This tutorial will be highly detailed with everything, including what you will need and all the thinking process necessary to successfully hack a Facebook account.
I will be covering:
1) Key loggers
2) Rats
3) Phishing (Well, not really.)
4) Social Engineering
5) How not to get traced
Not only that, but all the other tutorials regarding 'How to Hack Facebook' are outdated and no longer work because they are not including the security updates that Facebook implemented not so long ago.
I have written,
You should check those tutorials out for further information regarding what I am about to talk about in here.
Let's begin.
I have seen that 99.9% of the tutorials on HF as of now recommend Phishing, keylogging, RATing, and even Social Engineering (SE) as the most notable methods to take over a Facebook account and essentially "hack it"
Before, we go any further. Let me say that Facebook cannot be hacked with a program of any kind. If you see anyone claiming that they have a program to hack Facebook, they are lying.
Now, why are key loggers, phishers, social engineering, and some RATs bad?
-Key loggers only record the keys pressed on the keyboard.
-Phishers essentially do the exact same thing as key loggers, however the slave must do it manually.
-Social Engineering is the trickiest and I would probably say the hardest method of stealing Facebook account nowadays.
-RATs are probably the best road to take if you plan to steal a Facebook account because you have access to Socks5. Socks5 being their own system.
Key logger I recommend: Rapzo Logger v 1.5
Rapzo Logger v 1.5 ( Public Edition )
" Virus Results By Scan4you.net 0/32 "(Paid Host )
Options
Stealers [6] All Stealers Pure Code - No Drops + Runtime FUD
[#] Firefox 3.5.0-3.6.X
[#] DynDns
[#] FileZilla
[#] Pidgin
[#] Imvu
[#] No-Ip
Features [25]
* Full UAC Bypass & Faster Execution
* Coded in Vb.NET
* Min Req Is .net 2.0 Now A days every pc Have it
* Cool & user friendly GUI
* Easily Understandble
* Encrypt Information
* Encrypt E-mail information
* 100% FUD from all AV's
* 4 Extentions [ . exe | .scr | .pif | .com ]
* Keylogger support - Smtp[Gmail,Hotmail,live,aol,]
* Test E-mail - is it vaild or not.
* Customize the "To" e-mail address.
* Screen Logger
* Cure.exe to remove server from your Compute
* Usb Spreade
* File pumper - Built-in
* Icon Changer - Preview
* Logs are nice and clear
* Log Letters - ABCD etc.
* Log Symbols - !@#$% etc.
* Log Numbers - 12345 etc.
* Log specific key's - [F4][F5][TAB][HOME][Pg Dn][Pause Break][Prtsc SysRq].. Etc.
* Hidden really good & invisible
* Send new logs over and over again
* ReadMe.txt - How To Use
* Vedio Tutorial - How To Use
Working on all Windows Operating System's - [Winxp\vista\W7] --- [32 + 64 ] Bit Computers
1) Why that key logger? Well, it's Free and it works. I tested it.
How to set it up:
After you have done that above, simply build your server. Click Test me to be sure it works. Be sure to select what kind of e-mail you want to use and put the e-mail and the password.
Now, considering that this keylogger is free, you will need to get your file crypted.
Crypting is essentially making your server or bot, or whatever you want to call it, FUD (Full undetected), being not detected by any Anti Virus or at least UD (Undetected), being only being detected by a few Anti virus.
Why crypt? Well, so your file doesn't get detected and immediately deleted as soon as the target opens the file.
2) Let's move on to RATs,
I see the same question all the time, Which is the best/favorite RAT?
-Based on my personal experience, I can say that DarkComet and Cybergate are the best for RATs being free.
I will not go into teaching you how to set those up because there are already a ton of tutorials on how to do that.
I did a quick search to find tuts and these looked good:
Setting up DarkComet
Setup Cybergate
(Will Publish This Soon As I Get The time)
3) Phishing
-I will not go into phishing since it's against the rules.
4) Social Engineering
-Ah, the classic stories of "My friend hacked my facebook" or "How can I hack my friend?" or my personal favorite "How to hack my girlfriend's Facebook?"
A common mistake by layman who do not know much about the internet is giving information out without actually knowing that they are giving the information out.
Social Engineering on Facebook seems like a joke considering that you aren't going to ask the person their password and e-mail for you to log in. Even if they do in fact give you their information voluntarily, it's pointless.
Why is it pointless? Well, Facebook has become smarter on their security.
I wrote about the reasons in dept on my other tutorial: Why you shouldn't phish, keylog, SE on Facebook.
(Click here to view)
Basically, it comes down to this.
Facebook will detect 'Suspicion' on the account that you are logging in and it will not allow you to log in under that account simply because their logs of the original account owner do not match with your IP or the IP your are hidden behind.
1) Suspicion
2) Security question
3) Confirm Identity
4) Confirm identity by identifying the friends on that account.
Now to retrieve back to the very beginning of this tutorial, I said that Key logging, Phishing, Social Engineering, and RATs were the common methods associated with hacking a Facebook account.
I will respectfully correct my mistake and as well as the other tutorials on here.
1) Even if you do manage to steal the password and e-mail using Keylogs, the problem of suspicion will appear.
2) Even if you do manage to steal the password and e-mail using Phishing, the problem of suspicion will appear.
3) Even if you do manage to crack the password out of your target through Social Engineering, the problem of suspicion will appear.
4) RATs are probably and definitely the best way to go into "hacking" a Facebook account simply because you will have full access to their computers. You can change their info through computers and the problem of suspicion will not appear.
RATs are NOT the only possible way to get in! Keylogging, Phishing, and Social Engineering might work as well.
I believe that Facebook compares the ranges of IP based on the ISP of the target. Now, if that's the case...Simply do a whois on the slave using the RAT.
If you do not know what whois is, it's basically a query that searches where the target is located. Normally you can double click on the slave when they are online on the RAT and see where they are from and look at their IP.
Now, you don't really need a RAT to tell you where the slave lives or his IP. If you already have his IP or location through other methods such as reverting you're good to go.
However, if you do not have any information at all what so ever, you can try searching on these sites to revert info about the target.
http://com.lullar.com/
http://www.pipl.com/email/
http://www.spokeo.com
http://www.emailfinder.com
Now, once you have an IP or ISP, or location the next part is looking for a Sock5 to hide behind so Facebook thinks that you are only using a different computer in the same area. You can also spoof the IP, but I will not go into that.
So, after all that work, you still can't take over their accounts?
I thought about this method as I was showing a friend through Teamviewer the pictures that Facebook was showing me to identify the target's friends. And obviously, I was clueless because I did not know of the people.
What did I do? Well, as you can see the picture #4:
1) Suspicion
2) Security question
3) Confirm Identity
4) Confirm identity by identifying the friends on that account.
Facebook provides the names of the target's friends. So, use that information to essentially bypass the security of identification by searching those names on Facebook search and matching the faces based on the Target's friends.
Note that will need an extra Facebook account to search, otherwise Facebook does not let you search. Close the 'Suspicion' page and log in to your extra or your actual Facebook account and search for the Target's friends.
Be sure to notice where your target lives so on the results you can compare whether if the friend is the matching face or not. Be sure to notice the names of the friends as well.
For example, if the name choices are:
George Bush
Adolf Hitler
Barrack Obama
Mohammed Ali
Lee Chang
And the picture given is of an middle eastern descent looking person, you should obviously go with the name that sounds middle eastern.
Once you match the faces for the identification questions. You should be able to get in without a problem.
To wrap it up,
I will warn you one one important thing, if you do not have access to their e-mails. They will get an e-mail notifying that someone is trying to log in on their accounts and your IP will be shown to them.
So, what that means is to always hide behind a VPN or a proxy so you can't be traced back.
Try to take over their e-mails if you want or simply delete the notification e-mails so they do not notice.
Taking over the e-mail will be an obvious sign that they got hacked and they might try to retrieve the e-mail password, so be sure to change the e-mail password and security questions immediately so they cannot get it back. Only take over the e-mail once you have completely stolen and gained access to the Facebook account because they can easily change the e-mail on the Facebook account and you'll be screwed. 
