 This Book Is only For

Educational Purpose.
 This Book Is Not Provide Any
illegal Activity.

 If you want to do then do it

on your own
responsibility...
1.How to Gain Passwords & Other Data W-
Wi Fi Pumpkin 'Java Script Keylogger
Injection.
• What is Wi-Fi Pumpkin?
• Requirement to install Wi-Fi pumpkin
• Installation
• Uses of Wi-Fi pumpkin

2. Bettercap MITM Tool Gain Passwords, IP

Address,Device Info, Sniff Packets & Other
Traffic & More :
• Installing Bettercap in Kali Linux
• Sniffing Traffic
• Capturing passwords
• Limitations
3. HOW TO INSTALL AND CONFIGURE FREE
VPN ON KALI LINUX.
• What is VPN on Kali Linux
• Why use VPN
• Installing VPN on Kali Linux

4. How To Install Backtrack & Hack Wifi On

Android
• Requirements
• Steps To Install Backtrack & Hack Wifi On
Android

5. List of terms used in the field of hacking

• OTP BYPASS
• What is disposable mobile number?
• Benefits
• How to Receive SMS ?
• Working
6. SOCIAL MEDIA HACKING
• HACKING FACEBOOK
• Keylogger
• Keylogger for Smartphone

These are the top 10 Android

Apps That Turn Your Phone
into a Hacking Device
LEARN THE FULL HACKING
TUTORIALS IN 49 GB.
 LEARN HACKING EBOOKS
 How to Gain Passwords & Other Data W- Wi Fi
Pumpkin 'Java Script Keylogger Injection.
First of all, we see what is Wi-Fi Pumpkin?
 W-WIFI Pumpkin :
The Wi-Fi-Pumpkin is a rogue AP framework to easily create
these fake networks, all while forwarding legitimate traffic to
and from the unsuspecting target. It comes stuffed with
features, including rogue Wi-Fi access points, deauth attacks
on client APs, a probe request and credentials monitor,
transparent proxy, Windows update attack, phishing manager,
ARP Poisoning, DNS Spoofing, Pumpkin-Proxy, and image
capture on the fly. moreover, the Wi-Fi-Pumpkin is a very
complete framework for auditing Wi-Fi security check the list of
features is quite broad.

 Requirement to install Wi-Fi pumpkin :

You will need to have an Ethernet connection as well as a Wi-
Fi adapter that supports Access-Point (Master) mode. The
following list of OSes represents recommended environments
to run Wi-Fi Pumpkin, as most of required dependencies are
pre-installed. VMs are also recommended.
Operating System Version
Kali Linux 2.0
Kali Linux Rolling Edition
WifiSlax 4.11.1/4.12
Parrot OS 2.0.5/3.0
Ubuntu 15.10/16.04
Pentoo Rolling Edition
  Installation :
1) Open your terminal of Kali Linux.
2) Type this command: git clone
https://github.com/P0cL4bs/WiFi-Pumpkin.git cd Wi-Fi-Pumpkin
sudo pip2 install -r requirements.txt chmod +x installer.sh sudo
./installer.sh --install
OR
Download .deb file to install: sudo dpkg -i wifi-pumpkin-0.8.8-
all.debsudo apt-get -f install # force install dependencies if not
install normally
To Install Pyqt4 : pip install -r requirements.txt
How to install wifi pumpkin link is given below :
https://mega.nz/#!drwAFaJb!beYRMoib_AbOtP1xiTYD3Jhg
YK52zPoSAHuH9gSOFOE
 Uses of Wi-Fi pumpkin :

1) Rogue Wi-Fi Access Point :

The most common wireless security threats is the rogue access
point—it is used in many attacks, both DOS and data theft. Many
other rogue access points, however, are deployed by employees
wanting unfettered wireless access—these access points are
called soft access points. Other rogues are located in
neighbouring companies using your network for free access.
Typically low-cost and consume air default mode, authentication
and encryption are not enabled, thereby creating a security
hazard. Because wireless LAN signals can traverse building
walls, an open access point connected to the corporate network
the perfect target for war driving. Any client that connects to a
rogue access point must be considered a rogue r-grade, these
access points often do not broadcast their presence over the
wire and can only be detected over-the-air. Because they are
 typically installed in the client because it is bypassing the
authorized security procedures put in place by the IT department.

2)Deauth Attack Clients AP :

Deauthentication attack is a type of denial of service attack
that targets communication between a user ( or all users ) and
a Wi-Fi access point.
This attack sends disassociate packets to one or more clients
which are currently associated with a particular access point. Of
course, this attack is totally useless if there are no associated
wireless client or no fake authentications.
The cool thing about this attack is that even in 2019 where
all networks are using a WPA2 encryption you can still easily
deauth anything or anyone without even being inside the
network.

3)Probe Request Monitor :

A probe request is a special frame sent by a client station
requesting information from either a specific access point,
specified by SSID, or all access points in the area, specified
with the broadcast SSID.
Sniffing probe requests (time stamp, signal strength, MAC
address, SSID) The information gathered from probe requests
can be combined with wardriving datasets, geo-tagged wireless
networks databases, to map the physical location of these
networks in a city.

4) DHCP Starvation Attack :

DHCP (Dynamic Host Configuration Protocol) is a network
management protocol used to dynamically assign an Internet
Protocol (IP) address to any device, or node, on a network so
they can communicate using IP.
DHCP starvation attack is an attack that targets DHCP
servers whereby forged DHCP requests are crafted by an
attacker with the intent of exhausting all available IP addresses
that can be allocated by the DHCP server. Under this attack,
legitimate network users can be denied service.

5) Credentials Monitor :
Credentials refer to the verification of identity or tools for
authentication. They may be part of a certificate or other
authentication process that helps confirm a user’s identity in
relation to a network address or other system ID.

6) Transparent Proxy :
A transparent proxy (also called inline proxy, intercepting proxy,
or forced proxy) is a server that sits between your computer
and the Internet and redirects your requests and responses
without modifying them. A proxy server that does modify your
requests and responses is defined as a non-transparent proxy.
A transparent proxy can be used for various reasons, such as
content filtering in schools and libraries, and as it does not need
any configuration on the client side, it can be an easy-to-
maintain alternative to other proxy types.
.

7) Phishing Manager :
Phishing is a type of social engineering attack often used to
steal user data, including login credentials and credit card
numbers. It occurs when an attacker, masquerading as a
trusted entity, dupes a victim into opening an email, instant
message, or text message.
8) Partial Bypass HSTS protocol :
HTTP Strict Transport Security (HSTS) is a web security policy
mechanism which is necessary to protect secure HTTPS
websites against downgrade attacks, and which greatly
simplifies protection against cookie hijacking. It allows web
servers to declare that web browsers (or other complying user
agents) should only interact with it using secure HTTPS
connections and never via the insecure HTTP protocol.
The first Demonstration of HTTPS stripping and MITM
attacks was presented by Moxie Marlinspike at Black Hat DC
2009. Using his tool sslstrip, sslsniff and It will transparently
hijack HTTP traffic on a network, watch for HTTPS links and
redirects, then map those links into either look-alike HTTP links
or homograph-similar HTTPS links. It also supports modes for
supplying a favicon which looks like a lock icon, selective
logging, and session denial.

9) Support beef hook :

BeEF is short for The Browser Exploitation Framework. It is a
penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against
clients, including mobile clients, BeEF allows the professional
penetration tester to assess the actual security posture of a
target environment by using client-side attack vectors. Unlike
other security frameworks, BeEF looks past the hardened
network perimeter and client system, and examines
exploitability within the context of the one open door: the web
browser. BeEF will hook one or more web browsers and use
them as beachheads for launching directed command modules
and further attacks against the system from within the browser
context.
VIDEO :-
https://www.youtube.com/watch?time_continue=2&v=xdbvU_U
42kY

10) ARP Poison :

ARP Poison is a type of attack in which a malicious actor sends
falsified ARP (Address Resolution Protocol) messages over a
local area network. This results in the linking of an attacker’s
MAC address with the IP address of a legitimate computer or
server on the network. Once the attacker’s MAC address is
connected to an authentic IP address, the attacker will begin
receiving any data that is intended for that IP address. ARP
spoofing can enable malicious parties to intercept, modify or
even stop data in-transit. ARP spoofing attacks can only occur
on local area networks that utilize the Address Resolution
Protocol.

11) DNS Spoof :

Domain Name Server (DNS) spoofing (a.k.a. DNS cache
poisoning) is an attack in which altered DNS records are used
to redirect online traffic to a fraudulent website that resembles
its intended destination.
Once there, users are prompted to login into (what they
believe to be) their account, giving the perpetrator the
opportunity to steal their access credentials and other types of
sensitive information. Furthermore, the malicious website is
often used to install worms or viruses on a user’s computer,
giving the perpetrator long-term access to it and the data it
stores.
12) Pumpkin-Proxy [Proxy Server (mitmproxy API)] :
Intercepting HTTP data, this proxy server that allows to
intercept requests and response on the fly.
I will give you a video tutorial that you know how its
actually work.

Video :-
https://mega.nz/#!prYU2CiL!WtK1b5K3nOBLA-
bMfjl4V1TwfqnhIZcAEpr09AZkBg4
  Bettercap MITM Tool Gain Passwords, IP
Address, Device Info, Sniff Packets & Other
Taraffic & More :
In this topic we learn how to gain password , IP address ,
System information and many more by using Bettercap.
First we learn how to install Bettercap in Kali Linux:-
Installation is simple-
 apt-get update
 apt-get dist-upgrade
 apt-get install bettercap
The above three commands will leave you with latest versions
of Kali and bettercap.

Now it is ready.

Sniffing Traffic :
Sniffing is a process of monitoring and capturing all data
packets passing through given network. Sniffers are used by
network/system administrator to monitor and troubleshoot
network traffic. Attackers use sniffers to capture data packets
containing sensitive information such as password, account
information etc.
There's nothing special about the usual sniffing traffic
functionailty of bettercap. Bettercap can easily performing
sniffing on your local area network. It also lets you write the
output to a pcap file and later analyse it with WireShark or
some other tool of your choice. I'll just give a simple demo here.
The real fun is in the capturing passwords section.
Run the command -
 Bettercap – sniffer

Sniffing traffic : Screenshot shows my Lenovo smartphone's

requests to truecaller being sniffed

You'll see all the websites being visited by all the devices on
the network. Press Ctrl+C to stop.

Take a look at the help manual for more commands, or read

the wonderful documentation.
Capturing passwords :

 Run the command bettercap on the terminal

 Wait for bettercap to acquire targets.
 When bettercap discovers the target you're looking for,
note down it's IP address. Let's call it TARGET_IP.
  B Press Ctrl+C to stop bettercap (if internet connectivity is
lost, as was in my case, restart your wlan0 interface)
 Run this command - bettercap -T TARGET_IP --proxy -P
POST (replace TARGET_IP with the appropriate IP.

In my case, my target was my Lenovo smartphone. It was

detected by bettercap,

and i noted down it's IP. 192.162.2.2 is what I'll use as my

TARGET_IP

Now your attacker machine is ready and listening for traffic on the
network. Once your victim opens any login page, bettercap will use
ssl strip to remove the https from the URL, and once the target
enters his/her login credentials, you will see them in clear text.
Let's look at a demo run of the above procedure.
Limitations :

From this test run, here are the limitations of the tool that I
observed-
1. The biggest problem - It does not work on all sites. Before
trying outlook, I tried to see if I could carry out this MITM
attack over Facebook, Gmail, Twitter, etc. Unfortunately, I
wasn't able to. It only seems to work with some websites.
2. The difference in the URL if easily visible. Anyone who
knows what https is, will notice the lack of it. I, for one,
would never enter my credentials on an http page. The
extra Ws in the www don't help either.
3. The tool isn't perfect. There are a few bugs.

Video :-
https://mega.nz/#!0mBkFIpI!Zd1p6k6KgWhaptbK-
NGvHvuZcutck48dB3DN0klc_AQ
  HOW TO INSTALL AND CONFIGURE FREE
VPN ON KALI LINUX.

What is VPN on Kali Linux ?

VPN on Kali Linux is strange enough not installed and

enabled by default which leaves you with a greyed out VPN
option panel and a rather difficult, or at least a not
straight forward, set-up process if you don’t know how to
install VPN. VPN stands for Virtual Private Network and
extends your private network over the internet which will
cloak your IP address, bypass censorship and encrypt your
network traffic. In this tutorial we will install the necessary
packages and setup the popular Golden Frog VyprVPN
service in Kali Linux.

Why use VPN ?

There are several reasons why you would want to use a VPN
service:
1. VPN cloaks your IP Address and location so you will be
anonymous.
2. Avoid internet censorship, firewalls and access region
restricted content.
 3. Encrypt your network traffic (on public Wifi for example).
4. To hide your identity.

 Installing VPN on Kali Linux :

Open a terminal and use the following command to install the

necessary packages:

apt-get install network-manager-openvpn-gnome network-

manager-pptp network-manager-pptp-gnome network-
manager-strongswan network-manager-vpnc network-
manager-vpnc-gnome

Type y and enter when being asked to install the packages.

Now we need to download the CA certificate from VyprVPN

using the following command (one command, ignore white
space) :
sudo wget -O /etc/openvpn/ca.vyprvpn.com.crt

https://www.goldenfrog.com/downloads/ca.vyprvpn.com.cr
t
Go to your network manager, go to the VPN tab and click
“Add”:
Enter the following information :
1. Connection name
2. Gateway (Different gateways are available from the
website)
3. Set authentication type to password
4. Username and password
Click the browse file button to select the CA certificate we
downloaded earlier.

The file was downloaded to the following location:

/etc/openvpn/ca.vyprvpn.com.crt
You can start your VPN connection by going to the network
manager and select the connection we’ve just added.
  How To Install Backtrack & Hack Wifi On
Android

 Requirements

1. Rooted Android Device [ Root your Android ]

2. Download Backtrack ARM
3. Download BusyBox
4. Download Android VNC
5. Download Android Terminal
6. If you are using PC then you need 7zip for extraction
otherwise you can use Download Zarachiever on your android
phone.

 Steps To Install Backtrack & Hack Wifi On Android

1. First, extract the BT5-GNOME-ARM.7z. and copy BT5

folder and then put in your android root directory. For
example- My Phones Root Directory is /sd card. (As
different androids will have different root directories).

2. Install all apps that given in requirements.

3. After installing BusyBox application open it and wait until it

finishes loading and then click on Smart install button of
the application.

4. In your, Android open the terminal app and then execute

the given command
 su
cd /sdcard/BT5
sh bootbt

5. When su commands executed it will ask for Super User

access you have to click on Grant on the prompt appear.

6. Now after this type the commands:

export USER=root
unpassed
7. Now you will be asked to enter the password, enter your
choice and press Enter.

8. Now type the below command:

TightVNC server -geometry 1280×720
9. The terminal emulator will create the localhost to connect
it to VNC server. : Now note the localhost port marked red
below. Now minimize the terminal emulator.

10.Open the Android VNC and type the following settings

given:
Nickname: BT5
Password: same password as entered in terminal
Address: localhost
Port: 5906
  OTP BYPASS
In this Lecture we learn how to use a disposable mobile
number. First of all we learn what is disposable mobile number.

Disposable Number :
A Disposable Phone Number is generally a VoIP phone
number that is used for temporary purpose. The Numbers
generally are used to protect user's privacy. Most of the
disposable numbers generally forward calls or text to users
private numbers hiding real user's phone number. Disposable
phone numbers are also called temporary phone numbers.
It is very easy for hackers to find detailed information
about your identity, address, and track their movements. In
these troubled times, a person who does not take care of his
privacy is a fool and is surely open to any kind of
misdemeanour.

Benefits :
So first the important thing is why to use a disposable number
and not your personal mobile number. Sometimes you visit a
website and the websites told you to give some information
about yourself and Mobile Number. These will help you to hide
your original id information that website's can't find your
information or cannot able to trace your original location
through mobile number. You can use this to bypass Verification
Code for any Apps.
In today's world the most important thing is internet these
will provide you everything you need. So there is lots of
website's present in internet that you can easily misuse your ID
information.
You can Easily access disposable number by visiting some
websites without giving your information and Your original
identity.

How to Receive SMS ?

 Choose a country from the list of countries that you want
to receive sms in.
 Choose a number for that country. Each number is
capable of receiving SMS instantly.
 Copy the number and provide that number to another
service where you want to use the temporary number.
Wait for the SMS to appear on the page. Normally the message
appears on the page within 1 minute.

Work :
One of the Disposable mobile number website is
SMSreceivefree.com that I will believe that is so useful for
hacking also. And you will find similar website's in internet. So
here is list that I believe that will definitely help you
1)Smsreceivefree.com
2)receive-smss.com
3)Freephonenum.com
4)Receivesms.org
5)Temp-sms.org
And many more............So friends enjoy with these Be
anonymous.
 List of terms used in the field of hacking.

1. Adware − Adware is software designed to force pre-

chosen ads to display on your system.

2. Attack − An attack is an action that is done on a system

to get its access and extract sensitive data.

3. Back door − A back door, or trap door, is a hidden entry

to a computing device or software that bypasses security
measures, such as logins and password protections.

4. Bot − A bot is a program that automates an action so that

it can be done repeatedly at a much higher rate for a more
sustained period than a human operator could do it. For
example, sending HTTP, FTP or Telnet at a higher rate or
calling script to create objects at a higher rate.

5. Botnet − A botnet also known as zombie army, is a

group of computer controlled without their owners’
knowledge. Botnets are used to send spam or make
denial of service attacks.

6. Brute force attack− A brute force attack is an

automated and the simplest kind of method to gain access
to a system or website. It tries different combination of
usernames and passwords, over and over again, until it
gets in.
 7. Buffer Overflow − Buffer Overflow is a flaw that occurs
when more data is written to a block of memory, or buffer,
than the buffer is allocated to hold.
8. Clone phishing − Clone phishing is the modification of
an existing, legitimate email with a false link to trick the
recipient into providing personal information.

9. Cracker − A cracker is one who modifies the software to

access the features which are considered undesirable by
the person cracking the software, especially copy
protection features.

10.Denial of service attack (DoS) − A denial of service

(DoS) attack is a malicious attempt to make a server or a
network resource unavailable to users, usually by temporarily
interrupting or suspending the services of a host connected to
the Internet.

11.DDoS − Distributed denial of service attack.

12.Exploit Kit − An exploit kit is software system designed to

run on web servers, with the purpose of identifying software
vulnerabilities in client machines communicating with it and
exploiting discovered vulnerabilities to upload and execute
malicious code on the client.

13.Exploit − Exploit is a piece of software, a chunk of data, or

a sequence of commands that takes advantage of a bug or
vulnerability to compromise the security of a computer or
network system.
14.Firewall − A firewall is a filter designed to keep unwanted
intruders outside a computer system or network while allowing
safe communication between systems and users on the inside
of the firewall.

15.Keystroke logging − Keystroke logging is the process of

tracking the keys which are pressed on a computer (and which
touchscreen points are used). It is simply the map of a
computer/human interface. It is used by gray and black hat
hackers to record login IDs and passwords. Keyloggers are
usually secreted onto a device using a Trojan delivered by a
phishing email.

16.Logic bomb − A virus secreted into a system that triggers

a malicious action when certain conditions are met. The most
common version is the time bomb.

17.Malware − Malware is an umbrella term used to refer to a

variety of forms of hostile or intrusive software, including
computer viruses, worms,Trojan horses, ransomware, spyware,
adware, scareware, and other malicious programs.

18.Master Program − A master program is the program a

black hat hacker uses to remotely transmit commands to
infected zombie drones, normally to carry out Denial of Service
attacks or spam attacks.

19.Phishing − Phishing is an e-mail fraud method in which

the perpetrator sends out legitimate-looking emails, in an
attempt to gather personal and financial information from
recipients.

20.Phreaker − Phreakers are considered the original

computer hackers and they are those who break into the
telephone network illegally, typically to make free long distance
phone calls or to tap phone lines.
  These are the top 10 Android Apps That Turn
Your Phone into a Hacking Device.
1.SpoofApp
SpoofApp is a Caller ID Spoofing, Voice Changing and Call
Recording mobile app for your iPhone, BlackBerry and Android
phone. It’s a decent mobile app to help protect your privacy on
the phone. However, it has been banned from the Play Store
for allegedly being in conflict with The Truth in Caller ID Act of
2009.
Download link:
https://www.malavida.com/en/soft/spoofapp/android/#gref

2.Andosid
The DOS tool for Android Phones allows security professionals
to simulate a DOS attack (an http post flood attack to be exact)
and of course a dDOS on a web server, from mobile phones.
Download link: https://www.apkmart.net/app/andosid/

3.Faceniff
Allows you to sniff and intercept web session profiles over the
WiFi that your mobile is connected to. It is possible to hijack
sessions only when WiFi is not using EAP, but it should work
over any private networks.
Download link: http://faceniff.ponury.net/download.php solve
the captcha it will download automatically.
4.Nmap
Nmap (Network Mapper) is a security scanner originally written
by Gordon Lyon used to discover hosts and services on a
computer network, thus creating a “map” of the network. To
accomplish its goal, Nmap sends specially crafted packets to
the target host and then analyses the responses.
Download link: https://apkbucket.net/apk/nmap-for-
android/com.android.nmap/

5.Anti-Android Network Toolkit

zANTI is a comprehensive network diagnostics toolkit that
enables complex audits and penetration tests at the push of a
button. It provides cloud-based reporting that walks you through
simple guidelines to ensure network safety.
Download link: https://www.allfreeapk.com/anti-android-
network-toolkit,1418038/

6.SSHDroid
SSHDroid is a SSH server implementation for Android. This
application will let you connect to your device from a PC and
execute commands (like “terminal” and “adb shell”) or edit files
(through SFTP, WinSCP, Cyberduck, etc).
Download link: https://apkhome.net/sshdroid-pro-2-1-2-
unlocked/
7.WiFi Analyser
Turns your android phone into a Wi-Fi analyser. Shows the Wi-
Fi channels around you. Helps you to find a less crowded
channel for your wireless router.
Download link: https://www.appsapk.com/wifi-analyzer/

8. Network Discovery
Discover hosts and scan their ports in your Wifi network. A
great tool for testing your network security.
Download link: https://www.apk20.com/apk/157224/

9.ConnectBot
ConnectBot is a powerful open-source Secure Shell (SSH)
client. It can manage simultaneous SSH sessions, create
secure tunnels, and copy/paste between other applications.
This client allows you to connect to Secure Shell servers that
typically run on UNIX-based servers.
Download link: https://www.apkmonk.com/app/org.connectbot/

10.dSploit
Android network analysis and penetration suite offering the
most complete and advanced professional toolkit to perform
network security assessments on a mobile device.
Download link: https://dsploit.en.aptoide.com
  SOCIAL MEDIA HACKING :
When people talk about hacking and social networks, they're
not referring to the com-mon definition of hacking, which is
using malicious code or backdoors in computer networks to
damage systems or steal proprietary information. Hacking into
social networks requires very little technical skill. It's much more
of a psychological game -- using information on personal
profiles to win a complete stranger's trust.

HACKING FACEBOOK :
Facebook is a most popular social media and we discuss 7
types of hacking on Facebook.
1. Hack Facebook Account Using Software (Brute-Force
method)
2. With Phishing Method
2.1. How to Make a Facebook Phishing Page
3. Using Keylogger to Hack Facebook Password
3.1. Keyloggers for Windows/Mac
3.2. Keyloggers for Android/iOS
4. By Password Guessing
5. With Remote Access Trojan Tool
6. Using The Man in The Middle Attack Method
  Hack Facebook Account Using Software (Brute-Force
method):
The first and best method of hacking your Facebook account is
the “brute-force” method. This method uses specially designed
software to crack the password. This software receives
automatic updates of the latest passwords, allowing it to run
through the list of potential combinations in a few minutes. All
you need to do is download the software to your phone or
laptop, then run the software and it does the rest for you.
You can find this tool for download on its official site :
https://www.progressivepst.com
Developed by Progressive PST team of coders.

This automated solution is far more user-friendly than the

previous method hackers would use of opening a text
document, compiling a password list, and using a program to
try to access the target account. With the fully automated
operation of the new generation of brute-force software, anyone
can hack into any account, without specialized hacking
knowledge.
The latest version of brute-force software features stealth-
mode applications that hide the processes from the view of any
user, allowing you to go undetected as you crack the account.
These programs spoof your IP, concealing your operations
from your ISP and Facebook’s security team. Developers are
constantly updating their list of proxies, and provide dozens of
clone fake addresses to ensure stealth operation of your
hacking tasks. Brute-force software also clears your browser
cookies after every session, eliminating the possibility of
anyone tracking your use of the software.
The time it takes to hack an account depends on a variety of
factors, such as the password strength, efficiency of the
hacking software you’re using, and the processing power of
your computer or device that’s running the program, as well as
the connection speed. We recommend you use a fiber
connection or LTE-enabled device to run the program with the
best results.
Most versions of brute-force hacking software are available for
free download on mobile (Android & iOS), PC (Windows/Linux),
and Mac devices.
 With Phishing Method :
I think you know about Phishing Attack : Phishing is an attack in
which hacker create a fake page of Facebook or any other
social media to crack the user name and password of their
social media. It is just similar to original page. So the user
cannot guess the page is original or fake.
 How to Make a Facebook Phishing Page

Step 1
Log out of your account and visit www.facebook.com default
login page.
Right-click anywhere on the page.
Click “View page source”.
Select all the text and copy it to the notepad. (CTRL+A then
Copy) Open Notepad blank page then paste inside.

Step 2
Left click on the top of the text in the notepad.
Hold CTRL+F and type “action=” in the search box without the
quotation marks.
Click on “Find next”.
There should be two “action=” in the text, and you require the first
one.

Replace the link in quotation marks with “post.php”.

Don’t change the quotations, only the text inside the quotation
marks.
Go to File > Save as and name the file “index.html”.
Set the encoding option to “Unicode”.
Step 3
Download the post.php file – available here.
Open and unzip the file. Password to open archive is
“password12345” (without quotation marks). You’ll need
WinRar program to open this file. Download it for free here if
you don’t have it installed on your computer already.

Step 4
You’ll need a web hosting account since a phishing page is
essentially a website page on a hosted account.
Now this can be a problem for some people since they want to
do this for free. Yes there are free web hosting solutions like
www.000webhost.com and some other ones. You can do a
Google search for others. But people are reporting their
accounts often gets suspended because phishing is not
allowed by most of hosting companies.
If you want to be serious with this, we recommend going with
real domain name and paid hosting. Since you paid for it, you
own it, and you can put on your website and host any content
you want. There are tons of com e post and index files to your
web hosting account in the “public_html” folder.
First you login into your cPanel, then go to File Manager >
public_html.
You are now ready to use your phishing page. Visit the custom
link you receive when signing up for your web host account (If
it’s a free account). If you registered a real domain name, then
your domain name (domain-name.com) is your phishing
website.
When a victim follows that link, they’ll be landed to your
phishing page, and when they enter their username and
password, the page stores it in the file named “usernames.txt”
which will be automatically created inside the same
“public_html” folder.
panies providing web hosting and domain names. Just do a
Google search to find some. Don’t forget to search for coupon
codes too. Especially if you are first time user of some
domain/hosting company, there are always big discounts
available when you sign up for the first time.
The choice is yours of course whether you’ll go with paid plans
or search for a free solutions.

Step 5
Upload the post and index files to your web hosting account in
the “public_html” folder.
First you login into your cPanel, then go to File Manager >
public_html.
You are now ready to use your phishing page. Visit the custom
link you receive when signing up for your web host account (If
it’s a free account). If you registered a real domain name, then
your domain name (domain-name.com) is your phishing
website.
When a victim follows that link, they’ll be landed to your
phishing page, and when they enter their username and
password, the page stores it in the file named “usernames.txt”
which will be automatically created inside the same
“public_html” folder.

3. Using Keylogger to Hack Facebook Password

Keyloggers track the key strokes a target presses on their
keyboard and analyze the data it collects to crack the
password. Below are some of the most popular ones
nowadays.
Note :-
Since today users mostly browse social networks and internet
generally from smartphones then desktop computers, we
highly recommend going with a mobile keylogger.
Keyloggers for Windows & Mac OS

 ISAM Keylogger
ISam is an upper-class key logger that runs hidden on your
system while covertly collecting data from individual users.
iSam silently records every key stroke, including passwords,
takes screen shots, and allows you to see and know everything
anyone does on your computer, period!
ISAM offer a premium keylogging tool that runs covertly on a
computer, collecting data from users. ISAM records keystrokes,
as well as allowing you to view to device from any location
remotely. Take screenshots, monitor your employees or
children, all with them being completely unaware of your
activities. Our favourite feature of ISAM is the unique hot-key
combination required to open the program – without it, no-one
can access the data collected by ISAM.

 Elite Keylogger
Used for monitoring multiple users at the same time, Elite
Keylogger offers incredible functionality combined with a user-
friendly interface to allow you to keep all of your data within
easy reach. The program also features covert operation and
security features that enable you to monitor other users and
their behaviour.
Elite Keylogger has the ability to record all keys typed on a
computer - while remaining completely invisible to users! From
its logs, you will see passwords, documents, emails, chat
messages, and everything that was typed.
 Actual Keylogger
This program monitors all of the activity on the target device or
computer. If you own a PC that’s open for use in the office, or
your staff has their own PC’s or laptops, you can covertly install
the software on their machine, and receive detailed reports
about their user activity. Track programs, websites they visit, an
take screenshots and copy content to the clipboard. The
software also collects data on all keystrokes as well.
4) Keyloggers for Mobile Phone Devices
If you need a keylogger for smartphone with Android or iOS
operating system, we recommend you give these three options
a try.
 mSpy
mSpy is the most used mobile monitoring & tracking tool
nowadays. It’s full of useful features which attracts users to
choose mSpy amongst other tools of this kind.
The most used features which mSpy provides are following:
 Monitoring Messaging Apps chat logs fully undetected
(Facebook Messenger / WhatsApp / SMS / Viber /
Instagram / others
 Cell Phone Location Tracking
 Monitoring Calls Conversations (Outgoing and Incoming)
 Supported for both Android & iOS devices
  Spyera
Spyera allows you to monitor any Android or iOS device remotely.
This award-winning software lets you keep tabs on your kids,
spouse, and employee, without them being aware of your spying.
Track your kid’s movements and keep an eye on your business
assets, all from your mobile device. With free updates and remote
upgrades, Spyera also offers a 10-day money-back guarantee.
 KidLogger
This software is the top choice for parents concerned about
their kid’s whereabouts and activities. Kidlogger allows you to
see which apps they’re using, whom they’re communicating
with, and view their phones photo gallery. Monitor their location
and travel history, as well as read their text messages to
friends.
 TheTruthSpy
The TruthSpy is one more keylogging software. This package
allows the user to keep an eye on employees and kids
whereabouts using a GPS tracker to protect your children and
business assets. The SMS spy will enable you to read incoming
and outgoing texts, while the Spycall gives you their phone
records. Monitor calls and record conversations, as well as any
WhatsApp communications.

5) Guess the Password and Hack into Account

Before you decide to enter a rendition of your birthday as your
Facebook password, stop and read this section. Surprisingly,
despite the warnings from online security firms about the
dangers of using general passwords, such as your birthday or
your pets name, people still choose to use these types of
passwords.
If you’re trying to crack the account, try entering the person’s
personal information for the password, you might be shocked
by the results. Recent research shows that more than 70-
percent of all Facebook users use one of these top 10 common
passwords.
 123456
 Password
 12345678
 qwerty
 12345
 123456789
 letmein
 1234567
 football
 iloveyou
If you recognize any of these entries, make sure you change
your password right now.
Hack an Account Using the “Remote Access Trojan” Tool
(RAT)
Also known as “creepware,” this type of malware infects an
operating system after the user inadvertently downloads files or
visits a link containing a Trojan virus. The hacker waits for the
user to open the files or click the link, and activate the malware
– giving them remote control of their system from any location
connected to the
internet. The victim is unaware of the hacker’s presence or the
installation of the RAT. The attacker has full access to all the
files on your device or computer, and they can open browser
windows, login to Facebook, and steal your passwords – along
with all your other passwords, (think internet banking.) Here are
a few of the most popular applications available for remote
hacking attacks.
  PoisonIvy
Free for download and easy to use, PoisonIvy is a top choice
for threat actors due to its extensive features and ability to
control a compromised computer. Attackers can design
malware in seconds and use it to infect a computer.
 NanoCore
This software has been around since 2013 and offers powerful
remote access for threat actors. Due to the low purchase price
of $25 and the ability to add plugins to the software, the 2015
version of NanoCore which is still running as of today is now
one of a hacker favourite.
 Blackshades
Back in 2016, the creator of this Trojan malware
received 5-years of probation and a $40,000 fine for his
role in creating this software. Blackshades allows
hackers to remotely access a victim’s computer,
recording keystrokes, stealing passwords, and personal
files.
 DarkComet
After being shut down in 2012, DarkComet RAT is now only
available on select sites floating around the internet. Hackers
should avoid using this tool as downloads often come with
malware attached.
6) The “Man in the Middle Attack” Method

These types of MITM, (Man in the Middle,) attacks typically

occur over a LAN network, such as at a coffee shop or internet
café where many users share the same connection. The
hackers take over the switch routing table, and the victim thinks
that the hacker is the web server.
This strategy allows the hacker to remotely access the victim’s
computer because the system recognizes the connection as a
secure line between itself and the web server. In reality, the
hacker is sorting through your files, looking for your passwords
and stealing your personal information.
There is also some another tricks click on the link given below :
https://mega.nz/#!JzpgFKZI!HOEh3OI-
qySDtytpClMwgTLcxXjU1LU3UfFv3pv77iA
  LEARN THE FULL HACKING TUTORIALS IN 49 GB.

49 GB OF HACKING TUTORIALS 🔰

COPY THE BELOW LINK IN SEARCH ENGINE.

🔰 Link – https://mega.nz/#F!7jIyBShb!5uQgMY-
3UjZNCMrISP6ufQ!a25AlKpI

➖@WIZARDS35