How to Hack Facebook Account using FB_brute

How to Hack Facebook Account using FB_brute

  • There are many methods for hacking Facebook. Most of them are pretty complicated, but there is one hack that's very easy and requires no programming skills at all. It doesn't require any password cracking software either — you don't even need to download anything. All it takes is a browser, the Facebook login page, and a bit of math and you'll be able to hack Facebook passwords in just minutes. In this article, we're going to show you how it works.

apt update && upgrade -y
apt install python
apt install python2 
apt install python2
apt install git wget PHP -y
git clone https://github.com/lunnar211/fb-brute
cd fb-brute
chmod +x *
python2 fb brute.py

1. Brute-force attack

A brute-force attack is a trial-and-error technique used to find the correct key for a cryptographic system. One simply tests all possible keys. In cryptography, a brute-force attack is a cryptanalytic attack that can, in theory, be used against any encrypted data (except data encrypted in an information-theoretically secure manner). This is easy: if it can be found in less than 1s or 2s, it's found. If it takes more than 10s seconds you should stop.
There are several ways to try to brute-force crack a specific password. One method is to try hundreds or thousands of combinations. This is the process commonly referred to as "burn the eff out of a key", or setting the browser to turn off JavaScript, so it won't try anymore. YouTube does this for example. However, this is time-consuming and unreliable, and the only statistically significant studies I found on deploying this type of attack showed significant (but sometimes temporary) losses. Those results are why I prefer long-term solutions like a multifactor authentication solution.
Another way to try to brute force crack a specific password is to try every possible combination of letters, numbers, and symbols (also called "logic mix"). Logical formulas are pretty easy to guess but very hard to crack — for example, this one:
Suppose you tried all combinations of letters, numbers, and symbols that were not found using the calculation above. You would have tried 2,147,483,656 times. However, with a multifactor solution, you only need to try 3 times. In this way, you will try just 2.148 million times to find the correct combination (almost 1 in 12 times!).
You don’t have to use a browser — other software applications provide this kind of functionality. TimeVar, Roboform, and Elephant are some of them.
With any of these tools, you need to be careful, because mistakes can be made.

2. I've hacked my own Facebook password using FbBrute — here's how

Earlier this week, I found myself in a situation where I needed to access a Facebook profile. I know, I know, the horror! The profile was for a high school acquaintance who I was trying to find a copy of an old photograph of.
Luckily, Facebook gives you a lot of wiggle room when it comes to cross-referencing Facebook and other websites to find other people’s pages. So I used the following technique to find his page without using Facebook’s developer tools:
This gives us some additional data.
But wait, there’s more.
With a little bit of digging, we can find the full Facebook authentication process.
The authenticated user sends their Facebook credentials (either their Facebook username or their password) to the Facebook server along with a few other options. They include:
Alright, so if we just use those options, we should be able to get login credentials from Facebook.
But wait! There’s more. Assuming we use the other credentials, the server is going to do a sanity check for us. It’s going to ask the database to populate the login field with the correct settings. You already set your Facebook password to be non-empty, right?
Well, no. The Facebook server does parse your email and enter it into the password field by default. You won’t be able to skip this step. If you skip it, it’s an easy hack, but it might make your password vulnerable to dictionary attacks in the future.
So if you really want to hack Facebook passwords, you’ll need to connect your Facebook account to other services (like Gmail).
Facebook also doesn’t allow the use of common passwords like password_hash, common_token, and so on. Even Facebook’s own integration for finding Facebook accounts doesn’t allow this. So we could either use Gmail as our login source, or force Facebook to ask us for a new password in each new session, but this ultimately results in insecure interactions.

3. How to protect yourself from brute-force attacks

Brute-force attacks are a type of brute-force password attack, in which an attacker attempts to log into a website by trying several different passwords. Brute-force attacks are popular because it’s possible to try large numbers of passwords in a short period.
The problem Facebook faces, however, is that their site is incredibly secure, which tends to increase the number of simultaneous attempts they need to make. This sharply decreases their limit (see image 2.1)
This means that if you attempted to log in with an email address or any other valid Facebook account using the password “123456”, the login page would reject it, and you wouldn’t be able to log in. This tends to happen for a few reasons. First, it’s far more difficult to guess a valid pattern if you have to use many different combinations (conceptually speaking) of letters and numbers than it is to guess one unique password for each site (conceptually speaking). Second, true brute-force attacks only work when both types of attacks are successful — if you can guess the correct password with less than a chance of error, that’s called a “one-time pad” (one-time-password) and increases the attack surface.
Conventional login pages like Facebook uses to show a short text input field, telling users what their password is no doubt. This password is then sent to the site’s password database, which is made up of entries from both user accounts. From there, the site checks each password against its own database compares the password to known or previously-used passwords, and then makes a decision about the best password to use based on the comparison.
For instance, if I tried to log in with a bunch of random words in my password, say “Ricky Martin,” Facebook would see that particular string of letters and numbers as a mismatch and reject it.

My name is Dipesh and I am a self-taught white hat hacker and a commerce graduate from Nepal, Currently working for some well-known Youtube.