n k (4:02:26 AM): hmmm get a life?
MAKONG of myg0t (4:02:49 AM): ****s > Makong
S o a d L i n k (4:03:01 AM): blocked = you

So then i blocked him... cause i never talked to him before... but i did click on that link, and it opened in firefox.

Then I get that message on aim a minute later: "you screenname has been logged in to 2 locations"... and i thought oh shit -_-

And he pms me from my own screen name:

S o a d L i n k (4:07:36 AM): Block me now
S o a d L i n k (4:07:42 AM): www.****s.org
S o a d L i n k (4:08:06 AM): :D

And he had already changed my password -_-

So is this an aim exploit? firefox exploit? I never typed my password... all I did was goto that website in firefox... i didnt browse it or anything, just went, and closed my browser a minute later. My password is saved in the aim login screen though.

Just wondering if I could get my aim account back, or how he got my password -_- im sorry for pissing you off for whatever i did.

(Makong is a member of myg0t)

However, he later replied with this:

Quote
Well, normally I'd take responsibility for this. I didn't do it. Someone hacked my aim screenname as well. Good thing none of my passwords are the same. It's some little kid with a new exploit. Now they have a few foul aim screennames I hardly ever use. GG

The website that was spammed to the guy in the first post (I assume) is www.g00ns.net, myg0t blanks out 'g00n' though, as you can see.


Now, the thing that brought it to my attention was, I know Makong, and normally when he does something, he wants full credit for the evil little deed he did, which is why I figured I'd ask around here as to find out maybe what this bug is, and possibly how to avoid it.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: New FireFox/AIM Exploit?
« Reply #5 on: December 19, 2005, 06:25:15 pm »
It obviously does something client-side, I'll see if I can find anything funky in the page source code.

I'm going to have to call BS, though. I don't really think its possible.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: New FireFox/AIM Exploit?
« Reply #6 on: December 20, 2005, 02:32:53 am »
If you have "save my password" checked for the AIM client, the SHA-1 (iirc) hash is located in registry.

Not that I think this is anything but made up, of course. Kiddies.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: New FireFox/AIM Exploit?
« Reply #7 on: December 20, 2005, 03:12:35 am »
I doubt AIM SHA-1's the password.  When it does the actual login, it needs to retrieve the password so it can encrypt/hash it when it's sent, and I doubt AOL is smart enough to double-hash it :)

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: New FireFox/AIM Exploit?
« Reply #8 on: December 20, 2005, 03:26:07 am »
I doubt AIM SHA-1's the password.  When it does the actual login, it needs to retrieve the password so it can encrypt/hash it when it's sent, and I doubt AOL is smart enough to double-hash it :)

It's either SHA-1 or md5, IIRC it's stored SHA-1 in registry.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Nate

  • Full Member
  • ***
  • Posts: 425
  • You all suck
    • View Profile
Re: New FireFox/AIM Exploit?
« Reply #9 on: December 20, 2005, 08:32:26 pm »
I know AIM supports some limited use of HTML but is it even possible to open a new window?

Offline Screenor

  • Hero Member
  • *****
  • Posts: 1611
  • My own little world.
    • View Profile
Re: New FireFox/AIM Exploit?
« Reply #10 on: December 21, 2005, 08:57:44 am »
I know AIM supports some limited use of HTML but is it even possible to open a new window?
"opening a new window" has nothing to do with this topic..in any way.

Offline Nate

  • Full Member
  • ***
  • Posts: 425
  • You all suck
    • View Profile
Re: New FireFox/AIM Exploit?
« Reply #11 on: December 22, 2005, 05:40:06 pm »
Never mind i thought it said he did not click on the link and it opened in Firefox.

Offline ink

  • Newbie
  • *
  • Posts: 74
    • View Profile
Re: New FireFox/AIM Exploit?
« Reply #12 on: February 14, 2006, 03:26:34 pm »
Sounds like he was either using an outdated version of firefox which was vulnerable to remote code execution, which gave the other guy access or possibly he was already infected but had either dialup or dsl so the other guy had to get him to goto a website to obtain the new ip since dialup and dsl are both dynamic