Hey Folks, Today we are going to discuss about the ways by which we can get the credibility of anyone’s Facebook account. As we know that various types of attacks are done to control social media accounts because people are not familiar with it, so with the help of this tutorial we can prepare ourselves against such attacks.
Note : “Educational Purposes Only“
Lets do it 🙂 !!
Phishing is one of the well-known attacks, as a fake phishing page is created in this attack, which looks similar to an original web page and usually people enter their credentials without noticing the domain after which they have to compromise with his account. There are many tools available that will be able to create many phishing pages, but in our case we will use AdvPhishing tool. AdvPhishing is the one the best tool which helps us to create real life phishing page and even we can bypass the two factor authentication by using the phishing technique. If you want to learn in depth then you can use visit here.
Lets install the tool using the following command.
git clone https://github.com/Ignitetch/AdvPhishing.git
chmod 777 setup.sh
We need to give the ngrok token that you can get from here.
Now we will select the option 2 which will create the facebook phishing page automatically.
After entering the number it will give us the phishing link which we have to send to victim. As soon as the victims enter credentials, they go to the attacker.
Note : Oops ! Suppose if attacker enable the two factor authentication then what we will doing ?
Understanding ! When the victim enters her credentials then quickly we have to enter those credentials on the real facebook page and then the otp will go to the victim. They will enter otp in the fake phishing otp page and you will login before that.
Here you can see that we have got the username, password and OTP of victim’s facebook account. With the help of such techniques, attackers can take over your social media accounts.
Spoofing the SSDP and UPnP Devices
If you are connected to the network, anyone can commit a phishing attack by creating a fake UPnP device to obtain credentials. We already have the complete tutorial on the given tool that you can visit from here. Lets see how it possible.
First we will install this tool from github page which is quite easy :), just we need to execute the following command. After that we will go to the directory and execute this tool.
git clone https://github.com/initstring/evil-ssdp.git
python3 evil_ssdp.py --help
Now we will use our phishing page using the following command. But for this understanding, we need to create a phishing page that we can create through an advphishing tool. After obtaining a phishing link you have to change the highlighted link.
Usage 🙂 python3 evil_ssdp.py eth0 –template microsoft-azure -u < Your Phishing Link >
Done ! As you can see the fake UDnP service is broadcast and when the victim goes into the network option then they will definitely click on the highlighted box.
As soon as victim click onto the highlighted box they will redirect to the phishing page.
As you can see they have come to the attacker after the victim has entered the credentials on the phishing page.
Brute Force Attack
A brute force attack is a well known cracking method in which involves ‘guessing’ username and passwords to gain unauthorized access to a system. Brute force is a simple attack method and has a high success rate. Similarly there are many tools available for brute force on social media accounts but we will use the following tools to get credentials.
We have to install this tool using git command from gitub page and after going to the directory of the tool we can start it using python tool.
git clone https://github.com/Oseid/FaceBoom.git
The process of brute force is quite simple, just we need to give this tool a username or email address and a password list and it will try to find the correct one by one.
Usage 🙂 python faceboom.py -t < username > -w
Here you can see that we have found a correct username and password of the victim account, which means that we can handle his account.
An HTTP cookie is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. Similarly, when a user loged into their account, cookies are also generated in which containing the information such as: value, date, name, expiration. Cookies depends on expiry date and before the expiration if anyone does steal the cookie then they can enter the victim’s account without a username and password, even if two-factor authentication is enabled or is disabled. Cookies can be steal due to visit on unsecured website or XSS vulnerability or MITIM attack. Let us make a scenario and see how we can take advantage of it if we have cookies.
First we have to download the require extension and add on your browser that will help to inject the cookies. In our case we will add in firefox browser.
Open Facebook’s login page and click on the extension which will be in the right corner of your browser as also highlighted in the image below. Let us go ahead in which we have highlighted another option which is used to import cookies, just click on it.
Here we need to submit the cookies of the victim account and click on the highlighted button. After that refresh the page and wait for the results.
Boom ! You can see that we logged in to the victim account without username and password.
Note : For practice purpose you can export your cookies by click on
According to Wikipedia’s : DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver’s cache, causing the name server to return an incorrect result record, e.g. an IP address.
Methodology and Description
Ettercap is the open source tool which is comes pre installed in kali linux. The tool is designed to performed the ARP poisoning, ICMP packet sniffing and DNS spoofing. Now time to take a example and in short with the help of this tool we will first we will manipulate the dns server and then we will redirecting the victim to the fake phishing page. First we need to change the DNS record and provide the IP address of our malicious server where our phishing page is hosted. Just go to the following location.
- Red Indicate : When victim will visit on google.com
- Yellow Indicate : They will redirect to given IP Address
After set the above configuration start the ettercap by using the “ettercap -G” command and stop the sniffing by click on highlighted button. Scan the hosts by using the search button.
Click on the highlighted button, select the target and again click on “add target 1“
Click the on highlighted button and just click on ok to set the ARP poisoning.
Again click on highlighted button and enter the target IP Address and MAC Address.
Just start the sniffing by click on start button.
As you can see the victim tries to go to Google.com.
But a few seconds later the fake DNS server redirected the victims to the phishing page.
Done 🙂 They will be shown on ettercap as soon as they enter credentials.
MITM – Man-in-the-middle attack
A man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other and for more information you can visit on Wikipedia.
Xerosploit – MITM
This is an open source tool that is designed to perform MITM attack by using the command line.There is not much difference between ettercap and xerosploit but the advantage of this tool is that we can do MITM attacks without much effort. Lets download and configure this tool using the following command.
git clone https://github.com/LionSec/xerosploit
cd xerosploit && sudo python install.py
First we will scan the all IP address and then select our target.
If we want to see the features of this tool then we can use the help command.
It’s all done ! first enter the dspoof command that will allow us to spoof the dns server and then execute the run command. After that we enter the IP Address where we want to redirect to the victim. In our case we are using the apache server where our phishing page is host.
In this case, when the victim goes to an unsafe (HTTP) web page, they will be redirected to the given IP address each time as you can see below.
Got it 🙂 In the end, again we get the credentials of the victim’s account without much effort.