Pages

Monday, July 24, 2017

Detailed method on jacking inactive twitter instagram accounts

Detailed method on jacking inactive twitter instagram accounts


In this tutorial, I will be explaining how to obtain a account name youve always wanted. Please keep in mind that this will not always work, and that its very rare to jack a account especially with more people getting involved into jacking the accounts.


Obtaining email access.
This is the most critical part of jacking a account. If you do not have email access, you are more likely to enter into a verification page where you need to verify email in order to log in. 
Microsoft, Yahoo, and a couple of email providers started releasing email names that are no longer active. This means you will be able to recreate the email that was made on the specific account you are hijacking. You can also purchase the domain name if you figure out the website the owner previously owned and recreate the email too.


How are you likely to know the email the person has used? Lets take a example.
Go into password reset form on Twitter or Instagram. For this example, I will be using @bleach for Instagram. 
Once we get submit the reset password form, you will get something like: Thanks! Please check (l*******h@gmail.com) for a link to reset your password.
How do you know the email to the persons account? Lets visit the Instagram page we are jacking.

Looking at the email, and looking at the name the person has, its more likely it will be leobleach@gmail.com. It could also be leo.bleach@gmail.com. However, since there are 9 letters on l*******h, then it will be leobleach@gmail.com 

This account, however, is using gmail and the email is already taken. How do we jack the account?
In the resource category, there are websites that have a huge database of passwords, emails, usernames, IP address, and more. Leakedsource is one of the biggest websites to host them. For $2 a day, you will be able to view all of the data the website has to offer. 

When you look up the email "leobleach@gmail.com", you will see one result that says "Zoosk.com has: 1 result(s) found. This data was hacked on approximately 0000-00-00 00:00:00 What is in this database?". 

You can also look up "Leo Bleach" under the name to get more ideas of passwords to use. 
In this example, the password of this account will be 1983725. 

After trying out passwords on the Instagram page, you may or may not have successfully logged in. If you did, however, you will see this:

This is when we need to see if we can use the same password on Gmail. In this example, the gmail account password is not the same as the Instagram password, thus we are unable to fully jack this account. There are ways to get the account through Social Engineering, but since SEing is disallowed on Hackforums, you will have to dig research into this information.

Thus, its critical to have email access in order to securely keep this account. 


Obtaining Domain information
If the account isnt yahoo, gmail, or any big providers, most likely the domain will be censored. In this example, Ill be using @storms on Twitter on how the setup works. 
By obviously visiting the page, you will see that his name is "Patrick Storms". He also has a picture that will help us identify him accurately

Going to the password reset page on Twitter, we will see that most likely, his email will be "patrick.storms@y***.**

This is when we will be using Google to research him now. By looking up the name, Patrick Storms, we found out his twitter and instagram page after looking through a couple of Google pages. Even better, we found his LinkedIn Page!

By looking at the photos, most likely it is him. Since we have his LinkedIn page, we can find out the previous companies he worked for.
https://nl.linkedin.com/in/patrickstorms

Since the email starts with "y***.**", most likely it will be "Yalls Solution." 

However, how do we know the domain extension of the website? Since hes from Nederland, most likely the extension will be "yall.nl" Googling the company will be much better, however. 
Home - | Yall Solutions

However, the domain is taken and the website is still active. There are a couple of ways of getting into the email: Either hack his website through a serious breach, bruteforcing his server, or waiting for his domain to expire. However, since there was a major LinkedIn breach, he is more likely to be in the leakedsource database.

Since we have his Instagram, Twitter, LinkedIn, and maybe Facebook usernames, we can do a better research among the common passwords he uses. Looking up his name "Patrick Storms" will also be useful. 

After looking through the database and figuring out his Twitter password, the passwords did not work. We do have one more try, which is trying the passwords out to his webmail.
By looking up the host of where Yall is being hosted, we can find out the webmail to login and see if the passwords work.

However, the passwords did not work again. Maybe the passwords will work in order to log into his server. Those dont work either.

This is when we figure out his other emails to log into so we can reset the webhost email name. Hopefully you get the idea...

Its about trying and seeing how much luck you have in order to get the account. You may or may not get into it, but there are millions of other names you can jack, so dont give up and hopefully you will get the account name you want 

This is my experience as to how I try and jack accounts. I hope everyone learned something and maybe learn to secure your account as well through possible hijacks. 
Thanks for reading 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.