WoAnyone been in those annoying forums where people want a “facebook hacking application” . It was passed down to us that tough love and lessons are the best way to make people good at stuff. So enters the problem :
- Facebook Hacking Application ? -> the question itself warrants suicide but oh well
- If you asked the above or find it legitimate it means ; You don’t read scripts to understand them, you simply run them … pronounced “skid” … hackers are problem solvers so why not help them “skid” along this issue.
Before we proceed this is an example of one such forum.
So lets come up with a solution for fun not profit 😀 …
We will have a “facebook graph zero day exploit”
- Person runs script , it requests them to login to facebook to extract API keys
- Script checks that login details are valid and in the background sends to our listener
- Tells the hacker that after sending the payload a network timeout happened
Adding some dodge:
- base64 encode the home script where the listener sits ; if they can’t read they can’t modify …. script is unnecessarily long counting lines for them alone would cause a migraine.
- generate random numbers per run so it looks like legit exploit on the fly (hacking cosmetics :-D)
Now that is the leet mode so basically we end up with this.
Incase the credentials are wrong we don’t want to mess up so here is the workflow:
That takes care of the script ; and yes the listener works too.
All people need a proof of concept therefore we give them one ; so modifed the strings abit to emulate a successful facebook graph exploitation to send to the group and get a buy in.
Lastly ; share and wait for them to skid into your text file.
Getting creative one can further compile it into an executable using pyinstaller or py2exe if you have a paranoid audience to further hide the monstrosity. Below is an example of making a linux executable version using pyinstaller ; the same can be applied in windows if you run on a windows platform.
Lastly test the script in the dist/ folder which is what u will give to the victims.
The scripts are available on github.