Instagram is one of the most widely used social media applications. I am pretty confident that at least one of your friends or you are using it pretty much everyday. Today I am going to show you how a hacker could crack someone's Instagram password using a script called Instainsane.
Unfortunately, Instainsane isn't built into our Kali distribution, so we will have to clone its repository from github.
kali > git clone github.com/thelinuxchoice/instainsane.git
Now, we need to install it. Go to the directory where you cloned the github repository and run the "install.sh" bash script.
kali > cd <path to directory>
kali > chmod +x install.sh
kali > ./install.sh
It is finally time to crack the target's password. The only thing we need now is the user's Instagram username and you could also prepare a wordlist, though the script provides us with a default one which is actually preferable to use.
Note: the longer and bigger the wordlist, the slower the cracking process. This is due to the way the script handles files, so a big dictionary like rockyou.txt isn't advised.
Start by running the Instainsane script. You will need to be in the directory where you cloned it.
kali > chmod +x instainsane.sh
kali > ./instainsane.sh
Note: depending on your terminal settings or due to a bug in the script, the printing might be cut a little (like on my terminal), but for the most part you should be fine.
You will be prompted for the username that you wish to crack the password of. Enter the target's username. For the purpose of this tutorial I have created an account to test the script on.
Next, you will be asked to set a wordlist. Just press enter here or if you really want to use one, just specify the path to it.
If you have that text being cut bug, you won't be able to see the ports, but you don't need them anyway. For those of you who want to know them they are: 9051, 9052, 9053, 9054 and 9055.
After the connection has been established the cracking process will begin.
The way that Instainsane works is it creates a connection through the TOR network as Instagram only allows for 10 login attempts per IP to the same account. That way every 10 guesses Instainsane switches IPs through TOR to allow the cracking process. To speed up the process the script creates multiple threads.
If the password is in the wordlist, given enough patience you will have it.
Now you have your the target's Instagram password! How cool is that?!
Note: there is a bug in the script and sometimes when it finds the password it won't stop the process, so you will see more and more passwords being tested. The script pauses for a few seconds automatically every 100 guesses, so keep an eye out for the password.
Note: also when it finds the right password the target would be told that a suspicious login was attempted. As of now there is no way of getting rid of this, so sorry :(
I am not responsible for your own actions. Use this knowledge at your own risk.
If Instainsane fails to crack the password, try another wordlist.
Ask any questions or problems you have down in the comments and I will be more than glad to respond to them!
Have a nice day hacker and thank you for reading the whole article. Keep coming back for more!