There are tons of people out there searching for methods to hack Facebook accounts and hack Facebook password. When searched online, they fell for the scams and end up getting hacked themselves.
Do not trust any website claiming to hack Facebook accounts; we have tried all of them and guess what they are scams asking you to pay for money…!
So today we decided how to hack Facebook for free, i.e., without any paid software and just by using a few simple tricks and a little bit of information of the person who’s the Facebook account you are going to hack and some creative social engineering. So, let’s get started…!!!
Table of contents
- Hacking Facebook
- 1) Guess Password-
- 2)Try older password-
- 4) Remember me
- 5)Spy Apps
- 6) Keyloggers
- Shadow- Kid’s key logger
- 7) Forget Password
- 8) Google Smart lock
- 9) Brute force
- 10) Cookie stealing
- 12) Plain Password grabbing
- 13) Creating fake websites to lure victims.
- PhishX Phishing Tool-
- 14)Malicious extension hack
- 15) Reset the password directly using this link
- 16) Hack email
- 17) Hack their phones
- 18)USB stealer
- 19) Facebook password extractor
- 20) Shoulder surfing
1) Guess Password-
Today we have all tons of accounts like Amazon, Netflix, Facebook, Instagram, etc. and it becomes difficult to remember the passwords of all accounts, so people usually put 2-3 passwords everywhere.
So, the trial and error method get simple. Try to get those passwords and use them. Guessing the password is a total game of luck, but you can improve your chances by using things they like.
Over 50% of people either use their name or their mobile number as their passwords. There is a possibility that you might end up with a successful hack of your Facebook account. Some even use their girlfriend’s names as a password. The most common combinations of Facebook passwords are as follows:
- [name]123$$ or 123##
- [mobile number] $$$
- old mobile numbers or current mobile number
- Crush name
- girlfriends name etc.
You can read more about on our article how to guess passwords?
2)Try older password-
People are too lazy to think when it comes to making a password. No one likes to remember the passwords. So, they end up making one good password and reusing it on every account.
So basically over 90% of people have been using the same password over and over again. Just think about places where you have used the same password. Maybe Netflix, Amazon, Facebook, Instagram, or any other site.
Chances are very high to get the right password if you know any of their previous passwords. At most, there will be a slight alteration to the password. Many people change their Facebook passwords a lot. But they never change their Gmail password. GUESS WHAT…!! YOU CAN HACK ANY ACCOUNT IF YOU HAVE ACCESS TO THEIR GMAIL…!!
So be creative I’m sure you will be able to find a way to get some passwords from them. I’ll also be writing an article on Guessing passwords and social engineering. Do read that as well.
Must read: How to hack Netflix
Phishing is a method by which you can acquire the username, password, credit card by disguising it as a trustworthy website or an application and hack Facebook account.
Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in electronic communication.
You can get many phishing websites on the web, and that does work brilliantly, and all you have to do is create an account on the website and send the link to the person using WhatsApp or Facebook or even Email works. They have to log in to their account and voila, you get their credentials.
So, put you can create a fake Facebook page and trick the other person to enter their credentials into the fake page you have created. This requires a little bit of social engineering and trickery, which I am sure my fellow hackers can manage.
Currently, I know of three automated phishing websites which can help you get the job done:
Step 1: Create an account on the following websites. Use fake emails
Step 2: Generate the fake facebook phishing link.
Step 3: Use social engineering to trick the victims in using that link.
Step 4: Check the dashboard for the password. There will be my victim’s section for the same.
Note: Do not use your real email or passwords on these websites. You have been warned.
Please read the individual articles on how to use each Phishing tool.
4) Remember me
This might be the safest and quickest method to get the username and password of a person by letting them log into their account on your device. Just make the remember me option enable so even after closing the window/app, the credentials will remain in the saved memory.
This method may not be able to give you the password but surely the username and the access to their Facebook until they notice. So, use access for passive monitoring to be discreet as long as possible.
Also, if you are on a desktop system, then you can easily see the password of the person. This requires an easy trick to unscramble the password and hack the Facebook account.
Must read: How to hack wifi
Step 1: Open the Facebook login page and see the saved credentials
Step 2: Press F12 or Use inspect element to open the inspect element panel.
Step 3: Select the password field. You will see an option called password type= password. Change it to password type=text.
Step 4: The secret password is now visible, and you can easily see the victim’s password.
This is the best method for accessing the person’s not only Facebook credentials but lots of other things as well like contacts, call logs, camera and many more.
If you get the person’s phone, you have to install the spy app on their phone, and you can monitor their every activity. This might sound very creepy, but this is one of the best methods for getting credentials and taking over their phone.
Check out our: list of the best spy apps available.
Keylogging is the method which is used to monitor the keystrokes on the person’s device and getting the log file consisting of which keys were pressed. It can be tricky, but surely it can give you everything the person will type, and that does include the passwords and other credentials.
This application you have to install in the person’s device, and you can access it remotely from your device. A lot of the spy apps have keyloggers do feel free to check them out.
Shadow- Kid’s key logger
Shadow is an Android application available on Google Play Store, which is specially designed for the parents. It will record every key event which has been triggered during its usage, such as applications used, time spent on each application, key events, etc. There is also a short guide which will help you to understand how to use it.
7) Forget Password
If you manage to get access to the person’s phone or other devices with email, you can surely try to forget password option and get the reset password link or OTP on the person’s phone and reset the password.
This will give you temporary access to the person’s account until they notice it. But it can be helpful if you want to access their account under any condition.
8) Google Smart lock
A new feature introduced by Google as a method to save passwords on phone and laptops. What it does is it autosaves all the passwords used for apps and devices on Android or chrome.
What you can do with this is you can make them sign in to their Facebook account using your Android device. Their credentials will be autosaved into your account the next time when you type their email address their password will be auto-filled, and you will have access to their account. Smart Indeed.
This feature can be misused, especially on phones.
9) Brute force
This is the most annoying and hardly useful strategy to hack a Facebook account. It’s not and will work only if you have more than 75% of the password already. Which is difficult, but to cover every method, I include this as well. I`ll be writing an article on brute-forcing as well so stay tuned. Bruteforce is not recommended as passwords tend to vary a lot. Unless you know part of the password or the password is available in the dictionary, it’s not possible to crack it.
I have written a separate in-depth article on hacking facebook with Bruteforce
With this guide and scripts, you can hack facebook with brute-force easily.
10) Cookie stealing
Cookie stealing or session hijacking is another method where you can access a victim’s Facebook account without having access to the personal account. I’ll have written an in-depth article on cookie stealing, and it’s a slightly technical method. So, it will take some technical knowledge. You can do this by using BURP suite and BEEF, which are tools in Kali Linux.
For now, know that you need to steal the session cookies to hack the facebook account of the victim.
If you can get close to your target, you can trick them into connecting to a fake Wi-Fi network to steal credentials via a Man in The Middle (MITM) attack. Tools like the Wi-Fi Pumpkin make creating a fake Wi-Fi network is as easy as sticking a $16 Wireless Network Adapter on the $35 Raspberry Pi and getting close to your target. Once the victim connects to your fake network, you can inspect the traffic or route them to fake login pages. You can even set it only to replace individual pages and leave other pages alone.
The diversity of MITM attacks is what makes it the most difficult to prevent these type of attacks.
Zanti Pentesting Toolkit for Android is a good example:
Step 1: Install the Zanti app
Step 2: Open the app and give it the necessary permissions. It requires superuser access.
Step 3: Connect to the wifi and select the target IP
Step 4: Begin the man in the middle attack.
Step 5: Password will be available in the saved passwords list.
This zanti is an excellent choice since you can hack facebook on the go with your android phone. Download here
Must read: Hacking Using Zanti
12) Plain Password grabbing
This is another standard method used to steal Facebook user’s password and other credentials. Most people are unaware of this hack, but traditional hackers use this method to hack user accounts all the time.
How does Plain Password Grabbing works?
In this method, the malicious hacker targets a particularly low-quality low-security website. This xyz.com website, where the victim is a member is insecure. The hacker hacks their database to get the stored plain username & password of victim.
Many of us use the same password for FB. So, it is easy for a hacker to get your password through the low-security website.
Ordinary people, who use the same email and password for these kinds of low-quality websites, may end up losing their Facebook account.
13) Creating fake websites to lure victims.
This is a combination of phishing and social engineering. The attacker makes a proper fake website where the user might be interested in joining. Then he makes it such that the user has to sign in to use the services. Sometimes the website purposely suggests a Facebook sign in. So, the users’ credentials are sent to the hacker.
You can also use Kali Linux and social engineering toolkit to hack a Facebook account password.
Related article: Hack facebook with Kali Linux
PhishX Phishing Tool-
Git clone https://github.com/WeebSec/PhishX.git
After cloning, install the tools and its requirements using the commands below
Chmod +x installation.sh
2) Running PhishX
Use the following command for running PhishX
The PhishX interface can be seen after entering the above commands, which enables you to choose options for spear phishing. Check the image below for the exact idea of the interface.
The list of options is nothing but website names of which you have to create a page for a spear-phishing attack. If we select 2, i.e. Facebook account option, it will open the facebook account page creating a setup for a phishing attack. As the spear-phishing attack needs the target information. If the Facebook account page is considered, then the Email address, username, phone number, and the location is required as a prerequisite. Also, spoofed email is to be provided to the tool
Once the information is provided, the tool generates a link which is to be shared to the target user.
Once the page is shared to the target user, the machine detects user interaction on the shared link page.
If the user will enter data in that page, the information along with location and IP address is captured and sent to the attacker.
Thus completing the perfect phishing attack without the user even realizing it.
14)Malicious extension hack
The hacker either makes a new virus extension or edits an existing one to add malicious code to it. Then the attacker forces the victim to download the extension by tricking the victim and thus stealing all the user data and credentials of the victim.
This requires a lot of technical knowledge. So, it’s not done by everyone. But many skilled hackers use this method to hack victims. It needs a lot of programming knowledge, and thus, I cannot show you how to do this in this article since it will be difficult to explain.
15) Reset the password directly using this link
Use this link
Originally meant to be used as a recovery method. We can use this link to reset the password of a logged-in person without knowing the existing password. This can help you take over someone’s account.
Note you need to do a lot of social engineering and find out critical information about the victim. Unless you give correct answers to the security questions password might not be reset.
16) Hack email
You can hack their email by a phishing attack or a spear-phishing attack. This is also an attack vector. By hacking their email, we can easily hack a facebook account.
There are numerous ways to hack email accounts. I cannot cover all the methods in this single article. So a separate article for hacking emails will be coming soon.
Link: Coming soon
17) Hack their phones
You can hack their smartphone by malware and trojan. You can use this phone to hack their Facebook account.
This is what hackers call an attack vector, basically instead of directly targetting Facebook account of the victim. We will instead attack their phone. A detailed article is written by me on how to hack Smartphones. So do check it out and support the community by sharing the articles.
USB stealer is an automated hacking pen drive which when connected to any system will automatically run and copy all the passwords and username. As you can see below in the image the script copied all the passwords from my system including my facebook password.
This is how you can hack facebook with USB Stealers.
You can download this from the official GitHub page of the project.
This hack is fully automated and does not require any technical knowledge. Read more about making USB Stealer on the article below:
Read about hacking with USB STEALER
19) Facebook password extractor
There are apps which can extract saved passwords from cookies and logins from google and chrome database. This is one of the easiest ways of hacking facebook.
I have already written an article on hacking facebook with facebook password extractor. Do check it out.
This tool has been made by Elcomsoft, and it probably one of the best password recovery tools for Facebook.
20) Shoulder surfing
This is the simple act of seeing which keys are typed by the user while logging in. You can see the password of the person logging in if you see the keys carefully. You can also record a video of the victim typing his or her password.
Without the victim realizing. Then you can see the video in slow motion and use that to recover the password. Shoulder surfing is one of the most prevalent and also one of the oldest tricks to hacking Facebook.
Just stand behind the person typing the password and check out the different keys pressed by him. This can help you guess the password directly.
Also, learn how to hack windows password
Congratulations you have learned the art of hacking Facebook. These are all the possible ways of hacking Facebook. If you do know more. Tell us in the comment section. Happy Hacking..!!!