Contents About the Author ........................................................................................................................................................... 3 Acknowledgement ......................................................................................................................................................... 4 Hacking Facebook .................................................................................................................................................. 6 Phishing ................................................................................................................................................................ 7 Keyloggers ............................................................................................................................................................. 9 Social Engineering .............................................................................................................................................. 10 Session Hijacking……………………………………………………………………………………………………………………………………………12 Hacking by Stealing Password from Stored Cookies…………………..………………………………………………………………….13 Facebook Tips, Tricks & Prank………………………………………………………………………………………………………………………..14 How to Actually Change Color of You Facebook…………………………………………………..………………………………………..15 How to Get Hundred's of Likes on Facebook………………………………………………………………………………………………….17 Facebook Status/ Chat Hacks…………………………………………………………………………………………………………………………18 Update Status with an iPhone even if You Have a Nokia Phone………………………………………………………….………….19 Update Your Friend's Status without Telling Him………………………………………… ………………………………………………..19 How to Trace Anyone on Facebook………………………………………………………………………………………………….…………….21 How to Update Status as a Celebrity or Anyone You Want………………………..……………………………………..……………22 Flood Your Friend's Wall and Inbox………………………….…………………………………………………………………………………….23 How to Remove Advertisements, Auto Poke and Customize Your Facebook the Way You Want.………….……….26 Some Tips to Stay Safe on Facebook……………………………………………………………………………………………………………..28 Conclusion…………………………………………………………………………………………………………………………………………………….33 More Sites To Look For………………………………………………………………………………………………………………………………….34 Disclaimer……………………………………………………………………………………………………………………………………………………..35
About The Author Shikhil Sharma is an engineering student who is pursuing his engineering in Computer Science. He has great interest in Cyber Security, Hacking, Penetration Testing, SEO and Vulnerability Assessment and loves to write about them. He also writes about the above mentioned topics at www.hackingtweaks.com and has also contributed articles on famous sites like www.rafayhackingarticles.net . Shikhil also believes in white hat techniques and has reported vulnerabilities in famous site like answers.com, army institute of technology, weather.com, iscripts.com etc.
Follow Him on Twitter @shikhilsharma . Contact Him on Facebook @shikhilsharma Drop him a mail at
[email protected] .
Acknowledgement Success of a person is not a work of one but due to cumulative effort of a number of people. I would like to thank my parents, family and almighty for their constant support. A peaceful and supportive environment was provided to me by the people around. I would like to thank Ishan Garg for designing the cover page. He can be contacted for further assignment here. Nishit and Joy surely deserve big thank for editing this book and being the first readers. I’ll also thank Shubham, Priysha, Shriya, Aanchal, Sankalp, Ayur Mayank, Lalit, Simar, Vinit, Samrath, Ruby, Baljeev, Abhishek and entire Raju and co. All my friends in field of cyber security including Abhinav Sharma, Lakshya, Gaurav are also thanked for their constant support. A special mention to Vivek Ramachandran for being a person to whom I always look up to. A big thank to entire Hacking Tweaks Family for being a source of constant motivation and all my readers for reading HackingTweaks.com . I promise that I’ll keep providing quality content in future too.
Note: The below mentioned methods are just to make the reader aware of, how they can be trapped by attackers using malicious techniques and few steps to prevent such attacks. Methods below should not be used by the reader to break into someone’s account. The author would not be responsible if found doing such.
Hacking Facebook I see a number of posts from people in facebook groups, pages and also all around the web requesting a hacker or a techie to a HACK facebook for him. These kind of request are from people who know nothing about technology or hacking and they think that a hacker knows some magical spells which he will recite and the account of the victim will be hacked! This is surely not the truth. Hacking facebook is not that easy as it seems to be.
Tip: There are NO facebook hacking softwares in which you have to fill the username of the person to hack and you get his facebook password!
Figure 1.(Source: google.com)
As mentioned above there is no direct software available to hack facebook but there are a number of methods available by which facebook can be hacked. These methods include phishing, keyloggers, social engineering, session hijacking, USB hacking, RAT’s etc. In the following section, I will be discussing methods in detail which attackers use to hack a facebook account. The methods are explained in detail so that you can take better measures to protect your facebook account and increase its security.
Phishing Phishing is a method of hacking facebook in which an attacker provides the victim with a malicious URL which redirects him to a page which looks just like facebook. Mistaking that page with facebook, the user enters his username and password there and the entered username and password go directly to the attacker. Facebook Phishing is carried out by attacker in the following way: 1. Firstly, create an account on a web hosting site where they upload all there malicious files. 2. Go to facebook.com and do a ctrl+s on login page of facebook to store it’s html format so that they can make the required changes in it and upload on the web hosting site. 3. View the source code of the login page and search for “action="https://www.facebook.com/login.php?login_attempt=1" method="post"
4. Replacing the above line of code with “login.php”. And renaming the file to “index.htm”. 5. Now a php file named “login” needs to be created. 6. To create the login.php file type the following code given on next page in your favorite text editor and name the file as “login.php”
7. Make a new txt file by the name of passwords.txt. 8. Make a folder by the name of facebook and put index.htm, login.php and password.txt in it. 9. Upload all the contents of the folder to your web hosting site and choose the name of the URL from webhosting site such that the victim does not suspect it. 10.Now give the URL to the victim and as soon as he enters his username and password in phishing page, password.txt file will store credentials of the victim.
FACT: The term “Phishing” was coined by Hackers when they attacked AOL.
Keyloggers A keylogger is a tool which records all the logs of the system of the victim when installed in his system. A keylogger is capable of recording keystrokes, screen, webcam logs and almost everything a person is doing on his system. After recording all the logs of the system the keylogger sends them to the victim. Keyloggers are used by hackers to get credentials of facebook account by installing the keylogger in victim machine. But keyloggers are also used by many parents all around the world to monitor the logs of the computer of their children in order to know what their children are up to.
Types of Keylogger: There are basically two types of keyloggers: 1. Physical Keylogger: It is a keylogger which an attacker installs in the system of the victim when he has physical access to victim’s computer. The keylogger records all the logs including the facebook password of the victim and send them to mail of the attacker which he has configured while installing the logger or the logs are collected physically by the attacker when accesses the victim’s computer next time. 2. Remote Keylogger: A remote keylogger does the same work as the physical keylogger but it is installed on the victim machine remotely by the attacker. The attacker can crypt the keylogger file with a song, picture and give it to the victim and as he opens the song or picture the keylogger gets installed in victim computer. The logger keeps sending logs to the victim via mail or ftp. Tip: You can use http://www.fb.com instead of http://www.facebook.com to load the facebook page faster.
Social Engineering Social engineering is a technique in which a hacker tries to get sensitive information out of the victim by using his communication skills. The sensitive information the attacker tries to get can be the username, password, answer to security question etc. Social engineering has been evolved some time ago only and one world famous hacker who amazed everyone with his social engineering techniques was Mr.Kevin Mitnick. Kevin started hacking at an early age of 12 using social engineering to bypass punchcard system used in Los Angeles bus system by playing social engineering on bus driver.
How to Hackers use Social Engineering to Hack Facebook? 1. Click on 'forgot password' below password field in facebook. You will enter an area where you will have to help facebook to identify the account of the victim, which you can easily do by typing his name and a friend’s name or by pasting his profile's URL in the 'profile link' column. 2. Now in recovery options click on 'answer the security question'. You are given 3 tries, make some relevant guesses, you may get the answer right if you know the victim well. If you don't then you will have to use Social Engineering to get the answer from victim.
Some Tips to Make Victim Spell Out What You Want 1. Most of the people on Facebook had set their Security Question long time back, may be when they had made an account. So most of the people do not change their question and many of them don't remember the question only. These things will make your work easy.
2. Don't straight away ask the answer to security question, first talk some random stuff. 3. Get to the question slowly and steadily so that victim doesn't suspect you. Trust me, Social Engineering is one of the Best Methods to Hack any account .All you need is presence of mind and ability to communicate well with people.
Fact: Facebook is majorly written in C++ and PHP.
Trick: Use symbols used in above picture using http://fsymbols.com/ and many more.
Session Hijacking Session Hijacking refers to an attack in which a hacker temporarily hijacks the ongoing session of the user and he is able to see what the user is doing. Facebook is used so much by everyone these days that it is the most exploited website when it comes to session hijacking as most of the times people are accessing facebook using mobile, computer etc.
Session Hijacking Using Mobile (Android Device) A tool which performs session hijacking very efficiently in android platform is “DroidSheep”.
Steps of using: 1. 2. 3. 4.
Open the app. Check "ARP-Spoofing" and "Genric Mode". Click on Start. In some time you will start getting various facebook sessions on the same network of wifi. Click on them to see what the person is doing.
Trick: To post a blank status update, just copy the following code and update it as your status: "@[0:0: ]" (don't copy the commas).
Hacking by Stealing Password from Stored Cookies This method of password hacking is used by the hacker when victim has enabled the “remember password” feature in his facebook account. What attacker does in this case is that he captures all the cookies stored in the browser of the victim and thus he gets the stored password too. How to use Pendrive as Facebook Password Stealer: 1. To use this has some files are needed which can be downloaded from here. 2. Extract pendrive password stealer.rar. 3. Copy all the contents of the file. 4. Paste the contents in the pendrive you want to use for stealing. 5. Insert the pendrive in the system of the victim. 6. Click on "launch" file. 7. Within seconds your pendrive will have text files containing all the stored passwords of the victim for any website.
Tip: Make it a habit to delete cookies every alternate day as they contain sensitive information about the work you do online.
This is a section which contains a number of facebook trick, trips and pranks which you can play on your friends using facebook. You see on facebook fake posts claiming to change facebook color, giving hundreds of likes etc. In this section you will find 100% working ways of doing such things which till now you have only heard of.
How to Actually Change Color of Your Facebook I've been seeing a number of posts by people in my friend list regarding changing of color of facebook to Red, Yellow, Green and what not. Similarly many events were also created claiming to change color of your facebook profile by clicking on a unique link. At one point of time I had around 15 events in "event list" of my profile and all of them claimed to change color of my facebook profile on a specific day and time. All these requests were quite irritating.
Truth about these FAKE Facebook Color Changing Links Facebook Color Change links were nothing but spam. Most of the links were shortened URL’s which directed to some sites which paid per clicks when that link was hit, that is more the number of times that link of facebook color change got clicked more the person who had spread it got paid by the URL shorten site! Some links were of type that as a person clicked on them, the similar link got posted on each and every person's wall is was in the friend list of the person who clicks the link. These kind of links are called clickjacking links. Clickjacking is a malicious technique of tricking a Web user into clicking on something different to what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages (From:Wikepedia).
How to Actually Change Color of Your Facebook?
Changing color of your facebook account is very simple. If you want to change color of your facebook account, follow these simple steps: 1. Download a plug-in called Greasemonkey/Tampermonkey.
Mozilla user can download it here and Chrome users here. 2. Install the above downloaded plug-in in your browser. 3. Now install a script from here by clicking "Install" button on right side.
5.
Once the script is installed open up your facebook account.
6.
As your account is open click on "Tools" menu of your browser and then click on "User Scripts Commands".
7.
In further drop down menu from User Scripts Commands select "Customize Facebook Colors".
8.
Now you can easily customize facebook colors are see the change!
How to Get Hundred’s of Likes on Facebook Sometimes I see a person from my friend list updates a status and his status gets hundred’s of likes within few minutes or sometimes a person a getting above 500 likes on a silly status. So here’s a trick on how to get hundred’s of likes on your facebook status and photos. 1. Go to this site http://www.likelo.com/ 2. On going to this site you’ll see something like the screenshot below.
3. You can now simply follow the instructions given on the site to get likes.
. Fact: Facebook was launched on February 4, 2004.
Facebook Status/Chat Hacks You can post various images and emoticons on your facebook chat which normal users can’t using various techniques which are told in the following section. 1. Post funny images like Mr.Bean, Jacky Chan and your own customized images on facebook chat : a. Go to http://smileychatcodes.com/ and select there if you want picture emoticon or text emoticon and get the code then use it in the chat. 2. Add Facebook profiles/images in chat - You can add facebook profiles, like pages etc. in facebook chat. All you have to do is type the unique username like this:[[username]] For example: If I have to post my image in the chat i will type [[shikhil]] and press enter. You can see the unique username of page or person from the URL/address bar, It is the thing which is inserted after facebook.com. It will be something like this facebook.com/username (it may be a name or simple an id in numbers)
Update Status with an iPhone even if You Have a Nokia Phone You feel jealous of your friends posting status from hi-tech gadgets like iPhone, Android, Mac, Blackberry? So here's a way out by which you can also post status from any device you want even if all you have is an old pc! All you have to do is, go to http://www.fake-wallposts.com/ and click on the image there of which device you want to display on your status. Become a hero! Post status once from ipad then from iphone then from blackberry etc.. :D
Update your Friend’s Status without Telling Him This is method of hacking in which you will require a lot of social engineering skills. It is an interesting hack and you can get a number of victims in trap. Follow these steps: 1. Send this link to the victim- https://m.facebook.com/upload.php?_rdr 2. Make sure he logs in. 3. Victim will be given m.facebooksomething type of an e-mail id on which they will have to mail. Get that id.
4. Mail on that id from your account (gmail, yahoo, etc.) and what you want victim's status to be, put that as the "subject" of the mail.
Now the status of your choice will be updated in your friends account.
Trick: http://facebook.com/profile.php?=73322363 : This URL which looks as if will take you to some other facebook page actually opens the profile of the person whoever clicks it.
How to Trace Anyone on Facebook Sometimes we find people on facebook who post malicious content or harass someone by their activities. Tracing these kind of people becomes important. People need to be traced to sometimes confirm their identity too as someone might be telling us their fake location, so it becomes important to find their true location. Following steps can be followed if you want to trace someone on facebook: 1. Go to http://blasze.com/iplog/ .
2. In the “Enter URL or Tracking Code” add a URL in which victim will be interested and you are sure he will open that site. 3. Now click on “create URL”. 4. A new link will be generated which you will have to give to the victim and you will also be given a code too. 5. After the victim has clicked it put the link again on the site and click “Track URL”. Then give the code to get the IP of the victim.
How to Update Status as a Celebrity or Anyone You Want
Do you want to create funny wall posts like the one above? You can do that simply in no time! Now I am going to tell how create a fully customizable wall post and play pranks on your friends. Follow the following steps: 1. Go to http://thewallmachine.com/ and you will see something like below.
2. Now make you sure you connect your facebook account with this site. 3. When connected, upload the photo of celebrity/friend you want to make wall post as then update the status. You can also customize the date when the status was updated.
Flood Your Friend’s Wall and Inbox I’ll like to mention that this trick is dedicated to my friend Lalit Ahuja on whom I used this trick the first time! This is very annoying trick which can be used to frustrate people by flooding their wall with hundreds of messages and same can be done with their facebook inbox. By using this trick you can post hundred’s of messages on a person’s wall within minutes. So let’s start with the process: 1. You need to download a tool called “Auto Clicker by Shocker”. 2. Open “m.facebook.com” from your browser. 3. Now log into your facebook account from and open the account of the friend on whom you want to play this prank. 4. Open Auto Clicker. 5. Write anything you want to write on your friend’s wall put don’t click on “post” button. 6. Before clicking on “post” button click on “click or Press F9” button on Auto Clicker.
7. Now we have successfully flooded the wall of our friend as you can see ;).
Trick: http://laterbro.com/ is site which allows you to pre-schedule your status update, so you can write a status and specify the time when it should be published.
How to Remove Advertisements, Auto Poke and Customize Your Facebook the Way You Want For the tricks discussed in the following section you need to download Greasemonkey/Tampermonkey for Mozilla or Chrome as per your choice.
Source : 1jesoba.com
What is Greasemonkey? Greasemonkey or Tampermonkey is a Plug-in which allows you to install scripts in your browser which make your browsing experience better. How to Use It? Once you have downloaded it you will have to install various scripts too and you will find its utilities in the “tools” menu of your browser and in some scripts you also get an extra option of when you right click.
Source : 2access.ecs.saton.ac.uk
Remove Advertisements from Facebook: You can remove advertisements from facebook which irritate you and also guide you to links where you surely don’t want to go. To remove the advertisements from facebook install the script from here and your will see that once you install the script advertisements will not be displayed on facebook.
Autopoke Autopoke is a script available which will automatically poke the person who pokes you. It can be installed from here.
Customize Your Facebook This script shows better quality profile pictures, links to download videos, google calendar integration and much more! You can fully customize your facebook experience using this script. Install the script from here .
I see a lot people complaining that their facebook account was Hacked or Hijacked. I personally think that if you have high security on your account it becomes very difficult for the hacker to exploit it. I've seen pictures of a number of girls in various pages/groups and it is evident that those pictures are illegally taken from the accounts of girls and now are being exploited. These are some things which are over looked by many people using facebook if taken seriously, they can increase the security of your account many times.
Don’t Disclose Your E-mail One should never disclose his e-mail of facebook and even if you have written your e-mail in your “bio” you should see to it that you hide it. If you disclose your e-mail then attacker has great piece of important information about your facebook account and he can hack the e-mail associated with your facebook and then ultimately hack your facebook account. Follow the steps below to hide your e-mail: 1. Go to your profile and click on “about”
2. Now go to “contact information” and click on “edit”.
3. You will see e-mail associated with your account, from there you can control who can see your e-mail.
Enable Secure Browsing Secure browsing refers to enabling “https” which provides with a better encryption that normal “http” browsing which reduces the chances of your account being hacked. You can enable secure browsing by following these steps: 1. Go to “privacy setting” of your account.
2. Now select the “Security” option from the left side of privacy settings page.
3. Now make sure that you “enable” secure browsing.
Enable Login Notification to Provide 24*7 Security to Your Account Login Notifications is a way by which you can provide 24*7 security to your account. In login notifications you enable some recognized devices from which you regularly come online. If someone logs in your account from apart from those devices then your get an e-mail and sms notification with the IP from where the login has been made. To enable the notifications follow these steps: 1. Go to “security settings” like we did in the last security tip. 2. Now click on edit option in “login notifications”. 3. Make sure you have enabled text and email notification.
4. Click on “Save changes” and now your will get notifications on your phone as soon as someone logs in from unrecognized device, but initially you will have to provide facebook with recognized devices as you log in after enabling this feature.
Keep a Strong Password Keeping a strong facebook password is always recommended as it is difficult to guess. You should also make sure that you don’t spill out your password to someone and fall to a social engineering attack. Some tips which should be kept in mind while keeping a strong password:
Password should not be guessable by anyone. It should contain above 6-7 character. Numbers should be there. Remember to put special keys like “/,>,!,$,^ etc.
A good password is one which uses a combination of all the above types of keys mentioned.
Conclusion This was my attempt to share all tips and tricks from all around the web with you which would make you a “Facebook Pro”. I hope after reading this book you are able to make your entire facebook experience better and you are able to secure your facebook account in a better way. Do give your feedback about the book, both positive and negative feedbacks are welcomed. Don’t hesitate in pointing out my mistakes. Do you think it’s over here? It isn’t! Do check out http://www.hackingtweaks.com for more hacks, tips and tricks!!
Best Wishes, Shikhil Sharma (
[email protected])
More Sites to Look For
Hacky Shacky (HS) is a Platform for all those people who want to share their knowledge with others. Originally founded by Lakshya Verma a.k.a li0n hear7, HS is Best Blog for people who enjoy learning new things. HS is Supported and contributed by Administrators and Members of Various Underground Hacking Groups and Communities Worldwide
Cyber Kendra is a place where user can get the information related to IT, Computer and technology. This site is all about Computer, IT and Technologies that are innovating day by day. Our aim is to give all the relevant information about the IT and Computer technology. Here we share all the content related to Tech and Internet world. Author: Vivek Gurung : He is the Founder and Editor-in-chief of 'Cyber Kendra'. He is Certified Information Security Expert and an Ethical Hacker. Apart from this he is Internet activist, love to learn about technology innovations. Very much interested in Cyber Security. Find him on google + and twitter.
http://techreviewphones.blogspot.in/ The ultimate smart phone guide blog: New blog but with quality content. Do check it out.
Disclaimer This book consists of Facebook Hacks and Tricks from all around the web. Author does not claim be their original writer, it is only compiled by him. Some pictures have been taken from google.com. If anyone has any problem with the content of this book then please contact the author. This book is not written with an aim to promote hacking but to make people aware of the methods by which the security of their accounts can be compromised so that they take prior precautions. Author does not take any responsibility for any misuse done by anyone after reading the content of this book. This book is only written for educational purposes.
