We hear now and then that there is a data breach somewhere but, you might also be curious how to find the password(s) from a data breach. Very few understand the criticality of a data breach. Only weak passwords get exploited in a data breach.
What is a data breach?
An incident where an unauthorized party/person releases or exposes sensitive information like confidential login data, passwords, usernames. geolocation, etc. which should not be disclosed publically is known as a data breach.
It is not necessary that to make a data breach happen data should be released publically. In some cases, data is used for personal intentions for some benefit level / sell it in the black market for a deal.
In this article, we'll see that how you can find if you were pawned in a data breach and how to find out passwords from a data breach.
Step 1: Finding if you are pawned?
- Visit breachdirectory.tk to find out if you / friend / someone in your network you know is pawned or not
- Enter email / contact number and hit the search icon ( wait for few seconds to search for results )
- This website will detect and show you on which websites password(s) were compromised
From the above image, you can see that there are some passwords listed with some hashes, you can also see that there are some websites listed ( Data breaches happened here ). So if you want to decrypt the hashed passwords, how to do this is the next question!
Step 2: How to decrypt MD5 Hashes?
For decrypting MD5 hashes were will share here two methods with you.
Method 1: Using online tools
If the password of targetted hash is not much complex or is guessable type
- Visit hashtoolkit.com
- Paste hash that you have received from breachdirectory and hit the search button ( Would take some time depending on password complexity )
- Post that you will get a password in plain text as shown below
Method 2: Using hashcat tool
If a password is more complex i.e taking a very long time using an online tool / online tools are unable to decrypt due to complexity then you may use hashcat.
If you are aware of Backtrack / Kali / Parrot O.S, then chances are high that you would have come across this tool to decrypt password using a wordlist. A wordlist comprises a dictionary of predefines length, characters and whatnot which will have a list of strings of cracking a password.
hashcat -m 0 hashes path to/wordlist.txt
You can use above command to decrypt password in you local machine.
In upcoming posts, we are going to share a detailed video and step by step instructions about decrypting password using hashcat tool. Make sure you subscribe to our newsletters and our YouTube channel. Let's meet again in the next post.