We have all been googling atleast once how to do this. Everyone wants to hack someone else’s facebook account these days and they have thousands of reasons. So in this thread, I will be sharing all possible methods to hack a facebook account.
Before, we go any further. Let me say that Facebook cannot be hacked with a program of any kind. If you see anyone claiming that they have a program to hack Facebook, they are lying.
Now, why are key loggers, phishers, social engineering, and some RATs bad?
-Key loggers only record the keys pressed on the keyboard.
-Phishers essentially do the exact same thing as key loggers, however the slave must do it manually.
-Social Engineering is the trickiest and I would probably say the hardest method of stealing Facebook account nowadays.
-RATs are probably the best road to take if you plan to steal a Facebook account because you have access to Socks5. Socks5 being their own system.
Key logger I recommend: Rapzo Logger v 1.5
1) Why that key logger? Well, it’s Free and it works. I tested it.
After you have done that above, simply build your server. Click Test me to be sure it works. Be sure to select what kind of e-mail you want to use and put the e-mail and the password.
Now, considering that this keylogger is free, you will need to get your file crypted.
Crypting is essentially making your server or bot, or whatever you want to call it, FUD (Full undetected), being not detected by any Anti Virus or at least UD (Undetected), being only being detected by a few Anti virus.
Why crypt? Well, so your file doesn’t get detected and immediately deleted as soon as the target opens the file.
2) Let’s move on to RATs,
I see the same question all the time, Which is the best/favorite RAT?
-Based on my personal experience, I can say that DarkComet and Cybergate are the best for RATs being free.
I will not go into teaching you how to set those up because there are already a ton of tutorials on how to do that.
-I will not go into phishing since it’s against the rules.
4) Social Engineering
-Ah, the classic stories of “My friend hacked my facebook” or “How can I hack my friend?” or my personal favorite “How to hack my girlfriend’s Facebook?”
A common mistake by layman who do not know much about the internet is giving information out without actually knowing that they are giving the information out.
Social Engineering on Facebook seems like a joke considering that you aren’t going to ask the person their password and e-mail for you to log in. Even if they do in fact give you their information voluntarily, it’s pointless.
Why is it pointless? Well, Facebook has become smarter on their security.
I wrote about the reasons in dept on my other tutorial: [Tutorial] [color=#8B4513]Why you shouldn’t phish, keylog, SE on Facebook.
(Click here to view)
Basically, it comes down to this.
Facebook will detect ‘Suspicion’ on the account that you are logging in and it will not allow you to log in under that account simply because their logs of the original account owner do not match with your IP or the IP your are hidden behind.
Now to retrieve back to the very beginning of this tutorial, I said that Key logging, Phishing, Social Engineering, and RATs were the common methods associated with hacking a Facebook account.
I will respectfully correct my mistake and as well as the other tutorials on here.
1) Even if you do manage to steal the password and e-mail using Keylogs, the problem of suspicion will appear.
2) Even if you do manage to steal the password and e-mail using Phishing, the problem of suspicion will appear.
3) Even if you do manage to crack the password out of your target through Social Engineering, the problem of suspicion will appear.
4) RATs are probably and definitely the best way to go into “hacking” a Facebook account simply because you will have full access to their computers. You can change their info through computers and the problem of suspicion will not appear.
RATs are NOT the only possible way to get in! Keylogging, Phishing, and Social Engineering might work as well.
I believe that Facebook compares the ranges of IP based on the ISP of the target. Now, if that’s the case…Simply do a whois on the slave using the RAT.
If you do not know what whois is, it’s basically a query that searches where the target is located. Normally you can double click on the slave when they are online on the RAT and see where they are from and look at their IP.
Now, you don’t really need a RAT to tell you where the slave lives or his IP. If you already have his IP or location through other methods such as reverting you’re good to go.
However, if you do not have any information at all what so ever, you can try searching on these sites to revert info about the target.
Now, once you have an IP or ISP, or location the next part is looking for a Sock5 to hide behind so Facebook thinks that you are only using a different computer in the same area. You can also spoof the IP, but I will not go into that.
[color=#FF0000]So, after all that work, you still can’t take over their accounts?
I thought about this method as I was showing a friend through Teamviewer the pictures that Facebook was showing me to identify the target’s friends. And obviously, I was clueless because I did not know of the people.
What did I do? Well, as you can see the picture #4:
Facebook provides the names of the target’s friends. So, use that information to essentially bypass the security of identification by searching those names on Facebook search and matching the faces based on the Target’s friends.
It will only ask you match faces if you are logging in with the correct password or if you get picked up from a different location.
Note that will need an extra Facebook account to search, otherwise Facebook does not let you search. Close the ‘Suspicion’ page and log in to your extra or your actual Facebook account and search for the Target’s friends.
Be sure to notice where your target lives so on the results you can compare whether if the friend is the matching face or not. Be sure to notice the names of the friends as well.
For example, if the name choices are:
And the picture given is of an middle eastern descent looking person, you should obviously go with the name that sounds middle eastern.
Once you match the faces for the identification questions. You should be able to get in without a problem.
To wrap it up,
I will warn you one one important thing, if you do not have access to their e-mails. They will get an e-mail notifying that someone is trying to log in on their accounts and your IP will be shown to them.
So, what that means is to always hide behind a VPN or a proxy so you can’t be traced back.
Try to take over their e-mails if you want or simply delete the notification e-mails so they do not notice.
Taking over the e-mail will be an obvious sign that they got hacked and they might try to retrieve the e-mail password, so be sure to change the e-mail password and security questions immediately so they cannot get it back. Only take over the e-mail once you have completely stolen and gained access to the Facebook account because they can easily change the e-mail on the Facebook account and you’ll be screwed.
6) Regaining access
[b]This is a new section on the tutorial which I decided to include since it’s important to know if accidents were to happen.
So, what this means is that you will be left out of their account if they update their security information and you will have to bypass all the security measures all over again.
This is what you will see:
1)This is what will show telling you “You used an old password”
This picture shows that you have logged in with their old password, and will ask to confirm that it’s in fact you.
This will give you the options of how you confirm that it’s in fact you.
I chose to confirm using profile URL. There are a variety to choose from.
I linked it here.
Applying CATCHA security
Fill out CAPTCHA.
This is the page where you could retrieve Facebook into sending you the new password to their e-mail (If you have access) or even perhaps a different e-mail. Make your story sound as believable as possible, so don’t type like you are 10 years old.
Well, I believe that this is all I have to say.