Critical Facebook security flaw allows hackers to log into multiple Facebook accounts
How to hack Facebook is the most popular search term on Google but a few go past learning to the actual hacking. However, one California-based hacker tried something similar. During his researcher he discovered a big security hole in Facebook’s password reset mechanism which allowed him to hack into anyone’s Facebook profile.California based Gurkirat Singh discovered a way to gain access to anyone’s Facebook profile using a security flaw in the social networking giant’s password reset mechanism. The social networking giant uses an algorithm that generates a random 6-digit passcode ‒ that’s 10⁶ = 1,000,000 possible combinations.
“That could possibly mean that if 1 million people request a password within a short amount of time such that no one uses their code to reset the password, then 1,000,0001 person to request a code will get a passcode that someone from the batch has already been assigned,” Gurkirat explains in a blog post.According to him, Facebook needs to store duplicate codes for multiple users if more than 1,000,000 users request a password reset. This means that more than two people have the same passcode. To use this for his purpose, Gurkirat Singh devised a way to send in 2 million password change requests to Facebook.
Since Facebook IDs are 15-digit long, Singh used 1,00,000,000,000,000 and made queries to Facebook Graph API to see which IDs were valid. This can only be done through authorized apps, and once a match is found, you can enter the ID in the URL like www.facebook.com/[ID]. The URL then automatically changes the ID to the username. This data was compiled into a JSON by Singh.
To handle the problem of IP changing, Gurkirat Singh simply used a proxy server that listened to HTTP Requests and then assigned a random IP address to each request. He used a multithreaded script to simulate user behaviour when a passcode is required. The script requests a passcode to every user in the JSON file created earlier. Then the scripts were run to make the requests. It looked like this:
After doing so, the 6-digit passcode needs to be matched using the Brute force technique. Singh added ID to the key ‘u’ and the successfully matched passcode to the key ‘n’ in the URL as www.beta.facebook.com/recover/password?u=…&n=… Doing so returned a match.
Once this was done, Singh added this matched passcode to the URL and was redirected to the password reset page. Singh immediately informed Facebook but to his surprise, Facebook security engineers designated this as a low priority risk and awarded in a token $500 bug bounty.
0
3
0
ReplyDelete••★COMPOSITE HACKS★••
Are you Seeking for a LEGIT HACKER Who Will Get Your Job Done Efficiently With Swift Response???? Congratulations, Your Search Ends Right Here With Us.
★ WHO ARE COMPOSITE HACKS???
• We are a Team Of Professional HACKERS , a product of the coming together of Legit Hackers from the Dark-Web, (pentaguard,CyberBerkut, RedHack , Black Hat, White Hack ) we have been existing for for years, Our Team houses a separate group of specialists/Hackers who are productively focussed and established authorities in different platforms. They hail from a proven track record Called “HackerOne” and have cracked even the toughest of barriers to intrude and capture or recapture all relevant datas needed by our Clients. Some Of These Hackers Includes PETER YAWORSKI, FRANS ROSEN, JACK CABLE, JOBERT ABMA, ARNE SWINNEN And More
★ JOB GUARANTEE:
• Frankly speaking, I always give a 100% guarantee on any job we are been asked to do, because we have always been successful in All our jobs for over 20years and our clients can testify to that .To hack anything needs time though, but we can provide a swift response to your job depending on how fast and urgent you need it. Time also depends on what exactly you want to hack and how serious you are. Enough time with social engineering is required for hacking. So if you want to bind us in a short time, then just don't contact us because We can't hack within 5-10minutes, *sorry*. Basically, time depends on your luck. If its good luck, then it is possible to hack within 5-10minutes but, if it is in the other way round, it would take few minutes or hours. I have seen FAKE HACKERS claiming they can hack in 5min, but there is no REAL HACKER who can say this (AVOID THEM).
★ WHY WOULD YOU NEED TO HIRE A HACKER??:
There are so many Reasons why people need to hire a hacker, It might be to Hack a Websites to deface informations, retrieve informations, edit informations or give you admin access
• Some people might need us To Hack Their Target Smartphone so that they could get access to all activities on the phone like , text messages , call logs , Social media Apps and other informations
• Some might need to Hack a Facebook , gmail, Instagram , twitter and other social media Accounts,
• Also Some Individuals might want to Track someone else's Location probably for investigation cases
• Some might need Us to Hack into Court's Database to Clear criminal records.
• However, Some People Might Have Lost So Much Funds On BINARY OPTIONS or BTC MINING and wish to Recover Their Funds
• All these Are what we can get Done with Asap With The Help Of Our Root HackTools, Special HackTools and Our Technical Hacking Strategies Which Surpasses All Other Hackers.
★ OUR SPECIAL SERVICES WE OFFER ARE:
* RECOVERY OF LOST FUNDS ON BINARY OPTIONS
* Credit Cards Loading ( USA Only )
* BANK Account Loading (USA Banks Only)
★ You can also contact us for other Cyber Attacks And Hijackings, we do All ★
★ CONTACTS:
* For Binary Options Recovery
E-mail: Binaryoptionrecovery@gmail.com
* For Other Hacking Services
E-mail: compositehacks@gmail.com
Wickr: compositehacks
★CONTACT US AND GET YOUR PROBLEMS SOLVED IN THE TWINKLING OF AN EYE
★
investing in oil and gas has and is still making a lot of people " very RICH". Investors in oil and gas are getting rich daily. All you need is a secured and certified strategy that will keep your invested capital safe by opting out with no withdrawer crunch. A considerable number of investors worldwide have seen gains of 75,063%, personally I have made over 600%. For example I started investing with $1,000 and I made $3,000, $3,500- $5,000 weekly. Last year at the start of the year, I increased my invested capital to $10,000 and I made approximately $105,000 before the end of year. I've never seen profit opportunities like this before in any market even when other traders complain of losses. Now for the doubters, not only is it possible, it's actually happening right now. All you need is a good and secured strategy, a good investment platform, Appetite and market conditions. Incase you are interested in venturing into investing or perhaps you are trading and has been losing, feel free to contact total companyat E-mail: total.company@aol.com I will
Deletebe sure to guide and assist you.
Post a Comment