I mean, I know he got the knowledge, but how can he hack so easily, whereas people take days to hack a fb id.
- Hot
- Active
-
Forum Thread: How to Track Who Is Sms Bombing Me . 4 Replies
1 mo ago -
Forum Thread: Removing Pay-as-You-Go Meter on Loan Phones. 1 Replies
2 mo ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 3 Replies
2 mo ago -
Forum Thread: moab5.Sh Error While Running Metasploit 17 Replies
3 mo ago -
Forum Thread: Execute Reverse PHP Shell with Metasploit 1 Replies
4 mo ago -
Forum Thread: Install Metasploit Framework in Termux No Root Needed M-Wiz Tool 1 Replies
5 mo ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
5 mo ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
6 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
6 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
7 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
9 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
9 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
9 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
9 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
9 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
9 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
10 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
11 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
11 mo ago
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Find Vulnerable Webcams Across the Globe Using Shodan
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
Steganography: How to Hide Secret Data Inside an Image or Audio File in Seconds
-
How To: Dox Anyone
-
Hack Like a Pro: Metasploit for the Aspiring Hacker, Part 5 (Msfvenom)
-
How To: Clear the Logs & Bash History on Hacked Linux Systems to Cover Your Tracks & Remain Undetected
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How To: Spy on Traffic from a Smartphone with Wireshark
-
Hack Like a Pro: How to Find Directories in Websites Using DirBuster
-
How To: Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How to Hack Wi-Fi: Cracking WEP Passwords with Aircrack-Ng
-
How To: Intercept Images from a Security Camera Using Wireshark
-
Android for Hackers: How to Turn an Android Phone into a Hacking Device Without Root
-
How To: Crack SSH Private Key Passwords with John the Ripper
-
How To: Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To: Play Wi-Fi Hacking Games Using Microcontrollers to Practice Wi-Fi Attacks Legally
-
How To: Tactical Nmap for Beginner Network Reconnaissance
-
How To: Phish for Social Media & Other Account Passwords with BlackEye
-
Hack Like a Pro: The Ultimate Command Cheat Sheet for Metasploit's Meterpreter
24 Responses
First of all there is no such thing as hacking Facebook ID, Second of all the show won't be 100% real right? The only ways to hack someone facebook is by phishing or installing a keylogger on their computer or stealing the saved data from the browser.
And that's what Elliot did, he hacked a target and got access by others ways in order to use malware/keylogger
There was also a password generator with keywords, that were obtained from social engineering
If you think that, you have no idea what you are talking about, you can easily hack ANY social Media account with bruters or using exploit tools such as metasploit.
What do you mean by "those are the only ways"? Where did you put data dumps, dictionary attacks, rainbow tables, brute-force?
As Butwhy42 already mentioned Elliot has an Wordlist generator.
The good news is: Kali already has one pre installed AND here is an Tutorial for that Bad news: I'm to fool to search for the tutorial right now and i'm running Arch and don't have everything installed so i cannot even tell you the name but i will explain to you how it works.
Elliot also explains most of this in the Show.
At the End of the first Episode Elliot is trying to crack the password of Michael Handson (i hope that's how you spell it haha :)).
As you probably know it didn't work and he says that he is too old to have an complicated password.
People often use password which include their Birthday (i have to mention that my birthday is not in 1967..) so they can memorize it easier.
For sure this 2-3 minutes attacks are really unrealistic but i think when you have the right informations about your victim you can get the password in 1-2 hours.
You don't even have to crack the Facebook password.
It's important to attack the weakest link.
The reason for this is that most people use the same password for every service. When you know you're victim is on an Website which isn't really secure against any Brute-Force or Wordlists attacks you should try to attack those because then you most likely will have access to all other Accounts like Facebook, Amazon or G-Mail.
Firstly, Elliot uses his own program called elpsrk. But that is not a realistic tool. In order to mimic elliot's attack u will need cupp and hydra or even medusa.
Hope this helps.
You can't crack facebook accounts since they are brute-force protected
Does brute-force protected mean "IMPENETRABLE" to you? And with the right time, nothing is brute-force protected. Facebook accounts, with the right knowledge and time, CAN be hacked. Facebook is a not a godly, impenetrable, holy system.
But if u use the attack I mentioned u can brute force the brute "forcable" accounts. Get the password, try it out on the other accounts like fb, maybe u'll be lucky.
Yeah i know, but other websites are implementing anti-brute force techniques, so it's getting harder
you can write some sort of script that changes your IP automatically after a number of attempts,so the anti-brute force systems won't be a problem.
They aren't that stupid, the anti-brute force system doesn't rely on the ip but Rely on the account ID, so changing ip's won't help
I would go after email since that would be a way to reset the FB account to get access. Just saying.
Gmail implented an anti-brute force system afaik, you could try for yourself
Elliot didn't really brute force the passwords. He attempted well known passwords (such as 123456seven ) and built password lists that included information he knew about the target (birthdate reversed for his psychotherapist).
People build passwords based upon things they can easily remember. These passwords usually embed some characteristic of the target such as pet names, spouse names, birthdates, etc. Elliot simply is exploiting this human "flaw". He is not brute forcing millions of passwords. That is inefficient and should only be used as a last resort.
CUPP wordlist profiler is the solution.
what about this?
Facebook is constantly updating, look the date of the video: 2012. There will always be weakness in programs/websites, but if you can't find it, you wont be able (more or less) to use it before it got patched.
also you can use the following
social engineering attack buy cloning FB, use tiny url so you dont make suspicious URL, then gather information about victim to create a trust,
shit, iam helping the evil to breed...
anyway its what called Credential Harvester Attack Method
One word: Social engineering, oops those are two words :p
In the real world, hacking websites like Facebook is not always a one trick pony. I believe I mentioned this in another forum, but I love hacking because of it's creative aspects. That is also why I love social engineering; There will never be just one way to do anything.
Hopefully this will help you come to a conclusion and maybe even plan a well thought out Facebook attack to post to Null Byte!
I agree with all of you. there can be numerous possibilities. people at fb and gmail are not fools who would let anyone hack the accounts.
but the way elliot did in the show was very quick. I mean he would just crack passwords in minutes (again im not talking about brute force).
he even logged into the bank account of her friend. Maybe it is unreal. Hacking is not that easy. we all know this.
I think it's good that it show how it's easy to crack anything, because even if it's obviously more difficult, for the random user there is no difference between the show and the 'little more difficult reality' and let's be honest, it's a low price to pay for such a (finally) good serie about security
You all seem to forget elliot had physical/proximity access to everything he hacked
Share Your Thoughts