How to compile a list of new Entrecarders to drop on

Featured, Tutorials 6 Responses »
Mar 172009

http://www.flickr.com/photos/ondersetgonas/

Dropping on new Entrecarders can have many benefits, though EC’s use of Javascript in their category browser makes it hard to drop on multiple users without hours of tedious clicking. In this post, I’ll show you how you can create an easy to use link list of the newest members.
1. Install some Firefox extensions
Linky will allow you to highlight and open up to 99 links in new tabs.
DOM inspector will allow you to see the actual page source generated by Entrecard’s Javascript.

2. Get a decent text editor
Notepad++ is an excellent FOSS text editor with many additional capabilities.
OR
EmEditor (30-day trial) is possibly the best non-FOSS editor around.

3. Grep for Win32

Once you have your extensions, editor, and grep installed, go to your EC Category viewer sorted by newest members:

http://entrecard.com/category/browser?order_by=newest

Set the EC browser to view 24 rows and wait until it’s fully loaded.
catnew
Fire up your DOM inspector by clicking Tools > DOM Inspector in your Firefox menu. Once in, click this green button to activate the node inspector:
dom1
Now click on an card on the EC Category viewer and you’ll see a red box appear around it. Switch back to the DOM inspector and you’ll notice that the tree has expanded and highlighted an entry below the cat_results id. Click the arrow to expand cat_results and you should see the following:

dom2

dom3

Right click on the cat_results DIV and click “Copy XML”. Paste it into your text editor of choice. You should see one very long bit of code. Browse to the next page of Category viewer results and repeat the last few steps until you have 3 or 4 lines.

edit1

Save your text file to your desktop and launch your command prompt by clicking Start > Run > cmd > OK
In your command prompt window, type the following to change directories to your desktop where your file is saved:
cd Desktop

Now using grep, you can filter out all the url’s hidden away in the text file.
grep -Po "\/t\/oc\/\d+" DOM.txt >> newec.txt

You may need to run grep with the full path if that didn’t work:
"C:\Program Files\GnuWin32\bin\grep.exe" -Po "\/t\/oc\/\d+" DOM.txt >> newec.txt

edit2
Now open your new text file in your editor and do a search and replace.
Find:
/t/oc/
Replace with:
<a href="http://entrecard.com/t/oc/

Now add the last bit of that html using your editors macro function.
Click to position your cursor at the end of the first line.
Start recording your macro
Paste the following at the end of the first line:
">.</a>

Now hit the down arrow and then the End key on your keyboard to move to the next line and position the cursor at the end of the line.
Stop recording and run the macro with options. Set it to run one less than the total number of lines in your file, or until the end.
Optionally, you may wish to insert <br /> between every 99 links since Linky can only open 99 at a time.

edit3
Save your file as newec.html and open in Firefox.

Once your page is up in Firefox, you’ll see a ton of “…..” links. Highlight a few of them and right click to open selected links in tabs with Linky. You’ll want to uncheck “Select already visited links” to keep from reopening sites you’ve already dropped on.

linky

Voila! You’ll likely notice more than a few sites don’t have widgets, usually due to newb bloggers spending hours trying to figure out how to add the script to their sites…
Enjoy :)

Posted by nukeit at 6:35 pm Tagged with: , , , , , , , , , , , , , , ,

Facebook Hack - Access Any Users Photo Albums

Featured 27 Responses »
Mar 122009

http://www.flickr.com/photos/noneck/

Dave from Security Ninja shows how you can easily bruteforce a certain parameter to allow access to any user’s Facebook photo album using Burp Suite. Here are the basics:

Access to albums in Facebook is controlled by three parameters of a URL, you can see them here:

http://www.facebook.com/album.php?aid=-3&id=1508034566&l=aad9c

aid=-3 (-3 for every public profile album)
id=0123456789 (Obtained by searching for the user and hovering over the add friend button)
l=? (all we know is its 5 characters from the 0123456789abcdef range)

Dave uses Burp Suite, but there are many ways you can go about it. I think a dictionary of possible values might be marginally faster (untested) so I’ll use that.

First is one of my favorite methods, w3af’s Fuzzy Requests and Clustered Response tools.

GET http://www.facebook.com/album.php?aid=-3&id=targetsid&l=$[l.strip() for l in file('fbhex.dic').readlines()]$ HTTP/1.0
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.1 (KHTML, like Gecko) Safari/312
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded

Here’s the dictionary (1.1MB, zipped), extract it to your w3af directory.

After the run is finished, run the Cluster tool and wait. The valid page should show up far away from the rest of them.

Another tool that could be used for this is Edge Security’s WebSlayer:
URL:
http://www.facebook.com/album.php?aid=-3&id=targetsid&l=FUZZ
Set it to ignore lines so you can find your valid request faster. Currently, the error page contains 71 lines, but this may be different for you. Just run the scan for a few seconds and look at the number of lines that each error page contains, then stop the scan, enter the number in the ignore lines box and start again.

webslayer

Other useful features of WebSlayer are the ability to control the rate and set proxy options.

There are likely MANY other tools that you can use to accomplish this task, but these seem to be the simplest.
Good luck, and remember:

Check out Dave’s post for the Burp Suite method he uses to generate the needed parameter.

Posted by nukeit at 3:52 pm Tagged with: , , , , , , , , , , , , ,
Older Entries Newer Entries
© 2010 nukeitdotorg Suffusion WordPress theme by Sayontan Sinha

Powered by CDN Rewrites