Jump to content

Please help to connect to other user


Recommended Posts

Posted

Hi there,

i have an IP address of my "friend" and want to enter her pc without her access of course. all i want to do is to see her facebook password and change the password. what tool can i use to scan for open ports on her pc. i am linux user. when i got the numbers of open ports how to connect to her pc on these ports and how to open Opera with grafical interface?

Thank ya!

Posted

HOW TO HACK my friends myspaz... I Learn you good.

OR....

How do I hack my friends' myspace? I want to learn.

WHICH sounds better? I know English isn't everyone's primary language, but at least run your post through google translate or something to help it make more sense before you post.

Sheesh.

"How to", means you are going to show us how to do something.

"How Do I", means you are asking how to do something.

Come on people, learn to use the language properly if you are going to use it at all. Or do like I do with Spanish... Don't use it.

Posted

You should be on the same network as your "friend". You should NMAP to scan the devices on that network (nmap -sV xxx.xxx.xxx.xxx/24). Then you should fire up an arpspoofing or ettercap for MITM. You don't need to be remotely logged into the system to get password information. You have so many options. If you fire up hamster, you don't need a password b/c you could replicate the password thru a cookie and change it once you are on the facebook.

If you were to use metasploit and you were to be able to get onto your "friend" machine. Then you could issue a few commands; one for example would be the keylogger feature. Which would capture anything that is typed but if you are really interested in having command prompt access to the machine then yes you can control the command prompt without the "friend" knowing. You can also send a vnc file over to the machine and start up a vnc viewer.

These are just a few options but here comes the best part. Go learn how to do this stuff. You can't just ask how can I hack. You are only as good as you apply yourself. Why don't you take time to learn this stuff on your own. Maybe even do some research on the tools I told you about and do some trial and error. HAVE FUN!!!

Posted

Easiest way is to crack the AP encryption then run a MITM attack as lopez suggested.. much easier and it gives more desired results.

I did a similar attack on the computer lab in my student apartment last year and ended up getting someones email pw and they just so happen to have a FB account so I waited till they logged out then did a lost/stollen pw and after changing it I deleted the email from the account.

  • 8 months later...
Posted (edited)
i have an IP address of my "friend" and want to enter her pc without her access of course. all i want to do is to see her facebook password and change the password.

this is old ok, but that's my 2 cents:

create a completely new web service online (online dating, gambling, fake sms free service, free calls, something NEW) with a username/password login page. Convice him/her to register on that web service (you have already done it ok? you know how cool this service is... :) :) :) ). There is a 70-75% chance (here the study) that the password he/she entered is the same as his/her facebook or email account. You are the admin on that server so you can store the password in clear and get it as it is.

not bad, uh? :)

Edited by gianluca ghettini
Posted
ALT+F4

On another note, Nmap, & Metaploit/Milw0rm FTW...

Milw0rm hasnt been updated in YEARS. Infact, the site is gone...

http://www.exploit-db.com/

this is old ok, but that's my 2 cents:

create a completely new web service online (online dating, gambling, fake sms free service, free calls, something NEW) with a username/password login page. Convice him/her to register on that web service (you have already done it ok? you know how cool this service is... :) :) :) ). There is a 70-75% chance (here the study) that the password he/she entered is the same as his/her facebook or email account. You are the admin on that server so you can store the password in clear and get it as it is.

not bad, uh? :)

So much work for a 70-75% chance.

-Get on their network

-ARP inject for MITM

-SSLStrip

-Wireshark/SSLStrip Logs.

-100%

Posted (edited)
So much work for a 70-75% chance.

naaa.. just write the login page of the web service! :lol: :lol: :lol:

and of course, if u try this over 100 people, you get on average 70-75 facebook and email accounts... not bad IMHO.

the more users the better because the effort-per-account decreases very fast

Edited by gianluca ghettini
Posted

Yeah, fake services or even cloned sites and some social engineering is the way to go. SET is the tool you would want for that. It integrates metasploit into it so payloads can also be used against the target in the process. All this without having to be on the same network, just need to get them to visit a site or click a link in an email and then its game over.

Posted
Yeah, fake services or even cloned sites and some social engineering is the way to go. SET is the tool you would want for that. It integrates metasploit into it so payloads can also be used against the target in the process. All this without having to be on the same network, just need to get them to visit a site or click a link in an email and then its game over.

yep,

cloning sites means phishing = illegal but creating new services is absolutely legal...

as you said, no need to be in the same network

and no need to be in front of the computer too! just wait for the passwords to show up in your remote log file...

Posted (edited)
So much work for a 70-75% chance.

if you're targeting a specific user the 70-75% success rate may be not enough (there is a 25-30% chance that it is not enough :P :P :P ) but if you are just collecting random accounts that's very good.

Edited by gianluca ghettini
Posted (edited)
if you're targeting a specific user the 70-75% success rate may be not enough (there is a 25-30% chance that it is not enough :P :P :P ) but if you are just collecting random accounts that's very good.

I still think MITM is the way to go. Fake logins are picked up by browsers and AV browser add-ons.

Fake login pages are old news, yes maybe still effective but if people pay attention to the address bar URL, if their AV picks up on the site (like mine said HAK5 was malicious and a few other users had the same issue), I think even Firefox and Chrome have some sort of safe filter. Even IE for that matter.

Looking back at the OP, this individual has the "IP" (if it hasn't changed via DHCP/IP Leases), of a girl whom he wants to change her facebook password. Sounds like revenge, but that happens I guess.

So I would like to assume he went to her house. Went to a website to view the outside IP address (if he just did "ipconfig" and the computer is behind a router/NAT then he is an idiot), and is trying to h4x0r the computer to get a facebook password. Not to mention the word friend was in quotes in the OP. Makes me think otherwise...

Regardless I kind of feel like I should fall back to the way of thinking as the Remote-Exploit forums. No illegal activity is to be discussed on the forum. Not sure where HAK5 sits on the subject but I'm sure they don't want the bad press.

He also needs help opening Opera in "grafical" interface? I wonder if he is new to linux or he just doesn't have a clue lol.

Edited by Mr-Protocol
Posted

I think it would prove very difficult to hack into her computer from the outside, if they are on the same network a MITM attack would be very effective in this situation.

Secondly, you could craft a malicious switchblade USB, that drops a backdoor program like (NetCat) and make it establish back a connection to your computer. But the difficult part would be getting her to insert the USB or doing it yourself.

If you can achieve that, than you are half way there my friend.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...