The Ultimate BearShare Hack

5 10 2007

THIS HACK HAS BEEN FIXED BY BEARSHARE !!!
THAT’S WHAT I WANTED :)
THIS HACK NO LONGER WORKS.

Hi again !

So this is what you all are waiting for, cool !

DISCLAIMER : I AM NOT A HACKER, AND I AM POSTING THIS HACK BECAUSE I WANT BEARSHARE AUTHORITIES TO KNOW THIS IS POSSIBLE, AND THEY SHOULD FIX THIS BUG. AND I DID NOT HACK INTENTIONALLY. I WAS VIEWING MY BLOG’S STATISTICS, AND I CAME TO KNOW ABOUT THIS HACK.


If you don’t know anything about BearShare, view my previous post by clicking here

How to Hack BearShare ?

URL STEALING. Yes, no Cookie Stealing (I am not hungry right now :D) .

Ever wonder why BearShare doesn’t have a address bar or URL indicator ?

Because if you have a URL you could hack that account.

How BearShare Community Webpages work ?

Unlike other websites, which use cookies, to store login information, BearShare stores this login information inside URL, the username and the password is inside this URL

Where does this URL link to ?

To every page of BearShare Community. Like viewing a profile, viewing messages, doing anything inside BearShare.

How does this URL look like ?

http://community.bearshare.com/people/profile_content.html?MyUserId=xxxx&PasswordHash=xxxxx&wt=xxxxxx

How do I get the link ?

Nice question, by REFERRAL METHOD ! You need to steal the URL, by REFERRAL METHOD.

If you are not familiar with Referral, it a URL, from where the user comes from. Like If I am at http://www.yahoo.com, and at that page I saw a link to my page (for suppose), now if I view my page’s statistics, I will see http://www.yahoo.com as a Referral URL to my page. But you don’t need yahoo URL, you need BearShare’s URL.

So place your page link in your BearShare account, and if someone clicks on to your page from BearShare you can get BearShare link ;)

STEP BY STEP ( YOU MUST HAVE LITTLE KNOWLEDGE ABOUT HTML)

1, First create a blog or site of your own on any free blog provider or any website provider like geocities or something.

2, Create a account on StatCounter.com and get code (StatCounter is a free invisible counter for your website/blog that monitors the visitor, this is where you can get the referral link)

3, And insert that code in your webpage or blog.

4, Now it’s tme to edit your BearShare account, open BearShare and login to your account. Click on My Layout Edit

And put your webpage or blog’s link in Profile HTML section in My Layout Edit page. Write

<a href=”http://www.my-webpage.com/”&gt; </a><a target=”_blank” href=”http://www.my-webpage.com”>My Blog</a>

Replace “http://www.my-webpage.com” with your webpage or blog link. And click Save Changes.

5, Ask someone to visit your website or blog.

6, Login to StatCounter.com and view your site’s statistics. On the left side, you will see a link “Recent Came From”, look for a link starting like

http://community.bearshare.com&#8230;..

If you find one, yupee ! You got it !

7, Copy this link and paste it into your Internet Explorer (No it doesn’t work in Firefox, I tried :D) and press Enter. You are in his/her acocunt.

8, And now give me a comment :D lol

Note : The advertisements on BearShare can also hack your account, if you click on them

About these ads

Actions

Information

6 responses

12 02 2008
unreal

they still have not sorted out their security. Using MD5 reverse lookup you can crack passwords. capturing them is just as easy.This means you can log in using the bearshare client and really screw with things.

thisissean_2@hotmail.co.uk

12 02 2008
Ahmed Mujtaba

Yeah, they really need to work on their core.

Thanks for the update :)

12 02 2008
unreal

no problemo :)

9 05 2008
Cvika

There is easier way to get Profile link (User link). When you are talking to someone on (bearshare) IM, just simply visit someones profile and copy/paste their Nickname into IM. and viola, you have their Bear Share url.

Best Regards From

Cvika

12 07 2008
jason

I just use fileswire its a web based p2p client that works directly from the web you can view it at FilesWire.com

12 07 2008
Ahmed Mujtaba

I will look into it, thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Follow

Get every new post delivered to your Inbox.

%d bloggers like this: