Facebook

Hack Facebook account status..




 Methodology

There are tons of Facebook users who use a feature called facebook text in order to update a facebook status. If you have enabled this feature all you need to do in order to update your status is to type in your status and send it to "923223265".


However the idea behind this facebook Account status hack is to send a fake sms from your friend's number, therefore the facebook will think that the message has came from the legitimate source and hence it will update the victims Status.

SMS Global

SMSGlobal is a website that allows you send fake sms, The free account only allows you to send 25 SMS, However the business account allows you to send more. All you need to do is to register on SMS global, activate your account. After logging in to your account, click on “Send SMS to a Number”.



Send SMS To: 923223265 (Facebook)


Sender ID From: Victims Mobile Number.


Message: The Status which you would like to be updated



How To Steal Facebook Session Cookies And Hijack An Account?


An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.

If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.

In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark. 


Step 1 - First of all download wireshark.
Step 2 - Next open up wireshark click on analyze and then click on interfaces. 
Step 3 - Next choose the appropriate interface and click on start



Step 4 - Continue sniffing for around 10 minutes.
Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.
Step 6 - Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie,


Step 7 -  Next right click on it and goto Copy - Bytes - Printable Text only.

Step 8 - Next you’ll want to open up firefox. You’ll need both Greasemonkey and thecookieinjector script. Now open up Facebook.com and make sure that you are not logged in. 
Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it. ..


Step 10 - Now refresh your page and viola you are logged in to the victims facebook account.



How to hack facebook password


My first post on Phishing was how to install a phishing page and in order to install a phishing page you need one.So in this article I'll give you a sample of a facebook phishing page which i made recently.It is quite easily to make a phishing page once you understand the whole idea behind it. 


File Details:
File Size: 4 KB
File Extension: .rar (Compressed Archive) 


What is a Facebook Phishing Page ?

You can go here for more articles on phishing and what it exactly does : What is a Phishing Page ?
How to use it ?

I have made a generalized tutorial on how to use fake login pages and how to set them up for hacking over here : 


How to Install / Setup / Use a Fake Login Page for hacking 
1.After downloading the page extract the files into a directory.
2.Before we get started you should first make a free web hosting account for you to upload your files.I would prefer any one of these,if you know a better one then please use what you wish.For this tutorial I'll be using www.freehostia.com as it is easier for me to explain but you can chose whatever hosting you like. 


www.t35.com
www.110mb.com
www.x10hosting.com
www.000webhost.com
www.blackapplehost.com
www.freehostia.com


3.After registering login to your file manager of you respective hosting and upload all the files of the folder which contains the document.


4.So by now you should have uploaded the file,CHMODed (Changed Permissions) the files.

5.Now is the time to test.Go the site for example.

Disclaimer: DO NOT use this for fraudulent activities use this just to gain knowledge and not to cause harm to other people in any sort.


If you follow that guide careful you should be able to use this file successfully.If you have any problems on your way then just E-mail me using the contact form or just leave a comment.I'll get to you immediately. 



0 comments:

Subscribe to: Posts (Atom)