Python Password Generator

 

Stop using your child's name as your password!!! Let me explain.

A complex password is essential to keeping your account secure, making it harder for malicious actors to guess or brute-force your password. According to Explodingtopics.com, 31% of employees use their child's name as their password combined with some sort of easy numeric value like their birth year or something even more straightforward. Let me paint a picture for you. Stacy, who works in HR at your local Walmart, has a public Facebook account, and she posts, "Happy 10th birthday to my favorite son in the whole wide world, Daniel." Because everyone likes Stacy, she gets many likes, reposts, and comments, which is excellent, but only some people who see your posts mean you well. As an attacker who is looking to guess any of Stacy's passwords, I am willing to bet it starts with "Daniel" because she loves him so much for being her only child. Since her work requires a minimum of 6 alphabets, 3 digits, and 1 unique character, the attacker gets to work. Since we are in 2023 and Daniel just turned 10, it does not take a genius to figure out that he was born in 2013, so let the password-guessing begin. We will combine "Daniel" + his birth year "2013" and try each unique character above the numbers on the keyboard.

This would be something like "Daniel2013!", "Daniel2013@", "Daniel2013#", etc. But you get the point. 

Your password does not have to be so weak!

I have developed a Python script that helps generate a password that does not only meet Stacy's work requirements but supersede them and, most importantly, cannot be EASILY guessed or brute-forced.

First, in our Scripting platform, we will import "random" and "string." 

The "random" function allows us to generate characters from our library as an output, and the "string" function enables our password to access every alphabet, number, and unique character in our library.

Now, we move to the function of the script.

Line 4, we have our function called "give_me_password," and we set our password length to 13. In this case, you need at least 12 characters for your password to be considered vital.

Line 5 is where we concatenate (combine) our letter string + digit string + punctuation string (unique character) into one character that will be stored as "alphabet."

Line 6, we define our password by asking it to randomly generate 13 characters from our "alphabet" string that we have defined as letters, digits, and punctuation. The "random. choice" nature makes sure a random password is generated every single time we execute the script.

Line 7 just makes sure that the results are sent back to us.

Now, we round up our script and create a print statement.

 

Line 9, we set a variable, and the output will be "give_me_password."

Finally, Line 10 allows our script to pass the new variable as our password.

Together, the script should look something like this:

Now, we run the script, which should generate a random 13-digit character every time.

If you ask me, "YX4o,CR~JZEX?" is more challenging to guess or brute force than "Daniel2013#".

And every time you run the script, it generates a new password. 

For example:

Thank you for reading.

BLUE TEAM LABS PHISHING ANALYSIS.

 

MY JOURNEY DOING BLUE TEAM LABS PHISHING ANALYSIS.

    Hello, and welcome to the first ever Blog, My name is Tom Olawuwo and I am a cybersecurity enthusiast. My goal with this lab is to improve my Phishing Analysis. Today I am challenging myself by completing the "Blue Team Labs Online Phishing Analysis.".  I am taking advantage of all the FREE blue team (defensive security) labs I can use. 

    What is a Phishing attack? This is a type of social engineering attack that focuses on tricking individuals into giving up sensitive information while the attacker acts like a familiar source. Phishing is mostly associated with email attacks, while Smishing (SMS Phishing) is a phishing attack over text and Vishing (Voice Phishing) is a phishing attack over the phone.

I was given a scenario and a phishing email document to investigate.

Blue Teams Lab suggested using Mozilla Thunderbird to open the phishing email so that is exactly what I did.

The investigation started with very basic information like the recipient of the mail, date, time, and the subject of the email. These questions were the more straightforward ones and took minimal time to find thanks to ThunderBird.

Next, I had to find the originating IP address. I found this by downloading a WordPress software called "WordPress ++", From my own research and findings you can use other WordPress apps like UltraEdit, Jedits, Visual Studio Code, and even Notepad if you use Windows OS (the least effective in my opinion). After running my Phishing email through WordPress++ it did not take long for me to find the originating IP address.

Next, I performed a reverse DNS lookup on the IP address with "whois.domaintools.com" and then put in my originating IP address, and that is how I found the resolved host.

Next, I had to find the name of the attached file, the name was "Website contact form submission.eml". Fun fact, the .eml means the file is an electronic mail file.

Now I go back to Mozilla Thunderbird and I am trying to locate the URL in the attachment and the service the webpage is hosted on. The URL is located below and the webpage host is "Blogspot"

Lastly, I used "URL2PNG" to find the heading text on the page. Which was " Blog has been removed". And that completes this Phishing analysis.

Overall, this lab was very straightforward in my opinion, the tools/websites I used were:

• Mozilla Thunderbird 
• NotePad++
• Whois.domainnametools.com
• URL2PNG

Here is my completion badge.