How i hacked my faculty crush!
Hello Everyone!! Mr.Hacker here, this is my first article on medium and its about how i got into my faculty crush’s fb account, and let me clear few things this article is only for education purpose and to know some key points about social engineering and how to proceed towards your victim step by step.
So all my hacking started during my engineering and it got more into my head after i watched Mr.Robot. I was obsessed to hack every person i met around me but i did not hack everyone like Elliot did except few once 😜.
During engineering there was this beautiful faculty in my second semester who taught us C language. Obviously i wasn’t the only one who had crush on her but ya i was the only one who hacked her.. 😁 and C being my favorite language as it was the first ever language i learnt and was the only subject i loved during that semester, daily after college i used to go to that m’am and ask questions and she also appreciated it as i was showing much interest in her subject. Day by day passed and i was more interested in knowing her, but finally she was professor and i was just a student as others were. Hence this was time when i decided to hack her because as Elliot mentioned in Mr.Robot best way to know a person is to hack his/her cyber life coz there are ton’s of secrets in ones cyber life and it shows how people really are.
Now Information Gathering Phase!!!
To start with hacking, the first thing i had to do is, reconnaissance about her. But the question was from where to start from?
OK! I had a single point of start, her personal email id. How did i get it? Remember i used to go to her almost everyday after college to clear my doubts. Ya unknowingly that turned into a social engineering attack to gain her trust and exploit it against her and she her self handed me her personal email id, so i could contact her on email if not possible personally. Actually she was very kind and generous person, which actually turned her generosity against her.
Yes her personal email id and now i could start information gathering phase. Information gathering is the most important phase because this information can be used in later attacks. The first thing i did was i visited https://pipl.com/ , it is people search engine to find a persons social username, phone number, email address and accounts linked to a single email.
Above is the simple search result on pipl.com, obviously my faculties name isn’t Anita, just a random name. You can also enter email in the name field which i had done or phone number. Then you get all the social accounts, usernames associated with the specified email or phone number or names.
In this way i found her Facebook, yahoo and quora accounts which were linked to the email id which she gave me. Later i did more recon on her Facebook account. I would like to give few tips on Facebook recon. For Facebook recon you can use https://stalkscan.com/ or https://osintframework.com/ which are best tools for information gathering as per me. Osintfamework can be used for other things also, not mandatory only for fb recon. One can do many things with osintframework like whois search, sub-domains gathering, usernames search, people search, image search etc.
I visited her fb account, on facebook you can find many information, such as birthday, email id if publicly visible, places he/she lived, education, basic contact info, family relations, mutual friends etc. Few things about fb recon is if you want to target a person on fb first you should know how much active that person is on fb. To know this, a simple trick is to visit his timeline and see how often he/she posts picture, videos or reacts to his/her friends post or is online. After all this things you can have a rough idea about when your victim usually comes online and goes. What information did i got? i found her birthday date, places she lived, books she liked, movies she watched, also came to know that she used to come online but not post oftenly. One common thing about her in read books section and movies section, she had mentioned harry potter book. This means she is potter head. I can use this information in future attacks or to plan a attack using her favorite character harry potter.
So later i started messaging her on fb, not casual messages but related to my C language doubts only. Initially it was causal but later i decided to gain more trust of her and the only way to gain a faculties trust is to perform better in his/her subject and just keep on asking doubts. After a time i found that she is completely in trust with me and i started sending her links to programming blogs, forums. Don’t ever sent a phishing link in the initial phase because it doesn’t mean if the person trust you he/she will trust the link too. Take some time, when you feel the person is interested and will look forward without any hesitation just execute it. Hence after sending few links of programming blogs and asking questions one fine day i decided to sent a phishing link to her.
Final Hack Time!!!
For this i used http://z-shadow.info/ a very simple and easy tool to phish people.
Now all i had to do is wait until she comes online and text her a link with a phishing message, so she believes and gives me her creds. Next i found an end point on Facebook which once visited when logged out shows a message as follows.
This was a perfect page, i gave the same link in z-shadow and the phishing page was ready. Next! after she came online i did some casual chat. These is mandatory because you cannot just send a random link and wait for the person to log in. Obviously that might make the victim suspicious and all your efforts will be a waste of time. Hence after some time i just recollected her about what she had taught in the previous class and said, what she taught completely differs from a source on the internet. Now no faculty would accept that they were wrong unless they really are, she did the same thing and asked me the source and i generously handed her the phishing link and told that its a coding page on fb. Later she encountered the “You must log in to continue.” and hooraaaaay!!! 😎
That feeling was just awesome! Later what i did with the creds is not the key point here. This article was to focus on social engineering aspect and how social engineering is the key to hacking. One doesn’t only need client side vulnerabilities to exploit the victim or sending malware and gaining remote shell. SE can be used very easily and many underground hackers use it. One thing to remember is that i had no bad motives to hack, rather it was just curiosity and to test my skill set. Later i told her how i executed the whole hack and she was amazed and actually appreciated me. That was really the best feeling after the hack instead of reporting me to the cops 😉 she did appreciate my skills and encouraged me to use them for ethical purpose.
The Key Points To Remember From This Article (Victims Perspective) :
- Never give your personal email id to anyone, however trust worthy the person is, might be your best buddy also. Don’t trust anyone!
- Never disclose any public information on social networks, email id, phone number, birthday date, favorite movie, books, sportsperson, actor etc. Because this can be later used to start fluent conversation with you.
- Always check the links you visit.
- Don’t just randomly enter your credentials on any link, just because it has a Facebook or gmail logo.
The Key Points To Remember From This Article (Hackers Perspective):
- Social engineering is the key to hacking.
- Always do as much of information gathering you can about your victim.
- First understand your victim, his personality, what kind of person he/she is, what does he/she like, favorite movie, books etc.
- Later user the above gathered information to start a conversation with the victim, in this way the victim will be friendly and might trust you.
- Gain victims trust (most important), have patience it takes time.
- Don’t just send phishing links in first go it self.
- Make a blue print and wait for the right time to execute the hack.
That’s it, i hope you enjoyed this article and if any mistakes let me go as this is my first article 😜
Yes and in my next article ill reveal how a simple shoulder surfing trick can be used to get into few more accounts. Simple but not easy trick!.
Happy Hacking. 😊
