Ever wondered how hackers are able to hack Facebook accounts. There are a lot of methods out there to hack Facebook account of any user, but phishing is one of the oldest and efficient method to hack Facebook account. Phishing is a type of social engineering attack. In this article, I will explain to you how a phishing attack can be performed without any special tools and hacking skills.
What is Social Engineering
The term Social Engineering is used for a wide range of malicious action or activities accomplished by human interactions. In this method hackers use to manipulate the users psychologically to trap user to enter or disclose the sensitive information to attacker or to make any security mistakes.
Social Engineering attack can be performed in one step or more. First of all, attacker investigates the targeted victim to gather background information that may be necessary for attack. After gathering all the necessary information about the victim attacker moves to the next step, which is to gain the trust of the victim and provide stimuli for further actions that break security practices such as disclosing sensitive information or providing or granting access to some resources that are critical.
What is a Phishing Attack?
As I mentioned earlier Phishing is a kind of social engineering attack used to steal sensitive information about users, like login credentials or credit/debit card numbers. In this attack, the attacker pretends as a trusted entity to convince a user to open an email, SMS or instant messaging. After that attacker trick the user to click a malicious link which further leads the user to reveal sensitive information or install the software.
How to Perform a Phishing Attack
Performing a phishing attack is an art. It is more similar to performing a magic trick. In old phishing methods, we use to make fake replica pages of a website and then upload it on any free hosting services like 000webhost. But now, those hosting sites are not allowing users to host any phishing scripts. If anyone does the same, they will suspend their hosting account immediately.
So now, I am going to explain about the easiest method to do phishing, in which no hosting service is required. To perform this attack all you need is:
- A Desktop or laptop with a stable internet connection
- An account on ngrok.com which is free of cost
- Xammp server installed on your system
How to Hack FB Account
First of all, we are going to host our Facebook phishing page on our local host using Xammp server. After that, we will create a URL to access our local host over the internet. We will do this by tunnelling our local host using ngrok. Let us do it step by step.
Step1: Download and install Xammp server on your system. You can download it from here.
Step 2: Download the Facebook mobile phishing page from here and extract it. Password is Ajaysoni.
Copy the extracted file in htdocs folder in Xammp installation folder.
Step 3: Now run the Xammp server.
Step 4: Create an account on ngrok.com
Step 5: Now login to your ngrok account.
Step 6: Download the ngrok according to your operating system and extract it.
Step 7: Now open the ngrok batch file if you are using Windows. For all other operating systems, you can find instructions on ngrok.com below the download section.
Step 8: Now a cmd window will open. Run the following command ngrok authtoken <Your auth Token>
You will get your auth token from ngrok website below download section.
Step 9: Now run the command ngrok http 80
It will create a temporary URL for accessing your local host from anywhere. You can send this URL to your victim and convince him to log in. Once the victim login you will get the credentials in usernames.txt file in htdocs folder under xammp installation folder.
This is all about how phishing works. This tutorial is purely for educational purpose. Do not use it for any illegal purpose.
I hope you liked this post. In case of any query and suggestion feel free to comment below.