Welcome to another tutorial friends! Today I will be showing you some tools that can be used for credential reuse attacks and how you can wrap this into the recent 1.4 Billion clear text passwords released online.
Being as this is a password list combined from multiple breaches, the author has made it easier to sort through this information to discover cracked passwords. Most "security researchers" are using this database to find if family members informaton in the dump and telling them to update there passwords ASAP.
As you can see the bash script to search for email addresses is easy to use and shows us password reuse right away.
Python programs like Cr3dov3r and Credmap can show us how easy it is for a attacker to test a password. Add this to the 1.4 billion password dump and you have some causes for conern.
Cr3dOv3r simply does 2 jobs. Search for public leaks for the email and if any, then it returns with all available details about the leak (Using hacked-emails site API).
Simply type in your old or leaked password and it checks these credentials against 16 websites (ex: facebook, twitter, google...) then it tells you if login successful in any website!
Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these.
Credmap checks your credentials against 27 sites while Cr3dOv3r check against only 16 websites. Note that some of these results can be false positive as I have came accross this bug while checking my own old accounts. Cr3dov3r showed sucessful login to a Instagram account that I never had in my life! Why would I? ;)
Here are the links for the 41 gig 1.4 Billion Cleartext
And heres the mag link for 600gig torret of leaked files for any other pleasures
These are magnet links, think Base decode for link ;)
Please note: I did not compile any of the data dumps or files listed on this tutorial. It should go without saying but if your password is on this dump or haveibeenpwned.com you should change it ASAP!