How To Bypass Two Factor Authentication Of Gmail Account Using Advance Phishing Technique

According to citizen lab,Iranian hackers have developed a sophisticated phishing scam to takeover Gmail accounts by bypassing the two factor authentication.Citizen lab published a report at the university of Toronto’s Munk School of Global Affairs.This is not the first time when hacker used the phishing page to hack the victim account. Few days ago,Elastica Cloud Threat Labs discovered a deployed phishing page on Google Drive


Phishing page developed by Iranian hackers is advance as it has capabilities to obtain the Credential and One-Time-Password of victim account.The Iranian hackers used phone and email to bypass Google’s two-factor authentication system and take over the victim’s Gmail account.

The recently discovered attacks on Gmail accounts start with text messages that pretend to be sent from Google. The messages warn users that of "unauthorized access to their Gmail accounts is detected.To protect your account Please Reset your gmail account password".

Attack Scenario

First attacker send a fake “password-reset” SMS to victim when victim click on bogus password-reset page.Victim redirected to phishing page.The reset pages simulate the Gmail 2-step login process to the victim. The attacker uses the victim’s input to login Gmail account.The attacker login attempt trigger Google to send a genuine 2 factor authentication code to the victim.When victim insert the two factor authentication code,it is inserted in the fraudulent page.By using this phishing page attacker can easily obtain 2 factor auth code and have access the victim account. Why this phishing page is advance because it has capabilities to phish both the user password and the Two factor authentication "one-time password" used by Google.
Gmail-phishing-mail-draft

To mitigate the danger of exposure to such attacks it's always preferable to enable two-factor authentication for each on-line service.

Experts suggest that an easy way to discover the fake password reset pages is to check the URL searching for the https:// prefix, sadly I inform you that this isn’t a whole defense against phishing attacks as a result of this type of offensive is additionally exploiting HTTPs connections.

List Of 100 Massachusetts communities having the most Ashley Madison users

The data analysis firm Dadaviz has analysed the hacked data of the Ashley Madison website and revealed that thousands of the customers are from the Big tech companies,Continued with a list another data analysis company anonymously posted the list of top 100 Massachusetts communities on reddit.Among those Alabama placed first, followed by Colorado, the District of Columbia and so on.


List Of Top 100  Massachusetts communities having Most Ashley Madison Users:
  1. Boston – 47,951
  2. Worcester – 13,079
  3. Cambridge – 12,486
  4. Watertown – 10,071
  5. Quincy – 9,420
  6. Lowell – 8,314
  7. Somerville – 7,035
  8. Newton – 6,496
  9. Webster – 6,053
  10. Westfield – 5,873
  11. New Bedford – 4,495
  12. Fall River – 4,491
  13. Framingham – 4,434
  14. Brockton – 4,411
  15. Waltham – 3,876
  16. Haverhill – 3,710
  17. Lynn – 3,660
  18. Randolph – 3,293
  19. Pittsfield – 3,219
  20. Malden – 3,201
  21. Agawam – 3,146
  22. Taunton – 3,136
  23. Woburn – 3,081
  24. Beverly – 3,032
  25. Southampton – 3,009
  26. Brookline – 3,002
  27. Natick – 2,958
  28. Marlboro – 2,912
  29. Norwood – 2,845
  30. Chicopee – 2,794
  31. Gardner – 2,776
  32. Chelsea – 2,689
  33. Peabody – 2,639
  34. Leominster – 2,625
  35. Revere – 2,607
  36. Wakefield – 2,551
  37. Fitchburg – 2,549
  38. Methuen – 2,492
  39. Attleboro – 2,426
  40. Westwood – 2,413
  41. Allston – 2,386
  42. Abington – 2,370
  43. Shewsbury – 2,359
  44. Northampton – 2,326
  45. Braintree – 2,286
  46. Grafton – 2.251
  47. Gloucester – 2,201
  48. Stoughton – 2,067
  49. Melrose – 1,933
  50. Acton – 1,857
  51. Bellerica – 1,831
  52. Tewksbury – 1,800
  53. Palmer – 1,777
  54. Danvers – 1,771
  55. Holyoke – 1,714
  56. Hyannis – 1,700
  57. Rockland – 1,671
  58. North Andover – 1,586
  59. West Springfield – 1,537
  60. Chelmsford – 1,533
  61. Jamaica Plain – 1,516
  62. Adams – 1,494
  63. North Attleboro – 1,453
  64. Saugus – 1,450
  65. Newburyport – 1,423
  66. Norton – 1,361
  67. Westborough – 1,350
  68. Dedham – 1,348
  69. Holden – 1,272
  70. Roslindale – 1,177
  71. Wayland – 1,165
  72. Stoneham – 1,123
  73. Hingham – 1,097
  74. Winthrop – 1,039
  75. Ludlow - 991
  76. Weymouth – 984
  77. Amesbury – 960
  78. Sudbury - 960
  79. Walpole – 953
  80. Dudley – 915
  81. Southbridge - 890
  82. Hull – 875
  83. Marblehead – 872
  84. Athol - 852
  85. North Dartmouth – 847
  86. Medway - 834
  87. East Weymouth - 823
  88. South Weymouth - 816
  89. Raynham – 815
  90. Millbury - 795
  91. Buzzard's Bay – 776
  92. Halifax – 772
  93. Needham - 768
  94. East Falmouth – 766
  95. Fairhaven - 756
  96. Mattapan – 751
  97. Easthampton - 731
  98. Scituate – 712
  99. Whitman - 705
  100. Mashpee – 699

List Of Top 10 Company having Most Ashley Madison Users:

  1. IBM
  2. HP
  3. Cisco
  4. Apple
  5. Intel
  6. Microsoft
  7. Samsung
  8. SAP
  9. Oracle
  10. Qualcomm

Analysts analysed the hacked data and email reported of the 37 million identities hacked only 12,000 active users were female. Gizmodo reported  that  5.5 million female profiles were abandoned directly after they were created.

The Hackers,who hacked the data of ashley madison and claimed themselve as the impact team posted that ashley madison is the one who created the fake female profile to attract the male users.The impact team also reported that company promises to delete the confidential information against money is fake and ineffective.

"Pied Piper" A New Compression Algorithm Developed By Dropbox Engineers

A team of ten dropbox engineers have developed a new compression algorithm called pied piper which achieve 13% compression on Mobile-recorded H.264 videos and 22% on JPEG files.

A Dropbox is a company providing the cloud service,pied piper algorithm help dropbox to compress the file size which would be beneficial  for company in term of long term prospective.

Main feature of pied piper algorithm is to compress and decompress the file without compromising the quility of video and jpeg.It compress and decompress the file Without changing the bit value.On top of developer built a recompression layer that can get additional win on top of CAVLC and other algorithms.It support almost all the popular Operating system like Windows,mac,android etc...

Pied Piper came out of a "Hack Week" Program held at Dropbox, where Horn works as an infrastructure engineer. Piper is one in all dozens of comes being worked on throughout the long event, where staffers are motivated to  build products and features outside of the traditional scope of the company's mission. 

Some of the Encoding and decoding features of Pied Piper

Encoder Features

  • Constrained Baseline Profile up to Level 5.2 (4096x2304)
  • Arbitrary resolution, not constrained to multiples of 16x16
  • Rate control with adaptive quantization, or constant quantization
  • Slice options: 1 slice per frame, N slices per frame, N macroblocks per slice, or N bytes per slice
  • Multiple threads automatically used for multiple slices
  • Temporal scalability up to 4 layers in a dyadic hierarchy
  • Spatial simulcast up to 4 resolutions from a single input
  • Long Term Reference (LTR) frames
  • Memory Management Control Operation (MMCO)
  • Reference picture list modification
  • Single reference frame for inter prediction
  • Multiple reference frames when using LTR and/or 3-4 temporal layers
  • Periodic and on-demand Instantaneous Decoder Refresh (IDR) frame insertion
  • Dynamic changes to bit rate, frame rate, and resolution
  • Annex B byte stream output
  • YUV 4:2:0 planar input

Decoder Features

  • Constrained Baseline Profile up to Level 5.2 (4096x2304)
  • Arbitrary resolution, not constrained to multiples of 16x16
  • Single thread for all slices
  • Long Term Reference (LTR) frames
  • Memory Management Control Operation (MMCO)
  • Reference picture list modification
  • Multiple reference frames when specified in Sequence Parameter Set (SPS)
  • Annex B byte stream input
  • YUV 4:2:0 planar output

How to Build Pied Piper library for All OS

  • make for automatically detecting architecture and building accordingly
  • make ARCH=i386 for x86 32bit builds
  • make ARCH=x86_64 for x86 64bit builds
  • make V=No for a silent build (not showing the actual compiler commands)

The command line programs h264enc and h264dec will appear in the main project directory.
A shell script to run the command-line apps is in testbin/CmdLineExample.sh
Usage information can be found in testbin/CmdLineReadMe
The Source code of Pied Piper Is Open Source and available on github.

How to become admin of any facebook fan page (Hijack Facebook Fan Page)

Hacking Any Facebook Page


The latest bug in Social networking site facebook could allow attackers to take over control of your Facebook pages.

Laxman Muthiyah from India has found an issue with the "Facebook business pages" that are not limited to a single user account, but instead represent a business account.

Laxman used third-party application to take complete control of a Facebook business page with limited permissions.


Third party applications are capable of performing different action for user like status update, publishing photos, and Post. Facebook don't allow to any third party application to add or modify admin of page. Facebook only allow a admin of page to manage the permission of account.



However, Laxman demonstrated that,modification in simple string of requests to make himself as admin of the particular Facebook page.

The string is given below:
POST /PGID/userpermissions HTTP/1.1
Host: graph.facebook.com
Content-Length: 245
role=MANAGER&user=X&business=B&access_token=AAAA…
Here, page PGID belongs to business B, where one can manage_pages request to make user 'X' as a MANAGER (assign as an administrator) of the page.

This means these small changes in the string could allow an attacker to gain complete control over your Facebook page.

Laxman reported the flaw to the Facebook security team and received the reward of $2500 USD as a part of Facebook's bug bounty program.

Spy Agency Of German Exchanging data of Citizen With NSA For XKeyscore

The German weekly newspaper  Die Zeit disclosed documents that reveal how the German Intelligence did a deal with the NSA to get the access to the surveillance platform XKeyscore.
Internal documents show that Germany’s domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV), received the software program XKeyscore from the NSA in return of data from Germany. Xkeyscore allows the NSA to read the content of encrypt emails and it also enables the intelligence analysts to trace the user’s activities on internet through a system dubbed XKeyscore.

Back in 2o11, the NSA demonstrated the capabilities of the XKeyscore platform of the BfV - (Bundesamtes für Verfassungsschutz) agency. After two years of negotiation, the BfV signed an agreement to receive the NSA spyware software and install it for analyzing data collected on German citizens.
In return, the German Agency promised to share data of german citizen.

The NSA tool collects ‘everything a user does on the internet’, The surveillance software is powerful enough to be able to obtain up more than 20 Terabytes of data daily, including emails, chats, social media interactions, and even browsing histories all in real-time without bothering the need of any warrant.

XKeyscore map

According to Die Zeit, the document “Terms of Reference” stated“The BfV will: To the maximum extent possible share all data relevant to NSA’s mission”.

The BfV didn’t provide the details of the agreement to Germany’s data protection commissioner, nor it informed the Parliamentary Control Panel.

The report highlights that BfV is not allowed to set up a mass surveillance activity, differently from the BND, instead it can spy suspect individuals.

The agreement with the NSA doesn’t allow BfV to spy on American individuals.
Die Zeit sustains that the agreement “proves what exactly German intelligence agencies give to the NSA in exchange for technical support. We believe it potentially violates the fundamental rights of German citizens, and that the danger of such violations remains clear and present.”

The collaboration between the German Intelligence and the NSA is not new, in April, it was reported that the BND agency had helped the NSA spy on the European Commission and French government with the support of the Deutsche Telekom.

DDos attack on github bring down the site for several hours

Massive DDos attack detected on github.com a popular website,Software collaborator for open source project and community Github.com was down for several hours due to massive ddos attack.

March month of this year,github suffered from massive ddos attack which bring down the github service for next five days,now followed by another ddos attack on last tuesday.

Earlier github attack was detected from chine.The attackers injected malicious JavaScript code into the pages of these websites that was accountable for the hijacking of their to redirect to Github.

Anthr@x from Insight-labs detected that those websites was serving advertisements and following code from Chinese Baidu, the code utilized by attackers and instructs browsers to visit github.com in every 2 second which followed by large amount of traffic hitted the github.com

Dave Larson, CTO at Corero Network Security, told SCMagazineUK.com that while the previous attack suffered by GitHub appears to have been driven by a nation state, it's too early to tell who is responsible for this most recent attack or what the motivation might have been.

Have a look on below image for complete Timestamp of attack,service restored etc...


Stored XSS Vulnerability In Paypal To Steal Your Credit Card Information

The Security expert Ebrahim Hegazy found a Stored XSS Vulnerability in Paypal secure payment page(https://Securepayments.Paypal.com).When user want to purchase online using paypal then user being redirected to securePayments domain of paypal.It ask user to enter credit card information,cvv and expiry data to complete the transaction.Researchers found the vulnerability in the secure payment page which lets the attacker to steal the credit card information and login credentials even if the data is processed through the encrypted channel(HTTPS) .



Hacking PayPal
As per Ebrahim Hegazy (@Zigoo0) report in a blog post:
“I’ve found a Stored XSS vulnerability that affects the SecurePayment page directly which allowed me to alter the page HTML and rewrite the page content, An attacker can provide his own HTML forms to the user to fulfill and send the users data back to attacker’s server in clear text format, and then use this information to purchase anything in behave of users or even transfer the users fund to his own account!”

Attack scenario of stored XSS vulnerability

Ebrahim explained that the attack scenario is:
  • Attacker setup shopping site or Hack into any shopping site, alter the “CheckOut” button with the Paypal Vulnerability,
  • Paypal user browse the malformed shopping site, choose some products, click on “CheckOut” button to Pay with his Paypal account,
  • User get’s redirected to https://Securepayments.Paypal.com/ to fill the required Credit Card information to complete the purchasing order, In the same page, the products price that will be paid is included inside the same page, and as we know the attacker now control this page!
  • Now when the Paypal user click on Submit Payment button, instead of paying let’s say “100$” YOU WILL PAY THE ATTACKER WHATEVER AMOUNT THE ATTACKER’S DECIDE!!
Below the video PoC published by the expert that shows how the attacker exploits the vulnerability to steal the user Credit Card and login Credentials information.
The expert reported the flaw to Paypal dated 19th june 2015 and got the response from paypal on the same day,now vulnerability patched by paypal.

Zeus,A Banking Trojan is Back,Available On Dark Web For Sale


A new variant of zeus banking trojan named Sphinx is available on the dark web. Programming language used in sphinx is c++.It can only be accessed through the Tor network. Latest variant of zeus malware,Sphinx comes up with following features:

Features Of Sphinx

  • Certificate Grabber
  • Backconnect Socks and VNC
  • Webinjects and Webfakes
  • XMPP Notification
  • Scripts and Botlists
  • Statistics

Certificate grabber

Sphinx can able to intercept certificate while establishing secure connection or signing file.Sphinx use digital certificate to sign the malware in order bypass the antivirus.

Backconnect Socks and VNC

BackConnect VNC allow to transfer money from victim bank account.It also allow the attacker to disable the firewell and Antivirus soluation.Attacker need not require to do the Port Forwarding due to use of Reverse Connection.It also protect the attackers identity by doing VNC on a different desktop than the victim’s desktop

Webinjects and Webfakes

Webinject is used to change the content of website.Attacker use webinject to obtain the credit card data of Victim.Web Fakes injects complete fake pages which are replicas of a target entity’s webpage without changing the URL.

XMPP Notification

Xampp notification is used to get notification about a user entering into defined resources.Xampp notification will be received in jabber account.

Scripts and Botlists

Attacker create the script to control the activity of bots and botlists are used to filter the bots country wise,IP wise etc...It display the complete detail of bots like Bot's country,ip address,Operating system ,version of operating system,location even victim display in real time basis

Statistics

  • Number of infected computers.
  • Current number of bots in the online.
  • The number of new bots.
  • Daily activity of bots.
  • Country statistics.
  • Statistics by OS

How does Sphinx get into PC?

Many pc users don't have any idea how Sphinx  gets into their computer as they operate their pc as was common. In most cases, Sphinx is distributed out as associate attachment to several email addresses, once users open the attachment, Sphinx gets in to put victim pc instantly. Additionally, Sphinx will auto find the vulnerability in machine and gain access via exploit kits .Apart from this visiting of harmful websites like Porn sites and therefore the transfer of software package return from unreliable net resources will bring Sphinx into machine.

How to Buy Banking Trojan Sphinx? 

  1. Download and Install Tor Browser
  2. GoTo website https://crimenetwork.biz/index.php?/topic/159726-sphinx-banking-trojan/
  3. SignUp and Login the account
  4. Make payment of $500 USD via Bitcoin and Dash
  5. After seller verify the payment,buyer account is enable for edit the config and request a build.

How to Protect system from Sphinx?

Configure the firewell of network appropriately,Always use updated and genuine anti-virus.Encrypted connection is use while surfing online.Scan the program or data online using VirusTotal before downloading and installing.

Use Shodan Search Engine To Discover Internet Of Things(Device connected to internet)

Before go into details about how to use showdan search engine?,How to use shodan search engine to discover device connected to internet?. First let's understand what is Shodan?Shodan is nothing but a simple search engine,like google collect the data from different website and crawl the data wisely,and ranked them based on the google algorithm. Shodan search engine collect the data of device connected to Internet like Server,router,smartphone or any other device connected to internet.

In the deep web or dark web,people call shodan search engine as search engine of hackers or Google for Hackers.

In the recent past,Thousand of Britons data leaked from hard drive and get published on shodan search engine.Leaked data includes:
  • Personal Records
  • Medical Records
  • Photograph
  • financial record
  • Other sensitive document available in the hard drive.

The bad part is anyone with the access of shodan search engine can easily download the data from site using a simple search qwery. It is as simple as that searching the data on google.

According to security expert,security flaw in hard drive allow the shodan user to collect the data from hard drive.Security expert speculate that thousands of britons hard drive can be hacked using shodan search engine .This allow the hacker to search the flawed device and download the information from flawed device.

A CERN Lab,company running the private server also get compromised with the Flaw in hard drive.Analytics report that,details of thousand of million of device connected to internet are available on shodan search engine.This flaw let the hacker to locate the device,Software running the device any many more which allow hacker to exploit the victim device.

How to use shodan search Engine

  • SignUp and login for Shodan search engine
  • In the search bar,Write"Iomega" and press enter
  • This qwery will discover the all flawed storage device as shown in image below:


Note: Shodan is free for few number of search,full membership costs $49.

Hackers found the flaw in hard drive(Storage device) made by company named Iomega.This Lenovo admitted the problem for its Iomega hard drives, confirmed that it has already fixed the issue since last year.
A spokesman said: ‘Lenovo addressed these concerns in 2014 whereby new devices did not have this problem and a fix was made available to existing customers.’

How to protect the device connected to internet?

Always keep the device connected to internet up to data,Use strong security password to protect the hard drive b'coz simple password can be gussed and brute-forced.Apply the update and patch available on official website. Configure the device connected to internet properly.

How to install|Uninstall Windows 10 built in Application using PowerShell prompt

Windows 10 coming with the Lot's of Pre-installed application.Out of which,user can Uninstall some of the application in normal ways like via Control panel > Program > SelectApplication Or right-click an app and click on uninstall button.But some of the windows 10 application can't be uninstalled.

Follow the below steps to Uninstall the windows 10 inbuilt app using powerShell prompt:

Uninstall Application Via PowerShell Prompt

1. Run PowerShell as administrator

2. Copy and paste the following commands into PowerShell prompt, Press Enter to remove the apps you don’t want on your Windows 10 system:
Uninstall 3D Builder:
Get-AppxPackage *3dbuilder* | Remove-AppxPackage
Uninstall Alarms and Clock:
Get-AppxPackage *windowsalarms* | Remove-AppxPackage
Uninstall Calculator:
Get-AppxPackage *windowscalculator* | Remove-AppxPackage
Uninstall Calendar and Mail:
Get-AppxPackage *windowscommunicationsapps* | Remove-AppxPackage
Uninstall Camera:
Get-AppxPackage *windowscamera* | Remove-AppxPackage
Uninstall Get Office:
Get-AppxPackage *officehub* | Remove-AppxPackage
Uninstall Get Skype:
Get-AppxPackage *skypeapp* | Remove-AppxPackage
Uninstall Get Started:
Get-AppxPackage *getstarted* | Remove-AppxPackage
Uninstall Groove Music:
Get-AppxPackage *zunemusic* | Remove-AppxPackage
Uninstall Maps:
Get-AppxPackage *windowsmaps* | Remove-AppxPackage
Uninstall Microsoft Solitaire Collection:
Get-AppxPackage *solitairecollection* | Remove-AppxPackage
Uninstall Money:
Get-AppxPackage *bingfinance* | Remove-AppxPackage
Uninstall Movies & TV:
Get-AppxPackage *zunevideo* | Remove-AppxPackage
Uninstall News:
Get-AppxPackage *bingnews* | Remove-AppxPackage
Uninstall OneNote:
Get-AppxPackage *onenote* | Remove-AppxPackage
Uninstall People:
Get-AppxPackage *people* | Remove-AppxPackage
Uninstall Phone Companion:
Get-AppxPackage *windowsphone* | Remove-AppxPackage
Uninstall Photos:
Get-AppxPackage *photos* | Remove-AppxPackage
Uninstall Store:
Get-AppxPackage *windowsstore* | Remove-AppxPackage
Uninstall Sports:
Get-AppxPackage *bingsports* | Remove-AppxPackage
Uninstall Voice Recorder:
Get-AppxPackage *soundrecorder* | Remove-AppxPackage
Uninstall Weather:
Get-AppxPackage *bingweather* | Remove-AppxPackage
Uninstall Xbox:
Get-AppxPackage *xboxapp* | Remove-AppxPackage

How to install the uninstalled application using PowerShell prompt

1. Run PowerShell as administrator

2. Copy and paste the command below to reinstall the application
Get-AppxPackage -AllUsers| Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}
 Note :Some application can't be uninstall directly via control panel nor via powershell prompt are Windows feedback,Microsoft edge,Microsoft Cortana etc...

Also see:

  1. How To Hack|Crack Wpa Wpa2-Psk Wifi Using Social Engineering Technique WIFIPHISHER
  2. Replacing Your 2 Factor Authentication With Sound Around You.
  3. How To Find Out If Someone Unfriended You On Facebook!!!
  4. how to view the hidden friend list of any facebook user
  5. How to hide your no while calling
  6. how to Send Mail with someone else mail id
  7. How To Run Android Apps in Chrome Browser
  8. How to send and receive message on whatsapp using php script
  9. Unsend or edit or delete any email after you send it
  10. How To Create A Facebook Page Without Name 2015
  11. How to Track Who Views Your Facebook Profile

The New Programming Language in Open Sources Community Developed By Facebook-Hack Codegen

When developer or programmer hear about the Hack,first reaction is ,what is this?,is it related to hacking?.The answer is No.Hack is not related to hacking,hack  programming language has nothing to do with hacking.


Read the below F.A.Q to know details about hack.

  • What is hack?Who builded the hack programming language?
  • Who require the hack programming language?
  • Why hack programming language is required?
  • Why Hack is Open Source?
  • How to Use Hack Programming language?


Let's go into details one by one:

What is hack?Who builded the hack programming language?

Hack is a new programming language developed by facebook. Facebook release the beta version of hack programming language last year. Facebook open-sourced the whole programming language.Hack codegen library is used to write and generate the hack code,put the generated hack code into signed files which allow to protect the file from undesired modifications.

Who require the hack programming language?

Facebook engineers are using concatenating strings and other handful functions to perform basic task like name,age,Date of birth etc...They have to create many class for single object.so,overcome from the problem,They developed a new programming language  called Hack,a higher level abstraction.Hack have the ability to perform the both static and dynamic programming language element.Hack codegen is useful for facebook enginners as well as for the developer to perform the routine work.

Why hack programming language is required?

Hack codegen library allow developer to use the code for many times.It can automatically do the  generation of classes, variables, methods, functions, interfaces and files.It includes  hack_builder, which deals with the concatenation, new lines, indentation, braces, hack keywords, collections.It help developer to reuse the code and also ability to re-generate code automatically when a schema is changed.

Why Hack Codegen is Open Source?

Hack codegen help developer to program faster and able to catch the error easily.It allow developer to automatically perform routine works. Facebook's software engineer Alejandro Marcu said:
"We've been using Hack Codegen at Facebook for a while. After seeing so much internal success, we open-sourced this library so that more people could take advantage of it."
Another reason is finding errors and bugs in the Hack programming language.

How to Use Hack Programming language?

The hack codegen is available on github.For hack programming language tutorial,Visit the website http://hacklang.org/tutorial

Some basic example found on Facebook's software engineer blog Alejandro Marcu blog