How Easy Is It For Hackers To Brute Force Login Pages?!

  Рет қаралды 368,938

Loi Liang Yang

Loi Liang Yang

Күн бұрын

Пікірлер: 596
@LoiLiangYang
@LoiLiangYang 3 жыл бұрын
You have the same password as hacker loi?
@shubhamkumar-wn2gj
@shubhamkumar-wn2gj 3 жыл бұрын
yes 😂 but of my mobile hotspot
@likitadevi
@likitadevi 3 жыл бұрын
@@shubhamkumar-wn2gj Wait you shouldn't have answered that.
@TrixieTheGreat
@TrixieTheGreat 3 жыл бұрын
I usually have a password of 3 words in different languages divided by special symbols and the words themselves have "tactical" typos in them.
@ismail.dalhatu
@ismail.dalhatu 3 жыл бұрын
My Password: 123LoiLiangYangHack456ICanHackNow 😂😂😂😂😂😂
@videocorner2498
@videocorner2498 3 жыл бұрын
Make video on How hacker hack firebase data
@elder2623
@elder2623 3 жыл бұрын
Ive learned more about burpsuite in this video than I would ever learn in a 20 min tutorial. Keep it up!
@zboy.05
@zboy.05 3 жыл бұрын
Fr i just learned more than most videos ive watched on hacking
@mouadabid1272
@mouadabid1272 3 жыл бұрын
dude RTFM
@creativegamershopnil1879
@creativegamershopnil1879 3 жыл бұрын
Burp suite and 20 minutes good student
@VladmirPutin232
@VladmirPutin232 3 жыл бұрын
@@creativegamershopnil1879 😂😂😂🤣
@ethanbousfield76
@ethanbousfield76 Жыл бұрын
did 5 weeks of labs on burp suite as part of my degree but the lecturer massively over complicated everything, I've learned more from this guy and HTB than I have at uni
@algertislamaj5925
@algertislamaj5925 Жыл бұрын
Finally someone who gets straight at the point u deserve a subscriber
@edmonddantes218
@edmonddantes218 3 жыл бұрын
you are the best teacher loi , really so easy so simple and charismatic i see people look at your videos as movies . keep it up i went to school 10 yrs and never learned as much as 40 minutes watching you !
@LoiLiangYang
@LoiLiangYang 3 жыл бұрын
Thank you! 😃
@mohammedissam3651
@mohammedissam3651 3 жыл бұрын
I don’t learn form you to hack users rather I learn from you to be a great cyber security and dive into hackers mind. Thank you , god bless you.
@BarelyGoodTV
@BarelyGoodTV 3 жыл бұрын
I've been thinking lately that one could possibly train an AI to learn password patterns to make brute force attempts viable which is a scary thought
@keepyoursins
@keepyoursins 3 жыл бұрын
Yeah, if you setup a profile from a person with stuff like family members, pets and so on, the AI can then use all of those points in passwords attempts if that makes sense
@BarelyGoodTV
@BarelyGoodTV 3 жыл бұрын
@@keepyoursins yea training it for a specific target would be especially deadly
@keepyoursins
@keepyoursins 3 жыл бұрын
@@BarelyGoodTV wanna team up? 👀 Jk
@BarelyGoodTV
@BarelyGoodTV 3 жыл бұрын
@@keepyoursins lmao
@Ranburu
@Ranburu 3 жыл бұрын
@@martiict350 Nah, he talking about automatic way to do this
@portia-assamensis
@portia-assamensis 2 жыл бұрын
You are the GOAT. The amount of useful knowledge you just crammed into a 5 minute video is beautiful
@MrMiRou
@MrMiRou 2 жыл бұрын
dude why are you the best ?!! the lessons become easyyyyy if you explain it !!! I really enjoyed these 4:29mins and I learned something from you thnx man
@likitadevi
@likitadevi 3 жыл бұрын
Imagine being caught by a cyber police who saw that intro.
@creativegamershopnil1879
@creativegamershopnil1879 3 жыл бұрын
No one can catch me
@likitadevi
@likitadevi 3 жыл бұрын
@@creativegamershopnil1879 What do you use? 🌚
@kanakreshi8467
@kanakreshi8467 3 жыл бұрын
@@likitadevi he uses cmd bruh
@likitadevi
@likitadevi 3 жыл бұрын
@@kanakreshi8467 We can't get caught with cmd? 😳
@lastorgaming9439
@lastorgaming9439 Жыл бұрын
@@kanakreshi8467 KALI
@anupriyadayaratne
@anupriyadayaratne 3 жыл бұрын
Clean and Clear tutorials I ever seen . Thanks lot ..!!!
@rcgnetworks
@rcgnetworks 3 жыл бұрын
හැක් කරන්නතෙ හදන්නේ.යසයි බේසික පුටෝ යසයි 🙂👻
@Gupatik
@Gupatik 3 жыл бұрын
now I get names and stuffs thank you, I'm literally starting my career here with you. Thank you.
@sleekbr7666
@sleekbr7666 3 жыл бұрын
This is a basic eye opener. For advanced attacks you have to rotate proxies, have a huge password list, get a good GPU, make api configs to bypass ssl pinning etc. Good though
@warrenmiranda4943
@warrenmiranda4943 3 жыл бұрын
Setting your password to 1234 is like training self defence for so many years and end up dying because of car accident.
@dimerdim8403
@dimerdim8403 3 жыл бұрын
Awesome video man! Love how you been improving your videos format to a funnier way. keep it up..
@takingpictures4536
@takingpictures4536 3 жыл бұрын
thanks for the tut :) But instead of brute force, you actually used a dictionary attack ;)
@-AnyWho
@-AnyWho 3 жыл бұрын
brute force would have taken longer than video ...
@mihaisolomon2893
@mihaisolomon2893 3 жыл бұрын
a dictionary attack is still brute force
@takingpictures4536
@takingpictures4536 3 жыл бұрын
@@mihaisolomon2893 I do not consider dictionary attacks to be brute force attacks. In order to create a dictionary you purposfully craft strings which are likely to be used by humans. The same logic does not apply to brute force, which is the 'dumbest' form of attacking logins.
@daleryanaldover6545
@daleryanaldover6545 3 жыл бұрын
True, a dictionary would prove to be useless for unaccounted passwords. It would only work if say make a dictionary from pawned passwords and hope the user haven't change their password. Brute force is different, it will also take longer time since it will account for all possible combinations available for the password. So the step should be > go try register and account and purposely fail password validation in order to get an insight of possible password combinations, like how long is the min max strings, are special characters required, numbers? > then formulate the actual password generator pattern. Also most web apps now have request limiting that further slows down how much request you can send at a particular moment. Definitely will eat days or weeks, you might wanna go to vacation and still find the brute force command not finished by the time you get back.
@captainforyoubruh
@captainforyoubruh 9 ай бұрын
Bro love your vibes and enthusiasm. Just subscribed for sure💯
@m.r.d4550
@m.r.d4550 3 жыл бұрын
Would be nice if you made a tutorial literally starting from 0. How to install burpsuite, setup, can it be used on windows etc.
@zgredfryd
@zgredfryd 3 жыл бұрын
I like Your videos a lot man! Funny beginning :D Straight to the point as always!
@Drusher10
@Drusher10 3 жыл бұрын
his videos are always on point and always w8ing like a crazy for the next one!! keep going man1!
@imyoubutbetter9951
@imyoubutbetter9951 3 жыл бұрын
how do you set the foxy proxy to do that coz when i added it to chrome i only see log in my ip address and options
@ShivamSakhla
@ShivamSakhla 13 күн бұрын
same
@janekmachnicki2593
@janekmachnicki2593 2 жыл бұрын
I brought your Udemy cours .So profesional so cool so stealthy lol.Thanks
@kabandajamir9844
@kabandajamir9844 3 жыл бұрын
The world's best teacher may God reward you great
@rubix187
@rubix187 3 жыл бұрын
Coders, programmers and hackers will inherit the earth
@whoisPremier
@whoisPremier 3 жыл бұрын
literally.
@ggLP42
@ggLP42 3 жыл бұрын
@@whoisPremier and gamers
@ggLP42
@ggLP42 3 жыл бұрын
@@whoisPremier and gamers
@ggLP42
@ggLP42 3 жыл бұрын
@@whoisPremier and gamers
@curtisdesler2100
@curtisdesler2100 3 жыл бұрын
Very funny dude
@deathstar3006
@deathstar3006 2 жыл бұрын
What if their password isn't in the list of common passwords
@hansjurgens2263
@hansjurgens2263 Жыл бұрын
The title of the video literally sais "Bruteforce"... do you know what bruteforcing is?
@Hackazillarex
@Hackazillarex 5 күн бұрын
If the password isnt on the list, he cant get in.
@mahdiabedian6382
@mahdiabedian6382 2 жыл бұрын
the best person for hacking
@EC4U2C_Studioz
@EC4U2C_Studioz 3 ай бұрын
I think it's about time to switch from passwords with or without MFA to passwordless passkeys, using instead the biometric method to get into phones, tablets, and computers in the first place to access the accounts in question. While using password managers that include MFA on the password manager itself can help, a passkey is preferred as they are the hardest for hackers to hack. It may be to the point that even a password at least 30 characters might no longer be secure enough.
@HarshRajSinghania
@HarshRajSinghania 3 ай бұрын
Brooo you gotta chill man 😅
@Jupiterxice
@Jupiterxice 3 жыл бұрын
You simplified this tutorial with burpsuite i never could get to. Thank you for add tool
@Heavenig
@Heavenig 3 жыл бұрын
He's videos are sweet. I need student like me to compete with
@loginet1
@loginet1 2 жыл бұрын
How realistic is this? To find a username for a website and then use common simple passwords to hack the session? And if it is how can you defend against brute force? Logging IPs and blocking the attack if tried more than 3 times (get the error message) or blocking the whole range of IPS, allowing only some IPs. It will be good enough?
@camelotenglishtuition6394
@camelotenglishtuition6394 2 жыл бұрын
All well and good but most sites implement brute force protection, so this just doesn't work. An alternative would be to just change the response using burp to 302, and direct it to the location you want /admin etc by looking at the source code.
@jahnyewalker75
@jahnyewalker75 Жыл бұрын
Can you elaborate?
@camelotenglishtuition6394
@camelotenglishtuition6394 Жыл бұрын
@@jahnyewalker75 to be honest brute force isn't viable these days. This is especially true of ssh logins. Learning these techniques is antiquated and nonsensical tbh. If you want to bypass logins there are plenty of other ways. Studying the source is going to get you far further in accessing data. Plus if you just want to see user A's data, it's much easier to sign up, authenticate as a user and then try a bola attack to see user A's data. Password spraying can also help in getting access so you don't need to sign up. You can also try token forgery ( if you're messing with an api), cookie injection, malicious links.. I mean the list is endless but this video is far from a realistic real world example.
@akhalaqmonis5178
@akhalaqmonis5178 3 жыл бұрын
This channel is really very informative and underrated. hope to see million subscribers soon.
@osadchuks
@osadchuks 4 ай бұрын
How do you handle cases with Burp Suite when there is a login attempt limit?
@zugzwang2161
@zugzwang2161 3 жыл бұрын
I can’t use any of these tools on my own network to practice or test it. Except wireshark so far. I’ll just stick to learning python 3 for now.
@seanfaherty
@seanfaherty 3 жыл бұрын
If you run windows you can try using virtual machines. A virtual machine for Kali or parrot and a virtual machine to attack. I was able to find metaspoitable3 in a VM compatible file… it was a bit easier Once you pick VMware or Vbox it will just be a matter of googleing every question and error code you’ll get. Good luck
@d3cryptor745
@d3cryptor745 3 жыл бұрын
You Are My Inspiration, Thanks For All The Things Hacker Loi ❤️ The Way You Are Talking Is Just Love
@justmohamed7929
@justmohamed7929 3 жыл бұрын
name of books neer him pls
@johnmalugu487
@johnmalugu487 3 жыл бұрын
Hi, i wanna chart with you about cyber security can i get your contact or email?
@pkpointurdu3793
@pkpointurdu3793 3 жыл бұрын
You have given very good information in terms of security. Thank u
@VENOMOUS57
@VENOMOUS57 2 жыл бұрын
love the way you start your video don't say you know hacker Loi 😁
@memorysmelody4589
@memorysmelody4589 Жыл бұрын
I have added the extension of foxyproxy but the burpsuite option isn't showing. Any solution !!??
@elxyser
@elxyser 3 жыл бұрын
can u help me pls? wich abilities do i've to learn for basic CTFs? i need you advice
@Sanjay_Venkatesan
@Sanjay_Venkatesan 3 жыл бұрын
Thanks a lot for your tutorial but most of real world web application has the Rate limit in there login .
@kaneki_ken_07
@kaneki_ken_07 3 жыл бұрын
With burpsuit we get foxyproxy or we have to download it differently, I am really confused in that part, rest is as clear as glass
@rayhanmatabbor754
@rayhanmatabbor754 2 жыл бұрын
sir can you please explain and tell me how to use this? POST parameter 'eiin' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --string="Password does not Match")
@Richi.Espinaca
@Richi.Espinaca 3 жыл бұрын
How can I have the foxyproxy? Any video?
@newbe379
@newbe379 2 жыл бұрын
i used this program and was hack the bank of america and take 1 trillion of dollars in my account simple like only use this software thanks for share
@darkcheq
@darkcheq 3 жыл бұрын
But this is not a real world hacking. I mean most of real sites have failed login attemps protection. How do you bypass that ?
@365hype
@365hype 3 жыл бұрын
Exactly. This guys full of shit. None of his videos are real world hacking examples. Nothing on KZbin is a real world hacking example. Xss, sql vuln, nmap etc.. all browsers protect against this type of stuff. The only real world hacking today is social engineering like phishing. Everything else is just for show.
@RelatableTom2
@RelatableTom2 3 жыл бұрын
@@365hype Do you assume that shit like that would be allowed on KZbin
@JUSHI1221
@JUSHI1221 Жыл бұрын
i don't get the part of the terminal. what terminal did he lunched it?
@mariamakter8109
@mariamakter8109 3 жыл бұрын
Do i need deep knowledge about vlan for hacking ?
@dineshtechtuts9676
@dineshtechtuts9676 3 жыл бұрын
whats is the extension used and name to add in firefox ???
@vivekmishra5692
@vivekmishra5692 3 жыл бұрын
I am from Nepal I love your teaching sir I also want to be like you and contribute for my country because of you I got a chance to learn many many important things you are awesome sirrrr lots of love and support from Nepal
@riteshkunwar-xp9fi
@riteshkunwar-xp9fi 4 ай бұрын
It didn’t work for me I am also Nepali btw
@user-wm8yz
@user-wm8yz 2 жыл бұрын
you're a great men ... thank u
@zakof10
@zakof10 3 жыл бұрын
hi mr loi can you pls show us how to use brute force with hydra ? like any wepsite .
@nicolasciani1933
@nicolasciani1933 3 жыл бұрын
i have a problem with burp suite, and its that it cant load a big dicctionary.... (im triyng with juice shop)
@IsaPotaxii
@IsaPotaxii Жыл бұрын
What happened if there is a 2-step verification?
@Sami-xh1zc
@Sami-xh1zc 2 жыл бұрын
Man you are awesome ! Thank you
@venaculaporter9825
@venaculaporter9825 2 жыл бұрын
What terminal do you use
@wowanimalspro3066
@wowanimalspro3066 Жыл бұрын
Awesome bro ❤❤❤
@fate5624
@fate5624 2 жыл бұрын
you didnt explain why foxy proxy is needed or even if
@ghtrends3606
@ghtrends3606 3 жыл бұрын
And please what kind of browser do you use
@T__12
@T__12 5 ай бұрын
If I switch on burpsuite or foxy proxy the other website im testing goes offline and doesnt respond, any solutions?
@saeidmansorinia845
@saeidmansorinia845 3 жыл бұрын
your best of the best man
@filmies7021
@filmies7021 3 жыл бұрын
Sir , show us Admin panel bypass .
@arknan9624
@arknan9624 3 жыл бұрын
Bien tes vidéos mais ce genre de hack ne peut être fais que si tu as accès au pc distant puisqu'il faut utiliser burpsuit.. Donc ça ne sert pas à grand chose
@captainforyoubruh
@captainforyoubruh 9 ай бұрын
It is only recommend on linux to carry out burpsuite??
@dud3smil3y
@dud3smil3y 3 жыл бұрын
My pass is NANJA = NANJABUSINESS 😂😁 Nice video!
@swarnabhargavi5680
@swarnabhargavi5680 2 жыл бұрын
Hey I've done the same thing just as uh did but got no Peculiar result differentiating between the other payloads. I also got some Blank spaces in the Payload Column. Response : 405: Data send in wrong format. Unexpected token u in JSON at position 0. Reason ? Also do a video of Logging in with a Login page having CAPTCHA.
@mlcdpriest5061
@mlcdpriest5061 3 жыл бұрын
Please which browser are you Using
@ougksout5446
@ougksout5446 Жыл бұрын
Can be used to router page also;
@Zeix02
@Zeix02 2 жыл бұрын
What is with ip blocking? This attack work when the developer records the false login counts from the same ip address?
@boogaplays123
@boogaplays123 9 ай бұрын
I don't see burp suite on foxyproxy
@ManishKumar-ue5il
@ManishKumar-ue5il 3 жыл бұрын
Everything is okay but what tools you are using... Please make a video on it🙏🙏
@strongman7940
@strongman7940 Жыл бұрын
what if i use login attempt on a lockout address this my help me right ?
@MALAYAPH24
@MALAYAPH24 3 жыл бұрын
Thanks a lot for your wonderful tutorials
@m_u_s_i_c.f_a_n
@m_u_s_i_c.f_a_n Жыл бұрын
Pleaseee what do you use for that ??
@shibbyshaggy
@shibbyshaggy 3 жыл бұрын
How to do that on a webpage that locks you out after 4 failed attempts? Also how didi it brute force and where was setup for that?
@greenman4158
@greenman4158 2 жыл бұрын
Litteraly ANY websites that has a login page?
@marksGSJnr
@marksGSJnr 3 жыл бұрын
Burp suite.. is your site running on a local sever..?
@ideologic3407
@ideologic3407 3 жыл бұрын
Won't this becomes Dos attack if request frequently?
@avijeetupadhyaya3885
@avijeetupadhyaya3885 3 жыл бұрын
if we use in real website login page withiut owner knowing what is the result ?are we ethical hacker or not
@verbon47
@verbon47 3 жыл бұрын
use your brain for 1 second
@avijeetupadhyaya3885
@avijeetupadhyaya3885 3 жыл бұрын
@@verbon47 what do u mean??
@kennethdavefernandez1148
@kennethdavefernandez1148 2 ай бұрын
​@@avijeetupadhyaya3885 Ethical
@SteveSultanian
@SteveSultanian Жыл бұрын
Loi, I'm new to this but am determined to learn as much as I can from your tutorials.. I have an issue where someone has hijacked a facebook account and is causing all kinds of problems.. I know youve shared how to go after passwords, just not for FB accounts. Can you please assist me on this with either a response or tutorial specifically for this situation.. It's getting bad, as this person is requesting money from my friends and family, playing as if its me doing this.. Thank you in advance..
@goodgameplays9571
@goodgameplays9571 3 жыл бұрын
what is burpsuite guys and what is a proxy? im kind of a beginner
@naicodebr
@naicodebr 3 жыл бұрын
But, the server's response was saying that the username OR password was wrong. In this case, it would be feasible to do the email enumeration in the application AND THEN carry out your attack
@notyou2353
@notyou2353 Жыл бұрын
TBF, he explicitly stated that the attack assumed the username had already been discovered by some means.
@xu8283
@xu8283 3 жыл бұрын
How about those with cloudflare protection?
@ajayparkarexhibitsolutions
@ajayparkarexhibitsolutions Жыл бұрын
Dude he is really awesome😭😎😎✌
@xrop116
@xrop116 2 ай бұрын
I am facing an error when I open the brusuite internal browser and I turn intercept mode on and try to open my router web page takes forever and still not load when I turn the mode off it worked then after loading the login page I turn the mode on again and put wrong user and password I just won't try to login like the page is stuck but when I turn intercept mode off I work completely fine. Can any one have the same issue please help me
@QadriHarris
@QadriHarris 3 жыл бұрын
Very clear understanding tutorial
@ONE-jj9oh
@ONE-jj9oh Жыл бұрын
Why does it say Network error when ever I enabled interception
@CynthyKemuma
@CynthyKemuma Жыл бұрын
My bwapp doesn't have the right corner tabs for doxy browser 😢
@lucasez4782
@lucasez4782 3 жыл бұрын
Hacker loi do u need a terminal to get burpsuite or can u get it on windows 10:)
@dabrad7828
@dabrad7828 3 жыл бұрын
Man your the best ! Bought your course yesterday on udemy pretty excited to start !!!
@aditibhatiya2204
@aditibhatiya2204 4 ай бұрын
My question is that if id password not in common password list so what can i do ?
@Fabby-n1p
@Fabby-n1p 2 ай бұрын
When I log in the intercept stays blank
@motivationalai1420
@motivationalai1420 3 жыл бұрын
Thank my teacher 👨‍🏫
@yogitaraut4107
@yogitaraut4107 3 жыл бұрын
Hey man you should do a coplab with Networkchuck!!!
@amiranzizovi7936
@amiranzizovi7936 3 жыл бұрын
hi, where i get foxy proxy? thanks
@darkclown2267
@darkclown2267 2 жыл бұрын
Sir can we do this in any site or just in bwapp
@clip_1
@clip_1 3 жыл бұрын
After avery attempt that going slow down. Any solution?
@kundan.rajput
@kundan.rajput 2 жыл бұрын
sir which will be the best book to learn hacking
@sakullepmah
@sakullepmah 3 жыл бұрын
This proxy foxy Burpsuite Thing where you Cricket on Thing and on Thing isnt Wirkung can you help me
@sarathisasi4472
@sarathisasi4472 3 жыл бұрын
Sir, android hacking for link sending than mobile screen in my windows
@michealphiri9383
@michealphiri9383 2 жыл бұрын
Is it possible to do this without kali linux?
@SadhanandhaReddyEedara
@SadhanandhaReddyEedara 4 ай бұрын
bro! i getting one problem in this video. the problem is when im start attack it is executing a payloads after that it will be showing all payloads are valid. there is no invalid payloads. can you please explain how can i solve it. im waiting for your reply bro.
Access Location, Camera  & Mic of any Device 🌎🎤📍📷
15:48
zSecurity
Рет қаралды 2,7 МЛН
how hackers hack any websites in minutes?!
23:17
Loi Liang Yang
Рет қаралды 238 М.
99.9% IMPOSSIBLE
00:24
STORROR
Рет қаралды 31 МЛН
Каха и дочка
00:28
К-Media
Рет қаралды 3,4 МЛН
IL'HAN - Qalqam | Official Music Video
03:17
Ilhan Ihsanov
Рет қаралды 700 М.
Tuna 🍣 ​⁠@patrickzeinali ​⁠@ChefRush
00:48
albert_cancook
Рет қаралды 148 МЛН
How to HACK Website Login Pages | Brute Forcing with Hydra
18:21
CertBros
Рет қаралды 1,5 МЛН
how hackers bypass login pages!
8:04
Loi Liang Yang
Рет қаралды 165 М.
how hackers hack any website in 8 minutes 6 seconds?!
8:06
Loi Liang Yang
Рет қаралды 120 М.
Password Hacking in Kali Linux
24:22
John Hammond
Рет қаралды 821 М.
find social media accounts with Sherlock (in 5 MIN)
5:01
NetworkChuck
Рет қаралды 4,5 МЛН
Simple Penetration Testing Tutorial for Beginners!
13:08
Loi Liang Yang
Рет қаралды 54 М.
Bypassing Brute-Force Protection with Burpsuite
15:26
Hak5
Рет қаралды 98 М.
Scammers REGRET Challenging An FBI Agent!
21:02
Scambaiter
Рет қаралды 2,4 МЛН
99.9% IMPOSSIBLE
00:24
STORROR
Рет қаралды 31 МЛН