Author Topic: instaBrute - Instagram Password Cracker [Broken?]  (Read 2743 times)

Coto

  • Newbie
  • *
  • Posts: 7
    • View Profile
on: December 21, 2015, 04:34:04 PM
Hello, so a few weeks ago, I downloaded this "instaBrute.py" script, which is meant to Crack Instagram Account Passwords using the dictionary attack method. Surprisingly it worked great, like Hydra.

After a few weeks however, it stopped working. After every password, it displayed the number "403", showed the next password, did the same thing etc... When it found the password, it just skipped through it, with another "403" error again. Could someone please take a look and let me know if there's any way to fix this "broken" Python script?

Thanks!

Link to Script: https://github.com/chinoogawa/instaBrute



ZEROF

  • Hero Member
  • *****
  • Posts: 1244
    • View Profile
    • Pen Tester
Reply #1 on: December 21, 2015, 06:44:10 PM
Hi,

Script is ok, but they are protected now against that kind of attack after last week (i think so) attack.


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


Coto

  • Newbie
  • *
  • Posts: 7
    • View Profile
Reply #2 on: December 21, 2015, 06:51:10 PM
Hi,

Script is ok, but they are protected now against that kind of attack after last week (i think so) attack.

So, whoever tries it, with any IP Address will also get the error? Is there anyway to edit the script in a way to bypass Instagram's security again? This tool was amazing, and it was one of the few tools that work with Bruteforce method.



ZEROF

  • Hero Member
  • *****
  • Posts: 1244
    • View Profile
    • Pen Tester
Reply #3 on: December 21, 2015, 07:29:00 PM
You can always ask script developer that question (check that github url for contact), but he need to find a way to bypass new security measures.


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


Coto

  • Newbie
  • *
  • Posts: 7
    • View Profile
Reply #4 on: December 21, 2015, 07:44:53 PM
Was going to contact him but then found out that people were reporting the bug and the Dev replied saying he's working on it!

Thank you helping me solve my Problem! :)



teh manis

  • Newbie
  • *
  • Posts: 1
    • View Profile
Reply #5 on: December 22, 2015, 12:12:33 AM

need solution for this error  :(
« Last Edit: December 22, 2015, 12:15:49 AM by teh manis »



ZEROF

  • Hero Member
  • *****
  • Posts: 1244
    • View Profile
    • Pen Tester
Reply #6 on: December 22, 2015, 01:13:50 AM
Man,

1. Did you read posts from this topic? (not working anymore)
2. Did you download tool? (apt instal git;git clone https://github.com/chinoogawa/instaBrute.git)
3. Do you see errors on your screen? (you try to run tool from wrong path)




Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


Coto

  • Newbie
  • *
  • Posts: 7
    • View Profile
Reply #7 on: December 26, 2015, 12:39:05 PM
Guys, the Dev made an update ( https://github.com/chinoogawa/instaBrute ), but unfortunately, it's still not working. He imported Selenium to his Python Script and I saw how he tried to get it working.

Now, I think I've found what the error is, but not sure how to fix it...

On the instaBrute.py script (Line 24-31):

def login(user, password):
try:
print 'Trying with password: ' + password
elem = driver.find_element_by_name("username")
elem.send_keys(user)
elem = driver.find_element_by_name("password")
elem.send_keys(password)

elem.send_keys(Keys.RETURN)

I noticed that it opens the Web Browser, and types the next password without deleting the previous one.

So if dictionary.txt included the following lines:

Password
test123
mypass123
...

Then it would try the attempts:

Attempt 1) Trying with password: Password
Attempt 2) Trying with password: Passwordtest123
Attempt 3) Trying with password: Passwordtest123mypass123

Instead of:

Attempt 1) Trying with password: Password
Attempt 2) Trying with password: test123
Attempt 3) Trying with password: mypass123

So I think it should include these attributes:

ActionChains(driver).key_down(Keys.CONTROL).send_keys('a').key_up(Keys.CONTROL).perform()
(That would select all the text(password) - CTRL + a)

elem.send_keys(Keys.DELETE) or elem.send_keys(Keys.BACKSPACE) or elem.send_keys(Keys.BACK_SPACE)
(That would delete the selected password - Delete/Backspace button)

But I'm not sure how to add this to the code, so hopefully some of you guys may be familiar with Selenium and be able to fix it for me!  ;D



ZEROF

  • Hero Member
  • *****
  • Posts: 1244
    • View Profile
    • Pen Tester
Reply #8 on: January 18, 2016, 09:28:13 PM
This is not BBox issue, contact soft devs for it.


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*