OSINT & Hacking – how phishing works for the ungram

Short description

The process of hacking an Instagram account typically involves reconnaissance to find the username of the target account. Tools like “Slash” and “WhatsMyName” can be used to search for usernames on social media platforms. Once the username is found, phishing links can be created using tools like Zphisher, which will provide the hacker with information such as IP addresses, usernames, and passwords. However, it is important to remember that phishing and identity theft are criminal offenses, even on a banned social network.

OSINT & Hacking – how phishing works for the ungram

Instagram* account hacking is a popular query in search engines. So it makes sense to talk about how it usually works. Just so you know where the attack might come from.

To start trying to access the account, you need to know the nickname of the person you are trying to hack. So a little reconnaissance will be very appropriate. Just don’t get carried away.

There are various tools for intelligence, first of all, searching for a user in a specific social network in order to find out his nickname. I found a great tool called “Slash“, which can be used to search for any user accounts, as long as he registers under the same nickname everywhere.

Put Slash

git clone https://github.com/theahmadov/slash 
cd slash 
pip install -r requirements.txt 
python slash.py help

I tested Slash on myself and look at these results. Some of the accounts listed here were created years ago.

Slash is a simple console tool. But you can also use tools like WhatsMyName WebWhich is absolutely free.

Here’s a look. I tested WhatsMyName on myself. My nickname is “earthtoyash”.

Now that we know more about our user, we can use that knowledge. For example, by sending phishing links. To do this, we will create a payload using Zphisher.

Install Zphisher from GitHub

Clone the repository:

git clone --depth=1 https://github.com/htr-tech/zphisher.git

We run the zphisher.sh file:

cd zphisher && ./zphisher.sh

On first run it will install dependencies and everything. The system will say that Zphisher is installed. After installation, you will need to run zphisher.sh again in the zphisher directory with the command ./zphisherand then you get something like this:

As you can see, there are many options and patterns that make it possible for anyone to do phishing. We will focus on the Negro. So, type “2” and press Enter.

The next step is completely up to you, choose any of them.

Then a selection window will appear. I chose the third option because it is minimal and convenient to show the capabilities of the tool.

Again, to keep things simple, I’ll leave out the custom port, but if you’re already using port 8080, you can change it to 8000. If not, leave it as is. It’s also important to mask the URL, well, just for security purposes. You can use something like this:

Zphisher has created a phishing link that can be sent to the victim. As soon as she clicks on the link, you will start receiving information about her. For example, IP addresses, usernames, passwords, etc. You can also use reverse IP lookup to locate your target and more.

Hence, these phishing links.

When clicked, a page similar to the official login page of a banned social network opens.

Here she is, bad

After entering the credentials, you can get a lot of information on the “hacker” side of the terminal.

That’s it, ladies and gentlemen, you can easily hack a black account. Therefore, we remind you once again: do not click on links that you do not trust.

Of course, do not use the information from this article with the intention of harming anyone. OSINT is legal, but phishing and identity theft, even on a banned social network, is a criminal offense. And yes, * The Meta organization, as well as its Instagram product, which we refer to in this article, are recognized as extremist and banned on the territory of the Russian Federation.

Thank you for attention!

What else is interesting on the Cloud4Y blog

→ Information security and stupidity: unusual examples

→ NAS for a cap of crackers

→ Hack Hyundai Tucson Part 1 Part 2

→ A century-old programming language — what it is

→ 50 of the most interesting keyboards from a private collection

Related posts