• They either do not work or are not reliable (false negatives several times in the past)
• They are slow (not multi-threaded or not testing multiple passwords within the same TCP connection)
• They lack very useful features that are easy to code in python (eg. interactive runtime)

Basically you should give Patator a try once you get disappointed by Medusa, Hydra or other brute-force tools and are about to code your own small script because Patator will allow you to:

• Not write the same code over and over
• Run multi-threaded
• Benefit for useful features such as the interactive runtime commands, response logging, etc.

Currently it supports the following modules:

• ftp_login : Brute-force FTP
• ssh_login : Brute-force SSH
• telnet_login : Brute-force Telnet
• smtp_login : Brute-force SMTP
• smtp_vrfy : Enumerate valid users using the SMTP VRFY command
• smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
• http_fuzz : Brute-force HTTP/HTTPS
• pop_passd : Brute-force poppassd (not POP3)
• ldap_login : Brute-force LDAP
• smb_login : Brute-force SMB
• mssql_login : Brute-force MSSQL
• oracle_login : Brute-force Oracle
• mysql_login : Brute-force MySQL
• pgsql_login : Brute-force PostgreSQL
• vnc_login : Brute-force VNC
• dns_forward : Forward lookup subdomains
• dns_reverse : Reverse lookup subnets
• snmp_login : Brute-force SNMPv1/2 and SNMPv3
• unzip_pass : Brute-force the password of encrypted ZIP files
• keystore_pass : Brute-force the password of Java keystore files

The name “Patator” comes from this tv interview clip – patator

Patator is NOT script-kiddie friendly, please read the README inside patator.py before reporting/complaining/asking me how to use this tool..

You can download Patator v0.3 here:

patator_v0.3.py

Or read more here.

If you have ever lost or forgotten your Mysql database password then MysqlPasswordAuditor can help in recovering it easily. It can also help you to audit Mysql database server setup in an corporate environment by discovering the weak password configurations. This makes it one of the must have tool for IT administrators & Penetration Testers.

MysqlPasswordAuditor is very easy to use with the simple dictionary based password recovery method. By default it includes small password list file, however you can find more password dictionary files at OpenWall collection. You can also use tools like Crunch, Cupp to generate custom password list files on your own and then use it with MysqlPasswordAuditor.

MysqlPasswordAuditor works on wide range of platforms starting from Windows XP to latest operating system Windows 7.

Features

• Free and Simple software to Recover/Audit Mysql Password.
• Very useful for IT administrators & Penetration Testers
• Dictionary based Password Recovery method
• Detailed statistics such as tested passwords, elapsed time, progress bar is displayed during Audit operation.
• Simple, easy to use GUI interface
• Integrated Installer for local Installation & Uninstallation.

You can download MysqlPasswordAuditor here:

MysqlPasswordAuditor.zip

Or read more here.

Well here is a nifty web-based interface for it. Rainbow Tables are really useful when cracking password hashes, but one major disadvantage of these tables is their size which can be hundreds of gigs for complex tables. The author thought it would be extremely useful to have a personal web interface for your rainbow tables which you can access from anywhere on the web anywhere without having to carry the large tables with you everywhere you go. And well here we are, Wophcrack (Web)Ophcrack.

When cracking LM or NTLM hashes Ophcrack is a great tool as we discussed recently, it provides both a GUI and CLI options along with some free and paid tables. The author basically wrote a quick and dirty PHP based web frontend for Ophcrack.

Wophcrack was designed to work on Backtrack 4 R2, Although it can be install on any Linux distribution with some small adjustments, Wophcrack can also easily edited to support Rainbow Crack.

You can download Wophcrack here:

wophcrack.zip

Or read more here.

We mentioned it in our RainbowCrack and Rainbow Tables article, definitely one of the best free options for Rainbow Cracking.

Features

• Runs on Windows, Linux/Unix, Mac OS X
• Cracks LM and NTLM hashes.
• Free tables available for Windows XP and Vista.
• Brute-force module for simple passwords.
• Audit mode and CSV export.
• Real-time graphs to analyze the passwords.
• LiveCD available to simplify the cracking.
• Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.
• Free and open source software (GPL).

You can find the various tables they offer here (mostly free with some paid):

Ophcrack Rainbow Tables

And of course our own collection of Free Rainbow Tables and other software here.

You can download Ophcrack 3.3.1 here:

Windows – ophcrack-win32-installer-3.3.1.exe
Source – ophcrack-3.3.1.tar.bz2

Or download the LiveCD here:

To crack XP hashes – ophcrack-xp-livecd-2.3.1.iso
To crack Vista hashes – ophcrack-vista-livecd-2.3.1.iso

Or read more here.

Features

• Basic Authorization & FORM support in both standard and HTTPS (SSL) mode
• HTTP/SOCKS 4 and 5 proxy support
• FORM auto-detection & Manual FORM input configuration.
• It is multi-threaded
• Wordlist shuffling via macros
• Auto-removal of dead or unreliable proxy and when site protection mechanism blocks the proxy
• Integrated proxy randomization to defeat certain protection mechanisms
• With Success and Failure Keys results are 99% accurate
• Advanced coding and timeout settings makes it outperform any other brute forcer

The full changelog including the latest version is here.

You can download NiX Brute Force here:

NIX_BruteForce.bz2

Or read more here.

TwitterPasswordDecryptor presents both GUI interface as well as command line version, the later is more helpful for Penetration testers in their work. Apart from normal users who can use it to recover their lost password, it can come in handy for Forensic officials who can get hold of any stored Twitter account passwords and then use that Twitter profile information to further extend their investigation.

TwitterPasswordDecryptor is fully Portable tool which can be directly run anywhere without installing locally. It also comes with Installer for those who wants to install it locally and use it on regular basis. It works on wide range of platforms starting from Windows XP to latest operating system Windows 7.

Features

Currently supports recovering of the stored Twitter account password from following popular Internet browsers:

• Internet Explorer (all versions from 4 to 8)
• Firefox
• Google Chrome
• Opera Browser

You can download TwitterPasswordDecryptor here:

TwitterPasswordDecryptor.zip

Or read more here.

Add that with a story way back from 2007 – Graphics Cards – The Next Big Thing for Password Cracking? – and you’ve got yourself an interesting combo with the new offering from Amazon, distributed GPU-based resources.

Put those two stories together in true hacker style and you end up with a guy who used GPU instances on the Amazon EC2 platform to crack SHA-1 password hashes.

A German security enthusiast has used rented computing resources to crack a secure hashing algorithm (SHA-1) password.

Thomas Roth used a GPU-based rentable computer resource to run a brute force attack to crack SHA1 hashes. Encryption experts warned for at least five years SHA-1 could no longer be considered secure so what’s noteworthy about Roth’s project is not what he did or the approach he used, which was essentially based on trying every possible combination until he found a hit, but the technology he used.

What used to be the stuff of distributed computing projects with worldwide participants that took many months to bear fruit can now be done by a lone individuals in minutes and using rentable resources that cost the same price as a morning coffee to carry out the trick. Roth’s proof-of-concept exercise cost just $2. This was the amount needed to hire a bank of powerful graphics processing units to carry out the required number-crunching using the Cuda-Multiforcer.

SHA-1 was of course cracked way back in 2005, and widely reported on in 2007 – and whilst being phased out it is still used in many applications.

But then this attack isn’t really using any flaws in the algorithm – it’s just straight up hash cracking it.

The tool he used was CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer.

SHA-1, although it is in the process of being phased out, still forms a component of various widely-used security applications, including Secure Sockets Layer, Transport Layer Security and S/MIME protocols. Roth claims to have cracked all the hashes from a 160-bit SHA-1 hash with a password of between 1 and 6 characters in around 49 minutes. The process would create a rainbow table, allowing short and therefore automatically insecure passwords to be matched to their hash. It wouldn’t work for longer length passwords. Even so, the bigger point that rentable computing resources might be used for password hacking still stands.

Security watchers warn that the development opens up the possibility of cybercrooks using pay-as-you-go cloud computing-based parallel processing environment for their own nefarious purposes.

Chris Burchett, CTO and co-founder of the data security firm Credant, said: “It’s easy to start up a 100-node cracking cluster with just a few clicks, but if you extend the parallel processing environment by just a few factors, it becomes possible to crack passwords of most types in a relatively short timeframe.”

Cybercriminals might use stolen payment card credentials to fund their cloud cracking escapades “which means they will not be bothered about the cost involved,” he added.

Around 12 months ago, another white-hat hacker, Moxie Marlinspike, created an online Wi-Fi password-cracking service called WPAcracker.com. The $17-a-time service is able to crack a Wi-Fi password in around 20 minutes, compared to the 120 hours a dual-core PC might take to carry out the same job.

Although there’s nothing really new here, it’s still an interesting implementation of some already known techniques. As cloud/distributed computing becomes even cheaper, I’d guess we’ll be seeing more similar attacks in the future.

The original post (which precise details on how to set everything up) can be found on the blog of Thomas Roth here:

Cracking Passwords In The Cloud: Amazon’s New EC2 GPU Instances

Source: The Register

Platforms

The Cryptohaze Multiforcer supports Windows, Linux, and Mac OS X. An nVidia GPU with CUDA support (8000 series, 9000 series, GTX200 series, GTX400 series) is required for this to function. Additionally, a reasonably modern driver with CUDA support will be required. However, to see good rates, a fairly powerful GPU is required. GTX200 series cards are the lowest recommended cards.

Usage

The Multiforcer takes two files as inputs: the hash file, and the character set file. The hash file is very simple: One hash per line as follows:

Hash input file

C55DC1C662628C7B3B85635A4E96262A
5F4DCC3B5AA765D61D8327DEB882CF99
0040F2ABC2CFF0C8F59883B99AE9FAB6
D41D8CD98F00B204E9800998ECF8427E

The character set file is slightly more complex. For a single character set (the same character set applied to all positions), the character set file is very simple: Just the character set in a file, followed by a newline:

Single charset file (-c parameter)

abcdefghijklmnopqrstuvwzyx0123456789

You can download CUDA-Multiforcer here:

MacOS (Intel Only) – CUDA-Multiforcer-Mac-0.72.tar.bz2
Windows (64-Bit Only) – CUDA-Multiforcer-Windows-0.72.zip
Linux – (32 & 64-Bit) – CUDA-Multiforcer-Linux-0.72.tar.bz2

Or read more here.

Some other options are:

• The Associative Word List Generator (AWLG) – Wordlists for Password Cracking
• CeWL – Custom Word List Generator Tool for Password Cracking
• RSMangler – Keyword Based Wordlist Generator For Bruteforcing
• CUPP – Common User Passwords Profiler – Automated Password Profiling Tool

Of course John the Ripper (JTR) has some built in options for creating permutations from Wordlists.

Features

• Crunch generates wordlists in both combination and permutation ways
• It can breakup output by number of lines or file size
• Now has resume support
• Pattern now supports number and symbols
• Pattern now supports upper and lower case characters separately
• Adds a status report when generating multiple files

You can download Crunch here:

crunch2.6.tgz

Or read more here.

Supported Platforms

Supports Windows XP, 2003, Vista, 7 and 2008 (Vista was not actually tested yet, but it should work).

Options

Windows Credentials Editor provides the following options:

        -l         List logon sessions and NTLM credentials (default).
        -s         Changes NTLM credentials of current logon session.
                   Parameters: :::.
        -r         Lists logon sessions and NTLM credentials indefinitely.
                   Refreshes every 5 seconds if new sessions are found.
                   Optional: -r.
        -c         Run  in a new session with the specified NTLM credentials.
                   Parameters: .
        -e         Lists logon sessions NTLM credentials indefinitely.
                   Refreshes every time a logon event occurs.
        -o         saves all output to a file.
                   Parameters: .
        -i         Specify LUID instead of use current logon session.
                   Parameters: .
        -d         Delete NTLM credentials from logon session.
                   Parameters: .
        -v         verbose output.

You can download Windows Credentials Editor v1.0 here:

wce_v1.0.tgz