Hello guys,
Today i will share my experience with facebook company with you, it’s about opening the “Facebook Global Business Solutions Email Preferences” for any user using facebook online services.
But at first i have to active this settings by signing up for any facebook newsletter with my email address “diaa.diab.2012@gmail.com” for example: i will use the form on “atlassolutions.com”.
Now i am on the ‘Facebook Global Business Solutions Email Preferences’ for recieving any newsletter about the following:
- Weekly News for Businesses.
- Facebook News.
- Facebook Regional Small Enterprise News.
- News for Preferred Marketing Developers.
- Facebook IQ.
- Facebook News for Verticals.
- Atlas Newsletter.
- Audience Network.
I already started to use the emails services for the Business Solution on facebook and i recieved emails like this.
At the bottom of these emails i found the link to unsubscribe me from recieving such these emails.
And by excuting the link “www.facebook.com/business/unsubscribe/?eid=8a0f32986a7ba7b635ffaea220d04ebb&cid=775114969220192” i found myself on the next page.
You see the ” Preference Center” anchor tag on the page, by clicking on it i found myself on the all settings related to ‘Facebook Global Business Solutions Email Preferences’ for the “diaa.diab.2012@gmail.com” email.
“www.facebook.com/business/subscriptions/?eid=8a0f32986a7ba7b635ffaea220d04ebb”
Now i retrieved the settings related to the “diaa.diab.2012@gmail.com” user with just one parameter “eid“, This mean that if i can get how facebook built this value “8a0f32986a7ba7b635ffaea220d04ebb“, i can make the same for another emails.
This value seems md5 (not sure yet) but let’s try to break the hash to see if we can do it or not, The idea is how the backend developer built this hash?!!
- Random Value => md5(value)
- Value from user => md5(value)
- Value from user + salt => md5(value)
But there are cases that we will can not be able to break the hash (Random and Sult) but i tried to break the hash by bruteforcing it with the common strings i used on all web sites with the next simple python script.
#! /usr/bin/env python import hashlib import sys def main(): if len(sys.argv) < 2: print "[ + ] Usage: %s <hash>" % sys.argv[0] exit(0) commonStrings = [ "Diaa", "Diab", "Mohammad", "test", "7amama", "sos", "lolo", "hacked", "try", "a_diaa_2007@yahoo.com", "secgeek", "lnxg33k", "diaa.diab.2012@gmail.com", "dia2diab@yandex.com", "dia2diab@yahoo.com" ] for i in commonStrings: if hashlib.md5(i).hexdigest() == sys.argv[1]: print "[ + ] OK i got it." print "[ + ] The hash value [ %s ] is the md5 of [ %s ]." % (sys.argv[1], i) exit(0) print "[ ! ] The hash not found on your own list." if __name__ == "__main__": main()
And here is the surprise for me.
Python told me that the facebook retrieved your settings using the md5 hash of your email.
md5(“diaa.diab.2012@gmail.com”) == 8a0f32986a7ba7b635ffaea220d04ebb
So let’s retrieve the settings for another users using the following form:
https://www.facebook.com/business/subscriptions/?eid=%md5_of_victim_email_address%
- dia2diab@yandex.com
https://www.facebook.com/business/subscriptions/?eid=2bdf72da3a1c65d58cfbdb4c10d6958f - a_diaa_2007@yahoo.com
https://www.facebook.com/business/subscriptions/?eid=9dd78e3a834b2721e8569ba829dce75d
Thank You
Diaa
you are my hero bro your writeups are great you give me the motivation and challenge
thanks
LikeLike
Nice Work
but i have a problem if i run this python script i got
IndentationError: expected an indented block
LikeLike
Python Script Doesn’t works. Update LOL
LikeLike
It just “IndentationError” that happens because wordpress, i think this is a trivial python script that you can fix it 🙂
LikeLike
hello bro
iwant to ask some question if you have time to answer it can u recomend some resources to gain more inforamtion about web security?
iam need python and low level lanuguaes to do better in this filed?
some resource that discuss Rce and server side bugs
how can somepne begin to particapte in CTF
thanks
LikeLike
here is a simple link from @trailofbits about how to start in almost security field and how to participate in CTFs
https://trailofbits.github.io/ctf/
Good luck 😉
LikeLike