How to: Hack Any FB Account
Today in this article I am going to
explain how to steal such
cookies of different accounts
using Cain – Abel and Wireshark
software and how to use it to
access our victim accounts.
First off I need to say that this
will NOT steal anyones password
unless they log in while you are
monitoring them. This will
however give you their cookies
which you can use to steal there
session and have full acess to
their account. This will work for
Facebook, a lot of emails (sorry
no gmail), and just about any
forum (except this one). If you
are familiar with SSLstrip you can
use this method to hijack any
session (paypal, bank websites,
any email, etc.)
Facebook Cookie Stealing And
Session Hijacking
Wireshark Software to capture
cookies:
Wireshark is the best free packet
sniffer software available today.
Actually, it was developed for
making a network secure. But,
the same software is now used
by hackers to test for
vulnerability and security
loopholes in the network and to
attack the network accordingly.
Cookie stealing being one of the
types of hacks implemented
using this Wireshark software.
Requirements:
Cain and Abel : http://
www .oxid. it /cain.html
Wireshark : http://
www . wireshark. org/
Firefox 3 (or one compatable
with add n edit) : http://
www. oldapps. com /firefox.php?
old_firefox=59
Add n Edit (cookie editor for
firefox) : https://
addons. mozilla. org /en-US/
firefox/addon/add-n-editcookies/
Acess to the network with user
you want to hack
Network traffic
Prerequisites: Download and
install all above programs. To add
“Add n Edit” to your browser just
open firefox, go to tools, then
click add-ons. you can drag and
drop the program from
wherever you saved it into the
little box that popped up and
install it from there.
Below, I have listed steps on how
to capture Facebook and other
accounts cookies. This will help
you to know how Wireshark and
Cain-Abel can be used to sniff
packets and capture cookies.
First: Gain acess to the Network.
Open networks or your own
network would be easy but if
you have a specific slave you
want you should be able to gain
acess using Backtrack.
Tip: use reaver to exploit WPS for
WPA/WPA2 encryptions, WEPs are
easy to crack given time and OPN
means there is no password.
Second: Right click Cain and
choose ‘run as administrator.’ on
the top bar go to ‘configure’ and
be sure to select your wireless
card/adapter. now click where it
says ‘Sniffer’ then this litte button
towards the top left:
Next click any empty white box
then the blue “+” symbol near
the button you pressed just
before. choose okay
Now we go to APR on the
bottom bar. Once again click any
empty white box then the blue
cross. It’s easiest to just go one
by one and choose all
possibilities.
Now we have to poison them so
we choose the little yellow
hazard symbol towards the top
left.
we are done here, just minimize
Cain for now.
Third: Run wireshark as
administrator. On the top bar
choose ‘Capture’ then ‘Interfaces.’
Here you will have to choose
your interface that is connected
to the Network we are sniffing
from. if you wait a few seconds
you might see some traffic being
collected,
just choose that interface b/c
thats most likely it.
Wireshark will list and color-code
all the traffic it sees for you. To
make this simpler we can use the
filter to only see the traffic we
want, Type “http.cookie” in the
filter. (Something to consider is
to just filter to “http” and scroll
through the entries looking for
ones that start with the word
“POST” this means that
information was submitted to
the webpage noted such as a
username and a password! so if
you see this just look through
the details and you should see
the info you want, most
passwords will be hashed but
use this site to decript them:
http://
www. md5decrypter. co.uk/ )
Here is an image:
You can either look through this
information manually or use the
search function to find what you
want. In my case i want to hijack
the session of a user on the
forum freerainbowtables.com so
i will use the search function
(press Ctrl+F, or go to edit ->
search) and type in the
information i know for sure will
be in the entry. if your hijacking
someones facebook put
‘facebook’ there. Most of the time
to be safe i do not use the first
entry i see b/c this will only work
if the person is auto logged in, so
just go down a few more until
you see one you think will work
(just use common sense).
Hope u like it
No comments:
Post a Comment