Thursday, September 10, 2015

How to : Hack Facebook Account - Steal Password - The Ultimate Guide

Welcome to the ultimate guide on how a Facebook account is hacked. Today, we learn what are the best ways to steal a Facebook password (or passwords of other services as well), hack into an account and of course how can you protect yourself from anyone trying to hack your account.
hack unlock steal facebook password

***Keep in mind that this post is educational. You should use the knowledge you acquire from this guide to protect yourself online. Any illegal activity from your part, does not reflect the purposes of this post and its author.***

So, let's dive into the guide.

How to hack a Facebook account - The Ultimate Guide

Hack an account with your magic set of skills (...and the lack of a strong password) aka the guessing technique

We'll start by simply being creative. Ok, what do I mean by that? Just guess the password. Don't be surprised. Many people still use common passwords like 1234... or their date of birth or even their cell phone number. A really cool infographic at illustrates users' password habits. 
So, why don't you give it a shot...
weak password jpeg

Social engineering can be the key for this technique to work. If you know the person whose account you are trying to hack into, ask him seemingly innocent questions about things he values in his/her life(ex. favourite number, name of parents,gf/bf,pet etc.). Combining this info might give out the password. Good luck.

!!!Our safety tip!!!
Never ever use an easily guessable password. Be sure that your password is at least eight characters long and contains letters, numbers and symbols. The stronger, the better.

Chances are you didn't succeed with the first step. Well, that pretty much all you can do... Just kidding. Continue reading!!!

Steal someone's password using phishing

What is phishing?

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
phishing password facebook

Simply put, if the user wants to access facebook, he/she has to type in his username/password. If you make him think your page is facebook or needs the passcode for some features to appear, then the user might be tricked into revealing his credentials to a third party.

So, all you have to do is create a phishing page that asks the user for his username/password while your website doesn't seem suspicious. If the user is convinced, he/she will offer his credentials in your hands.

To setup a website like that you'll need a web costing account (you can find plenty, free of charge), upload your documents used to create it(ex. a facebook logo and a neat user/pass field). Now, every time someone enters information to the fields above, a file will be created storing this info for you to see. Simple as that.

Just hand your url to your friends and hope there are plenty of phishes in the sea. You saw what i did there?

!!!Our safety tip!!!
Never hand out your credentials to sites you don't trust. Even, if a page asks you for your password be sure to check that it redirects you to the official facebook page.

Read also: Best Facebook Tips, Tricks and Hacks

Sidejacking with Hamster and Ferret

No, this is not a family movie's name.
What is sidejacking?

Sidejacking is the process of stealing someone's access to a website, typically done on wireless public networks. To access to a website, the bad actor uses a packet sniffer to obtain an unencrypted cookie(session cookie) that grants access to a website, such as webmail.

For this to work, you need to be in the same network the user you are trying to steal from is. If you are in a public network,oh boy, start hunting.
sidejacking public network facebook

We will use Linux(Backtrack-Linux will definitely do the trick) for this one. Some tools are available in Windows too.

Follow the steps below:
i)Download Hamster and Ferret if they aren't already in your machine.
ii)Extract and build using the terminal.
iii)Open terminal in Hamster's folder and start Hamster with command "./hamster".
iv)Open your browser and go to
v) Select adapters and type eth0 for ethernet or wlan0 for wireless network.
vi)Now, you must see some targets(their ip address) if someone else is using the network too. You can sidejack his/her session just by clicking the links on the left panel.

Remember, with this technique you don't acquire usernames/passwords but you gain instant and full access to other people's accounts(at least till they log out). This must be what you wanted in the first place, right?

!!!Our safety tip!!!
Never trust public networks. Always log in to your accounts from trusted networks(ex. your home) that are properly protected. Also, remember to log out of your accounts after you have finished your work.

Read also: How to secretly accept a friend request on Facebook

If all of the above fail, the next trick will certainly do it.

Defeat SSL with sslstrip

What is SSL?
SSL(Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).

Facebook uses SSL. Twitter uses SSL. LinkedIn uses SSL. Everybody uses SSL(I'm quoting Oprah here). If this wasn't the case, oxid's Cain and Abel would be the go to solution.

Here comes sslstrip though. Sslstrip is a python program created by Moxie Marlinspike that has the capability to "hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links".
ssl strip facebook tip chart

Let it to the experts. Just follow his tutorial on his official website (

!!!Our safety tip!!!
Same goes for this one. Always log into safe networks. You never know where the intruder will be. Take care.

That was the guide on how to : Hack into a Facebook account and steal someone's password. Hope you found it useful. Comment in the section below.