Cara Hack Facebook Dengan Social Engineering Toolkit Kali
For those of you who don’t know, BeEF (the browser exploitation framework) is a tool that cleverly uses the browser’s built in functionality, javascript and other third party software against the user. What’s interesting is that it doesn’t rely on any exploit (although this is also possible) to get the job done, so even if you are fully patched, you can still be attacked using beef.
Cara Hack Facebook Menggunakan Kali Linux – Seperti yang kita ketahui bahwa untuk saat ini Indonesia menjadi salah satu negara dengan pengguna Facebook terbanyak di Dunia, hal tersebut mungkin dipicu dengan banyaknya fitur yang ditawarkan dan akses Facebok sendiri lebih mudah semenjak hadirnya ponsel berbasis Android. Level: Easy (especially if you've already read and practice this tutorial before). If my previous tutorial about Adobe PDF escape EXE social engineering talking.
Initial compromise of the user’s browser usually relies on either XSS, luring the user to your own website containing malicious javascript or MITM injection of javascript. Once a user runs the beef hook javascript their browser silently connects back to the beef admin. For detailed information about BeEF see my previous posts related to. Today we going to use Pretty Theft Module in BeEF to compromise the credentials of Facebook.
The pretty theft module is a phishing module that uses floating divs to create legitimate looking fake login boxes that are displayed in the browser. Pretty theft module was originally created by Nickosaurus Hax and You can look at code. Currently its supports Safari, Firefox, Chrome, Opera (User is notified) browsers.
It’s a simple little module that will use a lightbox-style effect to darken the user’s browser and pop up a new div stating that their session has timed out – and that they need to reauthenticate. It also has the option to provide an image to put in the header of the div, so if you like, you can use the compromised site’s logo / favicon to make it feel a touch more authentic. Once the user has provided their user and password again, the page returns to its previous state, and you have their creds. A potential extension for this module could be to use the collected creds to authenticate to a given login page in order to test the user’s credentials before returning them to the site. This will have some other implications if the application doesn’t support multiple concurrent sessions, but would provide further authenticity to the user who couldn’t just enter in fake creds and be on their merry may. The beef framework brilliantly demonstrates how lethal even the smallest bit of javascript can be and how important it is to use NoScript.
Through modules like Pretty Theft it’s really easy to demonstrate the kinds of the attacks organisations are facing today and how to best defend against them. If we want to try to Social Engineer them and grab their Facebook credentials we can go to the Social Engineering tab and click “Pretty Theft”. Cle campus 3 methode de francais french language torrent download.
And then ‘Execute’. Here i exploited the victims browser with XSS and executed the pretty theft command On the victim’s browser a pop up will appear. My Facebook timed out! If the user fills in their creds and hits Log in, this appears in the BeEF control panel.