Hacking Social Media Accounts with Phishing and Social Engineering

This time I will discuss the technique of hacking someone's social media account by tricking the victim with a fake site (phishing). This technique is also called Social Engineering whose purpose is to lure the target into the trap that we send. Simply put, we create a fake web on our computer that imitates the real web, then hosts the web to a WAN network and sends it to the target.

To do this method requires a PC that has Linux OS installed, in this experiment I used Parrot Security OS. You can use the Linux OS of your choice, it's up to you as long as you understand how to operate it. So just follow the steps - the steps.

First of course a Linux OS, here I installed it in virtualbox.

In this experiment, we use a phishing tool that is quite popular and widely used by hackers on github, namely SocialPhish.

Install the SocialPhish tool on your Linux with the command below.

git clone https://github.com/xHak9x/SocialPhish.git

Go to the already Clone SocialPhish Directory.

cd SocialPhish/

Next, give permission access to the phishing script that we will use.

chmod +x socialphish.sh

Next we have to download a tool to create a WAN connection so that our Phishing can be accessed from outside. In this experiment we use the ngrok tool. Ngrok is an application that is useful in establishing a tunneling connection from a local network to a WAN. You have to visit the site first through a browser at ngrok.com . Then you have to register an account there.

Ok, I assume you have registered a ngrok account. Here I show when I login on ngrok, we will be taken to our tunneling manager panel. 

The next step is to download ngrok for your linux device. Click the Download for Linux button.

After finishing the download, I moved the application from the Download folder to the SocialPhish folder.

mv ../Downloads/ngrok-stable-linux-amd64.zip     ./

Next, extract the ngrok zip file.

unzip ngrok-stable-linux-amd64.zip

Connect ngrok with your ngrok token that you previously registered. Don't share your ngrok token with anyone, you just need to know, for example:

./ngrok authtoken 7d3fw44arezQVftMSr8Pn_64q8SAPjGoCzxxxxxxxxx

The configuration is complete, now we just have to run it.


For example, I will create an Instagram fake website, I will enter number 1 in the options like the image below.

In the next option we will be directed to the choice of port forwarding that we use, I will choose number 2 because it uses ngrok.

After that, the system will provide an Instagram clone phishing link. We just need to send the link to the victim who we want to hack into his social media account. 

Just copy https://tinyurl.com/xxxxx listed on the terminal or https://xxxxxx.ngrok.io, you can pass it on to others. For example, I will open the link on my own computer, and enter a random password.

It appears from the display that phishing actually displays the Instagram login page, and when I press the login button then nothing happens. But this is what will appear on my Linux Computer.

Not only the account password, in the part that I censor there is also my IP, Continent, Country, City and even my Internet Service Provider listed. This phishing link not only steals my password and account but also my information on where I am. Well that's how it is, if you want to use another template like facebook, paypal you just need to change the option number in the terminal selection and repeat it from the beginning. That is all and thank you.

Posting Komentar

Posting Komentar