How To Hack Facebook Accounts using Social Engineering

Discussion in 'The Off Topic Lounge' started by Fantastic, 19 Mar 2013.

  1. Fantastic

    Fantastic Well-Known Member
    VIP

    Joined:
    19 Feb 2013
    Messages:
    122
    Likes Received:
    153
    Hacking a Facebook account is truly impossible now after Facebook have improved their Security and closed almost all type of Exploits that have been found by Hackers. I'm going to show in this article, a Penetration Trick that cannot be and will not be closed by Facebook (or any other Social Network). This trick consists of a Social Engineering Penetration Hack. We will see what it means and how it works in this step by step Tutorial.







    What is Social Engineering Hacking?

    Social Engineering is a penetration method that hacker uses to access personal and secure information, by having some knowledge about the victim or by tricking and convincing the victim into giving him some useful and important things, those things can be the Answer of the Security Question of his Online Account. Having the Security question's answer will help a lot in hacking the Facebook account.


    Why Facebook is Weak against Social Engineering Hack?


    Like we said, Social Engineering help you find very important and secure information about the victim like having the answer of the Security Question, which totally make Facebook kneel down against this trick, because the security question cannot be changed after creating the account, which make it totally breakable with social engineering. Any other social network website like twitter, is also weak facing Social engineering.


    What it Requires to Hack Facebook using Social Engineering?


    Social Engineering on Facebook can be performed by using No Tool, Programs or Software, the Only thing that are required are: a Smart brain OR Some knowledge about the victim.


    How to Hack a Facebook Account Using Social Engineering?


    1) Go to the Facebook Account of the victim and Copy his/her ID like below:
    in this example: razor.test
    razor id testing social engineering on facebook.png
    2) Logout from Facebook and click Forgot your Password? or simply go to this link

    3) In the Find Your Account box, input theID@Facebook.com replace the theID with the account ID you retrieved from Step1. Then Click Search


    In this Example: razor.test@facebook.com

    find account security question hack.jpg

    Click No Longer have access to these
    5) Now type a New Email address that is never used with a Facebook account in the past. And Click Continue (You can create a new one)
    6) Enter the Security Question Answer using your basic Knowledge about the person, OR you can use the trick in the end of this article.
    7) Now Simply enter the new Password to use and confirm it. Then confirm your Email address by clicking the link they send you. Done! Facebook Successfully hacked using Social engineering.



    Note: If you are not able to guess the security question, do the following trick:


    • Create a Fake Facebook Account
    • Send the victim an invite
    • Make some friendship with him/her
    • Try asking him/her his/her security question

     
  2. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,096
    Likes Received:
    1,197
    Nice share...

    It would probably be easier to hack someones email and get their Facebook account that way. Or try a email phishing attempt to get them to change the password via a cloaked url if they are blind / dumb enough.

    Hacking attempts and suspicious activity is logged by Facebook and they will inform the user.

    Also I remember an interesting read awhile back where Facebook passwords if entered in the incorrect case it still lets you in anyway.

    For instance, Password: ADSFR1234 will also work with adsfr1234.

    Alternatively, razorTEST will also work with RAZORtest
     
  3. ImJoJo

    ImJoJo The One & Only
    VIP

    Joined:
    25 Jun 2012
    Messages:
    249
    Likes Received:
    107
    Actually when this is attempted facebook will not recognize the computer and will not give you access even if you have access to the victims email...don't ask how I know..:D
    easiest method is session hijacking..yamas, wireshark..etc...unless using a VPN..
     
  4. Amkay

    Amkay The Wifier
    Staff Member Moderator Dev Team Wiki Editor VIP

    Joined:
    3 Jan 2013
    Messages:
    190
    Likes Received:
    80
    Thanks for the share Fantastic.

    And for phishing an email account, i used my phishing tool (when msn was popular... it ain't anymore...):

    [​IMG]

    the one on the right is the fake one (you can see it in the icon), when someone writes his username and pass and press sign in, its sends them to my inbox... you can make also phishing sites like Mr. Penguin said and host it on free hosting sites: weebly.com (its a simple free site hosting)
     
    • Like Like x 1
  5. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,096
    Likes Received:
    1,197
    Amkay is a total badass :saywhatagain: Most would be none the wiser.... I think Facebook is the winner these days.....
     
  6. rempit

    rempit Well-Known Member
    VIP

    Joined:
    4 Jun 2012
    Messages:
    237
    Likes Received:
    45
    Learning new things everytime I logon here, so informative :)
     
    • Like Like x 1
  7. vampiricbunny1800

    vampiricbunny1800 Well-Known Member
    Dev Team VIP

    Joined:
    8 Oct 2012
    Messages:
    242
    Likes Received:
    65

    id like to see these tools so i can give that a shot i really dont care for passwords or other peoples accounts its just more of a i want to try to get into a remote site is this the same as a man in the middle?

    or is this set up remotely id love to learn how to make 1 ip or mac or whatever see a fake thing in lets say china when you live in usa.. i am just being curious
     
  8. Amkay

    Amkay The Wifier
    Staff Member Moderator Dev Team Wiki Editor VIP

    Joined:
    3 Jan 2013
    Messages:
    190
    Likes Received:
    80
    No server or remote thingy in this tool... it just uses a gmail account to send the victim's email and pass to your email address... if you want i can teach you some tricks you can do in visual basic... it's a nice, easy and useful programming tool for beginners as the GUI is easily customizable and big part of the coding language is the actual English...
     
  9. Fantastic

    Fantastic Well-Known Member
    VIP

    Joined:
    19 Feb 2013
    Messages:
    122
    Likes Received:
    153
    phishing websites are now being discovered by most antiviruses, i'm scared phishing will come to an end one day:(
    OR maybe not:)
     
  10. Amkay

    Amkay The Wifier
    Staff Member Moderator Dev Team Wiki Editor VIP

    Joined:
    3 Jan 2013
    Messages:
    190
    Likes Received:
    80
    yep for sites maybe... but for clients it won't come to an end.... you can make a "facebook desktop client" phishing program... it will never get discovered as its just an application like another one...
     
  11. Vincent Soon

    Vincent Soon Active Member

    Joined:
    5 Dec 2012
    Messages:
    22
    Likes Received:
    0
    @Amkay
    Well then if I want to learn,will you guide me?
     
  12. ImJoJo

    ImJoJo The One & Only
    VIP

    Joined:
    25 Jun 2012
    Messages:
    249
    Likes Received:
    107
    True. They will input their login credentials into the app's username and password fields (trusting the application is legit..Legit as not intended for phishing or any hacking purpose).
     
  13. phreik

    phreik Member

    Joined:
    27 Aug 2014
    Messages:
    1
    Likes Received:
    0
    may you can use a webpage that worked for me in the past www.parchados.com good luck
     
  14. michael gonzales

    Joined:
    16 Jan 2015
    Messages:
    8
    Likes Received:
    0
    is this working until rigth now?
     
  15. Dasa

    Dasa Member

    Joined:
    6 Apr 2018
    Messages:
    3
    Likes Received:
    0
    easiest method is session hijacking
     
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K