Potresti utilizzare questa guida anche per rubare la password di Facebook di un altro contatto, ma lo scopo del tutorial è aiutarti a ritrovare la password di Facebook senza difficoltà e senza possibilità di sbagliare.
La procedura consiste nel trovare la password che si nasconde dietro gli asterischi nella pagina di login di Facebook. Questa tecnica può essere utilizzata su qualunque browser e non è necessario scaricare alcun software.
1) Apri il browser, io uso Google Chrome, e vai su Facebook. Se la password è già salvata troverai al suo posto degli asterischi neri, che come sai servono per nascondere la parola che, invece, noi andremo a trovare.
Una volta terminata la procedura e trovata la password sarebbe buona prassi, per sicurezza, modificarla. Per questo passaggio sarebbe molto utile dare uno sguardo alla nostra guida per creare una password perfetta: elaborata, ma facile da ricordare.
Esiste anche un altro metodo con cui ti spiegherò come scoprire la password di Facebook. Devi sapere che ogniqualvolta accediamo al nostro account da un browser (Google Chrome, Opera, Safari ecc.), questo salva in automatico determinate informazioni che inseriamo.
Ingegneri informatici e esperti di sicurezza informatica propongono dietro generosissimo compenso recupero password facebook e caselle e-mail, recupero conversazioni WhatsApp, recupero SMS inviati e ricevuti con testo e numero di telefono.
Wilson basta che al termine dei vari passaggi clicchi su un punto qualunque della pagina (un click a vuoto insomma) in modo che gli asterischi diventino le lettere che compongono la password di Facebook
1. Recupero password di facebook2. Recupero password di caselle e-mail3. Rintraccio conti correnti e depositi bancari4. Ricerca da numero mobile verso anagrafica5. Rintraccio targhe auto6. Intercettazioni ambientali7. Freelance programming8. Precedenti penali9. Visure INPS10. Identificazioni anonimi e disturbatori11. Recupero dati cancellati da hardisk e dispositivi mobili
How Chrome saves your passwords depends on whether you want to store and use them across devices. When you're signed in to Chrome, you can save your passwords to your Google Account. Passwords can then be used on Chrome across your devices, and across some apps on your Android devices.
You can use the Windows password filter to filter domain or local account passwords. To use the password filter for domain accounts, install and register the DLL on each domain controller in the domain.
Perform the following steps to install your password filter. You can perform these steps manually, or you can write an installer to perform these steps. You need to be an Administrator or belong to the Administrator Group to perform these steps.
Copy the DLL to the Windows installation directory on the domain controller or local computer. On standard installations, the default folder is \Windows\System32. Make sure that you create a 32-bit password filter DLL for 32-bit computers and a 64-bit password filter DLL for 64-bit computers, and then copy them to the appropriate location.
To enforce both the default Windows password filter and the custom password filter, ensure that the Passwords must meet complexity requirements policy setting is enabled. Otherwise, disable the Passwords must meet complexity requirements policy setting.
Storing user passwords in plain text naturally results in an instant compromise of all passwords if the password file is compromised. To reduce this danger, Windows applies a cryptographic hash function, which transforms each password into a hash, and stores this hash. This hash function is one-way in the sense that it is infeasible to infer a password back from its hash, except via the trial and error approach described below. To authenticate a user, the password presented by the user is hashed and compared with the stored hash.
Hash Suite, like all other password hash crackers, does not try to "invert" the hash to obtain the password (which might be impossible). It follows the same procedure used by authentication: it generates different candidate passwords (keys), hashes them and compares the computed hashes with the stored hashes. This approach works because users generally select passwords that are easy to remember, and as a side-effect these passwords are typically easy to crack. Another reason why this approach is so very effective is that Windows uses password hash functions that are very fast to compute, especially in an attack (for each given candidate password). More information about password cracking can be found here.
Hash Suite also supports rules that can be applied to all key-providers. Rules are common transformations to base words that many users make to form passwords (for example, the word "love" might result in a password of "Love12").
To crack hashes we first need to obtain them. Normally you obtain the hashes from a local/remote machine; however, in this tutorial we will use hashes from password cracking contest Crack Me If You Can 2010 (available from here). These are publicly available hashes of realistic yet artificial passwords (so anyone can access them without concerns), and many of the hashes are of types used on Windows systems (and thus are supported by Hash Suite). The contest lasted 48 hours, which corresponds to a reasonable effort for us to spend as well, and in the end we can compare our results with those of contest participants. First import the hashes (alt+f+i) (fig 5).
You will import 3380 LM, 30640 NTLM, 326 raw SHA1, 10582 SSHA, 4716 MD5CRYPT, 80 BCRYPT hashes (fig 6), excluding possible duplicate hashes (resulting from the same passwords seen more than once). In this tutorial we will focus on LM and NTLM hashes and superficially consider SSHA and MD5CRYPT.
LM hashes were introduced in earlier versions of Windows and support for them continued in later versions for backwards compatibility, even though they were recommended by Microsoft to be turned off. As of Windows Vista, the protocol is disabled by default, but continues to be used by some non-Microsoft CIFS implementations. These hashes were very weak: we can crack ANY valid LM hash password within hours by brute-force (additional information regarding LM hashes may be found here).
We will use the Charset key-provider, which is the default option (fig 7), and a range of password lengths from 0 to 6, which is also the default. (You can see parameters on the left panel or by pressing alt+p.) So we only need to start the attack by pressing alt+1 or clicking the Start button (we can pause/stop any attack by pressing alt+2 or clicking the Stop button).
We then increase the password length to the maximum value for LM hashes: 7 and deselect the Symbol characters (fig 8). This will use only Upper and Digit characters, and will find common passwords first. Note that Hash Suite is smart enough not to use lower-case characters (which the LM hash algorithm would have converted to upper-case anyway) even if selected.
NTLM is the successor of LM. It was introduced in Windows NT and it is still in use. First, select the NTLM hashes with alt+m+f (fig 9). Then, infer the case of characters of our cracked LM hash passwords: select the LM2NT key-provider (fig 10) and start the attack (alt+1), which should complete instantly.
We will use the Charset (fig 14) key-provider with default options, which are: password length from 0 to 6 with all printable characters. Note that our password length settings were reset when switching to the NTLM format.
The popularity of passwords based on phrases has risen lately. Hash Suite provides a phrase generator with English words. Now let's use Phrases (fig 15) of 2 words with the most used English words.
Fingerprint decompiles passwords into all possible parts or patterns ordered by use. Then you recombine them with Phrases creating common patterns many humans will choose. This is a powerful and simple attack to try apparently complicated passwords. Hash Suite provides a file with many common patterns ready to use. Just choose the file fingerprint_common_pro.txt and use Phrases of 2 patterns and one million maximum words to load (fig 17).
Once you have enough found passwords you may try to find patterns in them to launch a more specific fingerprint attack. alt+p+f (fig 18) generate a fingerprint.txt file with patterns from the found passwords. Click Yes to begin the attack.
Note that you can repeat this procedure again. Given that 2061 new passwords were found, new patterns will be generated resulting in more passwords found. Let's do the fingerprint again (alt+p+f) to test this.
There is also an easy pattern of person names with leetspeak transformation. We can exploit it by downloading the wordlist facebook-names-unique.txt.bz2 and applying leet rules. We leave this pattern for readers of this tutorial to explore on their own.
We have enough time left that we can employ "smart" brute-force. We plan what we will do for password length from 8 and up. Given a speed of 9.60 billion hashes/second, we calculate the number of different characters to try assuming that we want to spend 10 hours on each candidate password length:
It is pretty clear we expect to maximize found passwords using password lengths 8 and 9. We distribute the remaining 41 hours between these two lengths proportionally to the Coverage, giving us 30 hours for length 8 and 11 hours for length 9. (Hash Suite might automate this analysis and length distribution in a future version.) 2b1af7f3a8