Hassan Selim hassanselim0

What is this?

So a friend of mine came across an FB post that is pretending to be an official account run by Facebook, it takes you to a phishing page that asks for your FB credentials to "confirm your identity and reactivate your account". Reporting the post didn't work (aparently that doesn't go against the community guidelines?), so I decided to write a script to spam the phising page with fake credentials that are almost indestinguishable from real data.

How does it work?

I fetched a list with the most common first names and last names to generate realistic fake emails (first name + separator + last name + separator + random number + email host), and also fetched a list of the most common passwords and also made a list of some common browser UserAgent strings, and I just mimic what the phishing page was doing to send the fake data.

It wasn't that straighforward though, the scammer was using SignalR and only accepting input while the websocket session was alive (also there was an "api key" sent

Keybase proof

I hereby claim:

I am hassanselim0 on github.
I am hassanselim0 (https://keybase.io/hassanselim0) on keybase.
I have a public key whose fingerprint is 8893 4CBC 38F2 DA28 2418 34E9 9DB7 71E5 B233 401D

To claim this, I am signing this object:

	// This script requires ScriptCS (https://github.com/scriptcs/scriptcs) but you can modify it and build it as a C# App
	// You run this from inside the target folder (where images are copied to), or pass the target path as a script parameter
	// You can also have an "_exceptions.txt" file with images to exclude, so they wont be copied again

	#r WindowsBase
	#r System.Xaml
	#r PresentationCore

	if (Env.ScriptArgs.Count > 0)
	Directory.SetCurrentDirectory(Env.ScriptArgs[0]);

	# Back-porting DB Windowing Functions from Django 2 😀
	# Note, this is only partially-tested on PostgreSQL
	# New DB opts have been replaced with their string values

	from django.db import connection
	from django.db.models import Func, Value, FloatField, IntegerField
	from django.db.models.expressions import BaseExpression, Expression


	class Window(Expression):

	using System;

	public class ArabicFix
	{
	private const int N_DISTINCT_CHARACTERS = 36;

	private string str;

	private string Pstr;

	#r Newtonsoft.Json.dll

	/*
	Steps:
	- Go to https://www.facebook.com/settings
	- Press on "Download a copy"
	- You'll get an e-mail, open the link and download the zip file
	- Extract "/html/messages.htm"
	- Run scriptcs -install Newtonsoft.Json (will create a file and a folder)
	- Then run this script

	using System.Security.Cryptography;

	var helpStr = @"
	Hash Helper Tool!

	Example Usage:
	scriptcs Hash.csx -- SHA256 -s ""Example String""
	scriptcs Hash.csx -- SHA384 -f ""path/to/file""
	scriptcs Hash.csx -- SHA512 -i

	using System.ComponentModel;
	using System.Runtime.CompilerServices;

	public abstract class NotifyPropChanged : INotifyPropertyChanged
	{
	public event PropertyChangedEventHandler PropertyChanged;

	// Because of "ref", reassigning the value will work, for both value types and reference types!
	// And thanks to CallerMemberName (.Net 4.5), the compiler will fill in the member name for you :)
	protected void UpdateValue<T>(ref T currVal, T newVal, [CallerMemberName] string propName = "")