Friday, August 9, 2013

facebook Hacking Method 2013 All:
-----------------------------------------------------

1 - Android Remote Adminstrator Tool - A RAT is also a shortcut called Remote Administrator Tool. It is mostly used for malicious purposes, such as controlling Android Phones, stealing victims data, deleting or editing some files. You can only infect someone by sending him file called Server and they need to click it. 

Here More Information - http://www.hackforums.net/showthread.php?tid=3529624 

2- Remort Administrator Tool - A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute RATs to other vulnerable computers and establish a botnet. RATs can be difficult to detect because they usually don't show up in lists of running programs or tasks. The actions they perform can be similar to those of legitimate programs. Furthermore, an intruder will often manage the level of resource use so that a drop in performance doesn't alert the user that something's amiss.

How To Create RAT - http://blackhatcrackers.blogspot.in/2013/01/remote-administration-tools.html 
You Tube Link - http://www.youtube.com/watch?v=3i5vEbnK5xk
Download Link - http://www.2shared.com/file/A1QNxuHf/CybergateRAT1075.html 
Download Link 2 Official Website - http://www.cyber-software.org/site/ 
Pdf Version - www.eset.com/us/resources/manuals/ERA_Basic_Setup_Guide.pdf

3- Keylogger - Keyloggers are programs which record each keystroke on the computer they are installed on. This provides a complete log of text entered such as passwords, emails sent and websites visited. This log can then be automatically sent over a remote connection without the person using the computer necessarily knowing about it. Because of this, keyloggers are typically associated with malicious software and they will usually be picked up and removed by virus scanners. However, there are also keyloggers which are commercially available for home or office use. In this way, keyloggers have a distinct set of purposes which make them very useful in certain situations. 

How To Create Keylogger - http://blackhatcrackers.blogspot.in/2013/01/keylogger-attack.html 
You Tube Link - http://www.youtube.com/watch?v=RusJJjai7BI
Download Keylogger - http://project-neptune.net/download/
Pdf Version - www.cs.columbia.edu/~mikepo/papers/gpukeylogger.eurosec13.pdf

4- Phishing - In computing, phishing is a form of criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.

How To Create Facebook Fake Login Page - http://blackhatcrackers.blogspot.in/2013/01/phishing-attack.html
You Tube Link - https://www.youtube.com/watch?v=QE-kmk3vU1U
Download fake Login Page -http://www.mediafire.com/download/jjd5nojzyjz/Facebook+fake+page%28Hackingaday%29.rar
Pdf Version - www.fireeye.com/resources/pdfs/fireeye-top-spear-phishing-words.pdf

5- Click-Jacking - Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker. 

What Is Clickjacking ? How It's Work ? - http://blackhatcrackers.blogspot.in/2013/01/clickjacking.html 
You Tube Link - https://www.youtube.com/watch?v=IqN5HyqUJ2A&feature=player_embedded
Advanced Tutorial ClickJacking - http://javascript.info/tutorial/clickjacking 
Pdf Version - seclab.stanford.edu/websec/framebusting/framebust.pdf

6- Tabnabbing - Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine. The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert. The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser. 

What Is TabNabbing ? How It's Work - http://blackhatcrackers.blogspot.in/2013/01/tabnabbing.html
You Tube Link - https://www.youtube.com/watch?v=Njrv03jSLLM 
TabNabbing In Backtrack 5 - https://www.youtube.com/watch?v=xFo0vvq3R3g
Pdf Version - https://lirias.kuleuven.be/bitstream/123456789/400475/1/p447.pdf

7- Session Hijacking - The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. Because http communication uses many different TCP connections, the web server needs a method to recognize every user’s connections. The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition. The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server. 

What Is Session Hijacking ? How It's Work ? - http://blackhatcrackers.blogspot.in/2013/01/session-hijacking-attack.html 
You Tube Link - http://www.youtube.com/watch?v=YuERGiQ0naI
Pdf Version - www.dtic.mil/dtic/tr/fulltext/u2/a422361.pdf

8- Side Jacking Using Fire Sheep - HTTP session hijacking, better known as “sidejacking”, poses a major threat to all internet users. This is due to the common use of Wi-Fi networks, which are inherently unsecure, but also because of the wide-spread misplaced trust in the safety of internet use on phones and perceived secure connections. It has been demonstrated that wired networks are also not necessarily safe from sidejacking attempts and even your interactions in an App store can be at risk as well.

If you are logging into Facebook using the open Wi-Fi network at your local watering hole, an individual with a simple tool such as Firesheep can gain access to your account, change your password, and then potentially take advantage of other programs linked to that account. These sidejacking attacks can be done without any programming knowledge and the problem isn’t simply limited to the unencrypted Wi-Fi networks we are familiar with. Firesheep can be used to intercept information sent over any unencrypted HTTP session, whether it is wired or wireless. And what can a Sidejacker do with my connection to an App store, you may wonder? Great question! Elie Bursztein at Google cites the various ways your App browsing and buying can be compromised. It can be everything from password stealing to App swapping, when an attacker’s malware App is downloaded instead of the actual App that was paid for.The industry is slowly starting to adapt the practice of always on SSL to protect users, including in App stores. The implementation of always on SSL, or end-to-end encryption using HTTPS, is a great place to start. It is natural to visit a website and feel secure because you have logged in to your account with a unique username and password, but the problem is that if the rest of the traffic is not encrypted, a Sidejacker can gain access to the vulnerable cookie and then manipulate any personal information within the account. However, when a website is secured with HTTPS from the time of first access to the time you leave, the entire session is encrypted in a way that prevents your information from being compromised.

What Is SideJacking Using FireSheep ? - http://www.hacking-tutorial.com/hacking-tutorial/firesheep-http-session-hijacking-tools/
You Tube Link - http://www.youtube.com/watch?v=8qmTVPO2jvI

9 - ARP Poisoning - Address Resolution Protocol (ARP) poisoning is a type of attack where the Media Access Control (MAC) address is changed by the attacker. Also, called an ARP spoofing attacks, it is effective against both wired and wireless local networks. Some of the things an attacker could perform from ARP poisoning attacks include stealing data from the compromised computers, eavesdrop using man-in-the middle methods, and prevent legitimate access to services, such as Internet service.

A MAC address is a unique identifier for network nodes, such as computers, printers, and other devices on a LAN. MAC addresses are associated to network adapter that connects devices to networks. The MAC address is critical to locating networked hardware devices because it ensures that data packets go to the correct place. ARP tables, or cache, are used to correlate network devices’ IP addresses to their MAC addresses.In for a device to be able to communicate with another device with a known IP Address but an unknown MAC address the sender sends out an ARP packet to all computers on the network. The ARP packet requests the MAC address from the intended recipient with the known IP address. When the sender receives the correct MAC address then is able to send data to the correct location and the IP address and corresponding MAC address are store in the ARP table for later use.

ARP poisoning is when an attacker is able to compromise the ARP table and changes the MAC address so that the IP address points to another machine. If the attacker makes the compromised device’s IP address point to his own MAC address then he would be able to steal the information, or simply eavesdrop and forward on communications meant for the victim. Additionally, if the attacker changed the MAC address of the device that is used to connect the network to Internet then he could effectively disable access to the web and other external networks.

What Is ARP Poisoning How It's Work -http://www.mediafire.com/download/47bybhe5gd5de50/Compromising+Facebook+Account+Via+ARP+Poisoning.pdf 
ARP Poisoning Advanced tutorial - http://openmaniak.com/ettercap_arp.php 
You Tube Link - https://www.youtube.com/watch?v=zC4PVbcGLmU
Pdf Version - www.harmonysecurity.com/files/HS-P004_ARPPoisoning.pdf

10- Stealers - It is a small software which steals passwords that are stored in our web browsers, chat apps such as yahoo messenger .etc , Stealer's then send these stolen passwords to the Hackers FTP server, Usually Stealer's look like keyloggers but there are many differences, Stealer's steal only passwords that stored in the web browsers they wont capture keystrokes typed by the user

What Is Stealers How It's Work - http://oren-hack.blogspot.in/2012/06/tutorial-istealer-63.html 
Advanced tutorial - http://www.101hacker.com/2011/09/hack-email-facebook-and-myspace.html
You Tube Link - http://www.youtube.com/watch?v=mOtXvbC0AMw

11 - Java Drive By - A Java Drive-By is a Java Applet that is coded in Java and is put on a website. Once you click "Run" on the pop-up, it will download a program off the internet. This program can be a virus or even a simple downloader. If you'd like to get the source code or wanna know more information about a Java Drive-By, use Google.

What Is Java Drive By ? How It's Work - http://blackhatcrackers.blogspot.in/2013/03/fud-java-driveby.html
You Tube Link - http://www.youtube.com/watch?v=UmzyTWbFWak 
You Tube Link For Noobs Peoples - http://www.youtube.com/watch?v=LZdB2QAgDvY

12 - Cookie Stealing Attack - Cookies are small files that stored on users computer by websites when a user visits them. The stored Cookies are used by the web server to identify and authenticate the user .For example when a user logins in Facebook a unique string is generated and one copy of it is saved on the server and other is saved on the users browser as Cookies. Both are matched every time the user does any thing in his account. So if we steal the victims cookie and inject them in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account . This is called as Side jacking .The best thing about this is that we need not no the victims id or password all we need is the victims cookie.

What Is Cookie Stealing Attack ? - http://blackhatcrackers.blogspot.in/2013/01/cookie-stealing-attack.html 
You Tube Link - http://www.youtube.com/watch?v=-H1qjiwQldw

13 - Social Engineering - Social engineering is the use of deception and manipulation to obtain confidential information. It is a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. In anti virus computer security software, social engineering is generally a hacker's clever manipulation of the natural human tendency to trust. The hacker's goal is to obtain information that will gain him/her unauthorized access to a system and the information that resides on that system. Typical examples of social engineering are phishing e-mails or pharming sites.

What Is Social Engineering ? - http://blackhatcrackers.blogspot.in/2013/01/social-engineering-attack.html 
You Tube Link - http://www.youtube.com/watch?v=4VeinrY0n7o 
Pdf Version - himis.s3.amazonaws.com/social-engineering-techniques.pdf

14 - Botnets - Botnets are not commonly used for hacking facebook accounts, because of it's high setup costs, They are used to carry more advanced attacks, A botnet is basically a collection of compromised computer, The infection process is same as the keylogging, however a botnet gives you, additional options in for carrying out attacks with the compromised computer. Some of the most popular botnets include Spyeye and Zeus.

What Is Botnet ? How It's Work ? - http://blackhatcrackers.blogspot.in/2013/04/how-to-setup-botnet.html 
You Tube Link - http://www.youtube.com/watch?v=zR3OQdEsRCc 
Pdf Version - www.korelogic.com/Resources/Presentations/botnets_issa.pdf

15 - Man In the Middle Attacks - A Man-in-the-Middle attack is a type of cyber attack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A Man-in-the-Middle Attack allows a malicious actor to intercept, send, and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-Middle attacks can be abbreviated in many ways including, MITM, MitM, MiM, or MIM.

How They Work ? What Was That - http://www.101hacker.com/2011/03/man-in-middle-attack-using-ettercap.html
You Tube - http://www.youtube.com/watch?v=Z19p4nDfeG8
Pdf Version - www.cs.umu.se/education/examina/Rapporter/MattiasEriksson.pdf

( This Tutorial Was Written By Nakul Mohan (Cia) And Edward Maya ( Ghost Shell ) )
( We Are Anonymous We Are Legion We Do Not Forget We Do Not Forgive Expect Us. )

All information in this tutorial is for educational purposes only. Any illegal activity relating to this tutorial is not my responsibility, although I would like to say I don't care how you use it, I do. So please do not use this for Black-hat activities. One day when you grow up you might realise that you have been a skid, by using mass-deface techniques and SQLi for your entire life. Do not just hack a site because it is there. I have a few sites of my own and its annoying, unproductive, and pointless.

No comments:

Post a Comment