I mean, I know he got the knowledge, but how can he hack so easily, whereas people take days to hack a fb id.
- Hot
- Active
-
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 2 Replies
2 hrs ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
10 hrs ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 6 Replies
6 days ago -
How to: Crack Instagram Passwords Using Instainsane 37 Replies
6 days ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
1 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
1 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
2 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
2 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
2 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
2 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
3 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
3 mo ago -
Forum Thread: How to Run and Install Kali Linux on a Chromebook 18 Replies
4 mo ago -
Forum Thread: How to Find Admin Panel Page of a Website? 13 Replies
5 mo ago -
Forum Thread: can i run kali lenux in windows 10 without reboting my computer 4 Replies
5 mo ago -
Forum Thread: How to Hack School Website 11 Replies
5 mo ago -
Forum Thread: Make a Phishing Page for Harvesting Credentials Yourself 8 Replies
5 mo ago -
Forum Thread: Creating an Completely Undetectable Executable in Under 15 Minutes! 38 Replies
6 mo ago -
Forum Thread: Hacking with Ip Only Part [1] { by : Mohamed Ahmed } 5 Replies
7 mo ago -
Forum Thread: Problem with Airmon-Ng and VM 3 Replies
7 mo ago
-
How To: Dox Anyone
-
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How to Hack Wi-Fi: Cracking WEP Passwords with Aircrack-Ng
-
How To: Exploit EternalBlue on Windows Server with Metasploit
-
How To: Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How To: Crack SSH Private Key Passwords with John the Ripper
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
How To: Perform Advanced Man-in-the-Middle Attacks with Xerosploit
-
How To: Exploit WebDAV on a Server & Get a Shell
-
How To: Find Passwords in Exposed Log Files with Google Dorks
-
How to Hack Wi-Fi: Getting Started with the Aircrack-Ng Suite of Wi-Fi Hacking Tools
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How to Hack Wi-Fi: Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To: Brute-Force FTP Credentials & Get Server Access
-
How To: Enumerate SMB with Enum4linux & Smbclient
-
How To: Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To: Scan Websites for Interesting Directories & Files with Gobuster
-
How To: Use Ettercap to Intercept Passwords with ARP Spoofing
-
How To: Use Kismet to Watch Wi-Fi User Activity Through Walls
-
How To: Get Root with Metasploit's Local Exploit Suggester
24 Responses
First of all there is no such thing as hacking Facebook ID, Second of all the show won't be 100% real right? The only ways to hack someone facebook is by phishing or installing a keylogger on their computer or stealing the saved data from the browser.
And that's what Elliot did, he hacked a target and got access by others ways in order to use malware/keylogger
There was also a password generator with keywords, that were obtained from social engineering
If you think that, you have no idea what you are talking about, you can easily hack ANY social Media account with bruters or using exploit tools such as metasploit.
What do you mean by "those are the only ways"? Where did you put data dumps, dictionary attacks, rainbow tables, brute-force?
As Butwhy42 already mentioned Elliot has an Wordlist generator.
The good news is: Kali already has one pre installed AND here is an Tutorial for that Bad news: I'm to fool to search for the tutorial right now and i'm running Arch and don't have everything installed so i cannot even tell you the name but i will explain to you how it works.
Elliot also explains most of this in the Show.
At the End of the first Episode Elliot is trying to crack the password of Michael Handson (i hope that's how you spell it haha :)).
As you probably know it didn't work and he says that he is too old to have an complicated password.
People often use password which include their Birthday (i have to mention that my birthday is not in 1967..) so they can memorize it easier.
For sure this 2-3 minutes attacks are really unrealistic but i think when you have the right informations about your victim you can get the password in 1-2 hours.
You don't even have to crack the Facebook password.
It's important to attack the weakest link.
The reason for this is that most people use the same password for every service. When you know you're victim is on an Website which isn't really secure against any Brute-Force or Wordlists attacks you should try to attack those because then you most likely will have access to all other Accounts like Facebook, Amazon or G-Mail.
Firstly, Elliot uses his own program called elpsrk. But that is not a realistic tool. In order to mimic elliot's attack u will need cupp and hydra or even medusa.
Hope this helps.
You can't crack facebook accounts since they are brute-force protected
Does brute-force protected mean "IMPENETRABLE" to you? And with the right time, nothing is brute-force protected. Facebook accounts, with the right knowledge and time, CAN be hacked. Facebook is a not a godly, impenetrable, holy system.
But if u use the attack I mentioned u can brute force the brute "forcable" accounts. Get the password, try it out on the other accounts like fb, maybe u'll be lucky.
Yeah i know, but other websites are implementing anti-brute force techniques, so it's getting harder
you can write some sort of script that changes your IP automatically after a number of attempts,so the anti-brute force systems won't be a problem.
They aren't that stupid, the anti-brute force system doesn't rely on the ip but Rely on the account ID, so changing ip's won't help
I would go after email since that would be a way to reset the FB account to get access. Just saying.
Gmail implented an anti-brute force system afaik, you could try for yourself
Elliot didn't really brute force the passwords. He attempted well known passwords (such as 123456seven ) and built password lists that included information he knew about the target (birthdate reversed for his psychotherapist).
People build passwords based upon things they can easily remember. These passwords usually embed some characteristic of the target such as pet names, spouse names, birthdates, etc. Elliot simply is exploiting this human "flaw". He is not brute forcing millions of passwords. That is inefficient and should only be used as a last resort.
CUPP wordlist profiler is the solution.
what about this?
Facebook is constantly updating, look the date of the video: 2012. There will always be weakness in programs/websites, but if you can't find it, you wont be able (more or less) to use it before it got patched.
also you can use the following
social engineering attack buy cloning FB, use tiny url so you dont make suspicious URL, then gather information about victim to create a trust,
shit, iam helping the evil to breed...
anyway its what called Credential Harvester Attack Method
One word: Social engineering, oops those are two words :p
In the real world, hacking websites like Facebook is not always a one trick pony. I believe I mentioned this in another forum, but I love hacking because of it's creative aspects. That is also why I love social engineering; There will never be just one way to do anything.
Hopefully this will help you come to a conclusion and maybe even plan a well thought out Facebook attack to post to Null Byte!
I agree with all of you. there can be numerous possibilities. people at fb and gmail are not fools who would let anyone hack the accounts.
but the way elliot did in the show was very quick. I mean he would just crack passwords in minutes (again im not talking about brute force).
he even logged into the bank account of her friend. Maybe it is unreal. Hacking is not that easy. we all know this.
I think it's good that it show how it's easy to crack anything, because even if it's obviously more difficult, for the random user there is no difference between the show and the 'little more difficult reality' and let's be honest, it's a low price to pay for such a (finally) good serie about security
You all seem to forget elliot had physical/proximity access to everything he hacked
Share Your Thoughts