The truth about Facebook password hacking / cracking
On the Web - DO NOT BE NAIVE !
You might have seen a lot of websites that offer to hack Facebook account password, some claim to hack them using the "expertise" they gained in last X years , some claim to hack it using previously existing loopholes...Goes same for "Facebook password crackers" or "Facebook password stealers"...
Type "Facebook password hacker" in Google & see for your self. Countless results of websites who claim to hack Facebook passwords or help you to steal Facebook passwords...
So ? what's the truth then ? There are no magical techniques
These websites demand $100 to $300 per account for hacking facebook & get you...absolutely nothing! DO NOT PAY ! It's a TRAP ! They claim Facebook has a MD5 password : it's bullshit too. Facebook DO NOT USE MD5 for password hashing. They use more complex systems.As for (fake) Facebook Password cracker "software", any company or website that claims to hack password using software usually show a (fake) MD5 hash of the password which is indecipherable.
Not convinced yet ?
Have a try by yourself : type "hacking facebook" in Google, choose one of these crappy website. You'll be asked to enter a Facbook ID number or Facebook email to crack. Enter "123" as ID number or "gggggg@whatever.shit" as email, anything as long as the ID or email does not exist in the real life..http://www.facebook.com/profile.php?id=123 <- this ID does not exist but these (fake) websites are sooo magical that they can hack this (ghost) Facebook account ! Congratulations...
Ok, Facebook site/software are all bullshit. But I need to steal a Facebook password !
As any other website or web services (Yahoo, Gmail...), it's possible to get credentials using conventional techniques :- Facebook Phishing : use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites like Yahoo, Gmail, etc. The victim is fooled to believe the fake facebook page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her facebook login details are stolen away.
- Keylogging : locally or remotely install a keylogger application on the victim's computer. It records the keystrokes into a log file and then you can use these logs to get required Facebook, GMail, etc password.
- Primary email address hack : simply ask Facebook to send password reset email to the victim's primary email address - of course if this email account is already compromised : reset page.
- Social engineering : method of retrieving password or answer of security question simply be quering with the victim. You have to be careful while using this as victim must not be aware of your intention. Just ask him cautiously using your logic.
- Cookie Stealing / Session Hijacking : Google it. See for example FireSheep
