outlaw Posted November 24, 2009 Posted November 24, 2009 Hi there, i have an IP address of my "friend" and want to enter her pc without her access of course. all i want to do is to see her facebook password and change the password. what tool can i use to scan for open ports on her pc. i am linux user. when i got the numbers of open ports how to connect to her pc on these ports and how to open Opera with grafical interface? Thank ya! Quote
manuel Posted November 24, 2009 Posted November 24, 2009 HOW TO HACK my friends myspaz... I Learn you good. OR.... How do I hack my friends' myspace? I want to learn. WHICH sounds better? I know English isn't everyone's primary language, but at least run your post through google translate or something to help it make more sense before you post. Sheesh. "How to", means you are going to show us how to do something. "How Do I", means you are asking how to do something. Come on people, learn to use the language properly if you are going to use it at all. Or do like I do with Spanish... Don't use it. Quote
outlaw Posted November 24, 2009 Author Posted November 24, 2009 i installed this app on my win and i `ve become this window: http://img412.imageshack.us/img412/5271/34855614.jpg What application should i use to start port scanning? and what application should i use to enter the enemy pc? will the cursor be visible from my "friend" when i am connected to her pc and i am entering opera? sorry for my english Quote
Netshroud Posted November 24, 2009 Posted November 24, 2009 You became that window? I always wanted to be an application! ^_^ Quote
lopez1364 Posted November 24, 2009 Posted November 24, 2009 You should be on the same network as your "friend". You should NMAP to scan the devices on that network (nmap -sV xxx.xxx.xxx.xxx/24). Then you should fire up an arpspoofing or ettercap for MITM. You don't need to be remotely logged into the system to get password information. You have so many options. If you fire up hamster, you don't need a password b/c you could replicate the password thru a cookie and change it once you are on the facebook. If you were to use metasploit and you were to be able to get onto your "friend" machine. Then you could issue a few commands; one for example would be the keylogger feature. Which would capture anything that is typed but if you are really interested in having command prompt access to the machine then yes you can control the command prompt without the "friend" knowing. You can also send a vnc file over to the machine and start up a vnc viewer. These are just a few options but here comes the best part. Go learn how to do this stuff. You can't just ask how can I hack. You are only as good as you apply yourself. Why don't you take time to learn this stuff on your own. Maybe even do some research on the tools I told you about and do some trial and error. HAVE FUN!!! Quote
d4rkfe4r Posted November 25, 2009 Posted November 25, 2009 Easiest way is to crack the AP encryption then run a MITM attack as lopez suggested.. much easier and it gives more desired results. I did a similar attack on the computer lab in my student apartment last year and ended up getting someones email pw and they just so happen to have a FB account so I waited till they logged out then did a lost/stollen pw and after changing it I deleted the email from the account. Quote
outlaw Posted November 30, 2009 Author Posted November 30, 2009 how do i crack the AP(what is that) encryption? how do i run a MITM atack? thanks Quote
lopez1364 Posted November 30, 2009 Posted November 30, 2009 watch prior Hak.5 video to achieve your answers :) Quote
H@L0_F00 Posted November 30, 2009 Posted November 30, 2009 ALT+F4 On another note, Nmap, & Metaploit/Milw0rm FTW... Quote
Gianluca Posted August 26, 2010 Posted August 26, 2010 (edited) i have an IP address of my "friend" and want to enter her pc without her access of course. all i want to do is to see her facebook password and change the password. this is old ok, but that's my 2 cents: create a completely new web service online (online dating, gambling, fake sms free service, free calls, something NEW) with a username/password login page. Convice him/her to register on that web service (you have already done it ok? you know how cool this service is... :) :) :) ). There is a 70-75% chance (here the study) that the password he/she entered is the same as his/her facebook or email account. You are the admin on that server so you can store the password in clear and get it as it is. not bad, uh? :) Edited August 26, 2010 by gianluca ghettini Quote
Mr-Protocol Posted August 26, 2010 Posted August 26, 2010 ALT+F4 On another note, Nmap, & Metaploit/Milw0rm FTW... Milw0rm hasnt been updated in YEARS. Infact, the site is gone... http://www.exploit-db.com/ this is old ok, but that's my 2 cents: create a completely new web service online (online dating, gambling, fake sms free service, free calls, something NEW) with a username/password login page. Convice him/her to register on that web service (you have already done it ok? you know how cool this service is... :) :) :) ). There is a 70-75% chance (here the study) that the password he/she entered is the same as his/her facebook or email account. You are the admin on that server so you can store the password in clear and get it as it is. not bad, uh? :) So much work for a 70-75% chance. -Get on their network -ARP inject for MITM -SSLStrip -Wireshark/SSLStrip Logs. -100% Quote
Gianluca Posted August 27, 2010 Posted August 27, 2010 (edited) So much work for a 70-75% chance. naaa.. just write the login page of the web service! :lol: and of course, if u try this over 100 people, you get on average 70-75 facebook and email accounts... not bad IMHO. the more users the better because the effort-per-account decreases very fast Edited August 27, 2010 by gianluca ghettini Quote
digip Posted August 27, 2010 Posted August 27, 2010 Yeah, fake services or even cloned sites and some social engineering is the way to go. SET is the tool you would want for that. It integrates metasploit into it so payloads can also be used against the target in the process. All this without having to be on the same network, just need to get them to visit a site or click a link in an email and then its game over. Quote
Gianluca Posted August 27, 2010 Posted August 27, 2010 Yeah, fake services or even cloned sites and some social engineering is the way to go. SET is the tool you would want for that. It integrates metasploit into it so payloads can also be used against the target in the process. All this without having to be on the same network, just need to get them to visit a site or click a link in an email and then its game over. yep, cloning sites means phishing = illegal but creating new services is absolutely legal... as you said, no need to be in the same network and no need to be in front of the computer too! just wait for the passwords to show up in your remote log file... Quote
Gianluca Posted August 27, 2010 Posted August 27, 2010 (edited) So much work for a 70-75% chance. if you're targeting a specific user the 70-75% success rate may be not enough (there is a 25-30% chance that it is not enough :P :P :P ) but if you are just collecting random accounts that's very good. Edited August 27, 2010 by gianluca ghettini Quote
Mr-Protocol Posted August 27, 2010 Posted August 27, 2010 (edited) if you're targeting a specific user the 70-75% success rate may be not enough (there is a 25-30% chance that it is not enough :P :P :P ) but if you are just collecting random accounts that's very good. I still think MITM is the way to go. Fake logins are picked up by browsers and AV browser add-ons. Fake login pages are old news, yes maybe still effective but if people pay attention to the address bar URL, if their AV picks up on the site (like mine said HAK5 was malicious and a few other users had the same issue), I think even Firefox and Chrome have some sort of safe filter. Even IE for that matter. Looking back at the OP, this individual has the "IP" (if it hasn't changed via DHCP/IP Leases), of a girl whom he wants to change her facebook password. Sounds like revenge, but that happens I guess. So I would like to assume he went to her house. Went to a website to view the outside IP address (if he just did "ipconfig" and the computer is behind a router/NAT then he is an idiot), and is trying to h4x0r the computer to get a facebook password. Not to mention the word friend was in quotes in the OP. Makes me think otherwise... Regardless I kind of feel like I should fall back to the way of thinking as the Remote-Exploit forums. No illegal activity is to be discussed on the forum. Not sure where HAK5 sits on the subject but I'm sure they don't want the bad press. He also needs help opening Opera in "grafical" interface? I wonder if he is new to linux or he just doesn't have a clue lol. Edited August 27, 2010 by Mr-Protocol Quote
Infiltrator Posted August 28, 2010 Posted August 28, 2010 I think it would prove very difficult to hack into her computer from the outside, if they are on the same network a MITM attack would be very effective in this situation. Secondly, you could craft a malicious switchblade USB, that drops a backdoor program like (NetCat) and make it establish back a connection to your computer. But the difficult part would be getting her to insert the USB or doing it yourself. If you can achieve that, than you are half way there my friend. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.