flat assembler
Message board for the users of flat assembler.

Index > Heap > how to hack or obtain facebook password

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 8900
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
maybe you got a undisclosed tricks or pricks,

is there a easiest method to obtain a facebook password by having a log in id?

yeah, i am interested, Laughing
Post 15 Jul 2013, 04:40
View user's profile Send private message Reply with quote
TmX



Joined: 02 Mar 2006
Posts: 821
Location: Jakarta, Indonesia
TmX
Many years ago, while Friendster was still in hype,
I put a keylogger in several PCs in the high school library.

Voila. I got lots of IDs and passwords. Very Happy
Post 15 Jul 2013, 08:49
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
is there a easiest method to obtain a facebook password by having a log in id?
Yes. Just ask your friend what their password is.
Post 15 Jul 2013, 12:34
View user's profile Send private message Visit poster's website Reply with quote
matefkr



Joined: 02 Sep 2007
Posts: 1291
Location: Ukraine, Beregovo
matefkr
the easiest is start a business making hardware devices wich can do the deal.
Post 15 Jul 2013, 18:19
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
Have you tried rubber-hose cryptanalysis?

Example case: http://xkcd.com/538/

Smile
Post 15 Jul 2013, 18:29
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8900
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
ah, using physical bruteforce ah,, ManOfSteel, =)

matefkr, i think that is the sole reason why Google created google glass, could record how that particular person hand moving on key board and figure out the password,

revolution, they forgot and someone else change da password,
i think, facebook should run a statistic on facebook user password strength, then they would figure out who is using their server, the most, =P

Tmx, that is evil, =P
i thought library pc usually did network pxe boot, reset to original after boot, using image from server,
ah,,, maybe i should start putting keylogger too, lol
Post 16 Jul 2013, 02:41
View user's profile Send private message Reply with quote
TmX



Joined: 02 Mar 2006
Posts: 821
Location: Jakarta, Indonesia
TmX
Hi sleepsleep,

Well, software-based keyloggers are actually not that bad, compared to hardware-based ones.

BTW, I just remember the keylogger I was using at that time: SilentLog.
It was written in FASM (surprised?)
http://packetstormsecurity.com/files/25756/SilentLog.zip.html

Laughing
Post 16 Jul 2013, 03:35
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8900
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
ha, thanks Tmx, =)
maybe convert it to a native 64-bit one, hehehee,,
Post 16 Jul 2013, 03:48
View user's profile Send private message Reply with quote
YONG



Joined: 16 Mar 2005
Posts: 8000
Location: 22° 15' N | 114° 10' E
YONG
ManOfSteel wrote:
Have you tried rubber-hose cryptanalysis?
Haha ... bro, you have got a sense of humor! Laughing

BTW, how come you had time to respond to threads like this? Rolling Eyes I thought you were very busy promoting your brand-new movie all round the world! Wink
Post 16 Jul 2013, 05:22
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8900
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
haha,,, maybe there is some sort of link between ManOfSteel and Man of Steel,,,
superman rocks all time!
Post 16 Jul 2013, 10:01
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8900
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
looking at packetstorm so much vulnerabilities listed, be it operating systems, or softwares,

how is it sane to use computer?
Post 16 Jul 2013, 14:47
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8900
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
since facebook recognize if the user using unknown device, any idea to get through this?

even though we got the target username and password, facebook detect the login device too, is this down using stored plain MAC address? or facebook use another kind of recognition?

any idea?
Post 18 Jul 2013, 21:17
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4237
Location: 2018
edfed
[troll]if you want to have a facebook password, the easiest way would be to create an account and then, give it a password you will know. [/troll]
Post 19 Jul 2013, 12:11
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
since facebook recognize if the user using unknown device, any idea to get through this?

even though we got the target username and password, facebook detect the login device too, is this down using stored plain MAC address? or facebook use another kind of recognition?

any idea?
They can't use the MAC since that can't transfer across a gateway. But the most likely methods are cookies and browser string identification. Also check out the panopticon website.
Post 19 Jul 2013, 20:38
View user's profile Send private message Visit poster's website Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY
All joking aside here are a few options:

* Use social engineering to obtain personal data and then try to combine this data to guess the password.

* Hack into the person's email first using "I forgot my password" and then guessing the secret answer, then get facebook to reset the password in that email.

* Code a new keylogger (so AVers don't detect) and install in the person's machine to get the password.

* Let the person log into his/her facebook account in your cell phone. (I actually discovered this by accident. A girl logged in using my phone and the session was still alive and I could check out her facebook account)

* Install teamviewer in their PC and remotelly control their machine to log into facebook using password from previous methods (this will bypass machine verification).

Alternatively, just ask. Rolling Eyes
Post 21 Jul 2013, 03:58
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8900
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
revolution wrote:

They can't use the MAC since that can't transfer across a gateway. But the most likely methods are cookies and browser string identification. Also check out the panopticon website.

thanks for MAC confirmation,
panopticon website? a jail monitoring system

OzzY, i think, keylogger is the way to go, but teamviewer will leave a notice box after you exit from that machine, i was thinking installing openvpn on that machine, =) maybe a simple background app to just show processes and anytime deliver a screenshot to me, evil Razz
Post 22 Jul 2013, 18:27
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
revolution wrote:
Also check out the panopticon website.
sleepsleep wrote:
panopticon website? a jail monitoring system
I am sorry I gave the wrong name. I meant Panopticlick:

https://panopticlick.eff.org/
Post 13 Oct 2013, 08:51
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8900
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
thanks,
it seems i have an issue,
Quote:
Your browser fingerprint appears to be unique among the 3,491,912 tested so far.
Post 13 Oct 2013, 11:22
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
There are other ways that one can be tracked even without browser fingerprinting, JS or cookies. For users that have the browser cache enabled websites can use the etag value of any asset on their site as a unique identifier.

I think the only way to avoid tracking is not to blend in and try to be one-of-many but instead to always be identified as different. By this one can disable JS, cookies and caching and then generate a random set of request headers for every access. Plus of course using IP obscuring techniques like TOR or through an anonymous proxy that you know and can trust.
Post 13 Oct 2013, 12:48
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
TmX wrote:
Hi sleepsleep,

Well, software-based keyloggers are actually not that bad, compared to hardware-based ones.

BTW, I just remember the keylogger I was using at that time: SilentLog.
It was written in FASM (surprised?)
http://packetstormsecurity.com/files/25756/SilentLog.zip.html

Laughing


Image
Post 13 Oct 2013, 16:40
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.