6 Ways to hack a Facebook Account

6  Ways to hack a Facebook account, something most of our readers always wanted to Learn, something new about Facebook Hacking. Learn the best attacks for Facebook Hacking with their advantages and drawbacks.

Note:- This tutorial is for educational purpose only and may not be used for any blackhat purpose. The prime aim of this tutorial is to create awareness so that you guys can protect yourself  from getting hacked.

Before learning the actual procedure you should know about different types of attacks, their drawbacks and prevention against these attacks

                                         

1) Phishing :
 
The first and very basic way of hacking Facebook accounts is via Phishing. Phishing is actually creating fake web pages to steal user’s credentials like email,passwords,phone no,etc.

DRAWBACK :
 
Users nowadays are aware of these type of attacks and one can not be easily fooled using this attack. You need some social engineering to trick someone.
 
Prevention :

• Always check the page URL before logging in. This is the most trusted and effective way one can use to avoid himself from phishing.

• Other way is to use some good Antivirus software which will warn you if  you visit a harmful phishing page.
  Even if somehow you have already entered your credentials in a phisher, Immediately Change your password.

2) Keylogging : 

This is another good way of hacking Facebook accounts. In this type of attack a hacker simply sends an infected file having keylogger in it to the victim. If the victim executes that file on his pc, whatever he types will be mailed/uploaded to hacker’s server. The advantage of this attack is that the victim won’t know that hacker is getting every Bit of data he is typing. Another big advantage is that hacker will get passwords of all the accounts used on that PC.

DRAWBACK : 

Keyloggers are often detected as threats by good antiviruses. Hacker must find a way to protect it from antivirus.


Prevention :

• Execute the file only if you trust the sender.
• Use online scanner such as novirusthanks.org
• Use good antivirus and update it regularly .

3) Trojans/backdoors :

This is an advanced level topic. It consists of a server and a client. In this type of attack the attacker sends the infected server to the victim. After execution the infected server i.e. Trojan on the victim’s PC opens a backdoor and now the hacker can do whatever he wants with the victim’s PC .

DRAWBACK :

Trojans are often detected as threats by good antiviruses. Hacker must find a way to protect it from antivirus.

Prevention :

• Execute the file only if you trust the sender.
• Use online scanner such as novirusthanks.org
• Use good antivirus and update it regularly .

4)Sniffing

It consists of stealing session in progress. In this type of attack an attacker makes connection with server and client and relays message between them, making them believe that they are talking to each other directly.

DRAWBACK :

• If user is logged out then attacker is also logged out and the session is lost.
• It is difficult to sniff on SSL protected networks.

Prevention :

• Always use SSL secured connections.
• Always keep a look at the url if the http:// is not changed to https:// it means that sniffing is active on your network.

5)Social Engineering :

This method includes guessing and fooling the clients to give their own passwords. In this type of attack, a hacker sends a fake mail which is very convincing and appealing and asks the user for his password.
Answering the security questions also lies under this category.
Drawback :
It is not easy to convince someone to make him give his password.
Guessing generally doesn’t always work ( Although if you are lucky enough it may work!).

Prevention :

• Never give your password to anyone
• Don’t believe in any sort of emails which asks for your password

6) Session Hijacking

In a session hijacking attack an attacker steals victims cookies, cookies stores all the necessary logging Information about one’s account, using this info an attacker can easily hack anybody’s account. If you get the cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook, Google, Yahoo.
Drawbacks :

• You will be logged out when user is logged out.
• You will not get the password of the user’s account.
• Will not work if the user is using HTTPS connections.

Prevention :

• Always work on SSL secured connections.
• Always keep a look at the url if the http:// is not changed to https:// it means that sniffing is active on your network.

Also See : Top 10 Ways to Hack Facebook Accounts

Read More

Hack Facebook Account with JAVA Drive Method

Facebook Is The Largest Social Network In World and Many Persons Like To Share and Like Photos and Use Apps Without Seeing That They Are Spamming .So, This Is The New Method To hack Facebook Account Using Java Drive Method.

                                                 

                  -----------------------------

Requirements:-

[+] You must have a webhost like fileave.com, 110Mb.com, etc.

[+] The file you want to spread must be FUD.

If not then download Stealth Crypter (100 % FUD) from GOOGLE

                                      --------------------------------------------------------------------

Follow the Given Steps:-

1. We are now going to setup our Facebook app.

2. You will need a Facebook account to register a Facebook app.

3. For That Go To http://www.facebook.com/developers/createapp.php

                                                                  

4. Now on Further on right Corner you will see a link named as Setup New Application.

5. Now fill in the name you want for your application Example I Write "GirlFriend".

6. Now Click on I agree Terms and then Click on Create Application.

  

                                                           

7. Now Fill the Following Details and then click on Save Changes. 

8. Now click on 'Facebook Integration'.

9. On this page the only thing you need to fill in is the 'Canvas Page'.

10. This allows you to use a Facebook URL for your like button.

11. Fill it in with a name regarding your Facebook page, it can't already be taken For Example I write:  ‘lovegirlfriends’.

12. Then click save changes.

13. Now Create Your Like Button.

14. Now further going to create a like button to help spread Your App,Go to this link: http://developers.facebook.com/docs/reference/plugins/like

15. The only bit you need to fill in is the URL of the page about the canvas so it will be 'http://apps.facebook.com/lovegirlfriends/'

16. Now Further Click on 'Get Code' and copy the IFRAME code to notepad or something so you can use it later.

  

17. Now Next Step is editing your 'index.html'. We now need to edit our html file so open it in anything that you can edit it with, notepad if you have to.

 

18. At this stage you must have your file that you want to spread uploaded to your web host, it cannot be a site such as megaupload it must be a direct link ending in “.exe”.

19. Now upload your Virus/Stealer/Rat in any Webhost

20. The better webhost for server is fileave.com And it will generate the link look like:-'http://apajrlab.fileave.com/apajr.exe'

 

21. Now open index.html File and it will look like:- Look for Code:value="ENTER THE URL FOR YOUR VIRUS"

21. Now open index.html File and it will look like:- Look for Code:value="ENTER THE URL FOR YOUR VIRUS"

- See more at: http://akash-puri.blogspot.com/2014/02/hack-facebook-account-with-java-drive.html#sthash.KM9fz5sx.dpuf

22. Change that to the direct link for your file you want to spread. 

23. Next look for Code:'REPLACE THIS TEXT WITH YOUR FB LIKE BUTTON'   

24. Obviously replace this with the iframe code you just got for your like button. 

25. Upload Your Files on your webhost I follow fileave.com or 110Mb.com

26. This is the easy part; now just upload your three files to your web host.

27. First create a Directory named as Facebook and then upload the three files.

 

28. Editing Your App

a. Now we need to edit your app to display the content of the files you just uploaded.

b. Now get us back to allow us to edit the canvas settings.

c. Navigate to the page we were on before and Now we’re going to fill in the canvas URL, Fill it in with the URL where the files are, it must end with a '/'. I recommended uploading your files to a sub directory. E.g. 'http://apajrlab.fileave.com/Facebook/'

29. Click save settings.

NOTE: - IF FILEAVE.COM displays Error then use this Step

If u have got any Error look like Run time Error or your Canvas URL not Saved then better solution is to upload your Files on other Host like 000webhost.com

                               ----------------------------------------------------------------------

                                     Note: Don't create a Sub-Directory:

                              -----------------------------------------------------------------------

It looks like this:

 

30. If u have till got Error then goto tinyurl.com or Forward your URL to any Websiteand then write that link on Canvas Url.

31. Now Next Step is testing, To test it, try opening a new browser and visiting your app:'http://apps.facebook.com/lovegirlfriends/'

                 

         You should see something like:

 

  

32. Click run and your file with download and execute.

33. Click the like button for it to show up on your friend’s news feeds and start spreading. (Note: Victims must have java)

Facebook Is The Largest Social Network In World and Many Persons Like To Share and Like Photos and Use Apps Without Seeing That They Are Spamming .So, This Is The New Method To hack Facebook Account Using Java Drive Method.

- See more at: http://akash-puri.blogspot.com/2014/02/hack-facebook-account-with-java-drive.html#sthash.KM9fz5sx.dpuf

Facebook Is The Largest Social Network In World and Many Persons Like To Share and Like Photos and Use Apps Without Seeing That They Are Spamming .So, This Is The New Method To hack Facebook Account Using Java Drive Method.

- See more at: http://akash-puri.blogspot.com/2014/02/hack-facebook-account-with-java-drive.html#sthash.KM9fz5sx.dpuf

Facebook Is The Largest Social Network In World and Many Persons Like To Share and Like Photos and Use Apps Without Seeing That They Are Spamming .So, This Is The New Method To hack Facebook Account Using Java Drive Method.

- See more at: http://akash-puri.blogspot.com/2014/02/hack-facebook-account-with-java-drive.html#sthash.KM9fz5sx.dpuf

Read More

Session Hijacking Facebook Accounts | .::APAJR::.

This is a tutorial that demonstrates just how simple it is to get access to facebook accounts without the user's password or username. This tutorial demonstrates Session Hijacking (discussed here: : www.facebook.com/APAJREngineerHackers  or  http://www.facebook.com/groups/Apajrengineerhackers/ ).  This is a simple attack done on an unsecured wifi network with the permission of all users on the network.

The aims of this tutorial are:

• Educate users on the dangers of using unsecured wireless connections.


• Educate wireless connections managers in the aim that they will protect their wireless network.


• Demonstrate the simplicity of this attack and why there is need to find a solution for this attack.


• Get users to stop using unsecure wireless connections.

Requirements:

• Someone on the network must be on facebook at the time for you to steal their session information.


• You Wi-Fi adapter must have monitor mode support in order to scan all packets transferred over a network. If it doesn't, you would only be scanning your own packets. To learn more about monitor mode and about enabling monitor mode on your Wireless card, visit http://www.aircrack-ng.org/doku.php?id=airmon-ng

So here is a step by step explanation of how to carry out this attack:

=> First of all, you would need to connect to an unsecured wireless connection that others are using. Then we start capturing packets transferred over this network. Note that your wireless adapter needs to support monitor mode to scan all packets transferred over a network. you can check your wi-fi card specifications to see if it supports monitor mode.

=>We would then need to use a network sniffing tool so sniff packets transferred over the network. In this case, I am using a tool called Wireshark (http://www.wireshark.org). Within wireshark, there is a menu called "Capture"; Under the capture menu, select interfaces from that menu, and a list of your interfaces will come up:





=> Next you select Start Next to the interface that you have enabled monitor mode on. most times it is the interface that is capturing the most packets. In my case, Microsoft interface is capturing the most packets, so i will select to start capturing with the microsoft interface. You would leave wireshark to capture packets for a couple of seconds depending on the amount of persons currently using the network. Say 30 seconds if 10 people currently are using the network, or 30 minutes if there is barely network activity going on. While capturing, wireshark will look something like this:





=> After capturing a certain amount of packets, or running the capture for a certain amount of time, stop it by clicking on the stop current capture button.





=> After stopping the capture, you will need to look for the user's facebook session cookie which, hopefully was transferred in one of the packets captured. to find this cookie, use the wireshark search which can be found by pressing "ctrl + f" on your keyboard. In this search interface, select Find: By "String"; Search In: "Packet Details". and Filter by the string "Cookie".





=> When you press find, if there is a cookie, this search will find it, if no cookie was captured, you will have to start back at step 2. However, if youre lucky and some cookies we're captured, when you search for cookie, your interface will come up looking like this in the diagram below. You would notice the cookie next to the arrow contains lots of data, to get the data. the next thing you do is to right click on the cookie and click copy->description.





=> After copying the description, paste it in a text file, and separate each variable to a new line (note the end of every variable is depicted by a semicolon eg - c_user=100002316516702;).

=> After some research and experimenting, i figured out that facebook authenticated the user session by 2 cookies called c_user and xs. Therefore you will only need the values of these cookies, and then need to inject them into your browser. Before injecting the cookies, here is what my facebook page looked like:





=> The next thing you would need to do is to inject this information as your own cookie. so firstly you would need to install a cookie manager extension for your browser, I'm using firefox Cookie Manager. After installing this extension, you will find it under Tools->cookie manager. The interface for cookie manager looks like this:





=> The first thing we would need to do is to clear all cookies, so clear all the cookies you currently have. Then select the "Add Cookie" link to add a new cookie. The first cookie you will add is the c_user cookie which will have the following information:: Domain - ".facebook.com", name-"c_user", value-"the value you copied earlier from the wireshark scanning" and the Path-"/"; leave the isSecure and Expires On values to default:





=> The next thing you do is to hit the "Add" button and the cookie is saved. Repeat the same steps to add the xs cookie with all of the same information, except the value, which would be the xs value you have.





=> After adding these 2 cookies, just go to facebook.com, refresh the page and... Boom!! you will see you are logged in as that user whose cookie information you stole. Here is my facebook page after i injected those cookies:

Read More

Top 10 Ways to Hack Facebook Accounts | .::APAJR::.

Facebook is one of the most widely used social networking site with more than 750 million users, as a reason if which it has become the number 1 target of hackers have , I have written a couple of post related to facebook hacking here. I mentioned the top methods which were used by hackers to hack facebook accounts, however lots of things have changed in 2013, Lots of methods have went outdated or have been patched up by facebook and lots of new methods have been introduced, So in this post I will write the top 10 methods how hackers can hack facebook accounts.

10 Ways How Hackers Can Hack Facebook Accounts

So here are the top 10 methods which have been the most popular in 2012:

1. Facebook Phishing 

Phishing still is the most popular attack vector used for hacking facebook accounts, There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims "Email Address" and "Password" is stored in to a text file, The hacker then downloads the text file and get's his hands on the victims credentials.

2. Keylogging 

Keylogging, according to me is the easiest way to hack a facebook password, Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A keylogger is basically a small program which once is installed on victims computer will record every thing which victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.

3. Stealers 

Almost 80% percent people use stored passwords in their browser to access the facebook, This is is quite convenient but can sometimes be extremely dangerous, Stealers are software's specially designed to capture the saved passwords stored in the victims browser, Stealers once FUD can be extremely powerful.

4. Session Hijacking

Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection, In a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and uses to it to access victims account, Session hijacking is widely used on Lan's.

5. Sidejacking With Firesheep

Sidejacking attack went common in late 2010, however it's still popular now a days, Firesheep is widely used to carry out sidejacking attacks, Firesheep only works when the attacker and victim is on the same wifi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards wifi users.

6. Mobile Phone Hacking

Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.

7. DNS Spoofing 

If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.

8. USB Hacking 

If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the browser, I have also posted related to this attack which you can read by accessing the link below:

• How to make Your Pen-drive (USB) a Password Stealer

9. Man In the Middle Attacks

If the victim and attacker are on the same lan and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between, ARP Poisoning which is the other name for man in the middle attacks is a very broad topic and is beyond the scope of this article,

10. Botnets 

Botnets are not commonly used for hacking facebook accounts, because of it's high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.

Read More