Hacked Facebook Account with One SMS.

Hacked Facebook Account with One SMS by UK based Hacker, Facebook Security Team rewarded him reporting flaws in the System.

Guys Today's story is different from others. People usually use Malicious code, Social Engineering, Trojans, Phishing to Hack a Facebook Account, But this story is entirely change, here Hacker called "fin1te" which is from UK found a big flaws in Facebook messaging system, reported to Facebook and Facebook rewarded him By $20,000 US.

Today I am going to explain you that how a UK based Security Researcher, "fin1te" is able to hack any Facebook account within a minute by doing one SMS.

Because 90% of us are Facebook user too, so we know that there is an option of linking your mobile number with your account, which allows you to receive Facebook account updates via SMS directly to your mobile and also you can login into your account using that linked number rather than your email address or username.

According to hacker, the loophole was in phone number linking process, or in technical terms, at file /ajax/settings/mobile/confirm_phone.php

This particular webpage works in background when user submit his phone number and verification code, sent by Facebook to mobile. That submission form having two main parameters, one for verification code, and second is profile_id, which is the account to link the number to.

 
As attacker, follow these steps to execute hack: 

1. Change value of profile_id to the Victim's profile_id value by tampering the parameters.
2. Send the letter F to 32665, which is Facebook’s SMS shortcode in the UK. You will receive an 8 character verification code back. 
   
3.  Enter that code in the box or as confirmation_code parameter value and Submit the form.

Facebook will accept that confirmation code and attacker's mobile number will be linked to victim's Facebook profile.

In next step hacker just need to go to Forgot password option and initiate the password reset request against of victim's account.

Attacker now can get password recovery code to his own mobile number which is linked to victim's account using above steps. Enter the code and Reset the password!

Facebook no longer accepting the profile_id parameter from the user end after receiving the bug report from the hacker.

In return, Facebook paying $20,000 to fin1te as Bug Bounty.

Found Really interesting?? 
Don't forget to Subscribe us..

Hacking Tools

winAUTOPWN v3.0 Released - System vulnerability exploitation Framework

WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend. 

C4 - WAST gives users the freedom to select individual exploits and use them.

BSDAUTOPWN has been compiled, like always for various flavours and has been upgraded to version 1.8 alongwith all applicable exploits

WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies alongwith a few others' too for smooth working of exploits included in it.

ARPwner – ARP & DNS Poisoning Attack Tool

ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and
a plugin system to do filtering of the information gathered, also has a implementation of SSLstrip and is coded in python.

 

 

 

  The Mole: Automatic SQL Injection Exploitation Tool

Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a Boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. 

Havij v1.15 Advanced SQL Injection

 Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

Sqlninja 0.2.6

Features:

 >> Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)

>>  Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental).

>> Creation of a custom xp_cmdshell if the original one has been removed

>> Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed).

>> TCP/UDP portscan from the target SQL Server to the attacking machine, in order

to find a port that is allowed by the firewall of the target network

and use it for a reverse shell.

>> Direct and reverse bindshell, both TCP and UDP

>> ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse

shell but the DB can ping your box.

>> DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for

 a direct/reverse shell, but the DB server can resolve external hostnames

 (check the documentation for details about how this works).

>> Evasion techniques to confuse a few IDS/IPS/WAF.

>> Integration with Metasploit3, to obtain a graphical access to the remote DB

 server through a VNC server injection.