Brute-forcing Instagram on your Android Device (No Root)

Good day to all!

In this tutorial i will do a demonstration on how to bruteforce the login credentials of an instagram account to test for the security level of a passwordw.

We will be using the tool instahack.

I will be using a samsung S8+ for this demonstration. Lets start.

1) Load up your android device.

2) Next click on your playstore app and search for “Termux” & install it.

3) Open Termux app and type: “pkg install git”.

4) To update available packages type: “pkg update”.

5) Lets install python by typing ” pkg install python”

5) We will need to download the tool we will be using for this bruteforce exercise. To download, on your terminal…type: “git clone

6) Once the download is complete, type: “ls” to list the available folders/files in current directory.

7) As you can see you have a folder call “instahack”, now make your way into that folder by typing “cd instahack”.

8) Type: “ls” to list the available files.

9) Ok we are nearly there. Next lets install an editor so we can edit the password file. To install nano, type : “pkg install nano” .

10) Ok lets stop for a second. Now allow me to explain a few things for the beginners. As the article said , this is a bruteforce method. So whats a bruteforce method? A bruteforce method is when the target credentials are ran against a list of possible passwords. The only thing about bruteforcing is that you are responsible for the strength of your own password list. Meaning the probability of cracking the password depends on the strength of the wordlist and the amount of possible words we put in. This will take time to build or you can use to custom make a wordlist.

11) Fine so lets edit our password list. In instahack directory, type: ls.

12) As you can see there is a file named pass.txt. This is the file that you will need to place all the possible passwords in.

13) To edit the pass.txt, we will be using the nano editor that we just installed. Type: “nano pass.txt”.

14) Below you will see a small list of passwords that comes with it by default, you can now add as many words as possible for it to run against the target. You could use to custom build password lists.

15)When you are done , press alt x, yes, enter. For those using samsung s8+ like myself, the alt button is replaced on ur phone as the volume down button. Press on to the volume down button and press x at the same time.

16) And now for the final installation, type : “pip install requests”.

17) We are ready!! Lets run the script, type: “python” .

18) You will first be asked for your target username.

19) Next you will be given an option to use a proxy or not. I wont be using any for this tutorial

20) And lastly u can set the intervals between tries. I have set mine to 6.

21) Once you have it all keyed in, press enter.

13) As you can see upon enter, instahack starts running the pass.txt against the target username. If the password is incorrect it will show incorrect, otherwise as shown below, it will show the correct login credentials.

So this is how i bruteforce IG on my android mobile. In my next tutorial i will show you how to make a custom wordlist specifically for your target. Happy Hacking.

Till then,
The Messiah


Bypassing email bans & 30 day trials on websites. – (Unlimited)

Greetings all,

Today before i go on let me explain the two scenarios :

a) Have you ever registered for an account on a website and unknowingly breached one of their terms, and in return got that specific email address banned from registering again?

b) Ever been to sites such as Netflix or Spotify that gives you a 30 days free trial. And once that 30 days is over that email address will not be allowed to register again.

So what do we normally do?

We recreate a whole new email address n resign up (for those who choose not to pay). In these process we end up with so many email addresses we cant even remember the passwords anymore.

So today a simple solution that will allow you to reuse the same email over and over even if its banned.

Lets Begin:

1) First the email that was banned is

2) Now let me resign up with the same email address but this time i am going to add a full stop anywhere in the email address. It can even be in the front of your email address.

3) As you can see the account registration is a success.

4) Now i am going to log into the banned email address,


5) As you can see though we added a full stop to our email address, the activation code is still sent to the default address.

6) Congratulations! You just bypassed the websites lame restriction methods.

Hope that helps.

The Messiah