How to Cracking Yahoo Accounts

I spent one morning looking at Yahoo’s mail security …here’s what I’ve found and how I did it…..
I created an account whilst dialed into sify(ISP). I logged out and closed my browser. On reopening the browser I pasted in the following URL:

and this took me back to my account with out any error messages or prompts for a login. I then closed my browser, disconnected from SIFY (ISP)and dialed into Sancharnet(ISP). When connected I opened my browser and pasted the same URL:And was taken back to my mail-box! This made me think there must be a cookie controlling this…sure enough there it was. (1 of 3)

One, the cookie in the rough looks like this :

id%3dreIvr96lzVC4g%26s id%3dtMZu7cDVk5V9e%250a%26ts%3dX%2588B%2540

farm%3d1%26silo%3dms4%26 %26fwd%3dattach%26fontsz
%3dnormal%26msgwidth%3d72%26order%3ddown%26inc%3d5 0%26goto
but with all the Hex stripped out it slightly more managable:

id=reIvr96lzVC4g &<>sid=tMZu7cDVk5V9e%0a &

farm=1 & silo=ms4 & &
head=brief & fwd=attach & fontsz=normal &
msgwidth=72 & o rder=down & inc=50 & goto=msg

After being logged off for around an hour I reconnected to the Internet and pasted that URL again and got back in……this made me suspicious. I clicked on exit and checked the whole “exit” document. Down the bottom I found a link :

Log off completely.

Nice of them to warn you and put it way down the bottom. Most new users will not realise that the log off process is a double action if you log off “completely” then the cookie is removed from the Temporary Internet Files directory.

What does all this mean ?
Security wise if you can get physical access to a machine that someone has used to collect their mail and not done the double log off then you can access their account perhaps ad infinitum (I don’t know yet if the cookie has a TTL so to speak). In practice this means you’ll be cracking a friend’s, work (or school) colleague’s or family member’s account. Good for snooping on your girlfriend’s e-mail activities too. Unfortunately you can’t copy it to a floppy disk and save it in your own computer’s Temporary Internet Files directory because of the “Embarrassed …What you’d need to do is copy it to a floppy anyway…so you’ve got what info you need…then, now here’s the complicated part :

Set your own PC up as a web server as well as a DNS server (if you’ve got NT Server your laughing). Create a DNS entry for and use the loopback (127.0. 0.1). Then create an html file with the necessary script to impart a cookie with this same information. Connect to (you’ll actually loop back) and the cookie will be downloaded to the Temp Net files Directory….

Courtesy of