How To Hack Facebook? 4 ways !

I will cover 4 methods over here:

1. Facebook Phishing 

2. Keylogging 

3. Social engineering 

4. Primary email address hack.

 Facebook phishing:

I have taken this method first because i think this is the most popular method/way of hacking facebook. I studied various facebook surveys taken on web about hacking facebook. The results of these surveys show "Phishing" as the most used method to hack facebook and to note…"Phishing is favorite method of facebook hackers". So, friends.. beware of facebook Phishing. Facebook staff is working hard to avoid these Facebook phishers. Phishing not only allows you to hack Facebook but also almost any email account. You have to only get the trick used to make a phisher, which i think is very easy. I learnt it without any difficulty. But, remember, this is only for educational purpose.

Keylogging:

This is my second favorite, as only thing you have to do is remotely install a keylogger application (if you don't have any physical access to victim computer). Keylogging becomes more easy if you have physical access to victim computer as only thing you have to do is install a keylogger and direct it to your destination so that it will send all recorded keystrokes to pointed destination. What a keylogger does is it records the keystrokes into a log file and then you can use these logs to get required Facebook password and thus can hack facebook password.

Social Engineering:

This sounds to be pretty not working at beginning. Even I was neglecting this way. But, once, I thought of using it against my friend on Facebook and i got his Facebook password very easily by this method. I think many of you might be knowing how what this social engineering, For newbies, social engineering is method of retrieving password or answer of security question simply be quering with the victim. You have to be very careful while using this as victim must not be aware of your intention. Just ask him cautiously using your logic.

Cookie Stealing:

I am updating this post with a new method which is being used to hack facebook accounts, which I think is very effective, Facebook cookie stealing is becoming popular day by day.The cookie which facebook uses to authenticate it's users is called "Datr", If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like

Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;

Read More

Facebook Hacking and Cracking

Facebook password Hacker,Facebook password Cracker or Facebook password extractor you might have heard these names.Yes these all are paid softwares which some website's claim that they will hack a Facebook password on typing the User ID.If you believe what they say then you are just wasting your time and money.These all softwares are fake Even I receive tons of daily emails asking for such email hacking software. So, I am writing this article to inform you reality of such email hacking software or can say password hacking software

Recently i came across a site which was claiming that With their free hacking tool you can obtain the password to nearly any profile on facebook.com,Is it possible?The answer is no.Guys, i want to tell you that there is no such Facebook hacking software. Totally depressed?? I am sorry to say, but this is true. There is no such email hacking software. So stop searching for such email hacking software. Stop fooling yourself. Just use your sense guys. If there exists such a software, will there be any security on web. And all expert engineers at Google, Yahoo and other services are not mad. They are all engaged in ensuring security of their customers ie email account owners. So, no such software exists.

What about Facebook password Hacking services?

Many sites on the internet claim to sell softwares/programs to hack email passwords. I know most of you are aware of this. These sites also boost that their software can hack email passwords with in minutes. Some sites also claim that they can hack any one’s password for money (say $100 or 200$). Never believe these sites. They are all scam,Most of Password Hacking services claim that they have a Password decryter or encrypter,They ask you to type an Id to Hack,they show you the hash form of the passwords and tell you to buy a software in order to reveal the password but when you make the payment the software dont work and you loose your money, I can dare challenge anyone who claims to hack an email, using a software program. In fact when I was a newbie in the field of Hacking, I have spent many sleepless nights in search of an Email hacking software. Finally I ended up only with frustration and nothing more than that. I don’t want my readers to commit the same mistake which I did. So, never believe those scam sites and empty your pockets by spending on useless softwares.

What are real ways of Facebook Hacking?

With my experience of almost 5 Years in this field of Hacking and Internet security i suggest you 4 real methods which can Hack a facebook password, I have posted these four of these methods in my post Facebook Account Hacking 4 Ways

Read More

What are DDoS attack? How To Defend Against Them?

You may have heard of a DDoS (distributed denial-of-service) attack in the news as a method used by malicious hackers to attack a website. It's possible you've even experienced the effects of a DDoS attack yourself.If you host a website or other online service, being aware of the dangers of a DDoS attack can help you prevent one, or mitigate the damage they can incur.

A New Type Of Warfare

A WikiLeaks story from 2010 has redefined DDoS attacks as a legitimate form of protest. Computing expert Richard Stallman has gone on record saying DDoS attacks are "the Internet equivalent of a mass demonstration." Stallman defines such "demonstrations" as being separate from hacking or cracking, and compares them with harmless demonstrations that temporarily closed down several British stores recently, in order to highlight corporate tax evasion.

Distributed Denial of Service Attacks

Sometimes a cracker uses a networkof zombie computers to sabotage a specific Web site or server. The idea is pretty simple -- a cracker tells all the computers on his botnet to contact a specific server or Web site repeatedly. The sudden increase in traffic can cause the site to load very slowly for legitimate users. Sometimes the traffic is enough to shut the site down completely. We call this kind of an attack a Distributed Denial of Service(DDoS) attack.

Ways To Defend Against DDoS Attack

1. Develop a checklist for standard operating procedures to follow in the event of an attack, including maintaining a checklist of contact information for internal firewall teams, intrusion detection teams and network teams, as well as for service providers. Identify who should be contacted during an attack, what processes should be followed by each and what information is needed.
2. ISPs and hosting providers might provide mitigation services. Be aware of the service-level agreement provisions.
3. Identify and prioritize critical services that should be maintained during an attack so IT staff will know what resources can be turned off or blocked as needed to limit the effects of the attack.
4. Ensure that critical systems have sufficient capacity to withstand an attack.
5. Keep network diagrams, IT infrastructure details and asset inventories current and available to help understand the environment. Have a baseline of the daily volume, type, and performance of network traffic to help identify the type, target and vector of attack. Identify existing bottlenecks and remediation actions needed.
6. Harden the configuration settings of the network, operating systems and applications by disabling unnecessary services and applications.
7. Implement a bogon (bogus IP address) block list at the network boundary to drop bogus IP traffic.
8. Employ service screening on edge routers where possible to decrease the load on stateful security devices such as firewalls.
9. Separate or compartmentalize critical services, including public and private services; intranet, extranet, and Internet services; and create single-purpose servers for services such as HTTP, FTP, and DNS.

Read More

Anroid SOP Bypass 70% Anroid Users On Risk

Rafay Baloch a white from Pakistan discover a serious flaw in anroid defalut browser called SOP (same origin policy) bypass.The vulnerability is present 70% of anroid devices.

Using this vulnerability attack can acess user's cookies,location,response and other sensitive information etc. 

Other folks have verified this issue to work under Android browser < 4.4. Ref https://github.com/rapid7/metasploit-framework/pull/3759

The affected mobile devices are..

The initial tests were carried out on android browser 4.2.1 (Qmobile) and below and later verified with Galaxy S3, HTC wildfire, Sony Xperia, Qmobile etc.

After Rafay Baloch published a blog post at http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html describing the issue, researchers from security firm Rapid7 also conducted an analysis and determined that AOSP browsers shipped with versions of the operating system prior to Android 4.4 are affected.

When Researcher Rafay Baloch report the bug to Google was initially ignored by Google but in his blog post Researcher Rafay Baloch describe how the bug bypassed the browser's same origin policy (SOP) which prevent site from accessing other site's data.After attempting to conjure the problem again, Google witnessed the bug firsthand, and decided to take action.

As for now, Android users are better off using other web browsers, such as Chrome, Opera or Firefox. IGN will update this story with any new information 

Read More