Monday, December 5, 2016

Facebook Hacking

How to hack facebook account 

Well, to start with this is the most searched query on google now a days. According to google's AdWord Keyword Planner more than 135000 people search this query through out the day on google's search engine. 
Even, to find out if it's true i also searched "How to hack facebook" on google.com and i found a lot of videos and services in which people claims that they can hack any facebook account, even i also found some websites and videos who claims that by downloading their software you can hack any facebook account and which is a big lie and this is the reason that i am writing this article to reveal the truth. 

Guys, one thing i want to clear in the beginning that there is no software online or offline that can penetrate facebook's servers by exploiting their billion dollar Intrusion Detection and Prevention systems. So, Next time if someone offers you facebook hacking tool even for free do not install it in your system because nothing is free in this world.

In order to make this article more informative i will start with a little introduction about "How facebook works"

How Facebook Works

Well, facebook is one of the crowded social network in the world and to cut the crap short millions of people login to facebook every day. To manage and keep running such a huge network facebook uses variety of open source software, services, tools and programming languages some of them are actually created by facebook. We will discuss them one by one.

Basically, Facebook works on LAMP technology and LAMP stands for Linux, Apache, MySQL and PHP. Which means facebook servers are powered by Linux Operating System which is open source and is highly powerful and to run facebook.com webste on that linux server facebook uses apache web server which is also open source software and very powerful web server and to hold billion's of facebook's user data i.e. profile, chats, login, credintials, photos , videos etc. facebook uses MySql which is a open source database and very power full but a little bit slow  and facebook uses PHP aka Hypertext Processor to transmit data from mysql to your computer screen . PHP is popular language when it comes to create dynamic website but its a little slow and not designed to handle such a huge network like facebook. 

So, to over come this problem facebook uses variety extra tools to speed up the process namely, Memcache to speed up data delivery. Facebook has also develop a Remote Procedure call framework called "The Thrift" it is a lightweight framework application which offers cross-language support which saves the developmental process.

Besides all these tools and frameworks and software facebook mainly uses 3 more things to work properly:

             1. Scribe, It is a log server to log every activity in the whole system.

             2. Cassandra is a Database Management System designed to handle large amounts of data spread out across many servers. It powers Facebook’s Inbox Search feature and provides a structured key-value store with eventual consistency.

             3. HipHop For PHP, It is  a source code transformer for PHP script code and was created to save server resources. HipHop transforms PHP source code into optimized C++. After doing this, it uses g++ to compile it to machine code.


This is a basic over view of facebook working if i go in depth it will take more than 50 pages and they say the can hack facebook with a single 2 mb application LOL.
Now, You get all the basic info needed to Hack facebook account and trust me it not an easy job actually, its nearly impossible to hack facebook because it pays millions to its workers to keep it safe and unbreakable, moreover facebook organizes bug bounty programs around the glob every year to tackle every weak point.  

But wait....  if  facebook can't be hacked then why i am writing this article, whats the point in that. well, we may not be able to hack facebook but we can hack facebook users, there is always another way. Facebook may be paying handsome salary to its security researchers to keep it safe but every user is vulnerable to hack unless he/she has some technical knowledge about hacking stuff.


Introduction to facebook hacking

As i said, if you can't hack facebook then hack facebook user instead but now question arises how to do that!!!. I will answer it in a second but before that i want to tell you something important. 

Facebook Hacking Software

As i said earlier there is no such software that can hack facebook account with a single click. Lets discuss what actually these software are. 


When you download these kind software you start them and they ask for the facebook ID url of that person's Profile whom password you want to hack and you provide the id of that account then you press the hack button and software starts processing something and within 50 seconds it shows the profile picture and name of the victim whose id you want to hack and you think its working then after some time you get the message that the id has been hacked to get the password please follow the link and download the password and blah.... blah...  blah....and 
When you open the link it ask you to complete a small survey to unlock the file or ask for money to reveal the password or gives you a rar or zip file which is password protected and you have to complete a survey to get the password.

Listen to me by using these tools/software its you who have been hacked not your victim or enemy.
These software contains either virus, Trojan Horse, worms or spywares or keyloggers. So, avoid them they are hoax tools.

Only way to hack facebook users

 According to my knowledge, there are only 3 ways to hack facebook users remotely and 1 out of them is specifically for LAN users or Local Area Network users for example People connected to your hostel's wifi or people connected to home router at home falls in LAN network category. And the rest two are flexible they can be used Locally or Remotely or via Internet  near or far way from you for example if i want to hack a user From United States of America from India then i will use the rest 2 techniques and these techniques are:

                       1. Session Hijacking/Packet Capturing (for LAN or same network users)
                       2. Using Keylogger 
                       3. Phishing Attack

Session Hijacking/Packet Capturing:

Whenever we login into any website which requires username and password to login stores a temporary unique session variable into a file which is temporarily stored into your system.This file does not contains your username and password but a encrypted unique string known as session variable which has ability to access your facebook profile without using your password but unfortunately session variable is only valid until your logout of your facebook account or close the web browser after that its useless every time you login to your facebook account you gets different session variable.

The purpose of storing session is very simple. The websites like facebook refreshes its pages time to time after 5 to 10 mins of login and if this happens you get to the login screen again after every 5 to 10 minutes so to overcome this problem and give you smooth experience facebook and many more dynamic websites uses session variables and program their system to look for session variable every time the page refresh if the variable is valid then the page refresh to the current position of the user and if the variable is not valid it redirects to the login page again.

So, one thing is clear from here if we manage to get the session variable of our victim we can access their account without knowing their username and password but it is only possible if the hacker and victim are on the same network. And now the question is how to do that. Well, i will show you how exactly its done but not in this article but in other article please subscribe my blog and keep visiting i will demonstrate this process by making a video on my you tube channel. Now,lets move to the next Part.

Using Keylogger:

Well, Keylogger is a kind of spy software which is used to capture the keystroke of the victim's keyboard and send them back to the hacker anonymously through internet. To know more about keylogger please check this article.

Phishing Attack:

Just put the pressure on your brain and try to remember how you login to your facebook's account. 
 1. you go to www.facebook.com
 2. You enter your Username in username field 
 3. Then you enter your Password in password field
 4. and then you press or click login button and voila.  you are in .

In this attack we are only interested in username and password fields. You must be thinking that what i am talking about. Well, you got a point. Listen to me carefully if you are a web developer you must be familiar with the concept of HTML FORMS and if you not then no need to worry i will clear your all the doubts.

Whenever we want to pass our information to the server we use HTML Forms in our case where you type your username and password is called as HTML Form its only purpose to transfer everything written in those boxes to the server when Login button is pressed and the basic format of HTML Form is shown below:

<form action="xyz.com" method="post">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" name="login" value="login" />
</form>

If you go to facebook.com in the login screen if you press ctrl + u  you will be able to see the source code of facebook login page and you will see a lot of weird stuff but along with it somewhere this <form ............. /form> will be shown too .  and this is what we are looking for. Now lets move further let me explain the above code to you.
The above code says that whenever you press login button after entering username and password the data in the username and password field is transferred to the link which is written inside double quotes i.e. xyz.com in facebook's case its a long address. as we cannot access that address directly but the main point is that action field.  Suppose if we manage to change that action address to our custom made address then the password written by the victim will directly come to us in plain text field. 

It sounds simple but trust me it ain't you cannot change the facebook.com's page code because its compiled to your system from the server. You cannot change it however you can view it. 

So, What if you manage to make a exact copy of facebook's login page with little customization in form action target address and send it to your victim and if they enter their login info into that fake page. you will get their login details without any problem. 

Still confused???

Its OK have a look at this demonstration video i specially created for you ..  I recorded this video live on you tube to declare it 100% work capability Here are its both parts. have a look at it and reserve your queries for the comment box. 

This is only a demonstration video i will make another one with proper explanation.

PART 1


 

PART 2



Please Subscribe to my channel for Further Videos

https://www.youtube.com/channel/UCWj1e516HULwfS2JxW9Mv3w

 Some Technical Stuff

When you create an account on facebook. You enter all the info like username , password etc and then press signup button ..  after pressing signup button the data you entered passes through different processes before it gets saved to the database. and if  the information you provided is according to facebook's requirements it gets hashed i mean it gets converted to special set of alphanumeric string specially your username and password with the help of an irreversible algorithm i.e its a one way process once its converted it cannot be converted back to the normal form and the only way to crack it and it is a very long process depending upon the complexity of the data or in our case password. Easy and small passwords are cracked easily. 

For example: suppose i created an account on facebook with the password "12345" it will stored as "827ccb0eea8a706c4c34a16891f84e7b" in the database

The Conclusion

Let us assume if you are succeeded to  break the security of facebook and able to gain direct access to the database where the password is stored. you will never get plain text password you will always get hash and as i said earlier hash cannot be dehashed  it can only be cracked and suppose if the password you are trying to crack is more than 8 characters in length then it will take years to crack even NASA's attached array processors will take months to crack a password more than 8 characters alphanumeric. So, you cannot hack facebook directly and no software can. However you can hack the user because users are easy to hack.

From the Author 

This article is for education purpose only. Hacking is a crime. I am not responsible for any kind of legal action Thank you.
Hey, if you liked my article feel free to share and if you have question feel free to contact:



0 comments:

Post a Comment

Thanks for the comment.