Hacking facebook is nearly impossible. Then how facebook accounts are hacked? Actually hacking into facebook database is nearly impossible. Its not an easy job (only a few had done it.. lol). But still there are many other ways to hack an account. Here is one method – ‘phishing’. Phising means collecting sensitive data like passwords and usernames or even credit card details with specially crafted webpage that which is the exact clone of the genuine one. we have to setup a trap and wait for the prey to get in. Now Just follow the steps.
As said before, We are setting up a trap. We have to make a fake login page and a script to capture the username and password. If you don’t have much experience in PHP and HTML don’t worry just download the codes from below link.
After downloading the files we need a server to host it. If you have one server (kali linux have Apache built in) just host it. If you dont have one just make one account in a free hosting service.
Here we are using a free hosting service 000webhost.com Go to the home page and click signup.
ALTERNATIVE (built in apache server)
Kali Linux have built in apache web server. copy the files index.html and login.php to “/var/www/html/” directory. Forward the port 80 in your router. Your public IP will be your web address. Open a browser “http://<your public ip>/” this will give you the phishing page. I don’t recommend this method because no one will open the ip address unless you have a domain name
Register with your email id and make an attractive domain name. Note down the password that you have provided. Now again go to the home page and click on ‘members area’. Login with your email and password, it will take you to the C-panel of your website. Click on file manager, your home directory will come up. Now just upload the file that you have downloaded (index.html and login.php) to the “public_html” directory.
Open new tab on your browser and enter your url (i.e url of the website that you have just hosted). If a facebook look alike page appears then get ready for the hunt. You have just made an evil twin of real facebook login. Now just give that link to your victim and wait for him to login. Just say this is you FB page, just check out.
Wait for our prey.. If our target has opened the link and logged in with his credentials our php script should have captured the password and saved to a text file – password.txt. to retreive this go to the cpanel and login again open the text file. Enjoy !
BONUS: You can also change the dns of a target systems like internet cafes or offices and redirect the facebook.com to your rouge dns (i.e your phishing sites’s DNS). so when a user type in facebook.com it will be redirected to your phishing page. Through this way you can get tremendous number of login credentials a day.
change dns of windows
now you can find the entries 127.0.0.1 is localhost. Add the following line at the bottom and save it. (find your own IP by ping command: # ping yoursite.com)
<your site’s IP> facebook.com
<your site’s IP> www.facebook.com
<your site’s IP> fb.com
<your site’s IP> www.fb.com