Sunday, December 16, 2012

How to hack Facebook account pictures

A simple explanation of the Facebook photo URLs

Let's get an example Facebook URL and see what information can be found:

https://www.facebook.com/thehackernews = https://www.facebook.com/172819872731894

Example URL:
https://sphotos-b.xx.fbcdn.net/hphotos-ash3/562956_449111435102735_351919970_n.jpg

This is the photo's album id: 449111435102735
https://facebook.com/449111435102735

Here are different pictures that every user has stored, simply changing the letter at the end of the URL will change it's size.

Normal Picture:
https://sphotos-b.xx.fbcdn.net/hphotos-ash3/562956_449111435102735_351919970_n.jpg
Picture(small):
https://sphotos-b.xx.fbcdn.net/hphotos-ash3/562956_449111435102735_351919970_s.jpg
Small Picture:
https://sphotos-b.xx.fbcdn.net/hphotos-ash3/562956_449111435102735_351919970_t.jpg
Square Picture:
https://sphotos-b.xx.fbcdn.net/hphotos-ash3/562956_449111435102735_351919970_q.jpg



I found this on Pastebin a long time, so for the older Facebook photo ids:

    34330_1531425252044_1427142689_31473272_564909_n.jpg
      ^                    ^                       ^                  ^             ^
      |                      |                        |                   |               |
     No            image id                pid               id            No
    idea                                                                           idea
   
Example URLs:
   
    image id: 1531425252044
    profile.php?id=1531425252044
    redirects to the photo page
    photo.php?pid=31473272&id=1427142689
   
    pid: 31473272
    id of the picture page, needs user id too to work
    photo.php?pid=31473272&id=1427142689
   
    id: 1427142689
    user id
    profile.php?id=1427142689


Cell Phones - Service Menus and Special Numbers

How to get to your phone's service menu

Everyone knows about the 'secret' menus in your phone and I just wanted to make my own list.

Dial and call these numbers to access the hidden menus and if any menu asks for a password, its usually very simple:
  • SPC password - 000000
  • IMEI number - *#06#
  • Programming menu - ##7764726
  • Phone information - *#*#4636#*#*



  • Phone activcation - *228
  • Update coverage area - *22899

Saturday, December 15, 2012

How to port Nmap to your Android Phone

Porting Nmap to Android

I was trying to port Nmap to Android and I was running into plenty of compiling and linking errors until I realized, thanks to Vlatko Kosturjak, this has already been done.

First, download the package:
wget http://ftp.linux.hr/android/nmap/nmap-5.50-android-bin.tar.bz2

Open it:
tar -xvjf nmap-5.50-android-bin.tar.bz2

Go into the directory and push to your phone:
cd nmap-5.50/bin
adb push . /data/local/tmp

Obviously, if you have root, you can push these binaries anywhere you would like.
http://seclists.org/nmap-dev/2011/q1/440

How to install GNUTLS on Ubuntu

How to install GNUTLS

I an ran into this problem the other day while compiling GNU tools. Some require GNU TLS.

To install them:

sudo apt-get install gnutls-bin

How to install the D compiler on Ubuntu

How to install the D compiler

Install command:

sudo apt-get install gdc

Sunday, December 9, 2012

How to easily find and remove your comments from Youtube

How to remove Youtube comments easily from a video

Most of the time when you comemnt on a video it is for a good reason; however, Google indexes these comemnts and puts them in the Google search. The easiest way to remove these comments is to list as many as you can and then simply remove them:

Video:
http://www.youtube.com/watch?v=cdgQpa1pUUE

The video ID:
cdgQpa1pUUE

Put that ID here:
http://www.youtube.com/all_comments?threaded=1&page=1&v=cdgQpa1pUUE

Now you can easily page through comments and delete what you need.

Saturday, December 8, 2012

How to hack Facebook accounts using the Facebook Query Language

How to use the FQL(Facebook Query Language)

Get the page you want to lookup:
http://www.facebook.com/burrowsapps

Obtain the id:
140257159405760

Go to Facebook Developer Tools:
https://developers.facebook.com/tools/

Go to FQL:
https://developers.facebook.com/tools/explorer?fql

Click on "Get Access Token" and obtain all the permissions you want to use. After you have an active access token, you can now play with FQL. The queries you make are very similar to MySQL and SQL.

Here are some examples to have fun:
Basic information about yourself:
SELECT uid, username, name, sex, pic FROM user WHERE uid = me()

Shows BurrowsApp's stream:
SELECT updated_time, type, timeline_visibility, targeting, target_id, tagged_ids, source_id, privacy.value, privacy.description, post_id, permalink, message, likes, is_hidden, description, created_time, comments FROM stream WHERE source_id = 140257159405760

Shows the user's information from profile:
SELECT about_me, activities, affiliations, allowed_restrictions, birthday, birthday_date, books, can_message, can_post, contact_email, currency, current_address.city, current_location.city, devices, education, email, email_hashes, first_name, friend_count, friend_request_count, hometown_location, inspirational_people, install_type, interests, is_app_user, is_blocked, is_minor, languages, last_name, likes_count, locale, meeting_for, meeting_sex, middle_name, movies, music, mutual_friend_count, name, name_format, notes_count, online_presence, payment_pricepoints, pic, pic_big, pic_big_with_logo, pic_cover, pic_small, pic_small_with_logo, pic_square, pic_square_with_logo, pic_with_logo, political, profile_blurb, profile_update_time, profile_url, proxied_email, quotes, relationship_status, religion, search_tokens, security_settings, sex, significant_other_id, sort_first_name, sort_last_name, sports, status.message, status.time, subscriber_count, third_party_id, timezone, tv, uid, username, verified, video_upload_limits, wall_count, website, work FROM user WHERE uid = USERIDHERE

How to hack Facebook user ID's using the API

How to obtain a user's ID from their username

There are many ways to do this such as simply get the URL of the user's photo. Here is how to do it with curl and the Facebook API:

Example Facebook Page:
https://www.facebook.com/burrowsapps

Username:
burrowsapps

Use the Facebook API:
https://graph.facebook.com/

Open Terminal:
curl "https://graph.facebook.com/burrowsapps"

It should return a JSON string:
{"about":"Burrows Apps - https:\/\/play.google.com\/store\/apps\/developer?id=Burrows+Apps - Applications - http:\/\/www.burrowsapps.com","awards":"http:\/\/www.youtube.com\/watch?v=bpOY-sa1sCI","description":"Programming and Mobile Applications\nSecurity Fixes and Exploits\nCourses Notes and Solutions","is_published":true,"mission":"To provide top of the line mobile applications and support for all users.","products":"Applications: \ncrypTo: https:\/\/play.google.com\/store\/apps\/details?id=burrows.apps.crypto\nRoot Checker: https:\/\/play.google.com\/store\/apps\/details?id=burrows.apps.rootchecker\nApp Manager:\nhttps:\/\/play.google.com\/store\/apps\/details?id=burrows.apps.appmanager\nProjects:\nCourse Notes:\nhttp:\/\/blog.burrowsapps.com\/p\/notes.html","talking_about_count":3,"username":"burrowsapps","website":"http:\/\/www.burrowsapps.com\/","were_here_count":0,"category":"Computers\/technology","id":"140257159405760","name":"BurrowsApps","link":"http:\/\/www.facebook.com\/burrowsapps","likes":56,"cover":{"cover_id":341087719322702,"source":"http:\/\/sphotos-b.xx.fbcdn.net\/hphotos-snc7\/s720x720\/598549_341087719322702_28686629_n.jpg","offset_y":0}}

Look for the "id" object:
"id":"140257159405760"

Check for yourself:
https://www.facebook.com/burrowsapps = https://www.facebook.com/140257159405760