What is the most effective strategy to find a users password

What is the most effective strategy to find a users password

We have the Username, what is the best way to find the password, thanks in advance

Pic unrelated, random image

Op here, should probably mention password on a web browser, we need the login info

google for leaked accouts lists and try his paswords from other sides

Check public databases if there's same username or email you dum dum

Shit, no, op here again, forgot to mention also that the username was generated and not for him to choose, so we need to find it through these means

Punch them until they tell it to you.

Should be easier to find out their security questions

check his computer to see if the browser saved it

do u hav ahis a e eeeeeeemai?

bruteforce, duh

man you're wasting your time. tryna get whoever you want to hack's hashes and then you could do something. do you think any online service generates passwords anyone could guess?

Yes, we could grab access and pose as sys admin
This was our original plan, know any good programs?

Ask his mum for the password, she keeps a copy just in case.

try ARP sniffing if you're on the network

We do have access to the same network, will give this a try

The browser itself, dumdum.

That was about the email, but yes, he leaves the room a ton and has his own laptop, I don't know why I didn't think about this. I feel REALLY stupid

Get them drunk and convince them to tell you

You mean arp spoofing. Sniffing arp packets just has you sniffing arp packets. who-has/responses etc.

Bettercap is the preferred method. Or you can probably do it with cain & abel, but it's kinda a shitty program and I haven't tested it on win10, so i don't know its efficacy.

Alright, I'll probably give it a shot as well. Thanks

I thought he was teeth puller man.

if you have access to their machine, just run mimikatz (or a modified version of it since it sets off AV in default configs)

There's a couple of other progs that will do it (lookup usb rubber ducky utils, many of them have it). Same as mimikatz, modify it to avoid AV detection. Modify the binaries with a hex editor and add in a couple of NOP's and you're golden.

Do have possible access to their machine, thankyou, this that could work

1.
>password on web browser
I think I meant it is a password for a website account. A browser in a program on a device that is used to "search the web". Kek.

2. If you can't do it your self already, than no one here can explain how to over chat. If you have no technical prowess, than your best bet would be Social engineering or shoulder surfing.

3. Even if you do get the password, how long till they find out? Does it matter how long? Do you know how to cover your tracks? Will OP get caught?
Find out next time on dragon ball z!

4. If this is for a business (or any malicious intent to make money/gain secret info.) you will most definitely get caught because you are not a pirate/master. Your tracks will be found, someone will find where you fucked up, and you will get caught.

ALSO, I bet you think incognito mode is safe... kek

that's exactly what I thought

he sure as hell hated them damn red dot nip monkeys

Well, it is a bit malicious, but I do know what i'm doing relatively, i'm just the monkey doing some of the research and stuff like this, i'm the least skilled out of the group, so I get assigned this stuff

Social Engineering, find all info around the username

done this for several emails, cloud accounts and fb accounts that dont have 2 step verification

and if you get an email you can get basicly everything, reset other passwords, look thorugh logs and history of website registrations etc..

Will def try this, it would work the best out of any other option. Thankyou for this

If I tried resetting the password for an email wouldn't it notify the user that their email is being accessed from another location? And if so, could they ever find out it was me?

Not OP by the way.

the trick is to not reset the email pass, use the pass that the owner uses

and when you reset passwords for other stuff, just delete the mail within seconds, empty thrashcan and delete recoverable email, such as in hotmail

For example, I got into an email through social engineering. Then messed around, looked for info etc, found out the owner used onedrive. I tried logging in the fb account to notify the owner to change pass. It worked and the password was changed, at the same time the owner also screenshot the login codes for untrusted devices and the image appeared in onedrive. So I logged in again, used the code from screenshot and got full access lol

Damn. I'm not that savvy and I also don't want to get caught. But my gfs sister has photo vault on her phone. I've searched her computer, her phone and have found nothing besides one pic of her comparing herself after losing weight. I want in.

I could rat the computer and send results?
Give you the rat client, you execute it on her comp?

Won't do anything serious other than info etc, i'll just provide it to you.

There's literally nothing on her computer. She just uses it for music and video games. It's her phone that's the issue. I would need to find out the app pass code. And I never really see her. So I'm kinda fucked.

I'll find stuff related to her browser etc too, even old shit. one thing may lead to more important stuff

If i find an old pass it could be close to or the same as the one for her apple-id etc