chevron_left chevron_right
Login Register invert_colors photo_library


Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


Cr3dOv3r - Know the dangers of credential reuse attacks. filter_list
Author
Message
Cr3dOv3r - Know the dangers of credential reuse attacks. #1
Your best friend in credential reuse attacks.

You give Cr3dOv3r an email then it does two simple useful jobs with it:
  • Search for public leaks for the email and returns the result with the most useful details about the leak (Using haveibeenpwned API) and tries to get the plain text passwords from leaks it find (Using @GhostProjectME).
  • Now you give it a password or a leaked password then it tries this credentials against some well-known websites (ex: Facebook, Twitter, Google...), tells if the login successful and if there's captcha some where blocking our way!
Some of the scenarios Cr3dOv3r can be used in it
  • Check if the targeted email is in any leaks and then use the leaked password to check it against the websites.
  • Check if the target credentials you found is reused on other websites/services.
  • Checking if the old password you got from the target/leaks is still used in any website.

[Image: Email1.png]

[Image: Email2.png]

[Image: Email3.png]

[Image: Vs4P58c.png]

Reply

RE: Cr3dOv3r - Know the dangers of credential reuse attacks. #2
That's a pretty useful tool indeed, but I can't understand why they're using just haveibeenpwned API and not other sites as well, or even their local collection of leaked databases.
Anyway, thanks for the share !
[Image: iQDVDdD.gif]

Reply

RE: Cr3dOv3r - Know the dangers of credential reuse attacks. #3
I forgot all about this tool until now. Thanks for sharing.

And to answer your question @Cr3aTor, it scans only the email first on haveibeenpwned, and then it asks for a password to do its regular scans.
[Image: tumblr_n4fsswcwZa1sbhzgao1_250.gif]

"Crack it open, throw it in a pan and let it cook." ~ Filthy Frank

[+] 2 users Like Drako's post
Reply

RE: Cr3dOv3r - Know the dangers of credential reuse attacks. #4
(08-05-2019, 04:27 PM)Drako Wrote: And to answer your question @Cr3aTor, it scans only the email first on haveibeenpwned, and then it asks for a password to do its regular scans.

Got it, thanks for clarification
[Image: iQDVDdD.gif]

Reply






Users browsing this thread: 1 Guest(s)