While techies, geeks and newbies are searching for how to hack into facebook account, an Indian Security Researcher Anand Prakash proved it was so easy, Yeah ! “it was” now the bug is fixed by Facebook. It was a zero day vulnerability. Even Facebook Awarded a big bounty to Anand Prakash about 10 Lakh [15000$]. The Vulnerability was simple but as security purpose it was a strong vulnerability.
Well i forget to mention, After successfully blogging 7 months we had launched new niche News,in which all posts are related to and here it is first post. Cheers to motivators and inspires that helped us in enhancing our capabilities.
Before 21 Feb ( the vulnerability discovers) A simple Security Researcher or One with some hacking skills can easily hack into your facebook account, can change your facebook password and can read your facebook messages. But it was a Indian Hacker Anand Prakash, an Security Researcher at Flipkart who made facebook secure
When You will go to Prakash’s twitter profile You will see “Bug Bounty Hunter”. Yeah this guy spends 2-4 hours in weekends to discover bugs only. Not only Facebook , He also discoverd bug for Twitter, Google, RedHat, Adobe, and many other US based companies and for that he has won rewards but the funny thing is, he identified a loophole for Zomato and you know what they gave him – a Thanky ou message
Now Come to Technical Part of this Simple Bug/Vulnerability
There is a beta version of Facebook. The strange thing was that bug worked only in beta version of Facebook i.e. beta.facebook.com and beta.mbasic.facebook.com
There is an option of forget password in Facebook, which sends a 6 digit code to registered email id or mobile. We can enter wrong code only 12 times
Prakash discovers that in beta version we can enter that 6 digit code infinite times. By this way someone can easily hack into your Facebook Account with a Bruteforce attack.
Let’s see How Prakash did this
He used a Brute force attacker Software Called BurpSuite which is pre installed in Kali Linux.
He also Uploaded a video of it, Later it was deleted from Youtube but still Available on Vimeo. According to Prakash Blog Post the Facebook hacking vulneribility exists only on beta.facebook.com and mbasic.beta.facebook.com
Editor’s Desk- Well that was an Simple Vulneribility, but it was very serious kind of bug for a billion dollar Company ,By the way Vulneribility is fixed now. These Guys Inspires us and Who knows You will be the next Bount Hunter