The hack relies upon the fact that most of us want websites to remember us when we arrive the next time. We don’t want to put in our username and password each and every time we want to access the site, so we say the browser to “Remember me.” We don’t want to re-authenticate and provide our password, our system simply remembers it and provides it to the website.
Of course, those passwords must be stored somewhere on our computer. The key is to know where those passwords are stored and how to crack the hashed passwords when we find them. For instance, Mozilla stores the users’ passwords at:
c:/Users/Username/AppData/Local/Mozilla/Firefox/Profiles/**.default/cache2/entries
As you can see in the screenshot below, I have displayed that directory and password hashes from a Windows 7 computer running Firefox 36. These are all the saved passwords from various websites that Firefox has stored.
Elcomsoft’s Facebook Password Extraction Tool
Fortunately for the US, there’s an organization in Russia named Elcomsoft.
This company employs first-rate cryptographers and that they develop and sell computer code to crack varied positive identification encoding schemes. (As a facet note, a decoder from Elcomsoft was the primary person inactive and prosecuted below the DCMA once he came to the U.S. for a conference. He was eventually guiltless.)
Their computer code is listed as digital rhetorical tools, however, they’ll even as simply be used for hacking functions. one amongst their tools was used for the iCloud hack that exposed nude photos of Jennifer Lawrence and alternative Hollywood stars in August 2014.
Elcomsoft developed a Windows tool named Facebook positive identification Extractor (FPE, for short) that extracts the user’s Facebook positive identification from its location on the user’s system (the user should have used the “Remember me” feature) then cracks it. Of course, we want physical access to the system to try to this in most cases. instead, if we will hack their system, we have a tendency to might transfer this tool to the target system then use it or we have a tendency to might merely transfer the user’s browser positive identification file and use this tool regionally on our system.
You can transfer this free tool from Elcomsoft’s website, that formally supports the subsequent net browsers (though it should work on newer versions).
1.Microsoft net human (up to IE9)
2.Mozilla Firefox (up to Firefox 4)
3.Apple expedition (up to expedition 5)
4.Opera (up to Opera 11)
5.Google Chrome (up to Chrome 11)
The process of exploitation this tool is nearly idiot-proof. (Almost a demand for Facebook hacking, would not you agree?) you merely install it on the system whose Facebook positive identification you would like to extract and it will everything else.
One of the drawbacks to using this tool is that Elcomsoft released it back in 2011 and it has not been updated since. Maybe we should make this a Python project for the Null Byte community in the near future?
