Good day to all!
In this tutorial i will do a demonstration on how to bruteforce the login credentials of an instagram account to test for the security level of a passwordw.
We will be using the tool instahack.
I will be using a samsung S8+ for this demonstration. Lets start.
1) Load up your android device.
2) Next click on your playstore app and search for “Termux” & install it.
3) Open Termux app and type: “pkg install git”.
4) To update available packages type: “pkg update”.
5) Lets install python by typing ” pkg install python”
5) We will need to download the tool we will be using for this bruteforce exercise. To download, on your terminal…type: “git clone https://github.com/avramit/instahack
6) Once the download is complete, type: “ls” to list the available folders/files in current directory.
7) As you can see you have a folder call “instahack”, now make your way into that folder by typing “cd instahack”.
8) Type: “ls” to list the available files.
9) Ok we are nearly there. Next lets install an editor so we can edit the password file. To install nano, type : “pkg install nano” .
10) Ok lets stop for a second. Now allow me to explain a few things for the beginners. As the article said , this is a bruteforce method. So whats a bruteforce method? A bruteforce method is when the target credentials are ran against a list of possible passwords. The only thing about bruteforcing is that you are responsible for the strength of your own password list. Meaning the probability of cracking the password depends on the strength of the wordlist and the amount of possible words we put in. This will take time to build or you can use cupp.py to custom make a wordlist.
11) Fine so lets edit our password list. In instahack directory, type: ls.
12) As you can see there is a file named pass.txt. This is the file that you will need to place all the possible passwords in.
13) To edit the pass.txt, we will be using the nano editor that we just installed. Type: “nano pass.txt”.
14) Below you will see a small list of passwords that comes with it by default, you can now add as many words as possible for it to run against the target. You could use cupp.py to custom build password lists.
15)When you are done , press alt x, yes, enter. For those using samsung s8+ like myself, the alt button is replaced on ur phone as the volume down button. Press on to the volume down button and press x at the same time.
16) And now for the final installation, type : “pip install requests”.
17) We are ready!! Lets run the script, type: “python hackinsta.py” .
18) You will first be asked for your target username.
19) Next you will be given an option to use a proxy or not. I wont be using any for this tutorial
20) And lastly u can set the intervals between tries. I have set mine to 6.
21) Once you have it all keyed in, press enter.
13) As you can see upon enter, instahack starts running the pass.txt against the target username. If the password is incorrect it will show incorrect, otherwise as shown below, it will show the correct login credentials.
So this is how i bruteforce IG on my android mobile. In my next tutorial i will show you how to make a custom wordlist specifically for your target. Happy Hacking.