InstaBrute - Instagram bruteforce exploit module.

[Chief-Mkwawa]

Sio kweli kuwa kataja bruteforce tu. Ukisema kitu fulani hakiwezekani, onyesha ni kivipi hakiwezekani.

hivi mkuu unatufanya sisi watoto wadogo au? maana sikuelewi, hebu kwenye hio thread nionyeshe njia tofauti na brute force alioitaja. maana nimequote hadi thread usome unioneshe hunioneshi una ng'ang'ania tu kataja.

 

[GoLang]

yap
amezungumzia brute force tu sijaona hicho chengine unachokisema na thread ipo hapo juu na nimeiquote kama ya hapo juu huwezi isoma.

nambie hicho chengine umekiona wapi

Kwa nini ameweka no 1 na no 3. Na umeona kuwa ni mjinga kiasi kwamba kichwani kwake hawezi kufigure out vitu vingine?

 

[GoLang]

hivi mkuu unatufanya sisi watoto wadogo au? maana sikuelewi, hebu kwenye hio thread nionyeshe njia tofauti na brute force alioitaja. maana nimequote hadi thread usome unioneshe hunioneshi una ng'ang'ania tu kataja.

Ok. Hebu tueleze how that cannot work.

 

[GoLang]

Again, kwa nini amechagua kutumia Kali Linux, hajachagua windows, Mac, au variants zingine za Linux kama CentOS, RedHat, Arch, Debian, Linux Mint, Ubuntu and so on? Chief-Mkwawa

 

[Chief-Mkwawa]

Kwa nini ameweka no 1 na no 3. Na umeona kuwa ni mjinga kiasi kwamba kichwani kwake hawezi kufigure out vitu vingine?

1. amesema get kali linux hio ni operating system au distro ya linux kwa lugha nyengine.
2. get instabrute hii ndio program itakayotumika
3. hack id hapa ndio kitendo.

hivyo hizo 1, 2, 3 sio njia tatu za kuhack bali ni procedure njia ya kuhack ni moja na sio nyingi kama unavyosema wewe.

 

[Chief-Mkwawa]

Ok. Hebu tueleze how that cannot work.

nimeshaeleza na wadau wengi wameeleza hapa huwezi hack sababu.

1. hizi site za kisasa kama insta ukilogin.mara nyingi wanafungia account, hivyo akianza tu kubrute ujue inafungiwa.

2. akasema anachange ip, site za kisasa ukilogin na kifaa chengine toka eneo tofauti mfano id ni ya Tanzania mtu wa usa akitaka ku login na kifaa tofauti basi wanaifungia,

3. kuhack 256bit password hata utumie ipv4 zote duniani kila moja na password yake huwezi guess sababu kuna ip chache kuliko hizo guess za password,

bruteforce ndio njia rahisi na basic ya kuhack password, ingekuwa inafanya kazi kusingekuwa na id ya mtu hata mmoja duniani iwe salama ingekuwa tunajiamulia tu leo namhack fulani kesho fulani, ni rahisi kiasi kwamba mtoto wa darasa la nne alofeli ukikaa nae saa moja kumfundisha anafanya.

 

[HIMARS]

h@2TjuaKnini

 

[GoLang]

nimeshaeleza na wadau wengi wameeleza hapa huwezi hack sababu.

1. hizi site za kisasa kama insta ukilogin.mara nyingi wanafungia account, hivyo akianza tu kubrute ujue inafungiwa.

2. akasema anachange ip, site za kisasa ukilogin na kifaa chengine toka eneo tofauti mfano id ni ya Tanzania mtu wa usa akitaka ku login na kifaa tofauti basi wanaifungia,

3. kuhack 256bit password hata utumie ipv4 zote duniani kila moja na password yake huwezi guess sababu kuna ip chache kuliko hizo guess za password,

bruteforce ndio njia rahisi na basic ya kuhack password, ingekuwa inafanya kazi kusingekuwa na id ya mtu hata mmoja duniani iwe salama ingekuwa tunajiamulia tu leo namhack fulani kesho fulani, ni rahisi kiasi kwamba mtoto wa darasa la nne alofeli ukikaa nae saa moja kumfundisha anafanya.

Ni hayo tu? 1. Kwa hiyo hacker anakuwa hajui kuwa ukilogin mara nyingi account inafungiwa? Anaenda tu kubruteforce? 2. Kwa hiyo hacker anakuwa hajui kuwa ukilogin kwa device tofauti, au location tofauti au ip tofauti account inafungiwa? Mfano mzuri Google au facebook hutoa notification kuwa kuna mtu amelogin kwa kutumia location/device tofauti, hayo yote hacker hajui?
3. Huwezi guess? Unajua kuwa mtu anaweza akaguess password hata kama ni complicated kiasi gani na hatusemi huwezi kuguess isipokuwa tunasema probability ya kupatia labda ni ndogo?

Mtu anayetegemea bruteforce bila kuchanganya na skills zingine ni hacker? Na tunaelewana kuwa brute force sio a single algorithm bali ni general approach?

 

[GoLang]

1. amesema get kali linux hio ni operating system au distro ya linux kwa lugha nyengine.
2. get instabrute hii ndio program itakayotumika
3. hack id hapa ndio kitendo.

hivyo hizo 1, 2, 3 sio njia tatu za kuhack bali ni procedure njia ya kuhack ni moja na sio nyingi kama unavyosema wewe.

Kwa nini Kali Linux?

Wewe neno hack unalielewaje?

 

[Chief-Mkwawa]

Kwa nini Kali Linux?

Wewe neno hack unalielewaje?

mimi sijui, muulize mtoa mada yeye ndie alieileta

 

[Chief-Mkwawa]

Ni hayo tu? 1. Kwa hiyo hacker anakuwa hajui kuwa ukilogin mara nyingi account inafungiwa? Anaenda tu kubruteforce? 2. Kwa hiyo hacker anakuwa hajui kuwa ukilogin kwa device tofauti, au location tofauti au ip tofauti account inafungiwa? Mfano mzuri Google au facebook hutoa notification kuwa kuna mtu amelogin kwa kutumia location/device tofauti, hayo yote hacker hajui?
3. Huwezi guess? Unajua kuwa mtu anaweza akaguess password hata kama ni complicated kiasi gani na hatusemi huwezi kuguess isipokuwa tunasema probability ya kupatia labda ni ndogo?

Mtu anayetegemea bruteforce bila kuchanganya na skills zingine ni hacker? Na tunaelewana kuwa brute force sio a single algorithm bali ni general approach?

mbona unataka kuforce hizo skils nyengine? watu wanazungumzia brute force hapa,

 

[GoLang]

mbona unataka kuforce hizo skils nyengine? watu wanazungumzia brute force hapa,

Hack au hacker maana yake ni nini?

 

[Chief-Mkwawa]

Hack au hacker maana yake ni nini?

Hacker - Wikipedia

 

[GoLang]

Hacker - Wikipedia

a "security hacker", someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.

Nimechukua tu hicho kipengele. Unakataaje skills zingine wakati hicho kipengele kinachoongelea maana ya hacker kinataja technical knowledge?

 

[Chief-Mkwawa]

a "security hacker", someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.

Nimechukua tu hicho kipengele. Unakataaje skills zingine wakati hicho kipengele kinachoongelea maana ya hacker kinataja technical knowledge?

dah sijui hata unachokiongea mkuu na sijui hata nikujibu nini, kwa mara ya mwisho na mi naongea,

hii ni mada ya brute force, hakuna alokataa kwamba njia nyengine za kuhack hazipo,

mleta mada angekuja na zero day vulnerability, phishing, sql injection, dns poisoning etc watu wasingemkatalia ila amekuja na brute force kitu ambacho ni rahisi kujilinda nacho na hakifanyi kazi kwenye hizo site kubwa.

 

[GoLang]

dah sijui hata unachokiongea mkuu na sijui hata nikujibu nini, kwa mara ya mwisho na mi naongea,

hii ni mada ya brute force, hakuna alokataa kwamba njia nyengine za kuhack hazipo,

mleta mada angekuja na zero day vulnerability, phishing, sql injection, dns poisoning etc watu wasingemkatalia ila amekuja na brute force kitu ambacho ni rahisi kujilinda nacho na hakifanyi kazi kwenye hizo site kubwa.

Hapa tunaongelea bruteforce. Nimeandika mara nyingi kuwa mtu hawezi kuhack instagram kwa kubruteforce peke yake, lazima acombine na skills zingine, wakati anajua akifanya attempts kadhaa account itafungiwa, achilia mbali kulogin kwa kutumia device tofauti au ip tofauti na ile iliyozoeleka au location in general. Kwa hiyo ni obvious lazima abaypass kwanza some security measures, kwa nini wewe uinsist au uamini kuwa anaenda kubruteforce tu wakati labda baada ya attempts tuseme tatu account inafungiwa?

Mbona yeye kuna arguments zake ukifuatilia kwenye huu uzi kuhusu kubypass hizo security measures?

 

[GoLang]

nimeshaeleza na wadau wengi wameeleza hapa huwezi hack sababu.

1. hizi site za kisasa kama insta ukilogin.mara nyingi wanafungia account, hivyo akianza tu kubrute ujue inafungiwa.

2. akasema anachange ip, site za kisasa ukilogin na kifaa chengine toka eneo tofauti mfano id ni ya Tanzania mtu wa usa akitaka ku login na kifaa tofauti basi wanaifungia,

3. kuhack 256bit password hata utumie ipv4 zote duniani kila moja na password yake huwezi guess sababu kuna ip chache kuliko hizo guess za password,

bruteforce ndio njia rahisi na basic ya kuhack password, ingekuwa inafanya kazi kusingekuwa na id ya mtu hata mmoja duniani iwe salama ingekuwa tunajiamulia tu leo namhack fulani kesho fulani, ni rahisi kiasi kwamba mtoto wa darasa la nne alofeli ukikaa nae saa moja kumfundisha anafanya.

Kwa mjibu wa point yako namba moja, kama mtu akbruteforce accounts za instagram au facebook, then wakaamua kuzifunga, vipi watumiaji sasa, si hawataweza kulogin pia?

 

[GoLang]

"Real brute force is more commonly used when you have access to a password file and are trying to determine what the passwords are.

So, as to the rules of password complexity, there's a couple things going on. First, there's the possibility that someone could end up getting access to the customer account list for the entire site. Your specific account hasn't been compromised (yet), but it is only a matter of time. "

Kukariri namna moja ambayo brute force inaweza kutumika ndio lazima uje na hoja bruteforce haiwezi kutumika katika kuhack accounts. Mtu anaweza kupata file zima la passwords kwa kutumia njia zingine halafu akabrute force kupata specific logins.

Sifanyi conclusion kwa kujadili method aliyoleta mtoa mada, bali kwa kujibu hoja za watu ambao wanadai kuwa brute force haiwezi kufanya kazi siku hizi.

 

[Kurt godel]

Sure bro! I guess you might be among of the underground hackers in TZ. Very few people have the idea of security in their minds in Tanzania, even for those renown developers.

Pia zaidi zaidi, wanatumia sana password list/wordlist zinazotumiwa mambele huku wakisahau kwamba, kila nchi inaaina za passwords ambazo wananchi wake hupenda kutumia, kulingana na lugha wanayotumia. Mfano unatumia wordlist ya kiingereza tupu kubrute-force user-accounts za TZ, huo ni uwaki.

Watanzania tukitaka tuadvance katika hili game la Cyber Security vizuri inabidi tuwe tayari kujifunza na bila kukata tamaa kupigika na practice zisizokuwa na mwisho.

Unakuwa huwezi hamini security Watu wanafanya assumption sana.Unaweza uka thinkits hard lakini ukifuatilia major hacks huwez amini its just the same thing different day
Mfano angalia ile Sony hack you would expect it to be a major issue Ila it was just a SQL injection attack.


Au hii IOT mirai attack the issue was only hardcoded telnet passwords

Developers wanajua security measures lakini wanaambiwa wafanye assumptions maana kuna msemo wao kuwa "security features makes the software unsatisfying"

Tena mfano mzuri hii hii JF only recently ndo Walianza ku implement ssl/tls so kwa miaka iliyopita mtu mwenye taaluma zake angefanya session cookie hijacking attacks.Sema enzi hzo no pc wangelia hawa

 

[Mtangoo]

Again, kwa nini amechagua kutumia Kali Linux, hajachagua windows, Mac, au variants zingine za Linux kama CentOS, RedHat, Arch, Debian, Linux Mint, Ubuntu and so on? Chief-Mkwawa

By the way watu huwa mnaikuza sana Kali Linux kana kwamba ni dude la ajabu sana. Kali Linux ni distribution tu ya Debian kama Ubuntu et al. Tofauti yake iko outlined kwenye Kali Website na kwa mtaalamu wa Linux unajua hakuna kitu speacial:

1. Single user, root access by design: Due to the nature of security audits, Kali Linux is designed to be used in a “single, root user” scenario. Many of the tools used in penetration testing require escalated privileges, and while it’s generally sound policy to only enable root privileges when necessary, in the use cases that Kali Linux is aimed at, this approach would be a burden.

My Comment: unaweza kufanya hii kirahisi kwenye Debian au ukaamua kutumia sudo kila wakati ukihitaji elevation. Na single user si unaondoa users wengine na groups ambazo huhitaji.

1. Network services disabled by default: Kali Linux contains systemd hooks that disable network services by default. These hooks allow us to install various services on Kali Linux, while ensuring that our distribution remains secure by default, no matter what packages are installed. Additional services such as Bluetooth are also blacklisted by default.

My Comment: Unaweza kuzi disable pia na ku enable ukitakak

1. Custom Linux kernel: Kali Linux uses an upstream kernel, patched for wireless injection.

My Comment: Hili pia kwa anayejua unaweza kufanya. Just download the same place where Kali gets their patched Kernel...done!

1. A minimal and trusted set of repositories: given the aims and goals of Kali Linux, maintaining the integrity of the system as a whole is absolutely key. With that goal in mind, the set of upstream software sources which Kali uses is kept to an absolute minimum. Many new Kali users are tempted to add additional repositories to their sources.list, but doing so runs a very serious risk of breaking your Kali Linux installation.

My Comment: Unaweze ku edit sources kama unavyopenda.

So kiukweli Kali is nothing but custom version of Debian na software zote hizo zinaweza ku run kwenye Debian, Ubuntu, Mint na derivatives zote za Debian. So huwa nawashangaa mnaofanya Kali Linux a big deal...It is not!