The title of this post might be a little misleading, as getting a Hotmail password using bruteforce is not really possible. The security engineers at Hotmail have implemented a system that blocks an account when more than some incorrect passwords have been entered, so this will not be really applicable to Hotmail, but might work in other e-mail providers.
But, first of all, we must know what bruteforce is. This is a technique that simply tries all possible passwords from a list until it finds the correct one. The list may consist of some selected words (for example, words extracted from a dictionary) or we can try all possible combinations of letters and numbers with different lengths. Chrootstrap has a good explanation about this.
Fortunately for us, this is a very noisy technique, leaving a lot of logs in the server and easily detectable so not many people are going to try this. Furthermore, most e-mail providers won’t allow use the use of this technique, blocking the account for some time after a few tries, although this can also be a double-edged sword, as if the attacker repeats this for a long time we wouldn’t be able to use our account.
1 Response to “How to get a Hotmail password (IX): Bruteforce”