[DarkFlux™]

Digital Authorization Key

DAK is the most advanced technique used now-a-days to Protect the cookies over SSL Website !

DAK Stands For Digital Authorization Key

DAKH Stands for Digital Authorization Key Hash


So first of all , before getting into the actual tutorial and exploiting !

Let us know about some related thing .

SSL :
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.[1] They use asymmetric cryptography for authentication of key exchange, symmetric encryption for confidentiality and message authentication codes for message integrity. Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).



MAP

Example :
PHP Code:

Code:

live.com

the cookie of microsoft is protected in this way

Code:

Cookie(12)---->Season ID MX ( 18 ) ----> DAK(22) ---->DAKH(Variable)

So you need to Descrypt like this

Code:

DAKH(Variable)--->DAK(22) ---> Season ID MX ( 18 ) ---> Cookie(12)

DAKH(Variable)

DAKH is the Simplest thing to find out in this exploit . Get Firefox browser .
Get Cookie manger for the firefox from here
1) login to the live Account
2) when you are in inbox Open up Cookie manger !
3) Now Get the cookie from the manager !

Say it is :

Code:

1234567890qwertyuiop123456789

it is 29 Letters now Lets make it DAK(22)


DAK (22)

Code:

1x2x3x4x5x6x7x8x9x0xqxwxexrtxyxuxixoxpx1x2x3x4x5x6x7x8x9

simply it.

Code:

362800qwertyuiop362800

Now the Words are 22 letters . Some times it would cross 22 letters , in that case Cutdown the last 4 Letters And first 4 letters until unless it becomes 22 words .



Season ID MX ( 18 )

Season ID MX ( 18 ) was cracked by Xcel3rated 360 here is the way to bypass it

Code:

vmicrosft(outlook version)(letters in user id)

Code:

vmicrosoft(18.0)(4)

Code:

vmicrosft72

So, we got 11 letters but its actually 18 letters right ?

there is a bypass method for this Add the reaming to _ where microsoft Server fills it automatically .

Code:

vmicrosft72__

Now we are on final Stage , Cookie(12)

you need to note that the results maay vary if you direct login , then you are from injecting cookie .

So if you login , the microsoft adds Additional security to cookie as we learnt in begining .

now Firstly inject Dak to Variable .

create a new slot in cookie manager called " auth_key_1"

Code:

362800qwertyuiop362800

AFter that create another slot called "mx_id"

Code:

vmicrosft72__

Now reload the Inbox !

Open cookie manger And search for " cookie "

We got it in pure form

Code:

4gytoiz34y5j

Now thats your final key (cookie)

Where ever you want to login Just use the cookie and you are in .

[Cressi]

Interesting, have never seen a good guide for this before ^^

[Blue]

Wow, I never knew you could do this thank you for the post mate!

Also just wondering are you from any other forums? :3