Monday, August 24, 2015

PfishBot:Autophishing: The Request: Part I

So we will jump back to messaging in a minute but first we need to go here:

https://m.facebook.com/findfriends/browser/

Where we can "find friends".


Now the JS here is really simple whip open console and we can do a test before we loop it


Successful

And now we use the location.reload(), this will reset the suggestions:



 and now time to automate:

1
2
3
4
5
6
7
8
9
while(1){

document.querySelectorAll("button[type='submit']")[0].click();
  setTimeout(func, 3000);
  function func(){
location.reload();
}
  
}
It may be best to use a for loop though but it works. You actually need a significant delay apparently facebook thinks the public is rather slow. So put as long as you need, a minute so that they never try to block you might be a good idea.
Posted by at No comments:
Labels: , , , , , ,

PfishBot:Auto Phishing: Messaging: Part I

Phishing is the process of creating fake IDs and making them appear real. I decided to automate the whole process from replying to messages to adding "friends".

First thing to do is set up the messaging system as this is doubtless to be the most difficult part.

First we find a weakpoint in the site to launch from, in the case of Facebook the page with the most functionality and least html to scan and possibly parse is:


Now I should mention that in order to create a fake account you will probably need a phone number, and getting past this is just not worth it as free applications such as text+ work just fine. Or use a payphone. I don't care.

Great now finding the  message box name is easy:

"composerInput"

however the button for send is a bit more dynamic, it changes each time and there is a convoluted js and php script which hides it unless text was dynamically entered". Two ways past, JS or .Net.


JS

So the JS code is real simple:

Inspect the text box. Lets say for our example it is running under the ID of "u_0_5":


 The errors happened because of button ID change. Now we can text the click again, once we have entered text so as to fake the button(we will get to doing this automatically shortly):
So our code is:

1
2
3
4
5
6
7
8
var content = document.body.textContent || document.body.innerText;
var hasText = content.indexOf("Way to go")!==-1;
if(hasText){
   setTimeout(function(){
       document.getElementById('composerInput').value="Second Check";
    document.getElementById('u_3p_5').click();
   },5000);
}


But that really is not too useful because we have not been able to send it free of user interaction, due to that messy script(or set of scripts) we have left to tackle.















Posted by



at





No comments:
  

















Labels:
,
,
,
,
,
,













          

        

          

        

Sunday, August 9, 2015


          

        










Check site for User names










Well we all might want to programatically check a site for user names, quick demo post here, a kind I have not done in a while:



So for all you script kiddies out there here is what we end with:




window.location = 'http://www.facebook.com'
checkers();
function checkers()
{
  var user = '';
  var text = '';
  var possible = 'abcdefghijklmnopqrstuvwxyz';
  for (var i = 0; i < 6; i++)
  text += possible.charAt(Math.floor(Math.random() * possible.length));
  document.forms[0].elements[1].value = text + '@gmail.com';
  document.forms[0].elements[2].value = 'password';
  var pablo = document.forms[0].elements[3];
  pablo.click();
  if (document.all('content').innerHTML.indexOf('Please try again') >= 0)
  {
    user = user.concat(text + '@gmail.com')
    checkers();
  }
}
str.indexOf('Yes') >= 0







Now to run it:











A moder browser is all you really need. This post is really just a mod of the Bane JS Cracker I posted a while ago. Anyway just mess with the form elements depending on the site. Then you just need to save and parse string user however you choose. One could just C+V from a alert() window, and just change the infinite loop of this code to stop after a certain amount. Whatever your heart desires.













Posted by



at





No comments:
  






































Quick old Digital Steg Pt 1










Finished the book so back to blogging again, heres a quick post:





To begin with we can just edit the straight up pixels, not unlike this:








size(200, 200);
loadPixels();  
for (int i = 0; i < pixels.length; i++) {
  float r= random(255);
  color c = color(r);
  pixels[i] = c;
}
updatePixels(); 








We just need to add an algorithm which encodes useful information, perhaps with less data(this image contains 250,000 bits. It might be best if we modify the pixels of an image, for better disguise than an old cctv when the lines are down. Here I'll whip up a quick example to get those started who are here for the first time:




PImage webImg;

void setup(){
size(500, 500);

  String url = "https://processing.org/img/processing-web.png";
  // Load image from a web server
  webImg = loadImage(url, "png");
}
void draw(){
  image(webImg, 0, 0);
loadPixels();  
for (int i = 0; i < 25000; i++) {
  float rand = random(255);
  color c = color(rand);
  pixels[i] = c;
}
updatePixels(); 
}




Of Course creating:








The best way to disguise our messages are clever manipulations of the alpha levels, but lets keep it in "acceptable areas" near the edges of lines, so we will first mess with random alphas for demonstration, then create a "smart" program to hide our messages even more effectively, and then we will make the encoder/decoder.




Okay, so just a random dash of message, or no particular meaning yet:






See? Very sloppy. It is rather obvious those 4 dots caused by:


PImage webImg;

void setup(){
size(500, 500);

  String url = "https://processing.org/img/processing-web.png";
  // Load image from a web server
  webImg = loadImage(url, "png");
}
void draw(){
  image(webImg, 0, 0);
loadPixels();  
for (int a = 0; a < 25; a++) {
  float i=random(pixels.length);
  float rand = random(255);
  color c = color(rand);
  pixels[(int)i] = c;
}
updatePixels(); 
}






So we must use line detection and start to make our message meaningful. Let us start with the latter method and make a simple coding schema:





CODING SCHEMA HERE












Now in addition we can also make messages through the combination of images which are meant to be deciphered by a human reader.The good old syllipsis program will also work just adding a contextualizer i.e. : "userenteredfilename"+".jpg"  based on user input, but lets import the Syllipsis.jar code to speed things up, why code that which you yourself have already written?:






  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135


import processing.core.*; 
import processing.data.*; 
import processing.opengl.*; 

import javax.swing.JFileChooser; 

import java.applet.*; 
import java.awt.Dimension; 
import java.awt.Frame; 
import java.awt.event.MouseEvent; 
import java.awt.event.KeyEvent; 
import java.awt.event.FocusEvent; 
import java.awt.Image; 
import java.io.*; 
import java.net.*; 
import java.text.*; 
import java.util.*; 
import java.util.zip.*; 
import java.util.regex.*; 

public class htmlsaver extends PApplet {


String realtime;
String file;
String savers;
boolean btn= false;
String lastInput = new String();
String currentInput = new String();

public void setup()
{

  
   
  background(204);
 size(800, 600);
 smooth();
 


 textAlign(CENTER);
}

public void draw()

{
  
  if (btn == true) {
    fill(255);
  } else {
    noFill();
  }
  rect(20, 60, 75, 75);
  ellipse(60,90,50,50);
   
  fill(0);
text("Thanks for Using Syllipsi By Daniel McCormack",width/2,60);
 text(lastInput, width/2, height/2);
 fill(255, 255, 255);
 text(currentInput, width/2, height*.75f);
 
   


}
public void mousePressed(){
  if (btn){
    exit();
  }
}
public void keyPressed()
{
 if(key == ENTER)
 {
   lastInput = currentInput = currentInput + key;
   currentInput = "";
   lastInput="http://"+lastInput;
 
   
JFileChooser chooser = new JFileChooser();
int returnVal = chooser.showOpenDialog(null);


{
  println("Saving <HTML> to " + chooser.getSelectedFile().getName());
    file = chooser.getSelectedFile().getName();
   
String currline[] = loadStrings(lastInput);
for (int i = 0 ; i < currline.length; i++) {
  println(currline[i]);
saveStrings(file,currline);
}
}
 }
 else if(key == BACKSPACE && currentInput.length() > 0)
 {
   currentInput = currentInput.substring(0, currentInput.length() - 1);
 }
 else
 {
   currentInput = currentInput + key;
 }
}

public void mouseMoved() { 
  checkButtons(); //for our magical menu
}
  
public void mouseDragged() {
  checkButtons(); //again the gui menu check 
}

public void checkButtons() {
  if (mouseX > 20 && mouseX < 95 && mouseY > 60 && mouseY < 135) {
    btn = true;    //the final gui menu check
    

  } else {
    btn=false;
  }
}




  static public void main(String[] passedArgs) {
    String[] appletArgs = new String[] { "--full-screen", "--bgcolor=#666666", "--stop-color=#cccccc", "htmlsaver" };
    if (passedArgs != null) {
      PApplet.main(concat(appletArgs, passedArgs));
    } else {
      PApplet.main(appletArgs);
    }
  }
}








And we only need the new JFileChooser() at the end to save our new "image chain". 




and lets focus on this region:






 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18


public void keyPressed()
{
 if(key == ENTER)
 {
   lastInput = currentInput = currentInput + key;
   currentInput = "";
   lastInput=lastInput+".jpg";//contextualizer
 }

 else if(key == BACKSPACE && currentInput.length() > 0)
 {
   currentInput = currentInput.substring(0, currentInput.length() - 1);
 }
 else
 {
   currentInput = currentInput + key; //input update
 }
}








Let's fix this up with a little bit of reorganizing. We dump the menu chooser in the exit area. The "[ENTER] adds the picture.




  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140


import processing.core.*; 
import processing.data.*; 
import processing.opengl.*; 

import javax.swing.JFileChooser; 

import java.applet.*; 
import java.awt.Dimension; 
import java.awt.Frame; 
import java.awt.event.MouseEvent; 
import java.awt.event.KeyEvent; 
import java.awt.event.FocusEvent; 
import java.awt.Image; 
import java.io.*; 
import java.net.*; 
import java.text.*; 
import java.util.*; 
import java.util.zip.*; 
import java.util.regex.*; 

public class htmlsaver extends PApplet {

PImage img;
    
String realtime;
String file;
String savers;
boolean btn= false;
String lastInput = new String();
String currentInput = new String();

public void setup()
{

   

  background(204);
 size(800, 600);
 smooth();
 


 textAlign(CENTER);
}

public void draw()

{
  
  if (btn == true) {
    fill(255);
  } else {
    noFill();
  }
  rect(20, 60, 75, 75);
  ellipse(60,90,50,50);
   
  fill(0);
text("Thanks for Using pixtitch By XOS",width/2,60);
 text(lastInput, width/2, height/2);
 fill(255, 255, 255);
 text(currentInput, width/2, height*.75f);
    
       

String currline[] = loadStrings(lastInput);
for (int i = 0 ; i < currline.length; i++) {
  println(currline[i]);
saveStrings(file,currline);

}
 }
 else if(key == BACKSPACE && currentInput.length() > 0)
 {
   currentInput = currentInput.substring(0, currentInput.length() - 1);
 }
 else
 {
   currentInput = currentInput + key; //input update
 }
}


}
public void mousePressed(){
  if (btn){
    JFileChooser chooser = new JFileChooser(); //prompt a save if the "game" is over
int returnVal = chooser.showOpenDialog(null);


{
  println("Saving pixtitch to " + chooser.getSelectedFile().getName());
    file = chooser.getSelectedFile().getName();
}
  }
}
public void keyPressed()
{
 if(key == ENTER)
 {
   lastInput = currentInput = currentInput + key;
   currentInput = "";
   lastInput=lastInput+".jpg";//contextualizer
   img = loadImage(lastInput);
   image(img, 0, 0); 
 }
}
 


public void mouseMoved() { 
  checkButtons(); //for our magical menu
}
  
public void mouseDragged() {
  checkButtons(); //again the gui menu check 
}

public void checkButtons() {
  if (mouseX > 20 && mouseX < 95 && mouseY > 60 && mouseY < 135) {
    btn = true;    //the final gui menu check
    

  } else {
    btn=false;
  }
}




  static public void main(String[] passedArgs) {
    String[] appletArgs = new String[] { "--full-screen", "--bgcolor=#666666", "--stop-color=#cccccc", "htmlsaver" };
    if (passedArgs != null) {
      PApplet.main(concat(appletArgs, passedArgs));
    } else {
      PApplet.main(appletArgs);
    }
  }
}








And now focus on this:




 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13


public void keyPressed()
{
 if(key == ENTER)
 {
   lastInput = currentInput = currentInput + key;
   currentInput = "";
   lastInput=lastInput+".jpg";//contextualizer
   img = loadImage(lastInput);
   int x=img.width
   int a=a+25
   image(img, a, 0,25,25);
 }
}








And now to wrap things up:




  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142


import processing.core.*; 
import processing.data.*; 
import processing.opengl.*; 

import javax.swing.JFileChooser; 

import java.applet.*; 
import java.awt.Dimension; 
import java.awt.Frame; 
import java.awt.event.MouseEvent; 
import java.awt.event.KeyEvent; 
import java.awt.event.FocusEvent; 
import java.awt.Image; 
import java.io.*; 
import java.net.*; 
import java.text.*; 
import java.util.*; 
import java.util.zip.*; 
import java.util.regex.*; 

public class htmlsaver extends PApplet {

PImage img;
    
String realtime;
String file;
String savers;
boolean btn= false;
String lastInput = new String();
String currentInput = new String();

public void setup()
{
int a=0;
   

  background(204);
 size(800, 600);
 smooth();
 


 textAlign(CENTER);
}

public void draw()

{
  
  if (btn == true) {
    fill(255);
  } else {
    noFill();
  }
  rect(20, 60, 75, 75);
  ellipse(60,90,50,50);
   
  fill(0);
text("Thanks for Using pixtitch By XOS",width/2,60);
 text(lastInput, width/2, height/2);
 fill(255, 255, 255);
 text(currentInput, width/2, height*.75f);
    
       

String currline[] = loadStrings(lastInput);
for (int i = 0 ; i < currline.length; i++) {
  println(currline[i]);
saveStrings(file,currline);

}
 }
 else if(key == BACKSPACE && currentInput.length() > 0)
 {
   currentInput = currentInput.substring(0, currentInput.length() - 1);
 }
 else
 {
   currentInput = currentInput + key; //input update
 }
}


}
public void mousePressed(){
  if (btn){
    JFileChooser chooser = new JFileChooser(); //prompt a save if the "game" is over
int returnVal = chooser.showOpenDialog(null);


{
  println("Saving pixtitch to " + chooser.getSelectedFile().getName());
    file = chooser.getSelectedFile().getName();
}
  }
}
public void keyPressed()
{
 if(key == ENTER)
 {
   lastInput = currentInput = currentInput + key;
   currentInput = "";
   lastInput=lastInput+".jpg";//contextualizer
   img = loadImage(lastInput);
   int x=img.width
   int a=a+25
   image(img, a, 0,25,25);
 }
}
 


public void mouseMoved() { 
  checkButtons(); //for our magical menu
}
  
public void mouseDragged() {
  checkButtons(); //again the gui menu check 
}

public void checkButtons() {
  if (mouseX > 20 && mouseX < 95 && mouseY > 60 && mouseY < 135) {
    btn = true;    //the final gui menu check
    

  } else {
    btn=false;
  }
}




  static public void main(String[] passedArgs) {
    String[] appletArgs = new String[] { "--full-screen", "--bgcolor=#666666", "--stop-color=#cccccc", "htmlsaver" };
    if (passedArgs != null) {
      PApplet.main(concat(appletArgs, passedArgs));
    } else {
      PApplet.main(appletArgs);
    }
  }
}





















Posted by



at





No comments:
  





























          

        

          

        

Wednesday, August 5, 2015


          

        










Xantivirus










Screenshot of antivirus/antimalware software I whipped up, works quite well:







Just time to create own icons and debug a few detector issues.








Posted by



at





No comments:
  





























        

      









Subscribe to:
Posts (Atom)