InstaBrute - Instagram bruteforce exploit module.

elmagnifico said:
Kwanza siku hizi system zimetengenezwa zikikuforce uchanganye characters na numbers au uppercases na small cases.
Man that thing cannot work
Click to expand...

Nakataa, hiyo sio hata secured system kwa taarifa yako. Kwasababu kuharden security mechanisms sio ndo system yako kuwa secured. It may turn out kuwa ndo most vulnerable system ever coded.

Pia, kuweka restrictions kama hizo haziwezi kuzuia bruteforcing completely, mfano password kama Andy111 haiwezi kuwa hata strong kiasi hicho unachofikiria cause mtu anaweza kuwa na wordlist yake yenye combinations ya characters zake na namba mfano ukiangalia wengi hutumia passwords kama hizi xxx123 au xxxx123 au xxx1234 na nyingi nyinginezo zenye kufanana na hizo. Yani hutumia common passwords kama hizo, ambazo humrahisishia kazi Hacker. Vile vile haina good user experience, hivo sio users wengi watapenda kujiunga na system yako hiyo.

Hivyo, ni sawa itasaidia kwa kiasi flani lakini kwa sababu wabongo wengi hutumia common passwords, so tatizo linakuja palepale.
 

Asante sanaa! Hongera, kwa kuuelemisha umma ingawa bado kunaraia ambao hawaelewi mpaka sasa.

Skills ulizoziainisha hapo juu nakubaliana nazo kabisa na jinsi ambavyo hacker anaweza kuzicircumvent, check pia umeelezea juu ya session id regeneration na proxy IPs jinsi ambavyo hacker anaweza kuzimisuse.

Ukicheck ata throttling inaweza kuwa bypassed na kuset Keep-Alive parameter kwenye Request Header iwe long enough wakati wa kusend HTTP Request kwa server, possibly nayo ikijiduplicate kiasi flani kulingana na number of trials utakazoattempt. Hivo haitacut out session kirahisi ukiadjust Keep-Alive parameter, hivi mpaka ikireturn response status code na sasa ndo iangalie kusend request nyingine ama vingine.

Ila I suggest pia hata ukitumia zile 'most complex' recaptcha wakati wa kulogin inaweza kuslow down kidogo efficiency ya exploit. Ingawa bots zilizotengenezwa zinaweza kubypass recaptcha, ila bado ni less sophisticated ukilinganisha na recaptcha zilizokuja sahivi.

Thanks!
 

Ninajua proxy vizuri sana, usidhani utaongea kitu sijui, nimesoma Computer Science na ndiyo kazi inanilisha. Hata kama ingekua one ip per request still ni detectable kwa kua unajaribu kuaccess the same account. They see too many retries then wanaifunga. Najua vizuri how web apps are made, nimetengeneza web apps kubwa za kampuni kubwa duniani na hadi sasa nafanyapo kazi. Web security ipo level nyingine kabisa, usidhani utabrute force your way in kwa sasa hivi. Hiyo ungejaribu 2010 huko.
 

Basi, inawezekana hujafahamu vizuri mechanics behind the web security bypassing kwa kutumia proxy ips na session regenerate, hujui namna ya kuzimisuse, all I think unafaham tu sql injection, na xss. Sidhani kama ushawahi fanya ata serious penetration test. Na by the way, ile mechanism huwa inablock ip address inayofanya hizo trials, hivo ukiwa unaenda ukichange ip automatically, inaweza chukuwa mda mpaka iblock ip ile ya mwanzo kwenye list. Na pia inadepend na how intelligent is your wordlist, kama ndo ovyo, utaishia kuwa block for every of your ip.

So, please learn current issues on cyber security, hope you have some missing pieces of cybersec knowledge.

Ciao!
 

Hahaha tutabishana hadi kesho. Tatizo wabongo mkiona mtu yupo JF basi mnajua skill level yake ni sawa na ya devs uliowazoea shallow shallow.

Em jaribu kufungua akili kidogo, umekosea password mara ya kwanza nikainote kwenye database ukakosea three times then nikafunga hiyo account isiwe accessed hadi either iwe from the device ya user meaning nilitunza mac address yake au two factor authentication. Hata ukibrute force ukapatia password sitokuruhusu maaana nishalock hiyo account. Wewe utajaribu all your tricks na bado hutoruhusiwa. I dont block ip addresses, I block the account, mbona its that simple.

Unavojaribu kuongea all these technical terms unajichanganya tu, easy solution always. Usinambia learn current issues on cyber security huku nimecontribute github kwenye libraries kibao zinazohusika na security. You dont write code unahisi tu, nenda jaribu kufanya practically uone. Nitengeneze fake email sasa hivi nikupe hata hint ya password and you still wont get in hata nikikupa mwaka. Leo hii labda ungejaribu phishing kwa wajinga au other ways kubypass uibe database information kwa stupid websites. Ila login systems zipo secure enough nothing can bypass.
 
Chief-Mkwawa said:
nikupe id yangu ya insta uihack?
Click to expand...
Wewe jamaa sometimes unapenda sana ubishi. Unajua kubisha na kudakia kila mada haina maana unaelewa kila kitu? Jamaa ameshakuambia kuwa ikishindikana njia moja, hacker atatumia njia nyingine. Usiinterpret hacking kwa kiwango cha uelewa wako, amini kuwa hackers wapo, na wapo smart. Hackers will always hacker.

Hackers sio crackers au wajinga wajinga kama unavyodhani. Sometimes kuna watu hujiita hackers lakini in real sense they are not even close to it. Jaribu kusoma watu wanaotoa genuine advises, sio kama nyie humu kila kitu mnajua, uone how much does it take to be a hacker:

https://www.quora.com/How-should-I-...dge-of-Java-PHP-or-some-others-of-these-types

Nakupa mfano mzuri, Daniweb: www.daniweb.com ilihackiwa mwaka 2015, data zikawa zinauzwa dark webs, pmoja na kuwa waliotengeneza hiyo web na wanaoisimamia ni advanced IT experts, hawakujua kama walihackiwa mpaka January 2017. Usibishe tu kuonekana mjuaji. Nakupa excerpt ya habari hiyo:

It has come to our attention that some members of DaniWeb have received a notification from ID monitoring companies that have been a cause for concern. These notices report that DaniWeb member accounts have been hacked, and the wording is such that some recipients have contacted us as they are concerned that their login email and password have been compromised.

We have investigated this matter, and concluded that the notifications refer to data being traded on dark web sites, where criminals buy and sell databases of logins from breaches. The DaniWeb breach in question happened back in December 2015 and came to our attention here at DaniWeb in January 2017.
 

Kwa nini mnamshambulia mtoa mada? Kila siku, thousands of servers, websites zinakuwa hacked. Sasa sidhani kama mtoa mada amesema yeye ni hacker or whatever, amepresent possibility. Brute force inaweza isifanye kazi, lakini hackers hawana njia moja. Kwani yeye amesema ni hacker, mpaka uanze kumpa test?
 
Tatizo wewe mwenyewe hujaelewa kwanini jamaa anashambuliwa.
Hakuna aliyebisha kwamba system zinaweza kuwa hacked, kitu ambacho wanabisha ni kuwa hiyo njia aliyoleta ya kutumia brute force kuhack instagram kwa sasa haiwezi work kwa system za miaka hii.
Hakuna anayebisha kuhusu hacking na kila mtu anajua kuwa daily hacking ina take place watu wanahack mpaka mabank.
Ila kataa ukubari hiyo bruteforce yake kwa sasa haiwezi work kwenye instagram wala website oyote advanced.
 
Mimi nimeelewa, amesema mtoa mada hackers hawana njia moja. Unadhani Brute Force haiwezi kutumiwa kuhack passwords? You should go back and get history right. Brufe Force algorithm imekuwa successful hacking approach for years: Top 5 Brute Force Attacks

Tatizo lenu mnainterpret bruteforce wrongly, na jinsi itakavyotumika. Huwezi kuelewa Brute Force inatumikaje au kuikanusha kuwa haiwezi kufanya kazi kirahisi namna hiyo. Mwenzako Graph hapo juu amesema systems zipo imara haziwezi kuhackiwa.

Wabongo kila kitu mnajua.

Naongezea: BruteForce nayo inaenda na trend, inakuwa modified kusuit needs, kadri web engineering inavyobadilika na wao wanachange. Wenzetu hawalali au kupiga soga kama za humu JF, they have made thinking their habit.

Mwingine anatolea mfano aina ya computer anayoweza kutumia kuhack, kwa maana ya kuongeza speed, he is talking about i-series. Namwambia tu ajue kuna computer ambazo ni very powerful kwenye hii dunia. Specs zake ni thousand times ya hizo anazotaja.
 
Mkuu kwa sasa ngumu kuhack system kwa kutumia brute force, graph utakuwa umemielewa vibaya hakuna mtu anayeweza kubisha kuwa system haiwezi kuhackiwa mbona hizi habari kila mtu anajua daily watu wana hack.
But kuhack instagram kwa bruteforce hiyo sahau and that was the source of all this argument.
Tatizo siyo kujua tatizo lazima utumie akilinkidogo na uwe informed siyo kwamba wanaombishia wanambishi ili mradi.
Brute force kwasasa huwezi kuitumia kuhack secured system kama ya insta na facebook
 
Una substantiated research/report kuwa bruteforce is no longer working? Kwa sababu mtazamo wenu ni kuwa bruteforce itafanya login attempts nyingi and then kwa sababu server ni configured kublock login details na ip address baada ya majaribio kadhaa. Sasa hacker will attempt many times hata server yako haitajua. Hiyo ndio kazi ya hacker.

Kwa hiyo jambo la kwanza atakalofanya hacker ni kutafuta ni namna gani anaweza kujaribu kulog as much as he can bila server kudetect.
 

Usiseme kwa sasa ngumu. Jua hacking ni extremely tough, sio kila mtu anaweza ingawa wapo wanaojiona ni hackers au wanaelewa, lakini real hackers cannot be stopped kwa sababu hacking ni career yao, wanasoma na kutafuta kuongeza maarifa kila dakika.
 
GoLang said:
Usiseme kwa sasa ngumu. Jua hacking ni extremely tough, sio kila mtu anaweza ingawa wapo wanaojiona ni hackers au wanaelewa, lakini real hackers cannot be stopped kwa sababu hacking ni career yao, wanasoma na kutafuta kuongeza maarifa kila dakika.
Click to expand...
Mkuu hapa kinachobishaniwa ni kutumika kwa bruteforce, hilo tu. Hakuna aliyesema kuna njia moja ya kuhack hapa tunaongelea bruteforce.
Hebu fikiria, system kibao zina demand passowrd iwe na tarakimu nane +, halafu nyingine zinataka uincklude number au special character walau moja halafu na upper case walau moja.
Hivi ni combination ngapi zitatoka na hiyo, na computer itachukua muda gani kuzirun na kumbuka system now ukijaribu mara kadhaa unakosea inakublock then inakupa muda wa kujaribu tena ukikosea inablock account mpaka u login na known device au ufuate njia flan kurecover account yako.
Hapa nasisitiza kuwa hakuna anayebisha kwamba insta inaweza kuwa hacked but not by brute force.
 

Mimi siongelei approach aliyokuja nayo mleta mada in combination with Brute Force, ninachosema ni kuwa bruteforce bado inatumiwa kuhack. Kwani hiyo password combination requirements wanaodevelop algorithm hawaijui? Barrier unayoiongelea ni kuwa kunakuwa na blocking baada ya attempts kadhaa. Soma hapo juu, nimeandika kuwa hackers haendi kubruteforce tu, atahitaji kubypass criteria zingine, mfano kufanya kitu ambapo hata akiattempt kulog million times server haitapokea hizo requests.

Ukiwaza tu kuwa bruteforce inaenda kutumika direct, ndio utaona haiwezekani. Hackers always hutumia combination of skills.
 

Unajua unachokiongea kweli?
Kujaribu kulogin as much as possible bila server kudetect? Hahaha port nifungue mimi, nilisten for any connection to that port alafu connection iingie nisijue, hahaha tuache utani aisee. Nadhani niishie hapa maana ni ngumu kubishana na watu msio na ujuzi wa ndaniwa haya mambo, una knowledge flani ndiyo ila ya juu juu sana. Ni ngumu kuelewa mambo mengine, hacking sio kama unayoona kwenye movie au tv shows aisee. Ushauri wangu kachukue kitabu usome, siku ukielewa zaidi utarudi na kudelete comment zako zote.
 
Siwezi kudelete na nilichoandika ni sawa. Kumbe hujui kuwa hacker anaweza kulog in kwenye server yako na usipate notification? Andika unachokijua kuonyesha haiwezekani sio kulist vitu bila kuonyesha ni kwa namna gani haiwezekani. Mimi ndio niliowaambia hacker sio mtu mjinga mjinga. Mimi sio hacker, lakini nina sababu zote za kuamini kuwa wewe huelewi hacking ni kitu gani.
 

Mimi nina wasiwasi mkubwa na wewe, kwamba wewe ni IT security expert lakini unaamini zinazohackiwa ni websites za kijinga? Au unaamni kuwa system ni imara haziwezi kuwa hacked, kwamba hazina flaws?

Tupe urls za GitHub repositories zako tuone ulichocontribute kwenye security. Acha maneno.
 
Mshaongea meengi. Haya sie mbugila mbugila tumekuja .

1, naomba kujua kama bruteforce inafanikiwa kwenye 2-factor (2 way ) login, inayohusisha kutuma login code kwa nambari ya simuga muhusika kwa njia ya sms.

2. Pia kuna mafanikia gan kwenye brute force kwa mfano nimetumia a very complex password which is case sensitive , mfano ; w1ndows7-S_1-2016 (hii ni mfano wa password nalitumia kipindi cha nyuma)

3. Linapukuja suala la zile password kukosewa mara tatu inakuaje..

Nb; napenda kujua tu, sina uzoefu na coding na Bahati mbaya INTRODUCTION TO C++ , niliishia kupata C ya kuvukia semester tu.
 
Umenikumbusha hesabu za brute force πŸ˜€πŸ˜€πŸ˜€, by hook or crook lazima target awe exposed tu.
 
You must log in or register to reply here.
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…