Webmail Password Cracker
Siri Vonbank
UPDATE:Also assume the password is unique (never used elsewhere) and it is NOT a guessable word like you dog's name with a few odd characters thrown in.Your unique password in question might be something like: q*b!oss0.
"Eight digits" means 108 = a hundred million possible passwords. At best, you selected your password fully randomly, implying that the attacker, on average, will have to try half of them before hitting the right one (so fifty million connection attempts).
(The "at best" means here that the attacker always has the option of trying passwords in a random order, so there is no password selection strategy, however nifty it may look, that can make things harder than that for the attacker. Some selection strategies may make things easier, though. Therefore, in password generation, randomness rules.)
How many authentications the attacker may attempt depends on the context and server behaviour. If the server uses "typical" hardware, implements inexpensive password processing (e.g. single SHA-1, not bcrypt), and does not limit authentication rates, then an attacker can hope for, say, 1000 authentication attempts per second, thus reaching the 50 millions in about 50000 seconds, i.e. about 14 hours. On the other hand, if the server locks out the account after 10 failed successive authentication attempts, then the attacker won't be able to try more than 9 attempts between any time you connect; if you connect on a daily basis, then the attacker's expected breaking time will be about 15210 years.
Well let's think about it for a moment.The character set for passwords is usually [A-Za-z1-0\\!...] or 26+26+10+10=72 characters for a total of 728 or 722,204,136,308,736 different combinations(including combinations that are bad. Trying to catch all of those patterns is a bit inane).
Now let's lock the account after 10 lockouts and requires a phone call to unlock it. Now the person knows the attack is happening. The attack no longer has any intensive to even try after the lockout because they are guaranteed to have either a new email, or a new password and they're back to square one.
Of course this is assuming the person has to go through every guess to get there. Realistically that doesn't always happen because they have zombie nets, can do it by ranges per machine, and often get lucky an find it quickly. Plus not all passwords patterns conform to these patterns. Often they conform to a smaller set of Regex values that get applied to it to test it's strength and keep it at a bare minimum. This means that all of this is moot if they get it the first try.
I am a high school student and I am trying to make a password cracker to show my school how vulnerable their Student Dashboard is. A student Dashboard is a website that contains student accounts, links, and private information like addresses, passwords, and relatives.
Algorithms problem: you are given a function substring?(str), which returns true or false depending on whether a password contains any given substring. Given this function, write an algorithm that can deduce the hidden password.
Recall our original formula for the number of iterations: A(N/2 + 2). The true password was 22 characters, so our formula would estimate 36 * (22/2 + 2) = 36 * 13 = 468 iterations. Our real password took 443 iterations, so our estimate was within 5% of the observed runtime.
Let me explain my situation. One of my users (vip) manages a website for part of her legal responsibilities ( I work for a lawfirm). Her assistant just recently left and we have replaced her with someone from inside the firm so a current user. Well the previous assistant had access to the email for this website. However when it was setup predates my employment. My user (vip) does not know the password (she never has to use it. She uses Outlook and it "just works"). So now I need to setup access for the assistant to the email however I cant set it up correctly because I dont have the password. I have all of the other information, smtp and imap server addresses, etc.
Im not sure she knows how to access her email from the source. She only ever accesses it from her outlook which was setup before I got here. The imap and smtp servers are through gmail but when I try to sign into the account on gmail and click the forgot password link I get a message to "contact my administrator" which makes me laugh because technically I am the admin lol.
My understanding is that's not the problem. The primary user has access to the emails but they don't know the password in order to give a secondary user access to the account or to log into the portal to reset it. The account info is stored in the primary users Outlook which still works but they just don't know the password.
I would like to thank all of you for your help and your suggestions. My user the vip has asked me to drop the ticket. she has determined that it is taking to much time to solve something that apparently isnt as big a deal as she made it sound. she has determined that she will just be the sole person who accesses her email and that the assistant doesnt need to worry about it. She is also one of those people who is paranoid with tech support and mechanics because she doesnt understand it the subject matter, you know the type. So "if it aint broke dont mess with it". So resetting the password apparently wasnt an option either. Regardless I really appreciate all of you taking the time to assist me with my IT trouble. I will definitely be coming back here when I have anything new to ask about.
The website she manages is HERS not the firms. The email that she accesses is HERS not the firms. I do not have access to any of it. I don't manage it or anything. But it is something that is important to HER practice. (my firm has multiple lawyers that practice under the same name but thier practice is basically thiers.) Because she is using our network and our computers to access these accounts that is where I come in. I am the help desk/sysadmin/it coordinator but I am governed by an IT committee. She is a former member of the IT committee so she has weight when she asks for something. She is also a shareholder in the firm so she is double important. You know how it goes "dont tick off the wrong person" she is one of those people. She is also quite technology illiterate and gets frustrated easy. So I always have to be careful when I approach her with anything new or different that is IT related. Basically she is very particular and doesnt like change, she likes her environment the way it is and "dont stir up any dust". So to ask her to reset the password for the account gets her nervous because that affects things that currently "work". Im sure your familiar with the type of person I am describing. I went to my IT committee boss and told her what was going on and explained the situation just to "CYA". The situation itself has been resolved even if the password issue hasn't. But my IT committee boss told me that from here it's her problem if she doesnt know her password.
Your email account is an important part of protecting your personal information online. Why? Say you forget your account password and use the password reset feature to get a new one. You get an email with a password reset link, click on it, and change your account password. All in a matter of minutes.
Now, imagine if someone hacked your email account. They could request a password reset link for any of your other accounts, get the password reset link from your inbox, change your password, and lock you out of the account.
Once your computer is free of malware, it's time to change your password. If you've lost access to your account, you may need to contact the email provider directly to prove who you are and ask for a password reset. Many providers now offer a dedicated recovery service page for your account, where you can answer security questions to reclaim control of your email.
Choose a new password that is different from your old one and make sure it doesn't contain strings of repeated characters or numbers. Stay away from passwords that have obvious ties to your name, birthday, or similar personal details. Hackers can easily find this information and often use it in their first brute force attempts to access your account.
Your password should be unique for each account, complex (that is, a mix of letters, numbers, and special characters) and at least 12 characters long (ideally more). If you need help creating new passwords or managing all your new complex ones, use a Password Manager and Generator to create and store them safely.
Keeping your other accounts secure is important since secondary services are, ultimately, the much more valuable targets in these security breaches. For example, your bank account could easily be the next break-in if the scammer found the information needed to reset your password.
Be sure to use a unique password for every site: The risk for follow-up breaches increases if you use the same password for multiple sites. Avoid streamlined logins via your email or social media accounts to reduce further risk. However, even varied passwords may not be enough if you have emails in your account that lead directly to linked online vendors.
Enabling multi-factor authentication enables you to protect your logins and password resets. This authentication uses secondary email addresses, extra security questions or text messages to secure your email further.
Run an antivirus scan on all connected devices, including your laptop, tablet, and smartphone. Take steps to secure the cloud, since it may also contain your personal data. Change your passwords, notify your providers, and consider cleaning your cloud data and backups with an antivirus scan. These measures can give you further peace of mind.
Phishing scams: This might involve an email that appears to be from a genuine brand, asking you to confirm your password, account details, contact or other information. Criminals use phishing scams and social engineering techniques to trick victims into handing over their email passwords. Often, they can be very convincing.
aa06259810