Hack VK

So I will do the chapters:
1) Newbie
2) Knowing
3) Expert
I think you can start.
CHAPTER: BEGINNER.
Themes.
2. What is the main thing for hacking?
3. Perception of human psychology.
5. How to register fakes?
7. The simplest methods of hacking.
We hack people to get their data. We want to know his personal and secret information, usually for further use of this information. Everything is pretty simple. But ... Not so simple. The essence of hacking is much deeper than you think. This is a whole philosophy. We must hack a person so that he does not know about it, so that he remains a happy elephant. This is the difference between a good hacker and a bad hacker. He should understand the cleaning of his tracks, anonymity and, of course, psychology.
2. What is the main thing for hacking?
Of course you can say that this is the ability to crack. Or maybe the ability to clean up the traces. NO!
3. Perception of human psychology.
Human thinking, which is systematized and performs certain functions. It depends on emotions, factors from outside, including man. Let's compare the human brain with a computer? Both that, and that - a system. We write viruses, create phishing and by any means crack the computer, the system.
We are looking for vulnerabilities, and through them we penetrate the core of the program. So what forbids us to find this vulnerability in the human brain? What prevents us from hacking and delving into its settings? If the vulnerability of the system is digital errors, errors in the code, then the vulnerability of a person is his feelings and emotions. You can easily put pressure on a person’s “vulnerability” and gain remote control. Man turns into a puppet. The main thing is to be able to manage the system. I urge all people to perceive the human brain - as a system. If a person breaks into computers, he does hacking, and if a person breaks into the human brain, he practices social engineering. I will help you with social engineering and psychology. I hope I was able to impress you. I think after reading this article you understand a little more about human psychology. You can go on.
4. Rules of anonymity.
I will tell you a great thing. If you consider yourself 100% anonymous, you are stupid. 100% anonymity does not exist due to commonplace human errors. We are all vulnerable, we are all not safe. Especially now we live in such a time ... States have thought that it is necessary to take control of the Internet.
We are all under the hood.
1) VPN is the easiest way to anonymize. In fact, it protects quite well, and if you are engaged in seruga, then it is quite enough. BUT! It protects only from the state. Of course, if they take you seriously, then of course they will, but usually they don’t give a shit. If hackers want to hack you, then you are protected by exactly 0%! So use at your own risk. By the way, I mean at least a dual VPN.
2) TOR - An ideal defense against the state. Therefore, it uses it. It will be very difficult for the state to find you if you carry out dirty work in this browser. But .. From hackers you have zero protection. If you want to deanonymize malware using web browser vulnerabilities and so on, I have no chance.
3) You <- VPN + Dedic + TOR -> Internet - The ideal combination for complete anonymity on the network. In this case, not with hackers, not with the state, there is almost no chance to deanonymize you. The only minus of the ligament is speed. Tor will influence her as much as possible
Finally, we can move on to the sweetest. You now know about psychology, about anonymity. Now you can hack vk accounts? No…
Now is the time for preparation! First of all, you should register a fake. What for? For those who don’t know, I’m briefly telling. The most popular way to hack VK is phishing. Both beginners and experts use it.
Okay, I’m telling the lamers. Phishing is a site tailored to the official site of a large company. Let's say - VKontakte. We fake an authorization site, a person does not notice a fake, enters his data there. Everything is hacked. But! We will not lure people to our fakes from our pages? That's why we need a fake. To register an account in VK, you need a phone number, where can I get it?
sms-area.org
On them you can register and buy virtual numbers for 20 rubles. After you rented a number, enter it in the registration field, click on the checkbox on the numbers website and wait for the code.
I think to tell how to make such a profile is not necessary?
Go to settings, privacy settings, set everything as private as possible. Upload an avatar, hide a photo on the wall. Set the status to “Alert ...”
The simplest methods of hacking.
Here you have a ready account, you are anonymous, versed in social engineering, it's time to hack! Since this chapter is for beginners, I think you don’t even know how to put sites on a hosting, so I will advise you to use free hacking services. (More complex schemes in the following chapters)
In Google, find the services that provide phishing sites, namely phishing VK.
After you have found and your phishing page is ready, go to the treasured hack: 1) We need to shorten the link in vk.cc (If the link does not shorten, go to clck.ru, shorten it, then go to vk.cc) 2)
We hasten to inform you: recently, a transition to a dubious resource has been made from your page. In order to protect your data, we ask you to immediately change your password and use an online scanner to prevent infection of the application / browser. Verification will take no more than 5 minutes:
Instead of “id” we indicate the id of the victim. I forgot to say that we put it on the wall. After you post, the victim will see this:
Then everything is clear .. With a high probability the victim will follow the link, enter your data and you are in PROFIT. BUT there is one minus. With this service you can’t get Token, thanks to which you can bypass alerts and SMS confirmation. So I’ll tell you about the workaround in the second chapter. By the way, it begins!
7. Dumping several phishing scripts
2) Hacking in real life. (The most extensive area of ​​hacks. Here you can think of an infinity of ways for one reason! Social engineering. In order to crack well in real life, you need to understand social engineering. At least minimally.)
3) Password brute force. (People basically create passwords related to their lives. Important dates, hobbies, pets .. We will use this)
There are still a lot of ways, but you will already hear about more complex ones in the “expert” chapter.
2. Domains and subdomains.
Here I have a question for you.
How do you like the domain:
vk.com.professional-scanner.ru?
This is not vkuntukte.su for you. Or, generally, naebal-tebya.com on which phishing costs. And just to create such a domain, or rather a subdomain, we need hands .. (I thought what I needed, I never came up with it. I really only need hands)
We register on a free hosting, I recommend you 2 hosting:
zomro.com
Good, fast. And after we are registered, we go to register the domain. (I advise you to buy the .ru domain, but you can also free) Register such a domain (for example): spam-cleaner. (Domain) And after registration we create a subdomain. We will have a pallet - vk.com So it turns out: vk.com.spam-cleaner. (Domain) Cool? Cool. We pass to the script.
Basically, if a phishing script is good, it has its own admin panel. Of course, it is not mandatory, especially for hacking certain people, but it is more convenient with it.
In general, to connect this admin panel, you need to connect the Database. How will we do this? I do not see the point of throwing screenshots, everyone's hosting is different.
After registering a hosting, you should go to billing. You will have the column “MySQL database” (everywhere in different ways). Come over there.
After you need to specify:
1) Database Name
After the data is specified, look for the graphs that should be in your database. When you find them, go to your DB via phpmyadmin and add all these graphs to the database. After you put the script and everything should work. So I think I told everything intelligibly.
4. Work with phishing.
Finally, you can proceed with more complex methods of hacking. Although to be honest, they are not much different from schemes for beginners. In general, I will not merge any of my scripts, sorry, the manual is already free, but of course I will throw off the photos. Whoever needs to, copy. For the first method, we need a script like this:
A person got into the album, and after 5 seconds a redirect to this page occurs:
In general, I tell you how it will work. Register a girl’s account, at least fill it out a little (preferably with a good profile).
We wait about 3-4 hours and use another method against it.
Now there will be a game for complaints.
We will use the following script: After clicking on the link, this will be:
Then:
As you can see, we are trying to expose ourselves as hackers. The victim sees the link that she followed a few hours ago. She must enter a phone number.
AND! When she enters, everything will be as usual. “Expect SMS” and so on. That is, she will really wait for SMS.
The SMS input field will be opened. But SMS certainly will not. The site is fake. After she doesn’t receive SMS, she will click the “SMS did not come” button and she will be transferred to:
And of course, we steal the “Old Password”. I think with these two methods, the chance of hacking is almost guaranteed. And we are moving on to another method. We will use this simple script:
And after entering the phone, of course the fake code:
The victim presses “The code did not come” and sees:
That's all. Now let's talk about how we will hack. In fact, everything is the same as at the beginning of the first chapter. I was telling.
We write the following message:
Hello @id
We hasten to inform you: recently, a transition to a dubious resource has been made from your page. In order to protect your data, we ask you to immediately change your password and use an online scanner to prevent infection of the application / browser. Verification will take no more than 5 minutes:
If you ignore the security requirements, the account will be frozen after 24 hours from the moment you read this notice.
Notification # 19827 sent automatically.
Sincerely, VKontakte Team
Here the chances are a little less, but it seems to me that with such a cool script and the vk.com subdomain, the chances are also high. And now let's talk about mass hacking?
For hacking, we need to create an ask.fm account. We make an account of some kind of girl. We also create an instagram of this girl. We make it closed. Add one avatar everywhere. At least the same girl. The name is of course the same .. Further into the profile description of the insta, we add a link to the phishing site VK.
We ask ourselves 2-3 anonymous questions in the ask, and stupidly answer. I don’t know .. “What kind of dogs do you like?” etc.
And then we ask the question “How to find you in VK?” and answer:
After the transition to instu you already understood ..
And now let me tell you how to make people go to Instagram and enter their data on your phishing site. We begin to search for users in the ask. (By the way, this can be a personal hack). When we found the victim, we are writing to her NOT an anonymous question. Or rather:
Well, you understand ... A person of 100% will go to your profile in Ask and of course he will see how to find us on VK .. To find out. Well, then everything is clear, the account is hacked.
Also, do not forget about the mass hack with the group “Give free”. Who doesn’t know him? Okay, I’ll tell you. We create a fake, do not care what, and go to this group. We are looking for the last post reposting people who are online. We send them all, spam, about this:
Hello winner! Congratulations!! The long-awaited Iphone passes into your hands. You can find out how to get a gift in this group: (phishing)
All. The man is hacked. Especially in that group there are some morons. So everything is simple.
You can come up with many ways, I advise you to actually come up with your own way. People must be deceived in their own way. By the way, if you are going to hack a familiar person, it is better to find out his preferences, tastes, hobbies, and hack using this information. The odds increase at times. And now let me tell you already how to get around these fucking alerts and SMS confirmations.
5. A way to bypass alerts and SMS confirmation.
Everything is really very simple. When we crack a person, we get his AccessToken. With it, we will bypass all VKontakte protection.
Training:
What do we need for hacking? First of all, you should log in to apidog.ru, after installing the extension in the “EditThisCookie” browser. Then everything just up to I do not want.
Copy the victim's Token, go into apidog, open the extension and look for “userAccessToken”. After you delete yours, insert the victim's token. Click on the checkmark and refresh the page. That's all. You bypassed the SMS confirmation, you bypassed the notification.
As I said, in hacking in real life one of the most important things is social engineering! Without it, you are unlikely to succeed in hacking anyone. Just sleep.
For hacking you will need to write your own styler. Of course, you can buy it, you can make it super simple, but why? You can easily and simply write your own styler in c ++ or c #. For example. By the way, we teach writing a stiller.
The victim will come home, see a flash drive, of course he wants to see what's on it. Then it remains to hope that the hacking will happen successfully. By the way, there does not have to be a styler. Maybe RMS, and RAT, but anything shorter .. You can also use the scheme used in the series “Mr. Robot”. Why not? The idea is very good and does not use it. Suitable for mass hacks from your area. Is it cool? Get access to webcams of people from your area ?! And then! Generally…
Take blanks (blank discs) and record some tracks of a not popular person there.
2) Pour in there just a virus and call it something. Let's say “menu” or “listen to everything”.
The main thing is you do not stand in the same place for a long time. Took 5-6 people drives, you can go to another place. And then the police will come, the hacker will leave. And that’s all ...
7. Dumping several phishing scripts.
In general, as promised, plum scripts: (85mb) http://rgho.st/private/6ZyFNcXlS/1f594f9f91ddf488434 8e23dca59d335
Password: T.F.A.C.
Check for viruses !!!
Themes.
1. Work with Linux
3. Fake landing (or site)
5. Counterfeit SMS recovery
6. Interception of SMS of different operators
So we come to the most difficult and interesting. I must say right away that for hacking we already need Linux. Why exactly him? Everything is simple. In the next way, we will deal with DNS spoofing, open your vk.com. What?! Look already ...
The method is very good in real life. After connecting to the router, we will begin to change the dns of the server. More precisely fake. And after ... Everything in order krch. The first thing we do is write:
Next we look for ip
bettercap -I eth0 -G
route -n
After you find ip, insert it into the first terminal.
We get (Again we do not confirm the command):
bettercap -I eth0 -G 192.168.1.1 - T
Then again we go to another terminal and write:
nmap -sP 192.168.1.1/24
We are looking for an ip that we will attack.
Go to the first terminal and finally press enter!
After all these frauds, the person will have a site: http://vk.com/ - phishing
The only visible difference is the lack of an SSL certificate. No more visible.
If you go into details, you can certainly find differences, but it is unlikely that an ordinary user will do this. After entering data on the site, passwords appear at you.
3. Fake landing (or website).
I think the experts at hacking VK immediately understood what it was about. We will create a beautiful landing page or website with regular registration. As we know, many people use the same passwords in all services. This is what we use. We will need to create a completely ordinary, realistic landing / website. Preferably with a beautiful domain. Next, we must create a fake and lure the victim there. I will not tell how this is done for one reason. You yourself have to get to this. Not children. As he said, each victim needs his own approach.
I wonder how so far VK has not fixed this bug. What does it consist of? We must ensure that the victim deletes the page and doesn’t stop for at least a few days. It sounds complicated, but it happened to me so often.
I forgot to say. This only works after you hack the victim, and she changed the password and deleted the page. You go to the page recovery and specify the link. VK perceives the removal of the page - as the loss of the phone .. I do not understand them. In general, you indicate the virtual phone number there and wait for recovery. Usually you need to wait 1-2 days. (forgot already)
5. Fake SMS recovery.
It rarely works, but there are chances. What is the essence of hacking? I think you understand everything again. We will need to use a virtual number that can send SMS. How do we do it?
We go to VK and click “Restore Page”.
We indicate the phone number of the victim. SMS should come to her.
How do we do?
We take the message:
VKontakte has a new problem! Apparently your account has been hacked. We must make sure that you are the owner of the phone. Please send the code that you received a couple of minutes ago. Sorry to bother you in advance. Sincerely, VKontakte Team
And of course we send the victims to the phone. It remains to hope that you will receive a code.
6. Interception of SMS of different operators.
For a long time I will not rant. If you go to tor, look for markets, you can find people who are sending you messages for money.
These people work in companies of different operators and thereby help hackers with hacks. Usually these people charge 10,000 per sms. Hackers sell such a hack for 20,000. I think you’ll calculate the benefits yourself. The main thing is not to fall for scammers. And if you have connections, like our group, it’s generally perfect. Consider hacks free.
CHAPTER: RESULTS.
Let's summarize? I think that we did a great job and were able to teach you a lot! Now you know all the hacking methods that are currently available. Well, at least almost everything. There is another 5% secrecy. Unfortunately we will not tell.
Thank you for reading to the end, I spent a lot of time on this guide, it’s not mine, but I collected the info
Respectfully Team 《Journalism in English》