Thursday, 19 June 2014

How To Hack Facebook Account Or Password ?

How To Hack Facebook Account Or Password ?

Facebook is becoming secured day by day, it daily fixes several bugs found by users. Recently we have noticed that it has also tried to fix the Phishing loophole by validating the previous URL from which the user is arriving to Facebook. It validates from which source user is arriving on Facebook and hence if its a fake Facebook Page, it warns its users that Please Change your Password Immediately as you might be a victim of Phishing. This validation made Facebook account passwords secured from thousands of Novice and Script Kiddie Hackers but UnHoly Assasin still can't be stopped, as  UnHoly Assasin never stops, we keep on moving to new alternatives.
So we moved to advanced mode of Phishing like Tabnabbing, meta refresh trick, browser side bypassing and even manipulating host(hint is sufficient as i will not disclose this one)..when i feel bored i use this technique to hack accounts and passwords of Facebook. Just try to figure out what we can do using Host File :P ..Not going to tell more than that...

Ok.... Ok... Lets learn today the technique called Host Name IP mapped based Phishing. You all will be really happy to know that i have written my third white paper on the same topic and you will be more than happy by knowing that this technique of Phishing is invented by Empio Assassino | aDe3m (:P none other than me...).. So friends lets start our tutorial.

Note: This is for Educational Purposes only. Don't misuse it.:P Please...


Requirements:
1. Facebook latest Phisher or Fake Pages.
Download Latest Facebook Phisher here:
2. Free Web hosting server to upload those Phish Pages.
3. Spoofing URL using Host name mapping technique.

Let me provide you little background what i will teach you today. I know most of you already know phishing but for first timers, let me explain a bit. Phish Pages means Fake Pages that looks absolutely similar to original pages and the technique of using those Fake pages to hack anyone's user name and password is called Phishing. And technique which we use to send these fake pages to victim and prompt him to believe that they are real is called Social Engineering. But i think this we already know, what's new we are going to discuss today.. Ahhh... Just wait and hold your pants tight because today i will be breaking all the policies and ethical norms because until and unless we don't know how hackers do things we will never able to stand in front of them.


What is New???
We all know that fake pages can only be detected using two techniques:
1. Verifying the URL in the address bar, if its a fake page then URL must be different from original one.
2. Using any web security toolbar that warns users for fake pages like AVG toolbar, Norton Online security toolbar etc..
But what if you open www.facebook.com manually in your web browser and fake page opens and URL in the web browser remains www.facebook.com only. That means first technique to detect fake page go in vain. Now for second technique, all online web security toolbar detect fake pages by comparing the input  by user in URL address bar and original page URL. If both matches then its not a fake page else its a malware page. 
So friends today i will teach you how to make your fake pages open whenever victim opens Facebook in his/her web browser. Ahhh... You will be now thinking its impossible. But as i have told you i have written a white paper on Advanced Phishing techniques. So its 110% possible to load fake web page whenever user opens www.facebook.com or any other website like Yahoo, Hotmail or anything... Below are the steps for the same.
I have written the steps in detail which will tell you everything step by step.

Steps to Hack Facebook account or Password:
1. Download the Latest Facebook Phisher.
2. Extract the files, you will get below 2 files:

  • index.php
  • facebook1.php

3. Now go to any free web hosting web server to upload these fake pages. 
Note all should be uploaded at root means not in any folder. Just at first level directory.

4. Now you need to find the correct IP address of the account you have created on web hosting server.
5. When you get you fake page's IP address, now what we need to do is that we have to add the entry of the IP address against the www.facebook.com in victim's host file located at below location.

C:\Windows\System32\drivers\etc


6. There are several ways of doing that, i have written my own php scripts for doing the same but i cannot share that with you guys because there are chances of misusing it. So i explain you the logic and rest you need to figure out how you will edit victims host file and append your Fake Page IP address against www.facebook.com.

7. Now after doing steps 5 and 6, whenever user open the www.facebook.com, your fake Facebook page will open and victim will never be able to visit the original Facebook, so he cannot even been able to change his password...:P

8. I have added an extra logic to my scripts, whenever victim enter the password and hit enter button, i am removing the entry of Fake IP address against www.facebook.com from the host file by making it spaces. So it will be for him for one time only which sounds more spoofed. Its just a single line code but i cannot tell you guys because it will make this article completely unethical. 
I will teach you techniques but i will not do spoon feeding because if you want to become good hacker then you need to use your brain too. I love to be called Destructive but i do constructive works..:P like this one...rofl...

9. Everything other than this is similar to normal phishing technique..

No comments:

Post a Comment