Friday, March 19, 2010

F**king With Foursquare Goes MSF Style


mindless foursquare fun goes metasploit style...

msf > use auxiliary/admin/foursquare
msf auxiliary(foursquare) > info



Name: Foursquare Location Poster

Version: $Revision:$

License: Metasploit Framework License (BSD)

Rank: Normal



Provided by:

CG



Basic options:

Name Current Setting Required Description

---- --------------- -------- -----------

PASSWORD password yes foursquare password

Proxies no Use a proxy chain

RHOST api.foursquare.com yes The target address

RPORT 80 yes The target port

USERNAME username yes foursquare username

VENUEID 185675 yes foursquare venueid

VHOST no HTTP server virtual host



Description:

Fuck with Foursquare, be anywhere you want to be by venue id



References:

http://groups.google.com/group/foursquare-api

http://www.mikekey.com/im-a-foursquare-cheater/


msf auxiliary(foursquare) >
msf auxiliary(foursquare) > set USERNAME notmyusername@host.com

USERNAME =>
notmyusername@host.com
msf auxiliary(foursquare) > set PASSWORD notmypassword

PASSWORD =>
notmypassword
msf auxiliary(foursquare) > set VENUEID 9186

VENUEID => 9186


msf auxiliary(foursquare) > run

[*] HTTP/1.1 200 OK

Content-Type: text/xml; charset=utf-8

Date: Fri, 19 Mar 2010 13:59:28 GMT

Content-Length: 1311

Server: nginx/0.7.64

Connection: keep-alive



Fri, 19 Mar 10 13:59:28 +0000OK! We've got you @ Washington Monument. This is your 1st checkin here!9186Washington Monument79199Parks & Outdoors:Sculpture SNIP

[*] Auxiliary module execution completed


You can get the module here:
http://code.google.com/p/carnal0wnage/source/browse/trunk/msf3/modules/auxiliary/admin/random/foursquare.rb
CG

1 comment:

Anonymous said...

Interesting to see how easy this way. I was hoping there would be checks and balances.

http://securesql.tumblr.com/post/465235279/failure-in-detecting-abuse-4sq