Archive | Password Cracking


02 November 2007 | 11,753 views

Pass-The-Hash Toolkit v1.1 Available for Download

The concept of passing the hash on Windows came about a while ago, now there’s a tool for it in it’s second revision (which fixed some problems with foreign language Windows versions and Windows 2003). The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These […]

Continue Reading


31 August 2007 | 46,344 views

Download pwdump6 and fgdump version 1.6.0 available now.

New versions of the excellent pwdump6 and fgdump have been released (1.6.0 for both!). For those that don’t know what pwdump or gfdump are.. pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on […]

Continue Reading


14 August 2007 | 6,449 views

Russian Elcomsoft Finds Backdoor in Quicken Passwords

Elcomsoft is quite a well known firm when it comes to password ‘recovery’, I have used their products in the past when I was in a fix and I needed a password that had been, you know…lost. They rose to fame in 2001 after cracking Adobe’s eBook format. Recently they announced a fairly serious backdoor […]

Continue Reading


06 August 2007 | 19,193 views

Inguma – Penetration Testing Toolkit

Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits for many products. Inguma the word is the name of a Basque’s mythological spirit who kills people while sleeping and, also, the one […]

Continue Reading


23 July 2007 | 19,945 views

piggy – Download MS-SQL Password Brute Forcing Tool

Piggy is yet another tool for performing online password guessing against Microsoft SQL servers. It supports scanning multiple servers using a dictionary file or a file with predefined accounts (username and password combinations). It’s a pretty simple tool and has a Win32 binary verson – it is a command line tool however.

You can […]

Continue Reading


21 June 2007 | 9,564 views

AOL Has An Odd Password System

An interesting snippet from last month, AOL seems to have a strangely configued password system. Users can enter up to 16 characters as a password, but the system only reads the first 8 and discards the rest. They are basically truncating the password at 8 characters. A reader wrote in Friday with an interesting observation: […]

Continue Reading


18 May 2007 | 17,223 views

pwdump6 1.5.0 as well as fgdump 1.5.0 Released for Download

A while ago some updates of pwdump and fgdump were released, namely pwdump6 1.5.0 as well as fgdump 1.5.0. Version 1.5.0 of both programs takes advantage of some changes which makes them less likely to be detected by antivirus, at least as of today. This will be particularly helpful to those of you dealing with […]

Continue Reading


23 March 2007 | 14,761 views

ObiWaN – Web Server Brute Forcing from Phenoelit

This Phenoelit tool called ObiWaN is written to carry out brute force security testing on Webservers. The idea behind this is webservers with simple challenge-response authentication mechanism mostly have no switches to set up intruder lockout or delay timings for wrong passwords. In fact this is the point to start from. Every user with a […]

Continue Reading


13 March 2007 | 8,738 views

PwdHash from Stanford – Generate Passwords by Hashing the URL

The Common Password Problem. Users tend to use a single password at many different web sites. By now there are several reported cases where attackers breaks into a low security site to retrieve thousands of username/password pairs and directly try them one by one at a high security e-commerce site such as eBay. As expected, […]

Continue Reading


14 February 2007 | 315,460 views

THC-Hydra – The Fast and Flexible Network Login Hacking Tool

THC-Hydra rocks, it’s pretty much the most up to date and currently developed password brute forcing tool around at the moment. It supports a LOT of services and protocols too. Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallelized login cracker which supports numerous protocols […]

Continue Reading