Showing posts with label Facebook hack tools. Show all posts
Showing posts with label Facebook hack tools. Show all posts

Sunday, 14 April 2013

Facebook Hacking Methods All In One


Facebook Hacking Methods All In One


So You Guys wanna Learn Facebook Hacking.  ..How to Hack Facebook Accounts Easily Yeah And I Mean It.
So Here Goes All Methods Of Facebook Hacking From Zero To One .. .
Let's Go.
Before Starting I Think You Guys All Know What Is Facebook How To Use It  .. That's Why You Are Here.
So Before Starting Let me Clear One thing There's No Such Software Exists Which Will Hack Facebook for You

The Only Two Methods By Which You Can Hack Facebook Is
  • Hire A Professional Hacker Who Will Hack For You
  • Or Just Learn All These Methods which i'm Gonna Provide you

Facebook Hacking Methods Are Following:
1.    Session Hijacking Attack
2.    Facebook Security
3.    Cookie Stealing Attack
4.    Keylogging
5.    Clickjacking
6.    Tabnabbing
7.    Remote Administration Tools
8.    Social Engineering Attack
9.   Phishing attack
10.  Using 3 Fake Friends Method
  •    Session Hijacking Attack :- What Is Session Hijacking Attack ? Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.
    Click Here To Get In Detail With Session Hijacking:- Click Me
  •     Facebook Security :- When you bookmark the URL for Facebook or any of your other social networks, be sure to use HTTPS instead of HTTP. This encrypts your communications.

    In fact, you will have to temporarily disable this feature any time you give access to a new application. That alone should give you confidence that you have achieved a greater level of protection.
    Click Here To Get In Detail With Facebook Security:- Click Me 
  •  Cookie Stealing Attack :- In this tutorial i will explain how you can hack a Facebook/twitter accounts by stealing cookies. This method works only when the victims computer is in a LAN (local area network ).Best place to try out this is in schools ,collages ,cafes . where computers are connected in LAN .Before i proceed let me first...
    Click Here To Get In Detail With Cookie Stealing Attack :- Click Me
  •     Keylogging :- What Is Keyloggers? Using key logger utility you will be able to establish full control over your computer. You will also find out, what was going on your computer in your absence: what was run and typed etc which act as best children internet protection software. Using the keylogging program constantly,...
    Click Here To Get In Detail With Keylogging:- Click Me
  •     Clickjacking :- What is Clickjacking? Clickjacking is a technique used by hackers or spammers to trick or cheat the users into clicking on links or buttons that are hidden from normal view (usually links color is same as page background). Clickjacking is possible because of a security weakness in web browsers that allows...
    Click Here To Get In Detail With Clickjacking :- Click Me
  •     Tabnabbing :- Hey friends,It's Chris Defaulter Valentine.An Microsoft Certified Systems Engineer (MCSE),Internet Marketer IIT hacker I Have 10 Years' Experience Circumventing Information Security Measures And Can Report That I've Successfully Compromised All Systems That I Targeted For Unauthorized Access Except One. I Have...
    Click Here To Get In Detail With Tabnabbing :- Click Me
  •  Remote Administration Tools :- A remote administration tool (or RAT) is a program that allows certain persons to connect to and manage remote computers in the Internet or across a local network. A remote administration tool is based on the server and client technology. The server part runs on a controlled computer and receives commands...
    Click Here To Get In Detail With Remote Administration Tools :- Click Me
  •  Social Engineering Attack :- I myself have had a few people in the past ask me questions on social engineering. I always say to anyone, you need to imagine social engineering as a game. But before i talk about the 'Game', I want to go into detail about Basic knowledge and self preparation. Basic knowledge and self preparation: It's...
    Click Here To Get In Detail With Social Engineering Attack :- Click Me
  •     Phishing attack :- Phishing - is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include...
    Click Here To Get In Detail With Phishing attack :- Click Me
  •     Using 3 Fake Friends Method :- Hack Facebook Account" is most popular term is the in Web, Previously I posted many articles on "Hack Facebook Accounts" with Keyloggers, phishing, etc but that Hacking Of Facebook Account methods are not working fine now a days. So Hackers have to go smarter and we have found a new security hole (its just...
    Click Here To Get In Detail With Using 3 Fake Friends Method :- Click Me
Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get up to 40 years of imprisonment, if got caught in doing so. 
Updated By at No comments:
Labels:

Thursday, 21 March 2013

Fan Pages Attack ?

Hello all my friends many people asking how to trace someone in Facebook , well some people think that the noob method with command prompt is the only method lol ^_^ closing all tabs and talking to the victim account then typing "netstat -n" no no i have found the method since 2011 and it's still working and private but i decided to share it.Anyway let me explain it !





This method work with Notification that you receive in your email for example if someone comment your status or send you a message on Facebook of course you will receive the notification in your email !


so you are A and your victim is B when your victim comment on your thread in Facebook in the system of Facebook it will say A <===========> B

so where to find your victim ip it's simple just go to your email and to the notification and view the source of the message type Ctrl +f then search this:


X-Facebook: from zuckmail
you will find a code like this ([MTI3LjAuMC4x]) it's coded in base 64 you have to decode to ASCII text then you will find the IP of your target Enj0y!

Tool to decode and encode =========>>> Go Here
for more information check the first line x-store-info:
Updated By at No comments:
Labels:

Hack Your Friends Facebook Status

Hello what's up !! my friends today i will show you a nice method to hack Someone status on Facebook i mean post anything with his own id ^_^




First send to your victim this link https://m.facebook.com/upload.php?email&_rdr

and ask him to give you the email xxxxxxxxxx@facebook.com

Then go your Gmail email go to new message and put the email he sent you and write what you want to post in the subject case , leave the message case empty ,go and check his wall ^_^ Enjoy ;)
Updated By at No comments:
Labels:

Hack Your Friends Facebook Profile Pic

Hello my friends today i will show you a private method i discovered in Facebook ^_^

as i posted in the past the method how to hack status of Facebook Click

Now it's different you can change the default pic of your victim ^_^ how ?

Easy send this link to your victim https://m.facebook.com/upload.php?profile_pic&refid=17&_rdr

ask him to give you the email :


So now just open your account Gmail then send him a message ,put the email he gave you , then attach the pic you want to see in his profile in the message then go and check his profile . .Enjoy Hacking.
Updated By at No comments:
Labels:

Post a status & upload pics to almost any Facebook account ?


I'm going to be teaching you how to hack someones status on Facebook. This method has probably been posted before, but I cannot find it. This method is very simple and I will include pictures in this tutorial. You can find them by clicking the "spoiler" text.
What you need;

A Hotmail or Gmail email.

Step 1) Go to m.facebook.com/upload.php / you will see a unique email under "post it by email" That is your unique email. What we are trying to do is getting your victims unique email by social engineering them, I will post an example below in step number 2.


[Image: 1V9p5]

Step 2) Get in contact with your slave. Send him a message saying something like "Hey Can you tell me the email on this page : www.m.facebook.com/upload.php, I need it so I can upload something via my email." You can create your own method for this. Another method would be using this email spoofer "http://emkei.cz/" and sending them a message filling out the name. For example, From name: Facebook Staff, From email: facebook.com, etc asking them for the email at m.facebook.com/upload.php




Step 3) Once you have SE'd your victims unique email, go to your hotmail/gmail account and send an email to the unique email he gave you. In the subject box is the status you want to come up on his wall, eg; "text here" the main box is for the picture attachment you want to attach, I don't think you can upload more than 1 image per status, you'll have to try it out :). Once you send it, it will appear on his wall, simple as that.


[Image: 1VarR] 

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.
Updated By at No comments:
Labels:

Vulnerability On Facebook Password


Sow Ching Shiong, an independent vulnerability researcher has discovered a Password Reset vulnerability in www.facebook.com, which can be exploited by an attacker to bypass certain security restrictions.

In normal circumstances, an authenticated Facebook user is required to enter his/her current password on the change password page to prevent an unauthorized person from changing the password without the user's knowledge.
However, an attacker can change/reset a user's password without knowing the user's current password by accessing this URL directly:

https://www.facebook.com/hacked.

After that, the page will be redirected to https://www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked

Now, the attacker can click "Continue" to change/reset the user's password.

Proof of concept

Step 1: Logon to Facebook and access this URL directly: https://www.facebook.com/hacked. The page will be redirected to https://www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked




Step 2: Click on "Continue" to proceed



Step 3: Enter "New Password" and "Confirm Password" to change/reset the password.



Conclusion
This vulnerability has been confirmed and patched by Facebook Security Team. I would like to thank them for their quick response to my report.

Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.
Updated By at No comments:
Labels:

Facebook OAuth Attack

Facebook OAuth is used to communicate between Applications & Facebook users, to grant additional permissions to your favorite apps. To make this possible, users have to 'allow or accept' the application request so that app can access your account information with required permissions.

As a normal Facebook user we always think that it is better than entering your Facebook credentials, we can just allow specific permissions to an app in order to make it work with your account.

Today whitehat Hacker 'Nir Goldshlager' reported 'The Hacker News' that he discovered a very critical vulnerability in Facebook's OAuth system, that allowed him to get full control over any Facebook account easily even without 'allow or accept' options.

For this purpose he hunt the flaw in a very mannered way i.e
Step 1) Understanding the OAuth URL
Step 2) Finding a way to use custom parameters in URL
Step 3) Bypassing OAuth 'Allow' button request at user end
1.) Understanding the OAuth URL
The Facebook OAuth dialog URL is something like shown below:

 https://www.facebook.com/dialog/oauth/?app_id=YOUR_APP_ID&next=YOUR_REDIRECT_URL&state=YOUR_STATE_VALUE&scope=COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES

zyngaallowdomain












Where app_id is the application ID and next parameter must contains the URL of the respective app domain only. For example app_id=2389801228 belongs to 'Texas Holdem Poker' app, So the 'next' parameter will allow only zynga.com domain (i.e next=http://zynga.com), otherwise Facebook will block that action.

2.) Finding a way to use custom parameters in URL
Goldshlager found that Facebook was allowing him to use facebook's sub domain in next parameter in the URL ie. https://beta.facebook.com/#xxx!/messages/. But '#xxx!' was not working for all browsers. After fuzzing the URL characters, he found that %23~! and %23%09! worked for all browsers.

This finding was enough to redirect user to any file or folder at Facebook domain.
Then he developed a simple Facebook application (i.e touch.facebook.com/apps/testestestte) ,which  was just to redirecting users to remote site (i.e. files.nirgoldshlager.com) with access token, where a log file was ready to store all access tokens.

3.) Bypassing OAuth 'Allow' button request at user end
Till now attacker was able to redirect user to a fake app, which was passing victim's access tokens to a 3rd party domain where attacker was logging access tokens. But the main issue was still there i.e without user interaction, app will not work. That means, one have to click 'allow' button as shown below.
allowthisaction












So, to bypass this, he discovered that there are many built-in Facebook applications i.e 'Facebook Messenger app' that can access full permissions (read inbox, outbox, manage pages, manage ads,access to private photos, videos, etc.) from the victim's account without user interaction i.e no need to click 'allow' button.

i.e Sample Final URL :

https://www.facebook.com/connect/uiserver.php?app_id=220764691281998&next=https%3A%2F%2Ftouch.facebook.com%2F%23~!%2Fapps%2Ftestestestte%2F&display=page&fbconnect=1&method=permissions.request&response_type=token
This way attacker is now able to grab access tokens (with full permissions) of any Facebook account by just making his victims to visit a modified OAuth URL (without user interaction). This access_token will be never expired, It will expired only after the victim change his Facebook password
As a responsible bug hunter, Nir Goldshlager reported this flaw to Facebook security team few months back and now it is fixed. He was rewarded many times in bug bounty program. In January he also reported a password reset vulnerability in Facebook Employees Secure Files Transfer service


Note: This tutorial is only for Educational Purposes, I did not take any responsibility of any misuse, you will be solely responsible for any misuse that you do. Hacking email accounts is criminal activity and is punishable under cyber crime and you may get upto 40 years of imprisonment, if got caught in doing so.
Updated By at No comments:
Labels:
Subscribe to: Posts (Atom)