mercoledì 27 ottobre 2010

Craccare facebook con Fbruteforcer

Fbruteforcer è uno script in python che potete trovare a questo indirizzo  ,in sostanza si tratta di un codice per reperire le password di account  facebook ,ottiene questo risultato provando quelle che gli forniamo con un file dizionario.Fbruteforcer è utilizzabile solo per craccare account facebook , quindi non è possibile scegliere i protocolli e configurare altri parametri come è possibile fare con hydra, diciamo che il suo punto di forza è l' estrema semplicità di utilizzo.Inoltre per mascherare i vari tentativi il suo autore è ricorso ad un piccolo trucchetto, simulare ad ogni tentativo un useragent differente, in questo modo ,per un pò, si può ingannare facebook, la seguente porzione di codice vi mostra tutti gli useragent simulati.

ouruseragent    = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',
048            'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',
049            'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',
050            'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
051                'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
052                'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
053                'Microsoft Internet Explorer/4.0b1 (Windows 95)',
054                'Opera/8.00 (Windows NT 5.1; U; en)',
055            'amaya/9.51 libwww/5.4.0',
056            'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',
057            'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',
058            'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
059            'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',
060            'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',
061            'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]'
062            ]

Se intendete provarlo (vi esorto ad utilizzare lo script SOLO per testare la bontà della vostra password) dovete copiare lo script , incollarlo in un file di testo nel vostro computer  e salvarlo con il nome fbruteforcer.py.Dato che si tratta di uno script in python, per eseguirlo dovete aver installato python.Io l'ho testato in linux backtrack 4, che ha python nella sua dotazione software, ma ho dovuto installare anche il pacchetto "python-mechanize" ,il pacchetto deb lo potete trovare qui. Quando avete portato a temine le installazioni del caso tutto quello che dovete fare e lanciare lo script, supponiamo di avere il file nella directory root, con il seguente comando /root/fbruteforcer.py -u email@xxx.yy -w /root/dizionario.txt :
Lo script in esecuzione è molto...molto lento,circa un tentativo ogni 2 secondi,potete immaginare da soli quanto ci metterebbe per esaurire un dizionario di migliaia di password,inoltre facebook ha sicuramente messo una ulteriore protezione perchè dopo qualche test(in cui la giusta password viene segnalata)fbruteforcer smette magicamente di funzionare. Probabilmente si tratta dello stesso tipo di protezione utilizzato nelle caselle di posta gmail quando si cerca di attaccarle con hydra, la cosa buona è che testando il vostro account sarete "vaccinati" per questo tipo di attacco. In conclusione direi che con la costruzione di una "buona" password (almeno 10 caratteri, maiuscole e minuscole + simboli + numeri) siamo relativamente al sicuro dall' attacco di questo script, se invece utilizzate come password parole di senso compiuto reperibili in un dizionario...beh allora preoccupatevi:-)
P.S. un altro modo per recuperare password di FaceBook è il phishing , il metodo è illustrato in questa pagina  http://d1966.blogspot.it/2012/10/come-vi-scoprono-la-password-di.html

21 commenti:

  1. Hey There. I found your blog using msn. That is a really well written article.
    I will be sure to bookmark it and come back to read more of your useful info.
    Thanks for the post. I'll certainly return.

    Here is my web-site: Sac Louis Vuitton

    RispondiElimina
  2. This design is spectacular! You most certainly know how to keep a reader entertained.

    Between your wit and your videos, I was almost moved to start
    my own blog (well, almost...HaHa!) Wonderful job. I really enjoyed
    what you had to say, and more than that, how you presented it.
    Too cool!
    transfer vhs to dvd

    RispondiElimina
  3. It's actually a nice and helpful piece of information. I am glad that you simply shared this helpful info with us. Please stay us up to date like this. Thanks for sharing.
    youtube view booster

    RispondiElimina
  4. Greetings! Very helpful advice in this particular
    article! It's the little changes that make the biggest
    changes. Thanks for sharing!
    get followers on instagram free without following

    RispondiElimina
  5. Eѵerythіng aid wаs νery reaѕonаble.
    Ηowever, consider thiѕ, what if you аԁded a
    little content? Ι am not suggestіng уour іnformation іsn't goοd., but suρpose you added somеthing thаt grabbеd a peгson'ѕ аttention?
    I mеan "Craccare facebook con Fbruteforcer" іѕ
    a littlе ѵanillа. Υou shoulԁ peеk at Yahoo's fгont ρage anԁ note how thеy creatе newѕ headlines to
    grab people to сlick. You might try adԁing a vіdeo οr
    a гelatеd pіc οr two to get ρеople іntеreѕtеd about еverуthing'ѵe ωritten.

    Just my οpiniοn, іt might bгing yοur ωebsite a little livelier.


    Ηегe is my wеb-sitе cam4

    RispondiElimina
  6. It's remarkable to visit this web page and reading the views of
    all friends about this article, while I am also eager of getting experience.


    Feel free to surf to my web-site :: google referencer un site

    RispondiElimina
  7. bookmarked!!, I really like your web site!

    my website ... woodworking plans

    RispondiElimina
  8. Wow that was strange. I just wrote an incredibly long
    comment but after I clicked submit my comment didn't appear.
    Grrrr... well I'm noot writing alll that over again. Regardless, just wanted to
    say wonderful blog!

    my wweb page :: company of heroes 2 serial code serial
    code - ,

    RispondiElimina
  9. Hey there! I know this is kinda off topic nevertheless I'd figured I'd ask.
    Would you be interested in trading links or maybe guest writing a blog post or vice-versa?
    My site addresses a lot of the sqme topics as yours and I think we could greatly benefit from each other.
    If you happen to be interested feel free to send me an e-mail.
    I look forward to hearing from you! Wonderful blog by the way!



    My blog post; call of duty: ghosts key generator serialz ()

    RispondiElimina
  10. Pretty! Thiѕ has been an incredibly wonderful article.
    Тhanks fоr supplying thesе details.

    my homepage; make money blogging

    RispondiElimina
  11. You can access and recover them by logging in with a username and password from any
    machine. This top security progrzm also provides
    some support for decryption against manny quite typical protocols.
    This can be done because of the various apps that are obtainable
    for yourr Smartphone, for example Vo - IPapplications and programs like Skype.


    Feel free to visit my weblog ... wifi password hacker windows xp ()

    RispondiElimina
  12. " A sniffer intercepts information by spoofing anyone's IP address. You'll be aware that Apple has allocated the connection a default password which is shown about this screen too. You should affect the password once in a very fortnight.

    My web page ... wifi password hacking software youtube ()

    RispondiElimina
  13. It enables you to be safe even if you have to accesss the Internet in a very public area.
    Tools like Atek Secure Password Organizer makes it simple to remember lengthy passwords,
    in case hackers compromise such tools, then the entire exercise becomes futile.

    Dictionary Attack enables you to remove RAR password
    aas outlined by default dictionary with the program.



    Feel free to surf to my site :: pet rescue saga scoring

    RispondiElimina
  14. " A sniffer intercepts information by spoofing a person's IP address. Take Just use the secret to success to a phisher, which I think is quite simple. You should change the password once in a very fortnight.

    Also visit my website - pet rescue saga hack coins ()

    RispondiElimina
  15. Note: For more on government corruption, see the deeply revealing reports from reliable major media sources available
    here. muusic code generator flash music player droite doucement.
    This is achievvable because of the various apps that
    arre obtainable for your Smartphone, such as Vo - IP applications and programs like Skype.


    Here is my site :: wifi password hack macintosh

    RispondiElimina
  16. Thanks for sharing your thoughts on stock markets. Regards

    Also visit my web-site ... garcinia cambogia reviews

    RispondiElimina
  17. Hi there, just became aware of your blog through Google, and
    found that it's really informative. I'm going to watch out for brussels.
    I will be grateful if you continue this in future.
    A lot of people will be benefited from your writing. Cheers!


    Feel free to surf to my website ... garcinia cambogia extract (http://garciniacambogiaextract1.pw/)

    RispondiElimina
  18. Owning one will acquire a new dimension to your current
    practice. And then we had the great Armstrong brothers, Vic and Andy,
    to choreograph the crusade sequence, so we really were blessed.
    Cage: That was very exciting, and I really did enjoy that.

    Feel free to visit my page ... hay day wiki levels

    RispondiElimina
  19. " Oftentimes, when someone does really well in a game, they will be accused of having used a lag switch. ' Our existance is a generation which cries 'Hat - $20. Those mission was unsuccessful together with I was deeply disappointed; my disappointment wasn't outcome of the failure in purchasing the subject but caused by the fact that We was in the cen of the fifth bigger collection of knowledge each morning world yet I may very well not locate what did actually be a simple theme at the time ( space ) origin or Christian weddings and receptions.

    Have a look at my website: titanfall hack legit

    RispondiElimina
  20. Very nice post. I just stumbled upon your blog and wished to say
    that I have truly enjoyed surfing around your blog posts.
    After all I will be subscribing to your rss feed and I hope you
    write again soon!

    Here is my web-site: Atmos Vaporizer

    RispondiElimina