Aug 19, 2014 Hack-Museumsgarten is at Hack-Museumsgarten. August 19, 2014 Hier nochmal als bleibende Erinnerung an eine tolle Aktion der Zaunstrickerei-Film.
Welcome back, my budding hackers!This is the initial post of a. It's important to note here that each hack I'll be covering is very specific. I have said it before, but I feel I need to repeat it again: there is NO SILVER BULLET that works under all circumstances. Obviously, the good folks at Facebook have taken precautions to make certain that their app is not hacked, but if we are creative, persistent, and ingenious, we can still get in.Facebook is one of the most secure applications on the Internet and, despite what you might read on the Internet, it is NOT easy to hack. In addition, most of those websites on the Internet willing to sell you a Facebook hack are scams. Don't give them a penny!If you want to hack Facebook, you need to invest some time into learning. If you are new to hacking, you might want to start with my article '.'
In addition, I want to put in a word about what we mean by the word 'hack.' In some cases, we might get the password which, of course, will give us full access to the Facebook account. In other cases, we might just get access to the account without any rights. In still other schemes, we might get the cookies that Facebook places in the user's browser and then place it in our browser for access to the account whenever we please.
In yet another scenario, we can place ourselves between the user and Facebook in a form of MitM attack, to get the password, etc.In this first entry in, we will use a flaw in the stock Android web browser that will provide us with access to the Facebook account. I hope it goes without saying that this hack will only work when the user has accessed their Facebook account from the stock Android browser, not the Facebook mobile app. Although Google is aware of this security flaw in their browser, it is not automatically patched or replaced on existing systems. As a result, this hack will work on most Android systems. Same Origin PolicySame-origin policy (SOP) is one of the key security measures that every browser should meet. What it means is that browsers are designed so that webpages can't load code that is not part of their own resource.
This prevents attackers from injecting code without the authorization of the website owner.Unfortunately, the default Android browser can be hacked as it does not enforce the SOP policy adequately. In this way, an attacker can access the user's other pages that are open in the browser, among other things. This means that if we can get the user to navigate to our website and then send them some malicious code, we can then access other sites that are open in their browser, such as Facebook.For those of you are new to Null Byte and hacking, I recommend that you start by installing. In this hack, we will need two tools, and, both of which are built into our Kali Linux system.
Step 1: Open MetasploitLet's begin by firing up Kali and then opening Metasploit by typing:kali msfconsoleYou should get a screen like this. Step 8: Navigate to the Website from an Android BrowserNow we are replicating the behavior of the victim.
When they navigate to the website hosting the hook, it will automatically inject the JavaScript into their browser and hook it. So, we need to use the stock browser on an Android device and go to 192.168.1.107:8080, or whatever the IP is of your website.
Step 9: Hook BrowserWhen the user/device visits our web server at 192.168.1.107, the BeEF JavaScript will hook their browser. It will show under the 'Hooked Browser' explorer in BeEF. We now control their browser! Step 10: Detect if the Browser Is Authenticated to FacebookNow let's go back to BeEF and go to the 'Commands' tab. Under the 'Network' folder we find the 'Detect Social Networks' command. This command will check to see whether the victim is authenticated to Gmail, Facebook, or Twitter. Click on the 'Execute' button in the lower right.
Thanks for the tip Master OTW,I was able to change the server host to my local ip using set SRVHOST and the port using set SRVPORT.