[ad] The concept of passing the hash on Windows came about a while ago, now there’s a tool for it in it’s second revision (which fixed some problems with foreign language Windows versions and Windows 2003). The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. […]
Password Cracking Tools
Password cracking and the associated password cracker tools are often the area of information security and hacking that people get most excited about, oh wow I can hack email passwords? We get emails pretty much every day asking how to crack someone's Facebook password, or retrieve website credentials etc.
What is Password Cracking?
As commonly defined:
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to try guesses repeatedly for the password and check them against an available cryptographic hash of the password.
The purpose of password cracking might be to help a user recover a forgotten password (installing an entirely new password is less of a security risk, but it involves System Administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted.
From Wikipedia.
The Best Password Cracker Software
We have covered many of the most famous, some great examples are:
- Brutus Password Cracker – Download brutus-aet2.zip AET2
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool
- Download pwdump 1.4.2 and fgdump 1.3.4 – Windows Password Dumping
- Cain & Abel – Download the Super Fast and Flexible Password Cracker with Network Sniffing
- JTR (Password Cracking) – John the Ripper 1.7 Released – FINALLY
- Ophcrack 2.2 Password Cracker Released
- hashcat – Multi-Threaded Password Hash Cracking Tool
- Medusa 2.0 Released – Parallel Network Login Brute Forcing Tool
And we have also published some related resources such as:
- Password Cracking Wordlists and Tools for Brute Forcing
- Password Cracking with Rainbowcrack and Rainbow Tables
Download pwdump6 and fgdump version 1.6.0 available now.
New versions of the excellent pwdump6 and fgdump have been released (1.6.0 for both!). For those that don’t know what pwdump or gfdump are.. pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on […]
Russian Elcomsoft Finds Backdoor in Quicken Passwords
[ad] Elcomsoft is quite a well known firm when it comes to password ‘recovery’, I have used their products in the past when I was in a fix and I needed a password that had been, you know…lost. They rose to fame in 2001 after cracking Adobe’s eBook format. Recently they announced a fairly serious […]
Inguma – Penetration Testing Toolkit
[ad] Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits for many products. Inguma the word is the name of a Basque’s mythological spirit who kills people while sleeping and, also, the […]
piggy – Download MS-SQL Password Brute Forcing Tool
[ad] Piggy is yet another tool for performing online password guessing against Microsoft SQL servers. It supports scanning multiple servers using a dictionary file or a file with predefined accounts (username and password combinations). It’s a pretty simple tool and has a Win32 binary verson – it is a command line tool however.
1 2 3 4 5 6 7 8 9 10 11 12 13 |
Piggy v1.0.1 by patrik@cqure.net -------------------------------- usage: piggy [options] options: -u [username] - Single username -p [password] - Single password -s [server] - Single server -S [srvfile] - File containing ip/hostnames -D [dicfile] - File containing passwords -A [accounts] - File containing username;password combinations -N - Do not check availability before scan -v verbose - Verbose logging |
You […]