Facebook Password reset vulnerability allowed hackers to hijack any FB account

Hacking Facebook is one of the most sought queries on Google search because a lot of Facebook accounts are valuable. So much so that security researchers spend their valuable time and resources to hunt for vulnerabilities in Facebook in search of that elusive big break. One such ethical researcher, Anand Prakash has hit a jackpot with hacking Facebook. He has found a critical vulnerability in Facebook which could have allowed him to hack into any FB account without a sweat.

The vulnerability which Prakash found, resides in the way Facebook’s beta pages handle ‘Forgot Password’ requests. Normally, when you forget your password, Facebook gives you an option to get back into your FB account using ‘Forgot Password’ option which then sends a 6 digit code on your phone number/email address to your mobile phone. After you enter this code in the window, you are able to access your FB account and reset your password.

Prakash decided to test the vulnerability in Facebook’s Forgot Password mechanism. He tried to brute force the 6 digit code in the ‘Forgot Password’ window but since Facebook has placed a limit of 12 attempts he was unsuccessful and locked out after 12 attempts.

He then turned his attention to Facebook’s beta pages,  beta.facebook.com and mbasic.beta.facebook.com and found that the rate limit was missing on forgot password endpoints in these two pages. Once he found that there was no limitation, he could brute force into any Facebook account without worrying about the limits.

Vulnerable request:


POST /recover/as/code/ HTTP/1.1 Host: beta.facebook.com
lsd=AVoywo13&n=XXXXX


Brute forcing the “n” successfully allowed Prakash to set new password for any Facebook user.

Video of the Proof of Concept

Prakash reported the issue to the Facebook’s security team on 22nd Feb 2016. Facebook immediately acknowledged the severity of the vulnerability and issued a fix on 23rd Feb.  It also awarded Prakash a bug bounty of $15,000 which is among the top bounties by the networking giant.

By OffensiveSec

Read More

Directory with various materials for studies hacking

Obs, I am not responsible by your act with hacking materials, the materials is responsibility the student 

Directory with various materials for studies hacking, reverse engineering, malware, PenTest tools etc.

By OffensiveSec

Access Ebooks

Read More

Hacking Ebooks ++ VI

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More

Hacking Ebooks ++ V

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More

Hacking Ebooks ++ IV

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More

Hacking Ebooks ++ III

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More

Hacking Ebooks ++ II

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More

Hacking Ebooks ++

Best Hacking EBooks 2016 – In the Era of Teenagers many of want to Become a “Hacker” But In-fact It is not an Easy Task because Hacker’s have Multiple Programming Skills and Sharp Mind that Find Vulnerability in the Sites, Software and Other types of Application. If You want to become a Hacker you need to Spend most of the Time on your Computer to Learn New Technologies and Reading Hacking Book that can Help you to Become a Ethical Hacker. First You need to Read Hacking Books Carefully then Perform Practically not for Hacking Purpose Just only for Educational Purpose.

Access Ebooks

Read More

Multipurpose Sniffer - Ettercap

Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.

Functionality

Ettercap works by putting the network interface into promiscuous mode and by ARP poisoning the target machines. Thereby it can act as a ‘man in the middle’ and unleash various attacks on the victims. Ettercap has plugin support so that the features can be extended by adding new plugins.

Features

Ettercap supports active and passive dissection of many protocols (including ciphered ones) and provides many features for network and host analysis. Ettercap offers four modes of operation:

ºIP-based: packets are filtered based on IP source and destination.
ºMAC-based: packets are filtered based on MAC address, useful for sniffing connections through a gateway.
ºARP-based: uses ARP poisoning to sniff on a switched LAN between two hosts (full-duplex).
ºPublicARP-based: uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (half-duplex).

In addition, the software also offers the following features:


Character injection into an established connection: characters can be injected into a server (emulating commands) or to a client (emulating replies) while maintaining a live connection.

SSH1 support: the sniffing of a username and password, and even the data of an SSH1 connection. Ettercap is the first software capable of sniffing an SSH connection in full duplex.

HTTPS support: the sniffing of HTTP SSL secured data—even when the connection is made through a proxy.

Remote traffic through a GRE tunnel: the sniffing of remote traffic through a GRE tunnel from a remote Cisco router, and perform a man-in-the-middle attack on it.

Plug-in support: creation of custom plugins using Ettercap’s API.

Password collectors for: TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG

Packet filtering/dropping: setting up a filter that searches for a particular string (or hexadecimal sequence) in the TCP or UDP payload and replaces it with a custom string/sequence of choice, or drops the entire packet.

OS fingerprinting: determine the OS of the victim host and its network adapter.

Kill a connection: killing connections of choice from the connections-list.

Passive scanning of the LAN: retrieval of information about hosts on the LAN, their open ports, the version numbers of available services, the type of the host (gateway, router or simple PC) and estimated distances in number of hops.


Hijacking of DNS requests.


Dependencies:

ºLibpcap & dev libraries
ºLibnet1 & dev libraries
ºLibpthread & dev libraries
ºZlibc
ºLibtool
ºCMake 2.6
ºFlex
ºBison
ºSSL Dissection Required Dependencies
ºLibSSL & dev libraries
ºGTK Related Dependencies
ºLibGTK & dev libraries
ºNCurses Related Dependencies
ºLibncurses & dev libraries
ºFilter Related Regex Dependencies
ºLibpcre & dev libraries

Download Ettercap

Read More