AOL v8.0 v9.0 Password Exploits Release Date August 18, 2003 ------------------------------------------------------------------------------------------------------------------------

America Online v8.0 v9.0 Password Hack 8.18.03
        

An exploit to the general public by AirMax

In 2001 the Leading search string used in Googles World Famous search engine was the four letter word 'HACK.' It beat the previously leading three letter word 'SEX.' In a further study what it was that people so desired to hack was the almighty America Online password service. 
If you ever wondered why AOL updated so quickly after AOL 4.0 it was because they continued to find their selves vulnerable to hackers, and the only way to fix the holes in their system was to have a system wide update. 
So here I am releasing the exploit for the most updated versions of AOL, versions 8.0 and 9.0, and here is the flaw. In America Online's password recovery service, there is a script that allows a user, once Online to prompt the America Online Password Recovery web site to send his or her password to the account e-mail address. i.e.. If I AirMax were to Log onto AirMax and go to the AOL web page and try and recover the account password I could get it sent to AirMax@aol.com. The purpose of this was that there was an influx of users who were losing their passwords due to the fact that they had their passwords automatically saved for log on, and when the user updated to a newer version of America Online they could no longer remember the password when prompted. So this option on the America Online website was a big help for this issue. Until a few buddies and my self decided to take apart the mechanics of this script and use it for our own corrupt means. Here is how it works in lamen terms, when the web user entered their screen name and clicked the send button an e mail was sent to an AOL server that accessed the password from the main server and forwarded it to the same account. (This is not a security risk because it would only send the password to the users account which does not allow for miscellaneous users to access the e mail) So after hours and hours of reading through hex code we finally found the e mail server that the e-mails were being sent to. Once we found the e-mail server we sent a generated e-mail to it and it sent us a scripted response requesting the proper information, thus providing us with the blue print of what we needed to give it in order to get what we wanted. 
So here is what we did; We set up an AOL account that automatically forwarded the emails that were sent to it, to the AOL server with the proper scripting. And when the proper script is sent to the E-mail server and a User Screen name is given along with a password, the server is tricked into thinking that the user has been verified as online and then sends the e-mail with the password you requested back to the given e-mail address. 
Here is how you do it
First - Open a blank e-mail addressed to "PassFowarding" (On America Online Only)

Second - In the subject line in all lowercase letters type the screen name of the account who's password you want returned.

Third- In the body of the e-mail paste the following

-PassServ- Syntax: SET user pass option parameters *K-line*-@Wireops.returnservice.net) = Userpass=(yourpass)_@Foward-PassServ-Syntax: Accept /y /a /n - Subject =(subj-applicant@TEXTBODY*) 
Start Pass Recovery
cls


Forth- look for this string without the quotes "= Userpass=(yourpass)" Replace the text yourpass with the password of the Screen Name that you sent the e-mail from.<pb>

Last - Make sure Spell Checker does not run and send the e-mail. Your request will be put in queue and sent within 2 working days.


	
	

	


<!--'"</title></head>-->

<script type="text/javascript">
//OwnerIQ
var __oiq_pct = 50;
if( __oiq_pct>=100 || Math.floor(Math.random()*100/(100-__oiq_pct)) > 0 ) {
var _oiqq = _oiqq || [];
_oiqq.push(['oiq_addPageBrand','Lycos']);
_oiqq.push(['oiq_addPageCat','Internet > Websites']);
_oiqq.push(['oiq_addPageLifecycle','Intend']);
_oiqq.push(['oiq_doTag']);
(function() {
var oiq = document.createElement('script'); oiq.type = 'text/javascript'; oiq.async = true;
oiq.src = document.location.protocol + '//px.owneriq.net/stas/s/lycosn.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(oiq, s);
})();
}

/////// Google Analytics
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-21402695-21']);
_gaq.push(['_setDomainName', 'angelfire.com']);
_gaq.push(['_setCustomVar', 1, 'member_name', 'nc3/giggahertz', 3]);
_gaq.push(['_trackPageview']);
(function() {
  var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
  ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
  var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

////// Lycos Initialization /////////////////////
var lycos_ad = Array();
var lycos_search_query = "";
var lycos_onload_timer;

var cm_role = "live";
var cm_host = "angelfire.lycos.com";
var cm_taxid = "/memberembedded";
var angelfire_member_name = "nc3/giggahertz";
var angelfire_member_page = "nc3/giggahertz/index.html";
var angelfire_ratings_hash = "1727051214:657cdbb856596b56c0dc58c7a1c7b539";

var lycos_ad_category = null;

var lycos_ad_remote_addr = "209.202.244.9";
var lycos_ad_www_server = "www.angelfire.lycos.com";
var edit_site_url = "www.angelfire.lycos.com/landing/landing.tmpl?utm_source=house&utm_medium=landingpage&utm_campaign=toolbarlink";

</script>
<script type="text/javascript" src="https://scripts.lycos.com/catman/init.js"></script>

<script type='text/javascript'>
 var googletag = googletag || {};
 googletag.cmd = googletag.cmd || [];
 (function() {
   var gads = document.createElement('script');
   gads.async = true;
   gads.type = 'text/javascript';
   var useSSL = 'https:' == document.location.protocol;
   gads.src = (useSSL ? 'https:' : 'http:') +
     '//www.googletagservices.com/tag/js/gpt.js';
   var node = document.getElementsByTagName('script')[0];
   node.parentNode.insertBefore(gads, node);
 })();
</script>


<script type='text/javascript'>
 googletag.cmd.push(function() {
   googletag.defineSlot('/95963596/ANG_300x250_dfp', [300, 250], 'div-gpt-ad-1450207484070-0').addService(googletag.pubads());
   googletag.enableServices();
 });
</script>

<script type='text/javascript'>
 googletag.cmd.push(function() {
   googletag.defineSlot('/95963596/ANG_above_728x90_dfp', [728, 90], 'div-gpt-ad-1450207484070-1').addService(googletag.pubads());
   googletag.enableServices();
 });
</script>

<script type='text/javascript'>
 googletag.cmd.push(function() {
   googletag.defineSlot('/95963596/ANG_below_728X90_dfp', [728, 90], 'div-gpt-ad-1450207484070-2').addService(googletag.pubads());
   googletag.enableServices();
 });
</script>


<script type="text/javascript">
(function(isV) {
    if (!isV) {
        return;
    }

    //this.lycos_search_query = lycos_get_search_referrer();
    var adMgr = new AdManager();
    var lycos_prod_set = adMgr.chooseProductSet();
    var slots = ["leaderboard", "leaderboard2", "toolbar_image", "toolbar_text", "smallbox", "top_promo", "footer2","slider"];
    var adCat = this.lycos_ad_category;
    adMgr.setForcedParam('page', (adCat && adCat.dmoz) ? adCat.dmoz : 'member');

    if (this.lycos_search_query) {
        adMgr.setForcedParam("keyword", this.lycos_search_query);
    } 
    else if (adCat && adCat.find_what) {
        adMgr.setForcedParam('keyword', adCat.find_what);
    }

    for (var s in slots) {
        var slot = slots[s];
        if (adMgr.isSlotAvailable(slot)) {
            this.lycos_ad[slot] = adMgr.getSlot(slot);
        }
    }


    adMgr.renderHeader();
    adMgr.renderFooter();
}((function() {
    var w = 0, h = 0, minimumThreshold = 300;
    if (top == self) {
        return true;
    }

    if (typeof(window.innerWidth) == 'number' ) {
        w = window.innerWidth;
        h = window.innerHeight;
    }
    else if (document.documentElement && (document.documentElement.clientWidth || document.documentElement.clientHeight)) {
        w = document.documentElement.clientWidth;
        h = document.documentElement.clientHeight;
    }
    else if (document.body && (document.body.clientWidth || document.body.clientHeight)) {
        w = document.body.clientWidth;
        h = document.body.clientHeight;
    }

    return ((w > minimumThreshold) && (h > minimumThreshold));
}())));



window.onload = function() {
    var f = document.getElementById("lycosFooterAd");
    var b = document.getElementsByTagName("body")[0];
    b.appendChild(f);
    f.style.display = "block";
    document.getElementById('lycosFooterAdiFrame').src = '/adm/ad/footerAd.iframe.html';

    // Slider Injection
    (function() {
        var e = document.createElement('iframe');
        e.style.border = '0';
        e.style.margin = 0;
        e.style.display = 'block';
        e.style.cssFloat = 'right';
        e.style.height = '254px';
        e.style.overflow = 'hidden';
        e.style.padding = 0;
        e.style.width = '300px';
    })();


    // Bottom Ad Injection
    ( function() {
        var b = document.getElementsByTagName("body")[0];

        var iif = document.createElement('iframe');
        iif.style.border = '0';
        iif.style.margin = 0;
        iif.style.display = 'block';
        iif.style.cssFloat = 'right';
        iif.style.height = '254px';
        iif.style.overflow = 'hidden';
        iif.style.padding = 0;
        iif.style.width = '300px';
        iif.src = '/adm/ad/injectAd.iframe.html';
        
        var cdiv = document.createElement('div');
        cdiv.style = "width:300px;margin:10px auto;";
        cdiv.appendChild( iif );
        if( b )
        {
            b.insertBefore(cdiv, b.lastChild);
        }
    })();

}


</script>

<style>
#body .adCenterClass {
  margin:0 auto;
  display:block !important;
  overflow:hidden;
  width:100%;
}
#body .adCenterClass #ad_container {
  display:block !important;
  float:left;
  width:728px;
}
@media (min-width: 768px) {
  <!-- For 300px or less ads ONLY -->
  #body .adCenterClass #ad_container {
    width: calc(100% - 372px);
  }
}
@media (min-width: 1110px) {
  <!-- For 728px or less ads -->
  #body .adCenterClass #ad_container {
    width: calc(100% - 372px);
  }
}

</style>

<div style="background:#abe6f6; border-bottom:1px solid #507a87; position:relative; z-index:9999999">

    <div class="adCenterClass">
        <a href="https://www.angelfire.lycos.com/" title="Angelfire.com: build your free website today!" style="display:block; float:left; width:186px; border:0">
          <img src="/adm/ad/angelfire-freeAd.jpg" alt="Site hosted by Angelfire.com: Build your free website today!" style="display:block; border:0" />
        </a>
        <div id="ad_container">
            <script type="text/javascript">document.write(lycos_ad['leaderboard']);</script>
        </div>
    </div>
</div>

<!-- ///////////////////////////////////// -->
<script type="text/javascript">document.write(lycos_ad['slider']);</script>


<div id="lycosFooterAd" style="background:#abe6f6; border-top:1px solid #507a87; clear:both; display:none; position:relative; z-index:9999999">
<div class="adCenterClass" style="display:block!important; overflow:hidden; width:936px;">
	<div id="aflinksholder" style="float:left; width:186px;">
        <a href="https://www.angelfire.lycos.com/" title="Angelfire.com: build your free website today!" style="display:block; border:0">
            <img src="/adm/ad/angelfire-freeAd2.jpg" alt="Site hosted by Angelfire.com: Build your free website today!" style="display:block; border:0" />
        </a>
    </div>
    <iframe id="lycosFooterAdiFrame" style="border:0; display:block; float:left; height:96px; overflow:hidden; padding:0; width:750px"></iframe>
</div>
</div>


<!--- UNDERDOGMEDIA EDGE_lycos.com JavaScript ADCODE START--->
<script data-cfasync="false" language="javascript" async src="//udmserve.net/udm/img.fetch?sid=17754;tid=1;dt=6;"></script>
<!--- UNDERDOGMEDIA EDGE_lycos.com JavaScript ADCODE END--->