There are 3 main methods used when it comes to Hacking Facebook accounts. Briefly,They are :
1.Keyloggers : Making the victim open up his account on a system with a keylogger attached/ Sending a remote keylogger to the victim.
2.Phishing : Making a fake login page and having the entered details sent to you.(This has been explained in the "Starting Off" section).
3.Social Engineering : This is just a fancy term for making the victim give up vital information in a supposedly casual conversation. The information may be the user's recovery question's answer, which can then be used to take over the account via : "Forgot your password? Click Here!" Button.
Some time ago, Facebook developers patched in a new security feature. In a nutshell, if facebook detects that your IP address is different from the usual(previously used) IP addresses, it may stop you from logging in without further identity verification which may be, for example: an SMS code. Now this can potentially effect every type of hack, but if it is infact possible there is only one way to know- By doing it. Hope for the best, Prepare for the worst.
A Keylogger is type of software that usually runs in the background, without the knowledge of an innocent victim and secretly records their actions. A wide variety of functionality is offered by various products : Almost all record every keystroke on the keyboard in a simple text file format, some record mouse clicks and pointer locations, some record folders and files opened and some even take screenshots at regular intervals.
Most of the keyloggers provide an option whether to store the text file locally send it to an FTP server or your email id. They can be installed and set up relatively easily like any other program. Once setup, they usually go into hiding as a background process leaving no trace on the surface and starting up automatically when the operating system starts.
For some reason people seem to avoid or look over keyloggers, I can give you my word this is the best and easiest method for hacking any type of account there is, so definitely check this out. In our case, we want the victim to login to their facebook account on a compromised system, one that has a stealthy keylogger installed. There are two ways to go about this :Installing a keylogger on your system and having them use it to login to their FB account, or if you have temporary access to their system- Installing it on their computer and having the log files sent to you by email or FTP.
Whichever way you prefer, the method is the same. Download a keylogger, follow the smooth setup instructions as you would when installing anything, customize settings according to your preference and Let it rip !
I have personally tried and tested the following keyloggers, you can choose any of these randomly since they all seem to do the job :
(i)Actual key-logger - Download from http://www.actualkeylogger.com/download-free-key-logger.html
(ii)Home key-logger - Download from http://www.kmint21.com/download.html
(iii) REFOG Free key-logger - Download from https://www.refog.com/download.html
(P.S- Certain full versions of very good keyloggers are available as torrents from websites like isohunt.com , kickass.to but these torrents are illegal and we shouldn't use them)
2.Phishing : This method has been described in great detail in the "Starting Off" section. Follow the instructions carefully while using facebook.com instead of gmail.com.
3.Social Engineering : Facebook uses security questions as a recovery method, almost everyone sets it up to a personal question like :
"Where were you born? "
"What was your first pets name? "
Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.
A social engineer runs what used to be called a "con game." For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network's security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access.
Appeal to vanity, appeal to authority, appeal to greed, and old-fashioned eavesdropping are other typical social engineering techniques.
For this method to work, you need to know the person whos account you want to hack. In fact, you need to know them well enough, such that it doesn't seem suspicious when you carefully try to work up their recovery questions into your conversation and get them to answer it casually.
After that,using the "Forgot your password? Click Here!" Button one can simply turn over an account's user. But even after this, your work is not done yet. Nowadays facebook has implemented a 24 hour delay before recovering the account and logging in, So if the victim happens to log in during that period they can reverse the process in seconds. Not only do you need careful planning, but also careful timing.
Facebook uses a verification method during recovery -if the victim's email and phone number are no longer functional it asks to put in another phone number. If you can somehow get a hold of their cell phones or email accounts their account is yours, otherwise the process may be slow and fruitless.