Offline crackers
- Cain and Abel – http://www.oxid.it/cain.html
- John the Ripper – http://www.openwall.com/john/
- More details here: https://eikonal.wordpress.com/2010/05/25/john-the-ripper/
- Pwdump – Windows LM and NTLM password hashes dumper – http://en.wikipedia.org/wiki/Pwdump. Has numerous implementations:
- http://samba.org/samba/ftp/pwdump/
- http://www.securiteam.com/tools/5ZQ0G000FU.html
- pwdump6 – http://www.foofus.net/~fizzgig/pwdump/
- fgdump – http://www.foofus.net/~fizzgig/fgdump/
- pwdump7 – http://www.tarasco.org/security/pwdump_7/index.html
- pwdump3 – http://openwall.com/passwords/microsoft-windows-nt-2000-xp-2003-vista-7#pwdump
- pwdump3 > hashes.txt
- then use johnTheRipper
- OphCrack – http://ophcrack.sourceforge.net/
- Description: http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
- RainbowCrack – http://project-rainbowcrack.com/
- Pre-computed tables can be bought here – http://project-rainbowcrack.com/buy.php
- L0phtcrack – http://www.l0phtcrack.com/
- THC Hydra – http://freeworld.thc.org/thc-hydra/
- FSCrack – http://www.foundstone.com/us/resources/termsofuse.asp?file=fscrack.zip
- Brutus – http://www.hoobie.net/brutus/
- Aircrack –
- Airsnort –
- SolarWinds –
- chknull – http://phreak.org/archives/expoits/novell – checks novell accounts with no passwords — GONE
- Pandora – http://nmrc.org/project/pandora/ – a set of tools for hacking, intruding, and testing the security and insecurity of Novell Netware
- Ravan – JavaScript distributed computing system – http://www.andlabs.org/tools/ravan.html
- White Chapel – password cracking front end – https://github.com/mubix/WhiteChapel
Online tools
- Cisco Password Cracker (2007.06) – http://www.ifm.net.nz/cookbooks/passwordcracker.html
- Microsoft’s online password strength checker – https://www.microsoft.com/protect/fraud/passwords/checker.aspx?WT.mc_id=Site_Link
- Javascript Password Strength Meter – http://www.geekwisdom.com/dyn/passwdmeter. Local copy of code: https://eikonal.wordpress.com/2010/07/14/javascript-password-strength-meter/.
- WPACracker – http://www.wpacracker.com/ [ONLINE CRACKER]
Articles
- “Everyday Password Cracking” by Thorsten Fisher – http://www.irmplc.com/downloads/whitepapers/Everyday_Password_Cracking.pdf
- Password Recovery Speeds – http://www.lockdown.co.uk/?pg=combi&s=articles
- Rainbow Hash Cracking – http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html
- What is Rainbow Crack and How to do it: The Time-Memory Tradeoff Hash Cracker : How to Crack Windows passwords – http://learnethicalhacking.wordpress.com/2010/02/04/learn-how-to-hack-facebook-passwords-and-accounts-using-phishing-attack-facebook-fake-page/
- Cracking Windows Password Hashes – http://thehackingoftech.wordpress.com/2010/01/24/cracking-windows-password-hashes/
- How to recover Windows XP passwords with PwDump and MdCrack – http://winguard.blogspot.com/2009/05/how-to-recover-windows-xp-passwords.html
Generating password hashes
- Generating unix-style MD5 password hashes:
- openssl passwd -1 -salt QIGCa pippo
- produces: $1$QIGCa$/ruJs8AvmrknzKTzM2TYE.
- Generating password hash for native system crypt() function:
- perl -e ‘print crypt(“pippo”, “\$1\$QIGCa”),”\n”‘
- produces: $1Su6NR9CFU/6
VARIOUS
- Cracking Kerberos passwords
- The only tool I know residing on this niche is ntsecurity’s KerbCrack/KerbSniff (http://ntsecurity.nu/toolbox/kerbcrack/).
- Usage: kerbcrack.exe kerbcap.snf -b1 9
Related here: Default passwords, wordlist and Rainbow tables – https://eikonal.wordpress.com/2010/03/29/default-passwords/ | John The Ripper – https://eikonal.wordpress.com/2010/05/25/john-the-ripper/