How to hack facebook – 2017 100% working

Hacking facebook is nearly impossible. Then how facebook accounts are hacked? Actually hacking into facebook database is nearly impossible. Its not an easy job (only a few had done it.. lol). But still there are many other ways to hack an account. Here is one method – ‘phishing’. Phising means collecting sensitive data like passwords and usernames or even credit card details with specially crafted webpage that which is the exact clone of the genuine one. we have to setup a trap and wait for the prey to get in. Now Just follow the steps.

Step 1

As said before, We are setting up a trap. We have to make a fake login page and a script to capture the username and password. If you don’t have much experience in PHP and HTML don’t worry just download the codes from below link.

Phishing scripts


Step 2

After downloading the files we need a server to host it. If you have one server (kali linux have Apache built in) just host it. If you dont have one just make one account in a free hosting service.


Step 3

Here we are using a free hosting service 000webhost.com Go to the home page and click signup.

ALTERNATIVE (built in apache server)

Kali Linux have built in apache web server. copy the files index.html and login.php to “/var/www/html/” directory. Forward the port 80 in your router. Your public IP will be your web address. Open a browser “http://<your public ip>/” this will give you the phishing page. I don’t recommend this method because no one will open the ip address unless you have a domain name


Step 4

Register with your email id and make an attractive domain name. Note down the password that you have provided. Now again go to the home page and click on ‘members area’. Login with your email and password, it will take you to the C-panel of your website. Click on file manager, your home directory will come up. Now just upload the file that you have downloaded (index.html and login.php) to the “public_html” directory.


Step 5

Open new tab on your browser and enter your url (i.e url of the website that you have just hosted). If a facebook look alike page appears then get ready for the hunt. You have just made an evil twin of real facebook login. Now just give that link to your victim and wait for him to login. Just say this is you FB page, just check out.


Step 6

Wait for our prey.. If our target has opened the link and logged in with his credentials our php script should have captured the password and saved to a text file – password.txt. to retreive this go to the cpanel and login again open the text file. Enjoy !

BONUS: You can also change the dns of a target systems like internet cafes or offices and redirect the facebook.com to your rouge dns (i.e your phishing sites’s DNS). so when a user type in facebook.com it will be redirected to your phishing page. Through this way you can get tremendous number of login credentials a day.


change dns of windows

Since most of the system in internet cafes run on windows this will workout. open cmd as administrator and open host file by the command
# notepad.exe %SystemRoot%System32driversetchosts

now you can find the entries is localhost. Add the following line at the bottom and save it. (find your own IP by ping command: # ping yoursite.com)

<your site’s IP>        facebook.com
<your site’s IP>        www.facebook.com
<your site’s IP>        fb.com
<your site’s IP>        www.fb.com

Now when a user types facebook.com on any browser in that system he will be redirected to yous phishing site
you can check it out yourself.


 Any doubts or questions? Ask it on our new hackers Q and A forum askthehackers.com
Ask a Question

susmith HCK

susmith HCK Author

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you. If you like all these stuffs add me on Facebook and Google plus.