I made this a long time ago. The vulnerability has since been patched, so I’m making this public.
It's a python tool that hacks into Udvash accounts. It allows users to hack into Udvash accounts using OTP brute-force attack. It uses multi threading. So, the process is quick, takes no more than 2-3 minutes with decent internet connection.
This is a POC (Proof Of Concept) script. I found the vulnerability, and I made a tool that can exploit it. If you use it with ill intent, well, you are on your own. I will not be responsible for what you do.
Retriving Registration number:
Changing Password:
- Randomized OTP brute-forcing
- Self Generate OTP list
- Multi-threading support
Note: this method is for linux users only
if you want the fastest way possible Just copy and pase the below command
wget "https://github.com/Itsmmdoha/crackvash/releases/download/v1.0.0/crackvash" -q && chmod +x crackvash && clear && ./crackvashNote: this method works on any os with python installed
If you wish to run it from source, you have to install the required modules before running it. Just run the following commands:
- Clone the repository:
git clone https://github.com/itsmmdoha/crackvash- navigate to the crackvash directory:
cd crackvash- install required modules:
pip install -r requirements.txt- finally run the main.py file
python3 main.py- Then, just follow the onscreen instructions.
contributions are always welcome! Below is a list of things I would like to add as a features:
- verify the credentials before starting an attack
- build a better cli-UI
The web portal sends a 4-digit OTP to the user; this tool cracks it by trying all 10 thousand combinations. It first loads all the combinations from the 4digits.txt file and randomizes it. After that, it loads all the combinations into a queue so that multi-threading can be used. Then, it just tries all of them until one is matched.
The brute-force can take 20 seconds if you are lucky or can also extend up to 2-3 minutes. But if you have a fast internet connection, I promise it won't take much longer than that.
I'm an enthusiast. I have a youtube channel named HoundSec
contact me at: the_doha@protonmail.com


