Hey hi everyone! I’m back with another interesting blog. In this blog, I’ll show you how anyone can guess your password from its hashed value.
From the past few months, I have been focused on OSINT, and I’m working on a project on OSINT that will help everyone gather open-source data available online.
(virus_boss)
Now coming to today’s topic, Password OSINT,
Passwords are a key element in this cyber world; if they get stolen, then your identity can be stolen and used for various purposes.
As I’ve already mentioned in my previous blogs, if you are on the internet, you are not safe. Your data can be breached at any time.
There are several platforms like haveibeenpawned, leakpeak, breachdirectory, haveibeensold, dehashed, snusbase and more, where you can find various breached data. Also, there are several telegram channels.
How do I find a person’s password?
One thing to remember when you are looking for breached data is that they often show the data in encrypted form.(virus_boss)
For example, when searching for an email address on the breachdirectory, the first part of the password (4 letters) with the SHA-1 hash of the person’s password is displayed, while if you look for the same in leakpeak, the first 5 letters will be visible with the hashed password.
So here we got another letter, i.e., the 5th letter. If a person’s password is 8 letters, now you only need to guess the last 3 letters.
Now if the password is a common password, then the hash value can be guessed easily from a SHA-1 online decrypter.
Else, you can use any wordlist generator to generate the wordlist and then check the hash value to see if it matches the hash value that you found in the breach data forum.
You can make use of a spreadsheet to confirm your matches, like I’ve done here:(virus_boss)
Here is the spreadsheet you can use too: Link
You can use my spreadsheet to check onto your hash values.
This was a small blog, but I think it’s very informative. I hope you all liked this blog.(virus_boss)
Comments
Post a Comment