How Hackers Can Brute-Force Website Logins

February 17, 2020 by 41 Comments

Hatch Can Brute-Force Web App Credentials
Full Video:
Subscribe to Null Byte:
Kody’s Twitter:

Cyber Weapons Lab, Episode 066 (Recut – Partial Episode)

Brute-forcing is an essential hacking technique that’s easier with certain services than others. Website login pages are frequent victims to attack. On this episode of Cyber Weapons Lab, we’ll show you how easy it can be for a hacker or pentester, even if they’re a beginner, with a Python tool called Hatch.

To learn more, check out the article and more in-depth video on our website:

Follow Null Byte on:
Weekly newsletter:


41 Replies to “How Hackers Can Brute-Force Website Logins”

  1. xXMadManx says:

    Can I install it on Arch distributions?

  2. Evie Lowborn says:

    WHY THE FUCK HE DOESN'T BLINK?????????????????????????????????????????????????

  3. bro can you give me an websites log in pass i will pay u

  4. zac morris says:

    Can we use a vpn with this ?

  5. Motivation says:

    thanks sir we want brute forcing gmail if you can

  6. Arjun Peter says:

    In Hatch can we do dictionary attack

  7. I found that if you put characters like ö, ä or å into the password list the script wont be able to decode them. I tried changing my password file to utf-8 with BOM but it still wont work. The script is kinda useless if you live in sweden like me where we use scandinavian letters. Any ideas?

  8. Ro ZeR says:

    Couldnt the creator just add a proxy tool where we can enter proxys so it cannot get stopped by capatcha for spam etc ?

  9. Harsha Didde says:

    what if we only want to brute force verification code and not login page. Is it useful??

  10. Aizakku says:

    I am trying this with an Instagram account that I made. Anyone know the cap?

  11. Meiko says:

    Lmao this would take much longer than another brute force but I could be worth it

  12. Light Yagami says:

    The intro is so neat

  13. Bruh moment says:

    What program do u run hatch with??

  14. redbarron 88 says:

    can this be done with python 3?

  15. Thanks bro I can now pen test my websites

  16. Balaji AR says:

    Is this legal?? Like are we going to get caught if we did this method ?? Please answer sir….

  17. how to access on that link?

  18. Can we login with many username and its password

  19. Where do you download this app from?

  20. Rolimbo 6000 says:

    I don’t understand how you did it with cmd I spent 2 hours trying to download all the commands for it like the ones you had but it didn’t work

  21. Blender : id says:

    Hi I am getting an error when trying to run "py -2". WHat chromedriver should we use. please I really need help

  22. sir spectre says:

    Can I do this script on visual studios?

  23. Can you make a video on how to deal with rate limiter, captcha?

  24. never that says:

    C:UsersUserHatch> my hatch has an arrow at the end help?

  25. never that says:

    you need to have someones ip to brute force and rat them?

  26. never that says:

    i have python2 and 3 but when i do python2 -h it says 'python2' is not recognized as an internal or external command,

    operable program or batch file. and it wont work if i just do python or python3

  27. 8 says:

    It didn’t work

  28. Don Buth says:

    I got this working.Can you explain if i can add a list of usernames just like passlist.txt so it can continue working after finding one right password?

    This is really important , kindly reply

  29. lifelessbaby says:

    which version of chromedriver do i need

  30. Jack Carter says:

    Is there anyway to make the script quicker? It’s take about 5-7 seconds to try one password. I understand it’s probably a couple more seconds longer to do it yourself, plus you can leave it to do it’s thing, but the password list that comes with hatch is pretty cheap and doesn’t even have simple default passwords like ‘password100’. If I was to use a custom dictionary, it could take hours maybe even a whole day to get through 30,000 passwords, whereas normally using something like aircrack can get through 30,000 passwords in 10 seconds. Is there a way to make this a little faster? I noticed that it pauses for 4 seconds after a password attempt.

    Thanks Null!

  31. Jacob Jamali says:

    Me being a Python Selenium Pro, Laughing at you guys, like you do not even know that,

  32. Kantu says:

    Someone at my school made a fake snapchat account of me and was asking all the girls for nudes and now they think its me, i wanna try hack it to see the location and who it is but i cant 🙁 can anyone help me please? :/

  33. Can you hack PS4 accounts because I saw a video someone said a “brute force Botnet”? Ima nub so I don’t know anything lol

  34. Abhyam Kumar says:

    Bro by which site we can do brute force

  35. Anna Mark says:

    what if you use a VPN could you still be traced ? and will your IP still be tied in

  36. Dylan Xander says:

    Are these legit? Like how can you hack someone without their email?

  37. Amro A. says:

    Youtube is the biggest impediment to security research ever

  38. bin tor says:

    HI Null Byte is there any way we can associate username liste to a password liste if you have e-mails with passwords ? i hope u can answer

Leave a Comment

Your email address will not be published. Required fields are marked *