A year ago, I hacked a site with 50k users, and looked up their names on fb and used the dehashed passwords.
To this day, I still have like 30 accs.
This is one of them. <fb;com>/aily.pahker
25, 50, 75 decides what do.
Once 25/50/75 GET, I'll continue with more accs.
There are two ways you can do this.
1: Keylogger/Meterpreter on someone's machine. Remove cookies to force the person to login again.
2: Hack a site's database (should have at least names and passwords). Find the names on facebook > dehash passwords > grab the username from person's URL if possible > profit.
Both methods you will be greeted by a thingy that asks to identify 5 friends. Just open an extra tab and look up all the names and choose. There is a time limit.
You can't (probably).
You can also try social engineering. It only works if the person is really dumb.
Also, try sending an ip grabbing link (google it). When you have the ip, scan all ports. However, normal desktop PCs almost never have good open ports. There is a slight chance you could find an open port and use the right exploit (via metasploit) and install meterpreter this way.
Most vulnerabilities are always patched nowadays, so you'll have to use a zero-day exploit (a fresh exploit that no-one knows about).
Facebook only does this when you log in from an unknown device. (a device unrelated to the victim's account)
It presents you a couple of options like a verification code as an SMS, or, identify 5 friends. You can skip 2 times and get 3 pictures each time. There are 6 names you can choose for each 3 pictures.
Write on his wall and tell him you love him and that he has a short penis on facebook paul.lim.505 he cheated on my little sister. He keeps blocking me on Facebook like a punk bitch