Let’s begin.
Key logger I recommend: Rapzo Logger v 1.51) Why that key logger? Well, it’s Free and it works. I tested it.
simply build your server. Click Test me to be sure it works. Be sure to select what kind of e-mail you want to use and put the e-mail and the password.Now, considering that this keylogger is free, you will need to get your file crypted.
Crypting is essentially making your server or bot, or whatever you want to call it, FUD (Full undetected), being not detected by any Anti Virus or at least UD (Undetected), being only being detected by a few Anti virus.
Why crypt? Well, so your file doesn’t get detected and immediately deleted as soon as the target opens the file.
2) Let’s move on to RATs,
I see the same question all the time, Which is the best/favorite RAT?
-Based on my personal experience, I can say that DarkComet and Cybergate are the best for RATs being free.
You can find DarkComet here: http://darkcomet-rat.com/
You can find CyberGate here: http://website.cybergate-rat.org/mainpage/
I will not go into teaching you how to set those up because there are already a ton of tutorials on how to do that.
I did a quick search to find tuts and these looked good:
Setting up DarkComet
Setup Cybergate
3) Phishing
-I will tell u in my next tute
4) Social Engineering
-Ah, the classic stories of “My friend hacked my facebook” or “How can I hack my friend?” or my personal favorite “How to hack my girlfriend’s Facebook?”A common mistake by layman who do not know much about the internet is giving information out without actually knowing that they are giving the information out.
Social Engineering on Facebook seems like a joke considering that you aren’t going to ask the person their password and e-mail for you to log in. Even if they do in fact give you their information voluntarily, it’s pointless.
Why is it pointless? Well, Facebook has become smarter on their security.
Basically, it comes down to this.Facebook will detect ‘Suspicion’ on the account that you are logging in and it will not allow you to log in under that account simply because their logs of the original account owner do not match with your IP or the IP your are hidden behind.
1) Suspicion
2) Security question
3) Confirm Identity
4) Confirm identity by identifying the friends on that account.
Now to retrieve back to the very beginning of this tutorial, I said that Key logging, Phishing, Social Engineering, and RATs were the common methods associated with hacking a Facebook account.
I will respectfully correct my mistake and as well as the other tutorials on here.
1) Even if you do manage to steal the password and e-mail using Keylogs, the problem of suspicion will appear.
2) Even if you do manage to steal the password and e-mail using Phishing, the problem of suspicion will appear.
3) Even if you do manage to crack the password out of your target through Social Engineering, the problem of suspicion will appear.
4) RATs are probably and definitely the best way to go into “hacking” a Facebook account simply because you will have full access to their computers. You can change their info through computers and the problem of suspicion will not appear.
RATs are NOT the only possible way to get in! Keylogging, Phishing, and Social Engineering might work as well.
I believe that Facebook compares the ranges of IP based on the ISP of the target. Now, if that’s the case…Simply do a whois on the slave using the RAT.
If you do not know what whois is, it’s basically a query that searches where the target is located. Normally you can double click on the slave when they are online on the RAT and see where they are from and look at their IP.
Now, you don’t really need a RAT to tell you where the slave lives or his IP. If you already have his IP or location through other methods such as reverting you’re good to go.
However, if you do not have any information at all what so ever, you can try searching on these sites to revert info about the target.
http://com.lullar.com/
http://www.pipl.com/email/
Now, once you have an IP or ISP, or location the next part is looking for a Sock5 to hide behind so Facebook thinks that you are only using a different computer in the same area. You can also spoof the IP, but I will not go into that.
So, after all that work, you still can’t take over their accounts?
I thought about this method as I was showing a friend through Teamviewer the pictures that Facebook was showing me to identify the target’s friends. And obviously, I was clueless because I did not know of the people.
What did I do? Well, as you can see the picture #4:
1) Suspicion
2) Security question
3) Confirm Identity
4) Confirm identity by identifying the friends on that account.
Facebook provides the names of the target’s friends. So, use that information to essentially bypass the security of identification by searching those names on Facebook search and matching the faces based on the Target’s friends.
Note that will need an extra Facebook account to search, otherwise Facebook does not let you search. Close the ‘Suspicion’ page and log in to your extra or your actual Facebook account and search for the Target’s friends.
Be sure to notice where your target lives so on the results you can compare whether if the friend is the matching face or not. Be sure to notice the names of the friends as well.
For example, if the name choices are:
George Bush
Adolf Hitler
Barrack Obama
Mohammed Ali
Lee Chang
And the picture given is of an middle eastern descent looking person, you should obviously go with the name that sounds middle eastern.
Once you match the faces for the identification questions. You should be able to get in without a problem.
To wrap it up,
I will warn you one one important thing, if you do not have access to their e-mails. They will get an e-mail notifying that someone is trying to log in on their accounts and your IP will be shown to them.
So, what that means is to always hide behind a VPN or a proxy so you can’t be traced back.
Try to take over their e-mails if you want or simply delete the notification e-mails so they do not notice.
Taking over the e-mail will be an obvious sign that they got hacked and they might try to retrieve the e-mail password, so be sure to change the e-mail password and security questions immediately so they cannot get it back. Only take over the e-mail once you have completely stolen and gained access to the Facebook account because they can easily change the e-mail on the Facebook account and you’ll be screwed.
Well, I believe that this is all I have to say.
Don’t Forget to +REP!
