Create Fake facebook.com using SET (Phishing Method)

Requirement :

1. Facebook offline files (you can view our previous tutorial number 2 in link above)

Step by Step Tutorial Hacking Facebook using Phishing Method :

Before you start, we wrote this is just for education purpose and we’re not responsible if someday you use this for negative purpose and FBI or Interpol looking for you as a criminal and jail will be ready for you. !!Please remember this!!

1. In this tutorial about Hacking facebook using phishing method we will use not-allowed.com as free web hosting service, but you can choose the other most suitable with you.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

Click “Buat Akun” on the top right side page, You can register your account there.

2. The next step you can fill the required data there.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

3. After step 3 they will send you an activation link to your e-mail and your account will be activated. If your account already activated you can click on “Beralih” button to go to your hosting control panel.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

4. Inside your hosting control panel, on “File” section click “File Manajer 1″(file management) to upload the file.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

5. Inside your file management, click on “public_html” to go into your web root folder.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

6. Inside public_html folder, you can upload all the data here so it can be accessed worldwide. In this page you can choose which upload method you want to use, there’s “Upload”, “Java Upload”, “Flash Upload” you can choose which one most suitable for you. Don’t forget to ZIP all of the content before uploading so it can be extracted later.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

7. The next step is extracting the data we already upload on last step. Tick the ZIP file and click UNZIP to extract the data.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

8. Here’s the data after all the data extracted.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

9. Yep everything has been set up correctly until this step. The next step we need to configure the database. Go to this link http://cpanel.not-allowed.com/index and click on “Tool Penting” section and click “Database MySQL”

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

10. The next step you need to fill in your database information in this page such as database name, databaseusername, and so on…

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

When you finished, click “Buat” button to create the user and database.

11. Now you will have a new database and new user, you need to go to your “phpmyadmin” window by clicking the link to upload the database. Don’t forget the “Host MySQL” address, my address was mysql.not-allowed.com.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

12. After everything finished, now in phpMyAdmin window, click on “import” tab. Don’t forget to download the database file below

Download Database

and then click browse and upload the database you’ve just download before, and click “Go” when finished.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

13. When you finished everything, now time to modify login.php file and view.php file. Open that file using your favourite text editor(such as:notepad, dreamweaver, gedit, etc).

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

Don’t forget to change the “localhost” to address that described on step 11 (your configuration with our configuration maybe different 😀 )

When you finished edited that two file, you should upload that file and replace existed file (repeat step 6).

14. Well done! now you can check the address. Here’s our screenshot when access the page.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

15. When user input their e-mail and password, the fake facebook website will forward it to the wrong passwordpage like this.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

16. To view harvested e-mail and password, you can check on http://your-website.com/view.php.

Tutorial Hacking Facebook using Phishing Method, Fake Facebook Website

Countermeasures :

1. Look carefully the address when you open a website that ask for your credentials. It’s better you type it by yourself 😛

2. Change your password (and all the same password:e-mail, twitter, etc) ASAP when you know this attack happen

3. Maybe you can try one of this securing internet activity method 🙂 http://www.hacking-tutorial.com/tips-and-trick/5-steps-to-make-your-browsing-the-internet-activity-more-secure/

4. Install URL advisor(usually this you can get from antivirus for free) but not too effective.

Hope you found it useful

Using WebCruiser Tool for SQL Injection Testing

  1. Launch Web Cruiser apps and wait till the main windows appears

Screen Shot 2018-05-29 at 14.53.33

2. Enter the URL that will be scanned, this example we use http://10.0.0.2/goodshopping where 10.0.0.2 is the server of the host machine where the website is hosted. Click ‘ Scan Site ‘ to start the scanning

Screen Shot 2018-05-29 at 14.53.48

3. If a software disclaimer pop-up appears, click OK to proceed

Screen Shot 2018-05-29 at 14.54.00

4. The scanning start with URL scan, but it also show the vulnerabilities as well as the site structure as seen in the screenshoot

Screen Shot 2018-05-29 at 14.54.12

5. Try to right click each of the vulnerabilities, then click SQL Injection POC  which is Proof of  Concept

Screen Shot 2018-05-29 at 14.54.20

5. It will launch the SQL Injection then click ‘ Get Environment Information ‘

Screen Shot 2018-05-29 at 14.54.32

6. It shows information about environments which the site is hosted. By collecting vulnerabilities information, attacker can simulate exploitation to hack a web application to gain unauthorized information.

 

Using N-Stalker Tool to Scan Web Applications

  1. Launch N-Stalker, wait till the GUI appears then click ‘ Update ‘ to update application

Screen Shot 2018-05-29 at 21.41.10

2. N-Stalker will soon update the database, wait some few minutes

Screen Shot 2018-05-29 at 21.44.36

3. After the database update complete, click Start to rescan a new session

Screen Shot 2018-05-29 at 21.44.44

4. In the N-Stalker wizard, enter a URL of the web apps that will be scanned. For this example we use http://10.0.0.2/goodshopping. Choose OWASP Policy in Scan Policy tab then click next

Screen Shot 2018-05-29 at 21.44.53

5. URL Restriction box will pop-up, click yes to continue

Screen Shot 2018-05-29 at 21.45.04

6. Click Optimize Settings, leave it default and click yes

Screen Shot 2018-05-29 at 21.45.11

7. Click yes on the Settings not Optimized box

Screen Shot 2018-05-29 at 21.45.17

8. Click Review Summary, then click Start Session

Screen Shot 2018-05-29 at 21.45.23

9. Start Scan after complete finishing the configuration of N-Stalker to start scanning the website

Screen Shot 2018-05-29 at 21.58.36

10. It will soon scan the website, as the chart is moving

Screen Shot 2018-05-29 at 21.58.43

11. Let the apps scan the website. It has 4 steps which are Spider, Info Gather, Run modules, Sig Scanner

Screen Shot 2018-05-29 at 21.59.36

12. After finish the scanning, wizard box will appear. Click save  scan result and keep scan session for further analysis, and then ‘ Next ‘

Screen Shot 2018-05-29 at 21.59.42

13. Summary of vulnerabilities will be shown, click done after finish examine that

Screen Shot 2018-05-29 at 21.59.50

14. On the left side, expand all nodes to see websites pages

Screen Shot 2018-05-29 at 22.00.06

15. Complete scan results can be seen the dashboard, it can also expand all the vulnerabilities of site’s vulnerabilities

Screen Shot 2018-05-29 at 22.00.27