Posted by : Muhammad Haseeb Javed Friday, November 25, 2011
One the way to hack Facebook is Social Engineering, but the question asked by nearly all the people who are new to hacking scene is that "What is social Engineering and how to hack a (Facebook) account by it?"
So i decided to write this article to explain what it is and give a real life example of my own.
First lets see what Wikipedia have to say:
"Social engineering is commonly understood to mean the art of manipulating people into performing actions or divulging confidential information."
According to Hacker's Jargon Dictionary:
"Social Engineering: n. Term used among crackers and samurai for cracking
techniques that rely on weaknesses in wetware rather than software; the aim is to trick people into revealing passwords or other information that compromises a target system's security. Classic scams include phoning up a mark who has the required information and posing as a field service tech or a fellow employee with an urgent access problem. "So actually if you trick some one to give you the confidential information he is manipulated by you. So now its clear that our beloved Phishing is also a kind of social manipulation. This might give you the size of it!
||For those who don't know about Phishing, read this > http://hackthepc.blogspot.com/2011/03/making-facebook-phishing-site-tutorial.html||
Lets get started:
So Phishing is a way to hack and its social engineering, but what are the other ways? Well apart from this you could trick the other person to give you his password. I know this might be really difficult but once you have mastered you could really make your name. Because the most wanted hacker of all times Kevin Mithnik actually used Social manipulation to hack though he himself couldn't write his own exploit!
An easy way is to guess the password from the information given, normally people use following things as their password:
- Date of birth
- Phone Number
- School's name
- Girl Friend's name :)
- Favourite Movie
- Favourite Band
- Favourite Hero/Heroine
- Favourite Fruit! (I used one when I was young!)
These are only some, but if you know the other person very well these might work!
Another idea is to manipulate the other person in giving you the Answer to their security Question! This is what I am going to cover in Real Life Example!
"THE MAIN TRICK IS TO EXPLOIT THE TRUST BASE TO HACK!"
So it means you should exploit the trust that victim have in you to get the information, the trust could be of a friend, colleague or official (If you are pretending to be a Facebook guy who need their password).
REAL LIFE EXAMPLE:
Some months back my best friend challenged me to hack his Facebook account, unfortunately he was a reader of my blog and knew all the ways like Phishing or Keylogging. So I couldn't hack him for much time every time i tried i failed. So I though of social engineering.
What I did first was to got the primary Email Address of Facebook, I got that easily by Visiting his Profile page. The email was in Hotmail!
So I opened the Hotmail password reset page > https://account.live.com/password/reset and gave his email this gave me the following page:
Here the security Question was " Name of Best Friend from Childhood?", it seemed pretty easy so started entering the name of all his friends but to my amazement the name was someone's whom i didn't knew.
So I went to the Chat and manipulated him. Following is some text from chat:
Me: Hello, how are you/
He: Fine. whatsup!
Me: Nothing, just getting ready for your party.
He: Ohh great, it is going to be fun!
Me: Yah i know, who else is comming?
He: Only you and [He named some which were not the answer]Me: Hey havent you called you old friends? I wanted to meet them.
Me: Are in contact with them, BTW who is your best friend apart from our group?
He : Ohh my best friend apart form you people is Arslan.
Me: ohh great looking forward to the party! bye.
So those people who don't know ARSLAN is a name and to my Good Luck it was also the password! So I hacked his email and from their I hacked his Facebook account,
Don't worry no harm was done I just showed him that i did it and returned him the account because it is unethical to hack people to harm them. Real Hackers don't do this and I for my self only hack my dearest friends (who don't mind) for fun that all for me!
So from this example you people might have learn that how easy it is to hack through Social Engineering. But ALAS! the success rate is very low, but still where nothing works this works!