Skip to content

SOLUTION: I cannot crack a password for gmail/hotmail/outlook365/... #613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vanhauser-thc opened this issue Mar 11, 2021 · 16 comments
Open

SOLUTION: I cannot crack a password for gmail/hotmail/outlook365/... #613

vanhauser-thc opened this issue Mar 11, 2021 · 16 comments
Labels
best practice

Comments

@vanhauser-thc
Copy link
Owner

ALL email services have password cracking protection enable, either blocking offender's IP addresses, faking positive results for bad passwords or faking negative results for a correct password.

Also hydra is telling the mail server that it is a password cracking tool to prevent misuse.

So if you test your own gmail/hotmail/... user account hydra will very likely tell you that the password is wrong.
But it is not hydra that is wrong, it is the mail server detecting an attack attempt and giving a fake reply.
@vanhauser-thc vanhauser-thc pinned this issue Mar 11, 2021
@vanhauser-thc vanhauser-thc mentioned this issue Mar 14, 2021
Closed
@ImKool-Gitch
Copy link

how to fix this ?

@vanhauser-thc
Copy link
Owner Author

Maybe this could be fixed but I never will because that would be - except for very rare circumstances - an illegal usage of the tool. And for these rare circumstances the person hired to perform the authorized penetration would be highly skilled and can easily make the necessary changes.

@vanhauser-thc vanhauser-thc mentioned this issue Mar 16, 2021
Closed
@jslate00

This comment was marked as off-topic.

Sign in to view
@drewrad8

This comment was marked as off-topic.

Sign in to view
@jamesb315

This comment was marked as off-topic.

Sign in to view
@e2002e
Copy link
Contributor

e2002e commented Feb 20, 2022

I had found out (and it was still true two years ago) that gmail can be tested with pop3s://smtp.gmail.com

@vanhauser-thc vanhauser-thc mentioned this issue Jun 8, 2022
Closed
@AARJLLM

This comment was marked as off-topic.

Sign in to view
@wendy565
Copy link

quiero recuperar la contraseña de mi gmail y de mi facebook pero no me acuerdo cual eran

@ChillVibesMushroom
Copy link

quiero recuperar la contraseña de mi gmail y de mi facebook pero no me acuerdo cual eran

Que es tu correo electronico

@Rimmmm44
Copy link

Rimmmm44 commented Dec 7, 2023

Hii guys I want to find password of instagram and I realy don't know how

@vanhauser-thc vanhauser-thc mentioned this issue Jan 15, 2024
Closed
Repository owner deleted a comment from ka5037777 Feb 20, 2024
@XenonPy
Copy link

XenonPy commented Dec 12, 2024

@vanhauser-thc Just curious, how is the password cracker indicated? Is there a standard header for this, or does it vary by platform?

@sadab82984529
Copy link

gmail/hotmail/outlook365

@XenonPy
Copy link

XenonPy commented Mar 4, 2025

@david121-ui script kiddie go brrrr

@wendy565
Copy link

wendy565 commented Mar 5, 2025 via email

@bakunjin
Copy link

thc-hydra doesn't do its job for which it is created.
I tried to hack my gmail with correct password, no chance. I tried dark web crimi market which has captcha page and hydra redirect from login page to captcha page. when it is not redirecting, it gives many times wrong password. and some websites have different name for login and password field, it is not so easy to find it, if you want to use hydra you must learn how to use burpsuite.

@vanhauser-thc
Copy link
Owner Author

@vanhauser-thc Just curious, how is the password cracker indicated? Is there a standard header for this, or does it vary by platform?

hydra sends a specific identification :)
but most providers just enable extra security after a few failed logins for an account.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
best practice
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
18 participants
@vanhauser-thc @e2002e @drewrad8 @ImKool-Gitch @jslate00 @jamesb315 @ChillVibesMushroom @AARJLLM @wendy565 @XenonPy @Rimmmm44 @bakunjin @sadab82984529 and others