Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "lost password"
So a friend of Mine asked me to check their Mail server because some emails got lost. Or had a funny signature.
Mails were sent from outlook so ok let's do this.
I go create a dummy account, and send/receive a few emails. All were coming in except one and some had a link appended. The link was randomly generated and was always some kind of referral.
Ok this this let's check the Mail Server.
Let's check the mail header. Nothing.
Face -> wall
Fml I want to cry.
Now I want to search for a pattern and write a script which sends a bunch of mails on my laptop.
Fuck this : no WLAN and no LAN Ports available. Fine let's hotspot the phone and send a few fucking mails.
Guess what? Fucking cockmagic, no funny mails appear!
At that moment I went out and was like chainsmoking 5 cigarettes.
It hit me! A feeling like a unicorn vomiting rainbows all over my face.
I go check their firewall. Shit redirected all email ports from within the network to another server.
Yay nobody got credentials because nobody new it existed. Damn boy.
Hook on to the hostmachine power down the vm, start and hack yourself a root account before shit boots. Luckily I just forgot the credentials to a testvm some time ago so I know that shit. Lesson learned: fucking learn from your mistakes, might be useful sometimes!
Ok fucker what in the world are you doing.
Do some terminal magic and see that it listens on the email ports.
Holy cockriders of the galaxy.
Turns out their former it guy made a script which caught all mails from the server and injected all kind of bullshit and then sent them to real Webserver. And the reason why some mails weren't received was said guy was too dumb to implement Unicode and some mails just broke his script.
That fucker even implented an API to pull all those bullshit refs.
I know your name "Matthias" and I know where you live and what you've done... And to fuck you back for that misery I took your accounts and since you used the same fucking password for everything I took your mail, Facebook and steam account too.
Git gut shithead! You better get a lawyer17
Oh the joy of helping elders with their computers..
Client: My computer is broken.
*Me expecting some kind of hardware issue*
Me: In what way is it broken? Are you able to start the computer?
Client: Yes. I can read Windows and then there's a login. It works fine but then It's broken.
*me standing next to client while client struggles to type password*
*5 minutes and a coffee brake later*
/* the client is finally able to figure out the password.. What a suprise! A note in the drawers containing all passwords.. */
Me: I'm sorry but I can't see any problems so far. You are supposed to be welcomed by your desktop *points at screen*. In what way is it broken?
Client: It's not the same as before. *now the client points at the screen*. Here. There used to be a picture here. It took me to <site>. Now It's not there. Something has changed.
*realizing that the client has lost his shortcut and wants a new one*
Oh the joy of helping elders with their computers.6
Lost the password to the main modem/router of our apartment (live in a normal flat of which the rooms are rented out to three students and me) which is in my room and tried to reset the fucker for a trillion times but couldn't get back in, the password didn't reset.
Took a closer look at the reset button and suddenly noticed some text under it saying "wireless connect". Then I noticed a tiny round "hole" above the reset text.
Fuck my sideways, I've been pressing the "wireless connect" button instead of the actual reset one every goddamn time 😐
I can now port forward again 😊6
Once I applied for a Java position and they sent me a a online test, user and password. When I first tried to log in, it gave me an java exception. I lost hours trying to figure out the exception , thinking it was the test :/5
Had a stack of harddrives with my important data, two USB drives and a 4.7gb disc, two or three cloud storage accounts.
Needed a restore:
Knocked the stack of hard drives onto the floor (all broken), stood on one of the flash drives, found the other one in a pocket of a pair of trousers which just came out of the washing machine, dvd too scratched to read and couldn't verify my cloud storage account because I lost the password to the connected email account and the backup email account to verify that one didn't exist anymore. Fucking hell.
Production database with not that much yet but at least some production data which wasn't backupped.
Friend: can I reboot the db machine?
Friend: what's the luks crypt password?
End of story 😅
For the record, the first one actually happened (I literally cried afterwards) and that taught me to update my recovery email addresses more often!9
The following just happened in the bus:
A woman took a beautiful Enpora flip phone from 2008 out of her pocket. While she did that a small yellow paper fell on the ground. My eyes pointed at the paper and I saw multiple usernames, passwords and codes on it.
I didn't even hesitate and tapped on her shoulder and gave it back.
She was frightened! Couldn't thank me enough and told me how important it was to have that with her. She said she couldn't remember all her passwords and that if she would've lost it, she didn't know how to log in and unlock her phone anymore.
I gladly told her that it wasn't very safe but ofcourse I understoot that it can be hard to remember everything.
Also I almost told her that she could start using a password manager but with a flipphone you can't use that of course ;)9
Me lost in my work, interrupted by two dudes claiming they wanna do a security audit on my pc.
Me: Go ahead!
Them : (accessing the mail site and sees creds auto filling.) what is this? This is a clear violation of security policy
Me : I use password manager called keepass. It's the most secure way to manage your credentials with key and password protection. I go ahead and lock the database and refresh to show there's no auto fill.
Them : (a little startled) still this is against policy, blah blah... You've not got authorization from us to install it...
Me : okay will do.
After some rounds of bullshit,
Them : tries to login using their credentials to report the *findings*. Takes a pause and asks, my password won't get stored right?
Me : This is not a fucking key logger.
Me (internally) : Just the fact that they think you're capable of identifying security issues bums me!7
Me: what do you want?
Q: I Lost my iphone
Me: (already pissed) ok,do you have an icloud account?
Q: Yes, but i forgot the password.
Me: what!?!, ok, fine, we will reset it, which is your ID?
Q: I lost it too.
*stay calm* *stay calm*
Me: I can't help you go to an apple store and ask there. *I Close the call*
*Add that number to blacklist*2
few years back there was a corruption scandal in my country, serbia. one of the ministries paid around 25,000 euros for a website to a company that was founded few weeks before the open call. for comparrison sake average pay at the time was around 300 euros. the website it self didn t have any special features, just publishing contenet. wordpress would do the job. on a press confference, trying to defend the cost, spokesperson of the ministry said that the website was made in "cms programming language".
it community lost it! mems started immediatelly, "i am learning cms language so i could charge 25.000 per project". and then one guy got intrigued, found the login page, and typed:
and got in!!!!
i kid you not!
he posted featured news on the homepage, saying hey guys your credentials probably shouldn t be admin/12345. twitter was on fire, everyone started loging in and posting shit.
and the crasiest part is that this guy was arrested and charged for cyber-crime!4
Attempting to access my colleague's NFS directory on his VM, don't know the VM's IP address, hostname or password:
- 2 minutes with nmap to narrow the possible IPs down to ~30
- Ping each and look for the one with a Dell MAC prefix as the rest of us have been upgraded to Lenovo. Find 2 of these, one for the host and one for the virtual machine.
- Try to SSH to each, the one accepting a connection is the Linux VM
- Attempt login as root with the default password, no dice. Decide it's a lost cause.
- Go to get a cup of tea, walk past his desk.
- PostIt note with his root password 😶
FYI this was all allowed by my manager as he had unpushed critical changes that we needed for the release that day.6
Friend 1:"Hey, you're good at computers right?"
Friend 1:"Can you hack Instagram? I've lost my password."
Me:"Oh My God."
Me looking at a friend's unity C# code
Me:"You know there's an enter key right? Why is your code horizontal not vertical?"
(Means that after a semi-colon he continues his code)
Friend 2:"I like to read my code in horizontal, that feels natural to me"
Me:"What ever, as long as it works. But why do you have so many if function inside another if function?"
Friend 2:"Cuz I want the player to do this while moving"
Thanks to mandatory password change, today:
- My windows account got locked because my phone kept logging into wifi using
- Google Hangouts were silently running in background with old session until I re-opened it. Work of others delayed by 4 hours due to missing message notifications.
- Docker for Windows lost credentials needed to use SMB mounts - 1h of debugging why my containers mount empty folders ( now I will know)
- Google G-Sync for Outlook asked for new password on outlook restart - few mails delayed.
All of that for sake of security that could be easily solved with 2FA instead, not faking that "I do not change number at the end of my password"
Yesterday while we finished having breakfast, the receptionist from the office approached us and said: "Guys, the company mail does not work! We lost the domain! They forgot to pay the bill!" and we all see each other's faces confused.
I don't like to link the work email on my personal phone, so I open the company's page on the phone and for some reason a DNS error appears. oh boy!
We all go crazy ass to the computers to see the mail and we can use it normally, my computer opens the company page normal, we send emails between us and everything works well…
I ask the receptionist if the test emails arrive and she says "No, I cannot even open the mail". (hmmm) I go to see what happens and she says "Look!" I see a label on the login page: "your password was changed 16 hours ago" (facepalm) I ask her if she have changed the password and she say NO. So I ask the support guy if he can reset her password and that's it. Magic, magic!
In the end we remember that not all of us have the same "computer knowledge" and discovered that the company's website only works if you enter “www”, very good custom software company! Very good!3
Not a Story about an actual hack, but a story about people being dumb and using hacks as an excuse.
A few weeks ago my little cousin would reach out to me because "his Account was hacked...". Supposedly his League of Legends account was hacked by a guy of his own age (14) and this guy was boasting about it.
So i asked the usual things: "Has the email account been hijacked? Did anyone know about details to your acvount access? Etc..."
Turns out that one if his "friends" knew his password and username, but suppsedly erased these Informationen. And that was the part i didn't buy.
This was the point where he lost. Just because i am a programmer does not mean i can retrieve an account he lost because of a dumb mistake that could have easily been avoided. And that guy who was boasting about hacking LoL Account was coincidentally freinds with the friend who had the user credentials and password.
Moral of the Story? The biggest security weakness is almost always the user or a human in between...
this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.
2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.
The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:
1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck
3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/
4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"
Let's talk about the cargo cult of N-factor authentication. It's not some magic security dust you can just sprinkle onto your app "for security purposes".
I once had a client who had a client who I did server maintenance for. Every month I was scheduled to go to the site, stick my fingerprint in their scanner, which would then display my recorded face prominently on their screens, have my name and purpose verified by the contact person, and only then would the guards let me in.
HAHA no of course not. On top of all of that, they ask for a company ID and will not let me in without one.
Because after all, I can easily forge my face, fingerprints, on-site client contact, appointment, and approval. But printing out and laminating a company ID is impossible.
With apologies to my "first best friend" in High School, I've forgotten which of the dozens of canonicalisations of which of your nicknames I've put in as my answer to your security question. I've also forgotten if I actually listed you as my first best friend, or my dog - which would actually be more accurate - and actually which dog, as there are times in my High School life that there were more tails than humans in the house.
I have not forgotten these out of spite, but simply because I have also forgotten which of the dozen services of this prominent bullshit computer company I actually signed up for way back in college, which itself has been more than a decade ago. That I actually apparently already signed up for the service before actually eludes me, because in fact, I have no love for their myriad products.
What I have NOT forgotten is my "end of the universe"-grade password, or email, or full legal name and the ability to demonstrate a clear line of continuity of my identity from wherever that was to now.
Because of previous security screwups in the past, this prominent bullshit company has forced its users to activate its second, third, and Nth factors. A possibly decade-old security question; a phone number long lost; whatever - before you can use your account.
Note: not "view sensitive data" about the account, like full name, billing address, and contact info. Not "change settings" of the account, such as changing account info, email, etc. Apparently all those are the lowest tier of security meant to be protected by mere "end of the universe"-grade passwords and a second factor such as email, which itself is likely to be sold by a company that also cargo cults N-factor auth. For REAL hard info, let's ask the guy who we just showed the address to "What street he lived in" and a couple others.
Explaining this to the company's support hotline is an exercise in...
"It's for your security."
"It's not. You're just locking me out of my account. I can show you a government ID corroborating all the other account info."
"But we can't, for security."
"It's not security. Get me your boss."
"It's for security."9
What the fuck is wrong with Google?!!
Trying to log into Gmail.
Gmail: To reset, code from authenticator app is required.
Me: Super. Good thing I set it up.
Gmail: Recovery email.
Me : Uh... Forgot that too.
Gmail: Some email address to communicate.
Enters some other email address.
Receives mail with a link.
Gmail: "When did you create your account?"
Me: Uh... If I had that kind of memory, we wouldn't be dancing right now.
Gmail: Sorry we couldn't verify you.
WHAT THE FUCK, GOOGLE?!
What sort of sadist play is this?!
Dropped them a mail to get access back. Got a link in the auto reply that explains how to repeat the above process. WTF?!
What the actual fuck?!14
So I enventually spent 2 years working for that company with a strong b2b market. Everything from the checkouts in their 6 b2c stores to the softwares used by the 30-people sales team was dependant on the main ERP shit home-built with this monstruosity we call Windev here in France. If you don't know it just google and have some laugh : this is a proprieteray FRENCH language. Not french like made by french people, well that too, but mostly french like the fucking language is un fucking french ! Instructions are on french, everything. Hey that's my natural language okay, but for code, really ?
The php website was using the ERP database too, even all the software/hardware of the massive logistic installation they had (like a tiny Amazon depot), and of course the emails of all employees. Everything was just handled by this unique shitty and so sloooooow fucking app. When there was to many clients on the website or even too many salespeople connected to the ERP at the same time, every-fuckin-piece of the company was slowing down, and even worse facing critical bugs. So they installed a monitor in the corner of a desk constantly showing the live report page of Google analytics and they started panic attacks everytime it was counting more than 30 sessions on the website. That was at the time fun and sad to observe.
The whole shit was created 12 years ago and is since maintened locally by one unique old-fashion-microsoft dev who also have to maintain all the hardware of all the fucking 150+ people business. You know, when the keyboard of anyone is "broken" cause it's unplugged... That's his job too. The poor guy was totally overstressed on a daily basis and his tech knowledge just saddly losts themeselves somewhere in the way. He was my n+1 in a tech team of 3 people : him, a young and inexperimented so-called "php developer" who was in charge of the website (btw full of security holes I discovered and dealed with when I first arrive at the job), and myself.
The database was a hell of 100+ tables of business and marketing data with a ton of specific logic added on-the-go during years. No consistent data model or naming. No utf8. Fucked up relations that ends with queries long enough to fill books. And that's not all, all the customers passwords was just stored there uncrypted. Several very big companies and administrations were some of these clients. I was insisting on the passwords point litterally all the time, that was an easy security fix and a good start... But no, in two years of discussions on the subject I never achieved to have them focusing on other considerations than "our customers like that we can remind them their password by a simple phone call if they lost it". What. The. Fuck. WHATTHEFUCK!
Eventually I ran myself out of this nightmare. I had a few bad jobs already, and worked on shitty software already. But that one really blows my mind (and motivation for a time too). Happy it's over.1
*leaning back in the story chair*
One night, a long time ago, I was playing computer games with my closest friends through the night. We would meet for a whole weekend extended through some holiday to excessively celebrate our collaborative and competitive gaming skills. In other words we would definitely kick our asses all the time. Laughing at each other for every kill we made and game we won. Crying for every kill received and game lost. A great fun that was.
Sleep level through the first 48 hours was around 0 hours. After some fresh air I thought it would be a very good idea to sit down, taking the time to eventually change all my accounts passwords including the password safe master password. Of course I also had to generate a new key file. You can't be too serious about security these days.
One additional 48 hours, including 13 hours of sleep, some good rounds Call of Duty, Counter Strike and Crashday plus an insane Star Wars Marathon in between later...
I woke up. A tiereing but fun weekend was over again. After I got the usual cereals for breakfast I set down to work on one of my theory magic decks. I opened the browser, navigated to the Web page and opened my password manager. I type in the password as usual.
Error: incorrect password.
I retry about 20 times. Each time getting more and more terrified.
WTF? Did I change my password or what?...
Ffuck fuck fuck FUCKK.
I've reset and now forgotten my master password. I completely lost memory of that moment. I'm screwed.
Disclaimer: sure it's in my brain, but it's still data right?
I remembered the situation but until today I can't remember which password I set.
Fun fact. I also could not remember the contents of episode 6 by the time we started the movie although I'd seen the movie about 10 - 15 times up to that point. Just brain afk.
Great news, I just lost my email account's password. The password is in password manager but apparently, when I was changing it, I did something wrong. Now, neither the old one, nor the new one work and I can't login into my email. I didn't even change the password reset phone number to my new one! And I also forgot the recovery mailbox' password. Fucking great.
Here's the lesson: **ALWAYS** re-check your new password in your browser's private window.1
Intel, wtf kind of drugs is your stupid site on?
Trying to make an account, the password requirement says "at least one special character".
Ok, no problem.
"Password format is invalid"
Wut? Hmm, maybe it doesn't like that one. Let's try one from their suggested ones.
"Password format is invalid"
WTF? The fuck is your problem?!
*reloads the page, tries again*
"Password format is invalid"
ARE YOU FUCKING RETARDED?
*adds the special at the end of the password instead of the beginning*
And then we wonder why bugs like Meltdown and Spectre come up. These guys can't even do fucking password validation properly.
And I've just lost 30 minutes because of this shit.
Experiences of owning a private server with JFK!
Dropping a prod db: 1
Misplacing passwords: 3
Config errors: Over 9'000
fail2ban banned me: 2
Not reading the docs first since: Forever
Setting up a sever again because I fucked up: 4
Formating the wrong USB stick, which had needed data: 1
Resetting lost DB root password: 2
Server crashes due to insufficient psu: 3
Not knowing the firewall is enabled again, so near to nothing works: 23
>Client: Hey, I lost my Facebook password but it's saved on my old laptop
>Me: ...alright, i'll look
>Laptop: won't boot - "No bootable devices found!"
>opens 'er up to pull drive
this is really heavy for an SSD, Corsair, and especially for only 64GB
>plugs into other PC
>sees jumper pins
>BAREFOOT-ROM RECOVERYMODE SSD DEVICE - 128GB
that's twice the size of the disk, wtf?
but ok, i'll take it, any data?
>Win10: *crashes because driver chokes*
>Win7: *crashes because driver chokes*
>WinXP: *doesn't see it, TestDisk doesn't run because Kernel32.DLL issue*
>Linux: *Issues the instant SSD plugged in, they stop instant removed*
A conversation that i had with my co-worker today. I was having trouble getting into UAT to troubleshoot.
i lost access to UAT again
F. So secure we can't even get in
I'll email whoever we did last
i can get through the first phase(where you enter pin+rsa)
it denies me access after that
says bad username or password
Oh ok. Prolly just need to reset your pwd then. I'll find the email for helpdesk and fwd.
At least ur RSA works.
yeah what a joy
If it's locked you may need to try from a Windows box. Horizon is bugged on Mac where the submit button stays disabled even when you type a pwd.
i couldnt contain my happiness that my RSA worked
Yeah it's exhilarating
Whenever I pick up my rsa token my life re-finds it's purpose and I feel like I'm meddling through a field of sunflowers.
I once tried to get my RSA token tattooed but it switched too quick.
lol its faster that Usain Bolt
Russia got kicked out because of their RSA tokens
TLDR: I wanted to change email to new one, but I could not remember which one I have
currently. I found out an API in DevRant JS files for email verification and used
it to find it out.
So, I am moving from Gmail to Protonmail Pro, absolutely love their service.
I wanted to do same on Devrant but I could not figure out my current mail for
"I lost my password" form. My Password Manager have only login saved, and profile does
not show email address.
I thought that this user information is stored on server so it have to be some way to retrieve it. I dug
in source code and I've found:
`<div class="signup-title">Verify Your Email</div>`
Which has event assigned to function which uses jQuery.ajax (love it btw :D) to call:
This seems like worth a shot. Few copy-pastes and one ajax call later:
"Welcome to Devrant"
Got it :) So I have already changed in march when DevRant on previous layout.
This is what I love in this profession - problem solving. AI will not replace human
in any way, we will just stop coding array iterations and data manipulation - we will focus
on real problem solving and human touch (like design, convincing management for changes).1
I have a few projects on the go at work at the moment which could be successful, but only time will tell:
1. We have a requirement to monitor or SQL servers for any long running queries (anything that runs longer than 3 minutes). Company didn’t want to pay for enterprise grade solution so as the only SQL Developer I created a small system that involves a database, 2 tables a stored procedure and scheduled job. It goes off every 10 minutes queries some system tables etc and write the results to the tables. Still waiting for it to be deployed to one of the test servers. I have plans for a web front end in the future.
2. My company currently use source safe for version control. They’ve lost the admin password so only 1 person can log in. I’m running he project to plan the migration to GitLab. It’s getting close to completion and soon someone is going to be tasked with creating 100s or projects etc.
3. We use an ERP system which is huge with thousands of tables, but no FKs or anything like that. The current data dictionary is a spreadsheet, as a side project I’m creating a web app so that this information is easily available and searchable.
All 3 projects have the potential to be successful, for my team at least, but stuck waiting for other people to do their stuff first.
One Windows is being a bitch a won't boot. I forgot the login password of another one of my windows laptop. Internet at home is not working at all.
Also to top it off, i think i lost the pendrive with my cryptos
Not the best day of my life.1
Dashlane password manager is my workflow nemesis. I have dozens of sites to manage and my only way into them is through this buggy and unreliable crap software. So much time is lost having to delete an entry that inexplicably stopped working, then waiting for someone with share permissions to reshare it, only to find that it still isn’t working, another reshare and then it suddenly does work. But then the Chrome extension won’t sync unless I log out and log back in. And then I have multiple entries for the same site with no clear indicator of why nor which one is the real one that actually works.
Can’t get rid of it because the company has standardized on it. Not my decision to make.5
Lost my password to my hostmaze login because LastPass didn't save it properly. Now I can't reset it because their mailing server is not working (found out after emails failed to send to their support email with an error on their end). Their chat is also non-responsive.... What do I do now...
Thank God for Authy app!
Lost phone and was able to get all my 2FA accounts linked up in seconds.
That would have been a logistical nightmare given that all my account are 2fa.
I can see it now
Enter username: xyz
Enter password: abc
Enter 2fa code: dangit
Lost or recover account
Enter phone number: dangit