How To Hack Email Accounts Using Hydra In Kali Linux
April 26 . 2019
Today, I’m gonna show you how to hack any email accounts using Hydra in Kali Linux which is based on Debian and devised for digital forensics/penetration testing.
It’s pretty simple, really.
The tricky part is getting around the protections implemented by numerous email providers. Circumvention is indeed possible as illustrated in this article.
Essential brief instructions provided in this article include:
How To Carry Out Bruteforce Attacks On Targeted Email Accounts Using THC Hydra In Kali
Methods For Circumventing Bruteforce Protections And False Positives Implemented By Popular Email Providers
How To Stop Successful Bruteforcing Attempts On Your Own Email Account
Brief Overview Of How To Bypass Two Factor Authentication (2FA) On Target’s Phone
What is THC Hydra Cracker (Linux Edition)?
Hydra is an extremely efficient network login cracker which is not merely limited to brute-forcing email address providers, but also capable of attacking SSH servers and other important services.
Hydra is frequently a handy tool used to crack a remote authentication service and among one in an attacker’s arsenal.
We’re gonna utilize the command line version of Hydra. Why? Because it makes us look less of a script kiddie and more like a state actor! Haha. I’m funny, right?
Beware that some email providers have brute force detection and will throw in false positives! Thus, there may be enforcement of single IP address bans for multiple brute force attempts. False positives including tricking/providing brute forcing programs and the hacker a false password that appears to be correct, but is in reality incorrect. This creates confusion for the inexperienced hacker. Nevertheless, I’m gonna show you how to get around these protections later in the article.
——————————
CAUTIONARY NOTE: This article is solely for educational purposes. It’s not recommended to use this tool in a live production environment, notably government and enterprise entities.
Remember actions come with consequences. I’m not responsible for your own actions, you are. If you do something illicit, you may very likely get caught and defeated by an advanced adversary. The possibility strongly exists.
If you live in North Korea/China/Russia, are part of a ruthless elite state sponsored hacking group, and work for Great Marshall Kim Jong Un or some kind of Chinese/Russian top tier 1337 hax0r organization, then this cautionary reminder is probably meaningless to you.
Picture showing Kim Jong Un, the Chairman of the Worker’s Party of Korea and supreme leader of the DPRK. Mr. Un is surrounded by top tier elite hackers.
Picture showing the Moscow Kremlin where daily ordinary activities occur.
An elite team of Chinese hackers competing in the CTF contest at DEFCON 17 in Las Vegas. Whether the team is state sponsored remains debatable.
Proceed at your own risk.
——————————
If you know the target’s account name (email address), it puts them at risk regardless of any brute force protections by email providers like Gmail, Yahoo, Hotmail, Yandex, or whatever crap people use nowadays.
I’ve always believed that popular email providers like Google Mail (Gmail), Hotmail, Yahoo, and Yandex will tolerate a lot of suspicious activities before ever considering locking the targeted account. Therefore, this provides the attackers substantial benefits if they know what they’re doing.
Millions of email users typically endure the inconvenience of unlocking their email accounts using a phone number or secondary backup email address. Hence, it shouldn’t be easy at all for the email provider to lock the target’s email account.
Remember if using dictionary attacks fail, you can always resort to keen sophisticated spear phishing attacks to obtain the desired email passwords from your target!
Wordlists
You need a wordlist to become a 1337 hax0r in this tutorial. The wordlist is a list of potential passwords used to repeatedly guess and access the target’s email address.
Depending on the size of the wordlist, the number of dictionary-based passwords may be little or large.
I recommend you to use a superior wordlist that consists of thousands and thousands of distinctive password combinations which will maximize your chances of brute-forcing the password.
For this tutorial, we’re gonna use the default wordlist in Kali located at: /usr/share/wordlists/rockyou.txt.gz
Wikipedia ➤➦ * please keep In Mind This Only For Educational Purpose.*
Wikipedia ➤➦ * please keep In Mind This Only For Educational Purpose.*