Archive | Password Cracking

Advertisements


28 July 2015 | 3,023 views

Mimikatz – Gather Windows Credentials

Mimikatz is a tool to gather Windows credentials, basically a swiss-army knife of Windows credential gathering that bundles together many of the most useful tasks that you would perform on a Windows machine you have SYSTEM privileges on. It supports both Windows 32-bit and 64-bit and allows you to gather various credential types. Techniques such […]

Continue Reading


11 July 2015 | 3,256 views

Passgen – Random Character Generator For WPA/WPA2 Key Cracking

Passgen is an simple Python alternative for the random character generator Crunch which attempts to solve cracking WPA/WPA2 keys by randomizing the output as opposed to generating a list like so (aaaaaaaa, aaaaaaab, aaaaaac, etc). Example usage with aircrack-ng:

Some other options are: The Associative Word List Generator (AWLG) – Wordlists for Password Cracking […]

Continue Reading


18 June 2015 | 3,581 views

Apple’s Password Storing Keychain Cracked on iOS & OS X

And another password shocker, a few days after ‘cloud’ password service LastPass was pretty seriously hacked (yah if you’re using it, change your master password) critical 0-day flaws in Apple’s password storing keychain have been exposed. Which is kinda funny, as after the LastPass hack I saw some people espousing the usage of Apple’s keychain […]

Continue Reading


09 June 2015 | 2,530 views

Patator – Multi-threaded Service & URL Brute Forcing Tool

Patator is an extremely flexible, module, multi-threaded, multi-purpose service & URL brute forcing tool written in Python that can be used in many ways. Basically the author got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: They either do not work or are not reliable (got me […]

Continue Reading


28 April 2015 | 3,029 views

CeWL v5.1 – Password Cracking Custom Word List Generator

CeWL is a Custom Word List generator which spiders a given site to create a word list of all words it finds on that site. It can also grab email addresses and usernames found in the HTML and in some document types including Office and PDF. Useful for targeted penetration testing which involves brute force […]

Continue Reading


09 March 2015 | 1,533 views

MessenPass – Recover MSN, Yahoo Messenger, ICQ, Trillian Passwords

MessenPass is a password recovery tool that reveals the passwords of the many popular Instant Messaging applications. MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs. You cannot use […]

Continue Reading


17 February 2015 | 6,162 views

Windows Credentials Editor (WCE) – List, Add & Change Logon Sessions

Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.), obtain Kerberos […]

Continue Reading


30 December 2014 | 7,813 views

SniffPass – Simple Password Sniffer

SniffPass is small password monitoring software (basically a password sniffer) that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. SniffPass can capture the passwords of the following Protocols: POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords). You can use this utility to […]

Continue Reading


23 October 2014 | 3,249 views

Pipal – Password Analyzer Tool

Pipal is a password analyzer tool that can rapidly parse large lists of password and output stats on the contents. Pipal will provide you with stats on things like the most frequently used password, password lengths, dates (months/days/years) or numbers used, the most common base words and much more. It also makes recommendations based on […]

Continue Reading


13 September 2014 | 2,957 views

Google DID NOT Leak 5 Million E-mail Account Passwords

So a big panic hit the Internet a couple of days ago when it was alleged that Google had leaked 5 Million e-mail account passwords – and these had been posted on a Russian Bitcoin forum. I was a little sceptical, as Google tends to be pretty secure on that front and they had made […]

Continue Reading


Advertisements