HOW HACKING FACEBOOK ACCOUNTS WORKS
Facebook has two databases (one for males and one for females users) where they keep all the information from their users, if you remember the email you use to login but forget your password, you can use the 'Forgot your password?' option, however if like me you don't have any of that information it's impossible to legally recover that account.
If you know anything about programming websites you know the 'Forgot your password?' service has to be in direct contact with the databases in order to send requests to retrieve the forgotten information for you, basically what that means is if you 'ask' the database for the login information with the right 'code' (in our case exploit), it will send you back that information.
So all I had to figure out is what the code was and what system they used to contact the databases through the 'Forgot your password?' service, after a few weeks of writing and testing codes I came up with the right one for the job and after doing a bit of research I learned FaceBook uses something similar to an email service to contact their databases.
For security reasons the databases are programmed to verify the account your requesting is actually yours and not someone elses so they need some type of authentication or verification (thats why they send you a verification link to your email when creating your account or changing your password).
Luckily for us, as mentioned above, through the use of Twitter combined with Facebooks 'Mutual Friend' feature, we can use a friends account to verify your own, in other words, if the person you want to get the login information from is on your friends list on Facebook...you can use your Twitter account to verify your their friend on Facebook taking advantage of the vulnerability of the twitter status sync exploit, and get their login email and password sent to you. Unfortunately, this isn't the Twitter method.
HOW TO DO IT
1) First off you will need to get your user id and the victims user id, how do you do this?
Go to the victims profile, then click on their Display Picture (not the "View Photos of ..." link or tab but the actual main picture of their profile) and look at your browsers address bar, at the end of all the address you should see a group of numbers that should you should look something like this: (I have used a red arrow to point them out)
Don't worry if it isn't exactly like that (sometimes it has variations like; 'album.php?profile=10957800008') just as long as you get the numbers. Write them down somewhere as you will need to use it a bit further down, once that is done you may continue to step 2.
2) At the bottom of this page I have pasted the exploit code I created to fool the databases, this is the tricky part as you will have to edit the code a bit yourself so that it fits your needs when searching for the victims login information.
Scroll down to the bottom of this page and find the code I have highlighted in red so you know what to copy, select the code and copy it to your clipboard (press CTRL+C) then paste it (CTRL+V) on a notepad or text document so you can edit it.
3) Once you have the code somewhere you can edit it, you will need to insert three things into it, the facebook user id of the victim and the Facebook friend authentication information. I will give you step by step examples by trying the exploit code on my friend Laura's account as the victim, see what parts you have to edit and with what:
1. Should be the victims user id.
2. Should be your email login to verify your the victims mutual friend on facebook. .
3. Should be your facebook password so the database can authentic you really are friends with the victim on facebook.
When editing the code, don't accidentally delete one of the quotes (") or it won't work, so make sure you put the information inside them.
4) Now that you have the exploit code edited and ready to send, we are all set to send it to the database through an email, since it's not your regular email but an exploit email we will have to use a special Subject so the database knows how to read it in programming language.
Go to your email address and Compose a new email to <!-- e http://www.youtube.c...ccount_recovery
2. Type in the username you want to steal.
3. Click on "Verify your identity" highlighted in blue.
4. Enter in any email address you have access to, press continue.
5. Where it says "Last password you remember" type in your targeted username and a set of numbers like "123".
6. Where it says "When was the last time you were able to sign in to your Google Account?" go to the channel of your targeted username and see when their last activity was. Use this information, if the channel has no activity then type in a random date.
7. Where it says "When did you create your Google Account?" refer to step 6. Press continue.
8. Skip "Other Google products you use", press continue.
9. You should see a message like "You will receive an email at the contact email address you provided once we've validated your responses (usually within a few hours)". Wait for the email to come.
10. You will receive an email like "We received your request to recover your Google Account 'target', and weâd like to evaluate your account more closely. To continue the account recovery process, please visit: (a link will appear under this text). Click the link.
11. Okay, here is the niche in this. The link will show you the email attached to the YouTube account. (Example: http://i.imgur.com/n132Z.png ?)
12. Now you need to get the Dox off the email. I have noticed that the best emails are Yahoo and Hotmail's. Spokeo is a great website for this step.
13. After you have the dox, you will need to send a reset form for the hotmail. If you have yahoo. You will need to look at the dox and see if you can get the security questions.
14. After you have access to email. You are free to send a reset link.
~! Enjoy your jacking
[/b]
Facebook has two databases (one for males and one for females users) where they keep all the information from their users, if you remember the email you use to login but forget your password, you can use the 'Forgot your password?' option, however if like me you don't have any of that information it's impossible to legally recover that account.
If you know anything about programming websites you know the 'Forgot your password?' service has to be in direct contact with the databases in order to send requests to retrieve the forgotten information for you, basically what that means is if you 'ask' the database for the login information with the right 'code' (in our case exploit), it will send you back that information.
So all I had to figure out is what the code was and what system they used to contact the databases through the 'Forgot your password?' service, after a few weeks of writing and testing codes I came up with the right one for the job and after doing a bit of research I learned FaceBook uses something similar to an email service to contact their databases.
For security reasons the databases are programmed to verify the account your requesting is actually yours and not someone elses so they need some type of authentication or verification (thats why they send you a verification link to your email when creating your account or changing your password).
Luckily for us, as mentioned above, through the use of Twitter combined with Facebooks 'Mutual Friend' feature, we can use a friends account to verify your own, in other words, if the person you want to get the login information from is on your friends list on Facebook...you can use your Twitter account to verify your their friend on Facebook taking advantage of the vulnerability of the twitter status sync exploit, and get their login email and password sent to you. Unfortunately, this isn't the Twitter method.
HOW TO DO IT
1) First off you will need to get your user id and the victims user id, how do you do this?
Go to the victims profile, then click on their Display Picture (not the "View Photos of ..." link or tab but the actual main picture of their profile) and look at your browsers address bar, at the end of all the address you should see a group of numbers that should you should look something like this: (I have used a red arrow to point them out)
Don't worry if it isn't exactly like that (sometimes it has variations like; 'album.php?profile=10957800008') just as long as you get the numbers. Write them down somewhere as you will need to use it a bit further down, once that is done you may continue to step 2.
2) At the bottom of this page I have pasted the exploit code I created to fool the databases, this is the tricky part as you will have to edit the code a bit yourself so that it fits your needs when searching for the victims login information.
Scroll down to the bottom of this page and find the code I have highlighted in red so you know what to copy, select the code and copy it to your clipboard (press CTRL+C) then paste it (CTRL+V) on a notepad or text document so you can edit it.
3) Once you have the code somewhere you can edit it, you will need to insert three things into it, the facebook user id of the victim and the Facebook friend authentication information. I will give you step by step examples by trying the exploit code on my friend Laura's account as the victim, see what parts you have to edit and with what:
1. Should be the victims user id.
2. Should be your email login to verify your the victims mutual friend on facebook. .
3. Should be your facebook password so the database can authentic you really are friends with the victim on facebook.
When editing the code, don't accidentally delete one of the quotes (") or it won't work, so make sure you put the information inside them.
4) Now that you have the exploit code edited and ready to send, we are all set to send it to the database through an email, since it's not your regular email but an exploit email we will have to use a special Subject so the database knows how to read it in programming language.
Go to your email address and Compose a new email to <!-- e http://www.youtube.c...ccount_recovery
2. Type in the username you want to steal.
3. Click on "Verify your identity" highlighted in blue.
4. Enter in any email address you have access to, press continue.
5. Where it says "Last password you remember" type in your targeted username and a set of numbers like "123".
6. Where it says "When was the last time you were able to sign in to your Google Account?" go to the channel of your targeted username and see when their last activity was. Use this information, if the channel has no activity then type in a random date.
7. Where it says "When did you create your Google Account?" refer to step 6. Press continue.
8. Skip "Other Google products you use", press continue.
9. You should see a message like "You will receive an email at the contact email address you provided once we've validated your responses (usually within a few hours)". Wait for the email to come.
10. You will receive an email like "We received your request to recover your Google Account 'target', and weâd like to evaluate your account more closely. To continue the account recovery process, please visit: (a link will appear under this text). Click the link.
11. Okay, here is the niche in this. The link will show you the email attached to the YouTube account. (Example: http://i.imgur.com/n132Z.png ?)
12. Now you need to get the Dox off the email. I have noticed that the best emails are Yahoo and Hotmail's. Spokeo is a great website for this step.
13. After you have the dox, you will need to send a reset form for the hotmail. If you have yahoo. You will need to look at the dox and see if you can get the security questions.
14. After you have access to email. You are free to send a reset link.
~! Enjoy your jacking
[/b]
