This is a really ~censored~ thing to do, or funny as hell depending on what side you’re on.
(One man’s terrorist is another’s freedom fighter no?)
So I’m assuming all that read this are reading purely for the educational aspect right?
(Say Yes)
Ok, to make this paper short, the flaw is simple. It’s not a flaw in myspace, but in the way it’s setup. It’s not really a flaw at all, but oh well. It’s just the same as a mailing list. You sign up with your email, and unsubscribe by sending an email to an unsubscribe address with “unsubscribe” in the text field. When someone wants to legitimately unsubscribe to myspace, they open the form that does such, and unsubscribe. All that does is send an email from you (your account) to an email address that myspace uses for deleting accounts.
All you need to do is send an email from the victim’s email, to the server email used for removing accounts. This is very easy to do, very, no elite shell code programming involved or anything else.
The email address that myspace uses for account deletion is. cancelaccount@myspace.com This email address is being protected from spam bots, you need Javascript enabled to view it
Wow who would have thought it?
When you do delete an account, if you look in the URL bar when you delete your own account, it shows the variable input used, and that’s how the email address was found.
So what a no brainer, replace it with someone else’s.
So, just spoof an email from the target, with subject: delete, body: delete account
To cancelaccount@myspace.com This email address is being protected from spam bots, you need Javascript enabled to view it
Well you’re wondering how to get someone else’s myspace email. There are limitless ways, but the easiest it to first, communicate with them via AIM or in person, and just tell them you have some funny pictures of them drunk at a party and you want to send them to him/her. They won’t resist. Just social engineer them.
Mitnick has written a great book on the subject, “Art of deception”.
Once you have there email send a spoofed email from there email, to cancelaccount@myspace.com This email address is being protected from spam bots, you need Javascript enabled to view it with the subject:delete and body delete account
I don’t think it matters what you put in the subject and body, since It’s automated I’m assuming, and it’s a computer that looks at those emails, not a person. If you don’t know how to send spoofed emails,
Go to Google and find a tutorial how to send spoofed emails to do such. You need to learn how to use Google if you want to play with computers. It is the best way to direct information other than reading books, or asking someone smarter than you who is willing to tell you. It’s really freaking simple. You connect to an SMTP server (use the one on your ISP) and issue it the commands to make and send an email.
That’s it, within 48 hours the account will be deleted.
It works 100%, I have tested it out 100%.
It is not instant; it takes up to 48 hours.
If you were really evil, you could write a script or program that scans Google for email address’s, and then take those outputted address’s and send the requests to delete Myspace accounts on them. This is wrong though so I don’t advise anyone doing such. Also what is funny is that in High School or Middle School, most clubs and crap have mailing lists. Get access to one of those lists and it’s almost 100% assumed that all the addresses on those lists are kids who have myspace accounts.
No comments:
Post a Comment