How to hack facebook with fishing method
Hacker Reveals How to Hack Any Facebook Account
Mar 08, 2016Swati Khandelwal
Hacking Facebook account is one of the major queries of the Internet user today. It's hard to find — how to hack Facebook account, but an Indian hacker just did it.
A security researcher discovered a 'simple vulnerability' in the social network that allowed him to easily hack into any Facebook account, view message conversations, post anything, view payment card details and do whatever the real account holder can.
Facebook bounty hunter Anand Prakash from India recently discovered a Password Reset Vulnerability, a simple yet critical vulnerability that could have given an attacker endless opportunities to brute force a 6-digit code and reset any account's password.
Here's How the Flaw Works
The vulnerability actually resides in the way Facebook's beta domains handle 'Forgot Password' requests.
Facebook lets users change their account password through Password Reset procedure by confirming their Facebook account with a 6-digit code received via email or text message.
To ensure the genuinity of the user, Facebook allows the account holder to try up to a dozen codes before the account confirmation code is blocked due to the brute force protection that limits a large number of attempts.
However, Prakash discovered that the social media giant had not implemented rate-limiting in its password reset process on the beta sites, beta.facebook.com and mbasic.beta.facebook.com, according to a blog post published by Prakash.
Prakash tried to brute force the 6-digit code on the Facebook beta pages in the 'Forgot Password' window and discovered that there is no limit set by Facebook on the number of attempts for beta pages.
Video Demonstration
Prakash has also provided a proof-of-concept (POC) video demonstration that shows the attack in work. You can watch the video given below that will walk you through the entire procedure:
Here's the culprit:
As Prakash explained, the vulnerable POST request in the beta pages is:
lsd=AVoywo13&n=XXXXX
Brute forcing the 'n' successfully allowed Prakash to launch a brute force attack into any Facebook account by setting a new password, taking complete control of any account.
Prakash (@sehacure) discovered the vulnerability in February and reported it to Facebook on February 22. The social network fixed the issue the next day and had paid him $15,000 as a reward considering the severity and impact of the vulnerability.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
Share
Share on Facebook Share on Twitter Share on Linkedin Share on Reddit Share on Hacker News Share on Email Share on WhatsApp Share on Facebook Messenger Share on TelegramSHARE
Account password Reset, Bug Bounty Program, Facebook security, Hacking Facebook account, hacking news, How to Hack Facebook
7 Sneaky Ways Hackers Can Get Your Facebook Password
Facebook can be a great way to stay in contact with friends and family. But it can also make you more vulnerable. Your account likely has a ton of personal data and connections that could benefit a hacker. The more you understand about how a hacker can access your password, the savvier you will be at keeping it safe.
Advertisement
Here are seven sneaky ways hackers can access your password and what you can do to stop them.
You have probably heard many times by now not to open suspicious emails. This is still true today. But fake emails have become much more sophisticated than in the past. Fake emails might appear to be from Facebook and have all the formatting and logos you expect in a legitimate email. It can be very difficult to determine if an email is fake.
Advertisement
There are a multitude of ways a hacker can use a suspicious email to gain access to your Facebook account. The best way to avoid this is to delete the email and do not click on anything in the email. It is best to not even open suspicious emails.
If Facebook has to reach you, they can do so from your Facebook account. If you get an email from “Facebook”, instead of opening the email, log into your account to see if you have a notification there. Do not trust any emails that ask for account information, request money, or threaten to suspend your account.
Phishing
The purpose of many fake emails is phishing. Phishing is when someone asks for personal information that they can use to gain access to your account. A common way to phish is to trick someone to sign in on a fake site.
Some hackers will go through the trouble of creating a fake website that looks the same as Facebook. But, you can avoid this trap. It is always best to go to Facebook rather than click on a link. If you do use a link, carefully read the email address. Does it look correct, or is Facebook misspelled? Finally, check for the secure icon in the web address before signing in.
Advertisement
Fake Facebook Buttons
You might know not to trust links, but don’t forget that “like” and “share” buttons act like links. Clicking on one of these buttons on a fake site might lead you to a fake login page designed to steal your information.
To avoid this, sign in to your Facebook account from a new tab in your browser. Your browser will keep you logged in on other tabs. Now, any likes or shares will go directly to Facebook. If you still get a prompt to login, it's a good indicator that the button was fake.
Password Spraying
Coming up with a password is hard. It can be tempting to use something like “123456789”. Of course, that is a bad idea; it is too easy to guess. But many people do use similar easy passwords. Because of this, many hackers employ password spraying. This is when they guess a password by using the most common passwords.
It is hard to remember a random alphanumeric sequence. So, more people use words, which limits the number of potential passwords available. When creating a password, it is best to use a unique phrase, replace some of the letters with numbers, and vary the capitalization. And definitely avoid any variation of the word “password”, including pa$$word123.
Plain Password Grabbing
Once you come up with a good password, make sure you only use it for your Facebook account. If you use the same password everywhere, you leave yourself vulnerable to Plain Password Grabbing. This is when a hacker attacks a more vulnerable and less secure site. Some sites do not properly encrypt passwords. In that case, a hacker can then use the email and password saved in the database to try to access other sites like Facebook.
If you have a lot of accounts that require passwords, consider using a password manager. Often, they will generate strong passwords for you too.
Keylogging is a more advanced hacking technique. It requires installing a program on your device to track everything that you type. This can give hackers far more information than just your Facebook login information. They could even get credit card information using this method.
But, because a hacker needs to install a keylogging program on your device, it is a little easier to protect yourself against this sort of attack. Generally, hackers hide these programs in other software. To stay safe, do not download anything from an untrusted source. Your computer’s security software can detect these programs, but you might want to get anti-malware software for your smartphone. Make sure to keep your security software up to date too.
Unsecured Networks
Even if you have the best passwords, and are using the most secure computer, it won’t help if the network you are using is not secure. Public Wi-Fi is often unsecured. Unsecure networks allow hackers to snoop through all the data that you send and received from webpages while on that network.
Instead of using free Wi-Fi to access Facebook on the go, sign in using mobile data. It will ensure that your data is more secure. Or consider getting a virtual private network (VPN). Many VPN providers will encrypt your data, which will protect it even if you are connecting to the internet on an unsecured network.
Facebook Security in a Nutshell
Our growing dependence on the internet means that we need to be a little more careful online. All the security information out there can be a little overwhelming. But it all boils down to a couple of simple tips. Use unique passwords for all your accounts. Do not click on any links that you do not trust (even if it looks like they are from Facebook). Do not download anything unless you are certain if it is safe. Do not enter sensitive information on public computers or across public Wi-Fi. If in doubt, error on the side of caution.
.
Advertisement
Related Terms
- Cyberspace
- Cybercriminal
- Hacker
- Username
- Password
- Socialbot
- Phishing
- Worm
- Single Sign-On
Share This Article
How to hack and crack someone's Facebook password with a set of ways and how to protect it
As one of the major social networks, Facebook plays an important role in the daily lives of its users. Through Facebook, people like to share their photos in the news feed, post the day's events, and keep in touch with their friends and family.
If you want to monitor Facebook content or hack someone's account, you've come to the right place. Here we will explain how you can hack a Facebook account. Check Learn how hackers hack into Facebook accounts and how to protect yourself.
This article explains how to hack Facebook account and how to spy on Messenger instantly in a simple way. These tricks have been working for a long time and have helped many people hack FB accounts. In order to hack any account, you just need to know some friends that on the Facebook account you need to hack. We got advice from ethical hackers on Facebook and created this guide and we only use these steps to hack someone's account or even your Facebook friends if it's about Ethical Hacking (Just for learning or your friend's account was hacked) . Please do not abuse this manual.
By following this method, you can hack Facebook account and log into Facebook Messenger through it, and in the latest update, we mentioned mobile apps to help you hack Facebook account, you should try. Meanwhile, you can check the topic How to hack WiFi password too.
Before proceeding with the Facebook account hacking steps, click on any of the following procedures to solve your problem:
- Delete Facebook account - to delete your Facebook account.
- facebook account recovery - forgot password
- Report to Facebook - Account hacked.
How to hack Facebook account (quick answer)
- Open Facebook.com and click forgot password
- Click "You no longer have access"
- Enter a new email ID.
- Contact a trusted person for help.
The following is a detailed explanation:
Method 1: Steps to hack Facebook account immediately using "Forgot Password":
In this method, if you know some details about the Facebook account user, you can easily hack their account record. So not only will you be able to access your accounts, but the Facebook account user will not be able to access their accounts again. Follow the instructions below to learn how to hack someone's Facebook using this method.
Here are the steps to follow to access someone's Facebook account within minutes. Follow the steps below and if that doesn't work, just follow the methods below which will lead you to other great steps to hack Fb account and even get Facebook account password using these apps.
Step 1: Click Forgot Password
To hack your Facebook account, go to facebook.com and click on Forgot Password? "
Step 2: Search for "I don't have it anymore Access" At the bottom of the password reset, you'll find "Do you no longer have access to this?" Click on it.
distinct: How to hack someone's Instagram (How to protect your account in 2019year)
Step 4: Ask friends
Try to answer the security questions if you know the user well, and if your answer is correct, you will have to wait 24 hours to access the user's Facebook account.
If you don't know the user well, you can select the option "Recover account with friends" and select three friends for whom you want to receive a security code.
Ask your trusted contacts for help, now your friends need to help you with this account, to log into the account, you need to get the secret code from three people that Facebook shows in this step, try to get the code from these people to hack this account and after getting on the icons press Continue .
Within 24 hours you will receive a new password and your account will be hacked. You can use this method to unlock your account if you forgot your password and nothing worked, or for some good reason hack into someone's account that lost their account and not use it on a Facebook account for any other purposes.
notification Although this method is effective, it has a significant drawback. The Facebook user whose account you want to hack will receive an email notification as soon as they try to reset their password. However, if the user doesn't check their email often, that's fine.
Method 2: crack Facebook password
There are many ways to crack Facebook password, you can just look at people's computer while typing Facebook password, just kidding, here are some great ways to crack Facebook profile password.
Use applications to store what your friend writes on his computer, here is the best free keylogger option.
You can also use the Keystroke Recorder for devices like Keilama, which will actually store the Facebook password that the person enters.
A keylogger is an application that can be used to record keystrokes on a specific device. All you have to do is install the keylogger on the target device or on your device. If you have installed it on the target device, be sure to do so without the knowledge of the user. If you have installed it on your device, you will have to convince the user to log into their account using your device.
The keylogger runs in the background and records all keystrokes. When the user enters their username and password, you can see it later in the keylogger. In this way, you will know the user's registration data as soon as he logs into his Facebook account using your device.
It would be better if you installed the application on your device, because there is a chance that the user will know that it is on their device and it will be deleted.
Method 3: Hack Facebook Account Online Using Face Geek
FaceGeek is another way to hack Facebook account. You can go to Face-geek.com and write the user id of the Facebook account you want to hack. Follow the steps below to hack Facebook account using Face-geek.com.
Visit the face-geek.com account and enter the Facebook ID of the target Facebook account. You will receive your account password within 5 minutes.
Special : How to hack and hack whatsapp account and how to protect it.
Method 4: How to hack Facebook with Sam Hacker
Hacking a Facebook profile with Sam Hacker only takes 5 minutes, you can use Sam Hacker to hack a Facebook account just by using the user ID of the Facebook account you want hack. You can only register for this account using your email ID.
Follow these steps to hack a Facebook account using Sam Hacker.
- Visit the Sam Hacker website (samhacker.com), the official site for hacking Facebook accounts.
- Enter the email ID of the account you want to hack.
- Within XNUMX minutes, you will receive a hack report and can easily log into the Facebook account you want to hack.
Method 5: Hack Facebook with facebookhackerp
facebookhackerp.com This is also a website that you can go to and just click on account hack and then you will be redirected to a page where you need to enter someone's Facebook profile you want to hack and click to Enter . Then follow the instructions, the person's account will be hacked and you will get their Facebook password.
Method 6: Using special apps to hack Facebook
Hacking your Facebook account with spy apps is the safest and most effective method. While there are many websites that claim to be the best at hacking Facebook or that you only need to enter the target's email ID, it actually doesn't work at all. The email you enter there becomes part of their database and nothing else happens. Apart from being a waste of time, these websites can also steal your information.
Among all similar Facebook account hack apps on the market, this is the list of Best Android and iOS spy apps. It is the best choice for you to hack Facebook account.
Method 7: Phishing to Hack Facebook Account
Phishing is a popular way to hack Facebook accounts. It is very easy for a person with basic technical knowledge to create a phishing page. All you have to do is create a duplicate login page that looks exactly like the Facebook login page. When a Facebook user enters their username and password, they will not be able to log in, but you will be able to retrieve their username and password. It is also one of the safest methods since you don't have to take any risks here.
However, for this you will need to purchase hosting and a domain name. Once you've done that, it's easy to create a similar login page if you have a little knowledge of web design. You just need to trick the victim into entering login details on your page. Once he does, the details will be sent to your email and you will be able to access his account.
Method 8: Using social engineering to hack a Facebook profile
You don't need any special hacking skills if you want to hack a Facebook profile using Social Engineering. Every other account on the web, including Facebook, uses some questions as security questions in case the user needs to change their account password. Some of the most frequently asked questions include "What is your nickname?" , "Where is your hometown?" , etc. If you know the account owner well, you can try to answer these questions and gain access to their Facebook account.
Many Facebook users use their phone number, their partner's name, or even their date of birth as their password. You can try to use it if you know it well. Although this method may seem very simple, it is useless if you do not know anything about the account holder.
Method 9: Use Facebook Password Extractor
Facebook Password Extractor is an application designed to hack Facebook account through Windows. There is no need for physical access to the target phone in order to use this method to hack a user's Facebook account. You can learn how to hack Facebook profile using Facebook Password Extractor as follows.
Step 1: Download Facebook Password Extractor on your Windows PC from the official website.
Step 2: Install the extractor using the installation wizard.
Step 3: Launch the application and you will see the username and password listed in it.
However, in order for this method to work, you need to install the application on the target device, which is not an easy task since it is a large application that the user is most likely to notice.
Method 10: By stealing Facebook cookies
This method is a bit tricky as you will need access to the target device if you are not a professional hacker. But, before we get into the details on how to do this, let's understand what cookies are and how this method can work. Cookies are basically packets of data stored in the device's memory. You must have noticed that when you first view a website in your browser, it takes longer to open. This is related to cookies.
Now back to our topic. The cookies we request here are temporary and are automatically deleted as soon as you close your browser. Therefore, we will need to do this before the user closes the browser.
When a user logs into their account, wait for them to close the tab. Once you do that, you should try to trick him into giving you his device to search for something. Once you get his device, you will need to steal the cookies from his browser. Now, to do this, you will need to run the following code.
javascript:Aalert(document.cookie)
This will give you a set of cookies. Now login to your account and do the same. You will receive a new set of cookies. Match what you have with the previous one and you will see which ones are on Facebook. Steal this set of cookies and you can use them at any time to log into your user account.
The only problem with this method is that every time the user logs out of their account, you are also logged out. To gain access after that, you will need to complete the entire task again.
Other ways to hack someone's Facebook account:
If these hack methods don't work, try other online hack apps to hack your friends' Facebook accounts, check out the following online apps to hack Facebook account, by at least one of them actually works.
1. Wonder howto (null-byte.wonderhowto.com/how-to/4-ways-crack-facebook-password-protection) - This site provides you detailed content on how to hack facebook account and how to do it make it safe.
2. Hack Facebook (hack-facebook.com) - Try this Facebook hack site, you will get the Facebook account you want to hack and start hacking and it might work.
3. Hyperhacker (Hyperhacker.com) is a Facebook hacking expert who has hacked over 1000 Facebook accounts and won multiple Boug Awards.
4. SPYZIE (spyzie.com) is the latest tool on the market to hack your Facebook account.
How to protect your Facebook account from hackers:
- Do not use the same email ID as other social networks.
- Make your security questions even harder so no one can predict them.
- You must change your Facebook password at least once every two months.
- Keep your passwords safe, use a password manager.
If you have trouble hacking Facebook Just comment.
Source
4 Methods to Get Someone else's Facebook Passwords
Author: Nelson Aguilar
Despite the fact that over the years there have been repeated security incidents on Facebook, many people continue to use this social network. Moreover, the number of new users is constantly growing, which allows Facebook to set new records. As of December 31, 2017, the monthly audience on Facebook was 2.13 billion users, the average daily audience is about 1.4 billion.
Part of our lives is spent on Facebook. We share our birthdays and anniversaries, our vacation plans, and our current location. We share the dates of the birthdays of our children and the dates of the death of our parents. We talk about the most pleasant events and difficult thoughts. In general, we disclose many aspects of our life. There are even entire books written by clinical psychologists that detail just how much of an impact Facebook has on our emotions and relationships.
However, we often forget that we are being watched.
We use Facebook as a means of communicating with friends, but there are people who use this social network for malicious purposes. We disclose information that others can use against us. Attackers know when we are not at home, and how long our absence will last. They know the answers to security questions and, in fact, can steal our personal data using the information that we voluntarily indicate in a public profile.
Figure 1: Login page at Facebook (source: Digital Trends )
The worst part is that the more technologically advanced our lives become, the more vulnerable we become to intruders. Even if we share incomplete information, in case of urgent need, knowledgeable people can access our email and Facebook account in order to fill information gaps regarding our personal data.
In fact, you don't even need to be a professional hacker to gain access to someone else's Facebook account.
Getting access to your account can be as easy as installing the Firesheep extension. Moreover, on Facebook, you can access someone else's account even without knowing the password. You just need to choose three friends to send the code. Next, you enter the three codes received and get access to your account. It doesn't get easier.
In this article, I will show you several ways how hackers and ordinary people can access your Facebook account. After describing each method, a method will be given to protect your account from a specific method.
Method 1: Reset password
The easiest way to gain access to someone else's Facebook account is to reset the password. It is easier to implement this method for those people who are on the friends list of the person whose account is planned to be hacked.
- The first step is to get the email used during authorization (for example, in the contacts section of the profile). Hackers use utilities like TheHarvester. More information on this topic can be found in this guide.
- Click on the link Forgotten account? and enter the victim's email. After the account appears, click on This is my account .
- You will be asked if you want to reset your password via email. Since we will be accessing by other methods, click on No longer have access to these?
- The question How can we reach you? Enter an email address that you have access to. This address must not be linked to any Facebook account.
- You will be asked to answer a question. If you know the victim well, you can probably answer this question. Otherwise, you can try to find the answer. If the correct answer is found, you will be able to change the password. Next, you need to wait 24 hours to log into the victim's account.
- If you couldn't find the answer to your question, click on Recover your account with help from friends (recovering access through friends). Next, you will need to select from 3 to 5 friends to whom the code will be sent so that you can restore access to your account.
Figure 2: List of friends through which you can restore access to your account
- Passwords will be sent to the selected friends, which must be entered on the next page. You can either create from 3 to 5 fake accounts and add yourself as a friend to the victim, or choose those friends who agree to share the password sent to you.
Figure 3: Page for entering passwords sent to selected friends
How to protect yourself
- When registering with Facebook, please use a separate and clear email address.
- The secret question must be such that the answer cannot be guessed based on information from the public profile. No animal names or anniversaries. Should not even be used as the names of elementary school teachers, since this information can be found in the alumni album.
- Select three trusted friends to send the password to. Thus, you can protect yourself from sending your password to random acquaintances who intend to gain access to your account.
Method 2: Using Keylogger
Keylogger Software
Keylogger Software is an application that reads all keystrokes without the user's knowledge. First, this application must be downloaded manually to the victim's computer. The keylogger then starts running in the background and intercepts all keystrokes. You can configure so that all the collected information is sent by e-mail.
To get started, you can read the guide for installing keylogger on the target computer. If this method doesn't work for you, you can look for free keyloggers or try writing your own in C++.
Figure 4: Parameters of one of the keyloggers
Hardware keylogger
Hardware keyloggers work in exactly the same way as software keyloggers, except that you need to connect a USB flash drive with software stuffing to the victim's computer , where all intercepted keystrokes will be stored. Subsequently, you only need to insert the USB flash drive into your computer and extract the collected information.
There are several varieties of hardware keyloggers. Models like Keyllama must be connected to the victim's computer and can run on any operating system. To receive the collected information, you must have physical access to the device. Alternative option: Wi-Fi enabled keylogger. The collected information can be sent by e-mail or downloaded via Wi-Fi.
Figure 5: Hardware Keyloggers
How to protect yourself
Use a firewall that will monitor network activity and track suspicious activity, since keyloggers usually send the collected information over the Internet.
- Install a password manager. Password managers will automatically fill out all important forms without using the keyboard, and keyloggers can only intercept keystrokes.
- Install updates in a timely manner. As soon as the developer company learns that vulnerabilities have appeared in the application, work begins on creating patches. Older versions of software can cause additional holes in your system.
- Change passwords. If you still don't feel secure, you can change your passwords every two weeks. At first glance, this approach seems too radical, but on the other hand, passwords stolen by intruders will lose their relevance too quickly.
Method 3: Phishing
Although this scenario is much more difficult to implement than the previous two, phishing remains one of the most popular ways to gain access to someone else's account. The most popular type of phishing involves creating a fake login page. A link to this page is usually sent to the victim's email and is no different from a real authorization form. One of the difficulties is that you need to create an account on a web host and, in fact, the fake page itself.
Figure 6: Fake login page
The easiest way to create such a page is to read the website cloning tutorial. Then you will need to refine the form so that the information entered by the victim is saved somewhere. The implementation of this method is complicated by the fact that, on the one hand, users have become very careful, on the other hand, phishing filters in email services are constantly improving. However, nothing is impossible, especially if you clone Facebook completely.
How to protect yourself
- Do not click on suspicious links in emails. If the email asks you to sign in using a link, be careful. Check the URL first. If you still have doubts, log in directly to the Facebook website.
- Phishing is not necessarily done via email. Links can be distributed through websites, chats, text messages, and so on. Even pop-up ads can be malicious. Never click links that look suspicious, and especially those where you are asked to enter any confidential information.
- Use antivirus and web threat protection applications (Norton, McAfee, etc.).
Method 4: Man-in-the-Middle Attack
If you are close to the target, you can trick the victim into connecting to a fake Wi-Fi network to steal accounts. Utilities like Wi-Fi Pumpkin allow you to create fake Wi-Fi networks based on a wireless network adapter and a Raspberry Pi. After you get close to the target with the configured equipment, and the victim connects to the fake network, you can analyze the traffic or redirect to a fake authorization page. You can even replace individual pages and leave the rest intact.
Figure 7: A small computer based on a clone of a wireless network to intercept traffic (photo by SADMIN/Null Byte) .
- Be especially careful with chains outside public establishments. For example, a chain named "Google Starbucks" should be suspect if there is no Starbucks within a few miles. Since the hackers have already collected some data on you, your computer or phone will connect to a fake network, since the name of this network has already been used before.
- If you are having problems connecting to a Wi-Fi network, check the list of neighboring networks to see if there are copies of your network names.
- If the router asks you to enter a password to turn on the Internet to update the firmware, or shows you a page with many grammatical errors, it is very likely that you have connected to a fake hotspot and someone is trying to steal your account.
Extra Hacks
More advanced users can check out two more tutorials: Same Origin Policy Facebook hack and Facebook Password Extractor (the second method is a bit easier).
How to protect yourself
- In the Account Settings, in the Security section, check the Secure Browsing option. Firesheep will not be able to intercept cookies if you are using a secure protocol (such as HTTPS).
- Always enabled SSL. Use the HTTPS-Everywhere and Force-TLS extensions for Firefox.
- After you finish working with the site, end the authorization session. Firesheep cannot support authorization if you have ended your session.
- Use only trusted Wi-Fi networks. A hacker might be sitting next to you at a Starbucks coffee shop looking through your mail without your knowledge.
- Use a VPN. Since in this case all your traffic will be encrypted, even if an attacker intercepts information using fake Wi-Fi, they will not be able to extract anything useful.