Hack Any Account | Gmail/Facebook/Instagram/Twitter/Linkedin | Phishing - Techmidroid

Saturday, 21 October 2017

Hack Any Account | Gmail/Facebook/Instagram/Twitter/Linkedin | Phishing



   
   
   Hey there, Techmidroid here. And this time we're going to reveal how to hack any Facebook/Gmail/Instagram or any other account. The technic we're gonna discuss about is called phishing. We would like to talk about what phishing is, how to hack any logins with this technic, keeping yourself safe from any phishing attacks and we'll cover some of the advanced phishing technics. So what's phishing? 



Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. 
                                                                                                                          

So if you wanna get into your girlfriend's account and see what's she is doing, like many of my friends asked me, then this is the place. The internet says a lot about phishing and is updated with  news on phishing attacks day by day. So if you wanna research on what's phishing you can surf the internet. As we're emphasizing on the later (Hacking Logins and Getting Safe) here we provide you only a nutshell of what it is. 

You might be familiar with the famous internet prank Love Calculator, sorry if not. It was plotted in this way that you receive a message from your friend saying calculate your love percentage with a link, you open that, get this screen where you have to enter your name along with the name of three of your crushes and click submit. When you're done, a message will pop up saying you're being pranked by your friend and the names you entered has been sent to his/her email. You feel cheated and the same time get amazed of this new mindblow that you can use in your friend circle hoping you're the first to shoot. So what if you replace this screen you got with any of the login screens including Facebook/Gmail/Instagram or any other and you don't show any prank messages at the end! That simply is phishing. You're shown up with a facebook login page, enter your credentials but, the login was not successful, it was redirected to some ad pages or doesn't show up anything. And you think that's some error. But that's not it, you've been compromised. The login credentials have been sent to someone's gmail and you wont have a clue on what just happened. 


Getting Your Hands Dirty 










Disclaimer: Techmidroid wont be responsible for any activities that is being done using this tutorial.



Step 1:

Sign Up for z-shadow.us 



And you will be shown up with a page like this.












Step 2:

You'll be provided with a set of websites, website logos and the links. Only you have to do is choose the website, under the link section select the language the page should be appeared. Copy the link that appears and send it your friends.










Step 3:

He will get this login screen upon opening the link(Here I've used Facebook).


And when he/she enter their credentials and hit the login button they will be shown up with with an ad page and that's it. 









Step 4:



Login to your z-shadow.us account. You can find the usernames and passwords under 'My Victims' tab.





So now you know how stuff works. 

NB: There's an option to create a new login page if the website you're looking for is not listed in z-shadow. Under 'Make Custom Page' select 'Create Your Own Page', insert the URL of the original login page you wanna create a mirror, complete the captcha and you're done. You can get the link under Make Custom Page - My Pages, that you can use just as the above.


How to get yourself safe from phishing attacks?







Make sure you check the URL thoroughly that nothing suspicious is found.

Below is an image of the Facebook login page. But you see the URL is something else, not facebook.com, which means it's not the original facebook login.





There's also this chance that you might get fooled if you only check the URL. There are many phishing scams that uses the legitimate URL's that's hard to differentiate. 

So before logging into any website always try a random Username and Password. If it gets redirected to some other pages other than expected or doesn't shows up anything GOTCHA you were about to be stolen.



Advanced Phishing with Two-Factor Authentication Bypass 









  • Attacker generates a phishing link pointing to his server which acts as a proxy server. 


  • Victim receives attacker's phishing link via any available communication channel (email, messenger etc.). 


  • Victim clicks the link and is presented with  proxied Google sign-in page. Victim enters his/her valid account credentials, progresses through two-factor authentication challenge (if enabled) and he/she will be redirected to some other pages or even his/her original account depending on what the attacker has set. 


  • You can't try any random username and password to check the legitimacy of the link. You should enter your valid login credentials, the server will look up for its validity. 


3 comments:

  1. Day break offers great long range interpersonal communication, social marketing and social bookmarking to WAHMs, Small Business Owners, BRSM.io Instagram packages

    ReplyDelete
  2. A person visits your instagram page and discovers that you have over 1000 followers. Then the question he will ask himself is totally differet buy Instagram likes uk

    ReplyDelete