Credential reuse attack | How to use old credentials to hack.

In This Article, we are going to talk about the credential reuse attack, in which an attacker/hacker can reuse your old credentials and test them on various other websites with your username and email address to check if you have the same credentials on other websites too. Which will put your other accounts at risk. The Tool which we are going to talk about is Cr3dOv3r by D4Vinci(Karim shoair). (https://github.com/D4Vinci/Cr3dOv3r.git).

How Hacker can use this tool to compromise

If the attacker/hacker knows your email address and any of your passwords it can be a previous password or a leaked passwords or a hacked passwords, They can use this tool to just test your email and your previous password on various websites like GitHub, StackOverflow, Gmail, Facebook, etc and this is known as credential reuse attack.

How to do it? (Educational purpose)

First of all, you need to have python3, and git installed on your computer.

For Linux Users

Open your terminal and write the following commands
1.) git clone https://github.com/D4Vinci/Cr3dOv3r.git
(to clone the tool to your system).

2.) cd Cr3dOv3r.

(to get in Cr3dOv3r directory.)

3.)python3 -m pip install -r requirements.txt
(to install all the requirements to run the tool).

4.)python3 Cr3d0v3r.py –h (For running the tool)

For Windows Users

Download the zip file from GitHub and extract it, Then open the command
prompt(CMD), and type the following commands.

1.) cd Cr3dOv3r-master
2.)python -m pip install -r win_requirements.txt
3.)python Cr3d0v3r.py -h

As this tool does not require sudo to run you can use this tool
on android devices without root.

Download the termux application to run this tool.

1.)Open Termux.
2.)for installing python3 in termux write command -> apt-get install python.
3.)for installing the git in termux write command -> apt-get install git.

Now type the following commands

1.)git clone https://github.com/D4Vinci/Cr3dOv3r.git
2.)cd Cr3dOv3r
3.)python3 -m pip install -r requirements.txt
4.)python3 Cr3d0v3r.py -h

This tool can be used in various scenarios.

  • Find if the targeted email is in any leaks and therefore this tool will test the leaked password on different websites.
  • Check if the target credentials you found are reused on other websites/services.
  • Credover can find out if any of the leaked passwords can still be used on any other website.

Screenshots of the tool.

Credover screenshots number 1
(img src ->https://github.com/D4Vinci/Cr3dOv3r/blob/master/Data/Email1.png)
Credential reuse attack number 2
(img src ->https://github.com/D4Vinci/Cr3dOv3r/blob/master/Data/Email2.png)
Credential reuse attack number 3
(img src ->https://github.com/D4Vinci/Cr3dOv3r/blob/master/Data/Email3.png)

How to be safe from this type of attack?

  1. Update your credentials frequently.
  2. Use different credentials on different websites.
  3. A slight difference in your password can protect you from this tool.

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

Recent Posts

Follow Us on Youtube

Cyber Security Training Program 2020

Cyber security Course offered by Cybervie prepares students for a path of success in a highly demanding and rapidly growing field of cyber security. The course is completely designed with an adaptable mindset, where the program allows the student to complete the course work at their own pace while being able to complete weekly assignments. Hence, also making it convenient for busy working professionals to pursue the training to help them advance their career in cyber security.

Cybervie has designed the training module based on the cyber security industry requirements in both offensive and defensive manner, using real time scenarios which help our students to understand the market standards.

Sign up for our Newsletter

Interested in Cyber Security Training Program 2020 – Click Here