How to Crack Passwords using the Victim's Email Address | Qodewire
Google Rating
4.9
Based on 33 reviews
Get In Touch
Nginyo Towers, Koinange St, Nairobi
info@qodewire.com
Ph: +254.720.362.167
Partnership Inquiries
partners@qodewire.com
Ph: +254.720.362.167
Share on facebook
Share on linkedin
Share on pinterest
Share on twitter

In this Post

Password cracking has become a common activity among developers, either for pen testing or malicious reasons. Linux distros such as Kali Linux come with lots of pre-installed penetration tools that would allow any good programmer worth their salt to virtually break into any system.

But today, let’s go a little easy and talk about a much easier way to crack website passwords using user email addresses. This guide is ideal for cracking weak passwords, but unlike using wordlists, this is going to be much faster.

As usual, this tutorial is for learning purposes only. You can test it on your own system to verify if it works. We are not responsible for any damages from the misuse of this guide. Seriously, be cool.

Check if the Email has been Pwned

The first thing you’ll want to do is go to the Have I Been Pwned website or Dehashed to find data breaches. These are special websites that check if your victim’s personal data has been breached and leaked.

Simply enter your victim’s email address on both websites and do a quick free scan. Most people use the same email address to sign up for accounts online, and if they use weak passwords, 9 out of 10 times they will be in at least one data breach. Bingo!

Find Databases they are in

Now you are gonna want to go to https://rf.ws/databases, find the databases they are in, and unlock them. You only need 8 credits to unlock the databases, and you get 1-2 credits from posting in the forums. So this shouldn’t be a problem.

In the databases, prioritize the accounts with weak hashing algorithms or plaintext passwords.

Download Glogg

Once you have your databases, download glogg and use it to search for your victim’s email address in your databases.

7 out of 10 times, your victim will be in a breach that stores plaintext passwords, or in Collection #1-5/Antipublic data. If you are not lucky enough to find plaintext passwords, you can use hashcat to extract the passwords for the hashes.

And that’s it! Enjoy

Popular Reads

startups in kenya
Qodewire
Posted by Qodewire
April 13, 2021

Forget Big Companies. How to Seek Employment in Startups

If you’re like some 1.8 million unemployed Kenyans, finding employment is the first priority in your life. Considering the hundreds of startups emerging and...

Read More
old chinese hacking tools
Qodewire
Posted by Qodewire
March 30, 2021

6 Dangerous Hacking Tools that No One Uses Anymore

What do you think of hackers and the phenomenon of hacking? Admiration? Disdain? Or fear? Today I will introduce you to some of the...

Read More
how to save money in home office
Qodewire
Posted by Qodewire
March 27, 2021

Frugal Living: How to Save Money in your Home Office

In our last post about transforming unemployment into entrepreneurship, we covered some great tips that have proved helpful to lots of people who lost...

Read More
Qodewire
Posted by Qodewire
March 24, 2021

Inbound Marketing Services in Kenya

The goal of our Inbound Marketing Strategies is to fill your sales pipeline with a greater share of organically converting traffic. It’s that simple....

Read More
We use cookies to give you the best experience.
Cyber Pro Kenya is now Qodewire. Learn more about our evolution
Cyber Pro Kenya is now Qodewire.