Charafantah's Cave

I just noticed that on Facebook, if someone has blocked you, you will no longer be able to see their comments on photos.

However if you go to album and choose “View Photo Comments” you will be able to see it

not extremely useful, but helps identifying who blocked you and also helps reading blocked comments

PS: you should consider ANYTHING you put on facebook as public property that anyone could see.

Busy busy busy, that’s how my past 2 weeks has been

I am now officially a PADI certified open water diver, yay! (more to come on that later) i went to Dahab (again) but this time to finish then diving course with the amazing Dr. Nabil Fadlallah from CairoDivers.

I am also ISTQB certified (it’s a software testing certificate for those of  you non-techie), it was really hard to take that one, not because it’s difficult, but because i forgot how to study, memorize definitions and solve exams. It was a hell, reminded me of college exams, and the fear of failure :S ewww it was horrible.

I also studied for CEH (Certified Ethical Hacker) i should take the exam anytime next week.

So, YEA! if i pass the CEH exam this month, it’ll be the month of certificates for me 3 certificates, one month !

بلد بتاعت شهادات صحيح

So i was complaining a while ago about not having anything to do blah blah.

my wish turned against me

I have a million thing to do now:

• *A LOT* of work
• I got 4 new books that i want to read (2 technical – Threat Modeling & Breaking Software- and 2 non technical – Whatever & Whatever else happened to the Egyptians by Galal Amin)
• Am working on 2 DIY projects (one finished):
  • Hard Disk Clock (Done)
    
  • Persistence of Vision (Still working on it, anyone with PCB design skills?)
• More work for friends and old work
• Family stuff

So yea, it’s nice, am so busy, to the extent that i don’t have enough time to focus on one thing and finish it but i don’t complain, am having a good time.

The thing is, i always feel i am late, but that will come in the next post

It’s amazing the amount of information you can get about someone, just from his name or his email using the internet.

I was trying to see what kind of information i can get about someone from either their name or email address.
So i chose a random email address and a random name (i don’t know the persons before) and started my search.

For the email here’s what i did: (the email was associated with a VERY generic nickname, search results would be massive)

- Analyze the address – it shows that it’s an account for a student as the domain is a .edu
- Google the email address -  no results
- Using the university search engine on their website search for the user name – results found
- The  result included a file which lists the major, year of graduation, full name and picture.
- Using Facebook – a search with the name returned a few results
- Examining the results (through friends, and finding that only one has many friends joined in the network of the university, as the person i was looking for was not joined in that network)
- Through the Facebook profile i was able to find some personal information like the age, more pictures, friends, personal nick from what people call him\her from the wall posts and many other things

For the name here’s what i did: (the name was associated with a fake email, so results with the mail did not return anything)

- Google the name with double quotes “” – the name was posted on several bulletin boards, most topics were on Arabic poems (الشعر العربى) looking through the BB profile showed the second name (i already had the last name)
- Using the last part (father + last name) of his\her name on 140online.com i was able to find the address and phone number
- Using the name on Facebook – one result returned, but profile was accessible to friends only, but the thumbnail picture was still viewable and list of friends was readable too.

To sum things up, using just a name or email address and an internet connection, one can get:

1. Full name
2. Picture
3. Phone Number
4. Address
5. Nick, age and other personal information
6. Interests
7. College – graduation date – major

Off course that’s not all, please note that i only got this information in less than 30 mins, i could have invested more time.

Watch out what information you put online, and where you put it it’s a VERY small world

5 Jan 2008 Update: I found an application that does the same function on facebook, it can be found here, i have not tried it though and am not sure it provide the same functionality, but you can try

I wrote a small shell script in Bash and PHP, that takes the friends page from facebook and extracts the ID and names into a CSV file.

It could be useful to keep track of your friends and\or save a backup.
Or you could combine that with the “Hacking Facebook…Exposed” post and try to improvise with your own tricks
It could also be used as a reference, in case you want to check if someone blocked you, or deactivated their account (you can read here to check how to find if someone blocked you or deactivated their account)

• Open your facebook account
• Navigate to http://www.facebook.com/friends.php , make sure there is nothing after friends.php
• Save the page as HTML
• Copy\paste the code below to a text file (let’s call it fbf2csv.sh)
• Then chmod it (chmod 755 fbf2csv.sh)
• Then execute it (./fbf2csv.sh Friends.html output.csv)

 #!/bin/bash
echo 'Facebook Friends ID and Name extractor a.k.a FBF2CSV

by Achraf El Kashef (Charafantah) http:\\charafantah.wordpress.com\  11 Nov 2007

'

    if [ $# -ne 2 ]; then

         echo 1>&2 Usage: $0 friends.php.html output.txt

         exit 1

    fi


grep profile.php $1 | \

grep .jpg | \

grep -v sidebar | \

grep -oE 'id=[0-9]*&*[[:alpha:]]*;*[[:alpha:]]*">*[[:alpha:] -.]*</' | \

sed 's/id=//' | \

sed 's/">/,"/' | \

sed 's/<\//"/' | \

sed 's/&highlight//' > $2


cat $2

exit 0

I wrote this in 15 mins, so don’t complain about the code or tell me the regex could have been written in a better way(i suck at regex anyway)

Am going today to write this into a PHP script, and publish it online, should make it easier for people with no access to linux or cygwin.

You can get it here now: http://www.misr2000online.net/facebook/

If you can provide a better host for the php script (a decent one) please contact me.

Currently, the script will support names with the following:

• Multiple spaces in the name (e.g. John Doe Foo Bar)
• Dashes (e.g. John Foo-Bar)
• Single quotes (e.g. John Fo’ Bar)
• Dots (e.g. John F. Bar)

It will not support non Latin characters (e.g. accented characters like french é ê or anything like that, any entry like this will just be discarded,, you can however change the regex (on line 8 from bottom) to make it parse only the ID# and discard all the names) (anyone know how can i match these in regex?)

Please give me feed back if it doesn’t work as expected with you, i haven’t tested it on other lists than mine, but i expect it should work as fine.

NOTICE: THIS POST IS VERY OLD, AM NOT SURE THAT THIS INFO WILL BE WORKING AT THE TIME YOU TRY IT….DO NOT CONTACT ME ASKING TO HACK SOMEONE’S FACEBOOK ACCOUNT

d00d i0wn3d f4c3b00kzzzz!!! LOLLLLZROLFLMAO!!*!@!111

Ok, let’s be honest, it’s not exactly Hacking Facebook exposed, It’s merely some few tips for Facebook.

I found a few ways to know things that you should not know about, like who blocked you for example

First, let’s state a few fast facts about Facebook:

• Facebook give each user a unique ID
• A user can block an other user
• A user can deactivate his account
• You can see the name of any Facebook user
• Facebook has different privacy levels for each other
• You can get a certain user ID by checking any link he has (e.g. send message,add to friends etc) and check the id=XXXXXXXX in the URL, where the XXX is a number
• You can read here to know how to extract friends id’s from the friend’s page to a text(CSV) file.

Ok, so you have this person on your friends list, and s\he suddenly disappears from your contact, you want to know whether they deactivated their account, or they blocked you?

Here are a few more things i noticed in Facebook:

• If someone blocks you, his wall posts on your wall will not be removed,
  they will stay there with his name NOT hyper linked.
• If someone deactivates account, wall posts will be removed from your wall,
  but you can still view wall to wall. (read bottom)
• If someone removes you from friends wall posts will not be removed,
  they will stay there with his name hyper linked,
  when clicked u will see request friendship page.

You can view any wall-to-wall conversation between you and any user, even if he has his account deactivated, or if he removed you from his friends list using this URL:

http://www.facebook.com/wall.php?id=XXXXX&banter_id=YYYYY&show_all

where XXXXX = your ID and YYYYY = his ID

Here are a few things i noticed about the wall-to-wall page:

• On someone who blocked you, it will redirect to your homepage.
• On someone who is not your friend with restricted privacy, it will redirect to your homepage.
• On someone who is not your friend, but with low privacy settings, it will give an empty wall-to-wall page.
• On someone who is deactivated, it will work and will see all posted messages (if any), even if you don’t see them on the normal wall!!!
• On your friends, it will off course work normally

Here is how wall posts will look like:

Normal friend:

Non friend

Blocked you

Deactivated account

Post is removed

—————————————————–

You can also find out the name of anyone on Facebook, even if s\he blocked you, and even if the account is deactivated.
All you have to do is go to the send message page, and change the ID parameter, like this:

http://www.facebook.com/inbox/?compose&id=XXXXXXXXX

where the XXXXs are the ID of the person , you can try to randomly change this number, it would work.

But sending the messages to anyone would not work in the following cases:

• You are blocked by that person
• He\she has a deactivated account
• He\she privacy settings do not allow messages from non-friends

Instead, this message will appear:

Message Not Sent

The following people either have restricted privacy settings, or have opted out of receiving emails from Facebook.

—————————————————–

Also, another nice trick you could is use Google to see other people’s photo albums, even if they do not have a public profile and you can’t see any of their details. This started to happen since facebook started to announce it will make records public.

put this in the search string: “site:facebook.com inurl:album” then view the “repeat the search with the omitted results included.”

also you can add another inurl:id=XXXXX to search for someone specific

—————————————————–

Also, i noticed that when you try to poke or send messages to non-friends simultaneously, it will tell you that you are about to get blocked, this happens after you poke\message more than 10 (i didn’t count exactly, am not too good with counting when it’s more than 10, math has never been my thing you know )

But you can send pokes\messages to your friends as much as you want (at least as much as i tried )

—————————————————–

It’s not much, but still could be useful

I spent a few days, trying to know if that person blocked or just deactivated their account after it disappeared suddenly from my friends list….well, i wish i didn’t know