Best Blackhat Forum

Full Version: How To Hack Facebook Account 2013
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3
All information in this tutorial is for educational purposes only. Any illegal activity relating to


this tutorial is not my responsibility, although I would like to say I don't care how you use it, I do. So please do not use this for Black-hat activities. One day when you grow up you might realised that you have been a skid, by using mass-deface techniques and SQLi for your entire life. Do not just hack a site because it is there. I have a few sites of my own and its annoying, unproductive, and pointless.








1 - Android Remort Adminstrator Tool - A RAT is also a shortcut called Remote Administrator Tool. It


is mostly used for malicious purposes, such as controlling Android Phones, stealing victims data,


deleting or editing some files. You can only infect someone by sending him file called Server and


they need to click it.


Here More Information - http://www.hackforums.net/showthread.php?tid=3529624


2- Remort Administrator Tool - A remote access Trojan (RAT) is a malware program that includes a


back door for administrative control over the target computer. RATs are usually downloaded invisibly


with a user-requested program -- such as a game -- or sent as an email attachment. Once the host


system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and


establish a botnet. RATs can be difficult to detect because they usually don't show up in lists of


running programs or tasks. The actions they perform can be similar to those of legitimate programs.


Furthermore, an intruder will often manage the level of resource use so that a drop in performance


doesn't alert the user that something's amiss.


How To Create RAT - http://blackhatcrackers.blogspot.in/2013...tools.html
You Tube Link - http://www.youtube.com/watch?v=3i5vEbnK5xk
Download Link - http://www.2shared.com/file/A1QNxuHf/Cyb...T1075.html
Download Link 2 Official Website - http://www.cyber-software.org/site/
Pdf Version - http://www.eset.com/us/resources/manuals..._Guide.pdf


3- Keylogger - Keyloggers are programs which record each keystroke on the computer they are


installed on. This provides a complete log of text entered such as passwords, emails sent and


websites visited. This log can then be automatically sent over a remote connection without the


person using the computer necessarily knowing about it. Because of this, keyloggers are typically


associated with malicious software and they will usually be picked up and removed by virus scanners.


However, there are also keyloggers which are commercially available for home or office use. In this


way, keyloggers have a distinct set of purposes which make them very useful in certain situations.


How To Create Keylogger - http://blackhatcrackers.blogspot.in/2013...ttack.html
You Tube Link - http://www.youtube.com/watch?v=RusJJjai7BI
Download Keylogger - http://project-neptune.net/download/
Pdf Version - http://www.cs.columbia.edu/~mikepo/paper...osec13.pdf


4- Phishing - In computing, phishing is a form of criminal activity using social engineering


techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and


credit card details, by masquerading as a trustworthy person or business in an electronic


communication. Phishing is typically carried out using email or an instant message, although phone


contact has been used as well. Attempts to deal with the growing number of reported phishing


incidents include legislation, user training, and technical measures.


How To Create Facebook Fake Login Page - http://blackhatcrackers.blogspot.in/2013/01/phishing-


attack.html
You Tube Link - https://www.youtube.com/watch?v=QE-kmk3vU1U
Download fake Login Page - http://www.mediafire.com/download/jjd5no...+fake+page


%28Hackingaday%29.rar
Pdf Version - http://www.fireeye.com/resources/pdfs/fi...-words.pdf


5- Click-Jacking - Clickjacking, also known as a "UI redress attack", is when an attacker uses


multiple transparent or opaque layers to trick a user into clicking on a button or link on another


page when they were intending to click on the the top level page. Thus, the attacker is "hijacking"


clicks meant for their page and routing them to other another page, most likely owned by another


application, domain, or both. Using a similar technique, keystrokes can also be hijacked. With a


carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe


they are typing in the password to their email or bank account, but are instead typing into an


invisible frame controlled by the attacker.


What Is Clickjacking ? How It's Work ? -


http://blackhatcrackers.blogspot.in/2013/01/clickjacking.html
You Tube Link - https://www.youtube.com/watch?v=IqN5HyqU...r_embedded
Advanced Tutorial ClickJacking - http://javascript.info/tutorial/clickjacking
Pdf Version - seclab.stanford.edu/websec/framebusting/framebust.pdf


6- Tabnabbing - Tabnabbing is a computer exploit and phishing attack, which persuades users to


submit their login details and passwords to popular websites by impersonating those sites and


convincing the user that the site is genuine. The attack's name was coined in early 2010 by Aza


Raskin, a security researcher and design expert. The attack takes advantage of user trust and


inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and


their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing


attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in


one of the open tabs in your browser.


What Is TabNabbing ? How It's Work - http://blackhatcrackers.blogspot.in/2013...bbing.html
You Tube Link - https://www.youtube.com/watch?v=Njrv03jSLLM
TabNabbing In Backtrack 5 - https://www.youtube.com/watch?v=xFo0vvq3R3g
Pdf Version - https://lirias.kuleuven.be/bitstream/123...1/p447.pdf


7- Session Hijacking - The Session Hijacking attack consists of the exploitation of the web session


control mechanism, which is normally managed for a session token. Because http communication uses


many different TCP connections, the web server needs a method to recognize every user’s connections.


The most useful method depends on a token that the Web Server sends to the client browser after a


successful client authentication. A session token is normally composed of a string of variable width


and it could be used in different ways, like in the URL, in the header of the http requisition as a


cookie, in other parts of the header of the http request, or yet in the body of the http


requisition. The Session Hijacking attack compromises the session token by stealing or predicting a


valid session token to gain unauthorized access to the Web Server.


What Is Session Hijacking ? How It's Work ? - http://blackhatcrackers.blogspot.in/2013/01/session-


hijacking-attack.html
You Tube Link - http://www.youtube.com/watch?v=YuERGiQ0naI
Pdf Version - http://www.dtic.mil/dtic/tr/fulltext/u2/a422361.pdf


8- Side Jacking Using Fire Sheep - HTTP session hijacking, better known as “sidejacking”, poses a


major threat to all internet users. This is due to the common use of Wi-Fi networks, which are


inherently unsecure, but also because of the wide-spread misplaced trust in the safety of internet


use on phones and perceived secure connections. It has been demonstrated that wired networks are


also not necessarily safe from sidejacking attempts and even your interactions in an App store can


be at risk as well.


If you are logging into Facebook using the open Wi-Fi network at your local watering hole, an


individual with a simple tool such as Firesheep can gain access to your account, change your


password, and then potentially take advantage of other programs linked to that account. These


sidejacking attacks can be done without any programming knowledge and the problem isn’t simply


limited to the unencrypted Wi-Fi networks we are familiar with. Firesheep can be used to intercept


information sent over any unencrypted HTTP session, whether it is wired or wireless. And what can a


Sidejacker do with my connection to an App store, you may wonder? Great question! Elie Bursztein at


Google cites the various ways your App browsing and buying can be compromised. It can be everything


from password stealing to App swapping, when an attacker’s malware App is downloaded instead of the


actual App that was paid for.The industry is slowly starting to adapt the practice of always on SSL


to protect users, including in App stores. The implementation of always on SSL, or end-to-end


encryption using HTTPS, is a great place to start. It is natural to visit a website and feel secure


because you have logged in to your account with a unique username and password, but the problem is


that if the rest of the traffic is not encrypted, a Sidejacker can gain access to the vulnerable


cookie and then manipulate any personal information within the account. However, when a website is


secured with HTTPS from the time of first access to the time you leave, the entire session is


encrypted in a way that prevents your information from being compromised.


What Is SideJacking Using FireSheep ? - http://www.hacking-tutorial.com/hacking-...firesheep-


http-session-hijacking-tools/
You Tube Link - http://www.youtube.com/watch?v=8qmTVPO2jvI


9 - ARP Poisoning - Address Resolution Protocol (ARP) poisoning is a type of attack where the Media


Access Control (MAC) address is changed by the attacker. Also, called an ARP spoofing attacks, it


is effective against both wired and wireless local networks. Some of the things an attacker could


perform from ARP poisoning attacks include stealing data from the compromised computers, eavesdrop


using man-in-the middle methods, and prevent legitimate access to services, such as Internet


service.


A MAC address is a unique identifier for network nodes, such as computers, printers, and other


devices on a LAN. MAC addresses are associated to network adapter that connects devices to


networks. The MAC address is critical to locating networked hardware devices because it ensures


that data packets go to the correct place. ARP tables, or cache, are used to correlate network


devices’ IP addresses to their MAC addresses.In for a device to be able to communicate with another


device with a known IP Address but an unknown MAC address the sender sends out an ARP packet to all


computers on the network. The ARP packet requests the MAC address from the intended recipient with


the known IP address. When the sender receives the correct MAC address then is able to send data to


the correct location and the IP address and corresponding MAC address are store in the ARP table for


later use.


ARP poisoning is when an attacker is able to compromise the ARP table and changes the MAC address so


that the IP address points to another machine. If the attacker makes the compromised device’s IP


address point to his own MAC address then he would be able to steal the information, or simply


eavesdrop and forward on communications meant for the victim. Additionally, if the attacker changed


the MAC address of the device that is used to connect the network to Internet then he could


effectively disable access to the web and other external networks.


What Is ARP Poisoning How It's Work -


http://www.mediafire.com/download/47bybhe5gd5de50/Compromising+Facebook+Account+Via+ARP


+Poisoning.pdf
ARP Poisoning Advanced tutorial - http://openmaniak.com/ettercap_arp.php
You Tube Link - https://www.youtube.com/watch?v=zC4PVbcGLmU
Pdf Version - http://www.harmonysecurity.com/files/HS-...soning.pdf


10- Stealers - It is a small software which steals passwords that are stored in our web browsers,


chat apps such as yahoo messenger .etc , Stealer's then send these stolen passwords to the Hackers


FTP server, Usually Stealer's look like keyloggers but there are many differences, Stealer's steal


only passwords that stored in the web browsers they wont capture keystrokes typed by the user


What Is Stealers How It's Work - http://oren-hack.blogspot.in/2012/06/tut...er-63.html
Advanced tutorial - http://www.101hacker.com/2011/09/hack-em...space.html
You Tube Link - http://www.youtube.com/watch?v=mOtXvbC0AMw


11 - Java Drive By - A Java Drive-By is a Java Applet that is coded in Java and is put on a website.


Once you click "Run" on the pop-up, it will download a program off the internet. This program can be


a virus or even a simple downloader. If you'd like to get the source code or wanna know more


information about a Java Drive-By, use Google.


What Is Java Drive By ? How It's Work - http://blackhatcrackers.blogspot.in/2013/03/fud-java-


driveby.html
You Tube Link - http://www.youtube.com/watch?v=UmzyTWbFWak
You Tube Link For Noobs Peoples - http://www.youtube.com/watch?v=LZdB2QAgDvY


12 - Cookie Stealing Attack - Cookies are small files that stored on users computer by websites when


a user visits them. The stored Cookies are used by the web server to identify and authenticate the


user .For example when a user logins in Facebook a unique string is generated and one copy of it is


saved on the server and other is saved on the users browser as Cookies. Both are matched every time


the user does any thing in his account. So if we steal the victims cookie and inject them in our


browser we will be able to imitate the victims identity to the web server and thus we will be able


to login is his account . This is called as Side jacking .The best thing about this is that we need


not no the victims id or password all we need is the victims cookie.


What Is Cookie Stealing Attack ? - http://blackhatcrackers.blogspot.in/2013...-stealing-


attack.html
You Tube Link - http://www.youtube.com/watch?v=-H1qjiwQldw


13 - Social Engineering - Social engineering is the use of deception and manipulation to obtain


confidential information. It is a non-technical kind of intrusion that relies heavily on human


interaction and often involves tricking people into breaking normal security procedures. Social


engineers rely on the fact that people are not aware of the value of the information they possess


and are careless about protecting it. In anti virus computer security software, social engineering


is generally a hacker's clever manipulation of the natural human tendency to trust. The hacker's


goal is to obtain information that will gain him/her unauthorized access to a system and the


information that resides on that system. Typical examples of social engineering are phishing e-mails


or pharming sites.


What Is Social Engineering ? - http://blackhatcrackers.blogspot.in/2013...gineering-


attack.html
You Tube Link - http://www.youtube.com/watch?v=4VeinrY0n7o
Pdf Version - himis.s3.amazonaws.com/social-engineering-techniques.pdf


14 - Botnets - Botnets are not commonly used for hacking facebook accounts, because of it's high


setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of


compromised computer, The infection process is same as the keylogging, however a botnet gives you,


additional options in for carrying out attacks with the compromised computer. Some of the most


popular botnets include Spyeye and Zeus.


What Is Botnet ? How It's Work ? - http://blackhatcrackers.blogspot.in/2013...-to-setup-


botnet.html
You Tube Link - http://www.youtube.com/watch?v=zR3OQdEsRCc
Pdf Version - http://www.korelogic.com/Resources/Prese...s_issa.pdf


15 - Man In the Middle Attacks - A Man-in-the-Middle attack is a type of cyber attack where a


malicious actor inserts him/herself into a conversation between two parties, impersonates both


parties and gains access to information that the two parties were trying to send to each other. A


Man-in-the-Middle Attack allows a malicious actor to intercept, send, and receive data meant for


someone else, or not meant to be sent at all, without either outside party knowing until it is too


late. Man-in-the-Middle attacks can be abbreviated in many ways including, MITM, MitM, MiM, or MIM.


How They Work ? What Was That - http://www.101hacker.com/2011/03/man-in-...ack-using-


ettercap.html
You Tube - http://www.youtube.com/watch?v=Z19p4nDfeG8
Pdf Version - http://www.cs.umu.se/education/examina/R...iksson.pdf
waoowww good posting...
ADDING REP +1 is appreciated !!
+1 - at least lets us know where and what all things to expect and be carefull when opening stuff. thanks vysakh +1 given
My mouse scroll is very useful in this post. =) Thanks for the share and time OP. Will try this at home.
good share thx
Great share Thanks.
I can phising only :D
@Vyshakh +5rep for the good and complete guide and the links ;)
thank you ... SYS !1
Pages: 1 2 3
Reference URL's