Password Cracking

Password recovery. Just see the crackers or I’m sure whatever is useful here appears there as well.

  • Hashcat is a freely available password cracker. It is clearly a dual-purpose weapon: it can be used by security auditors to stress-test company passwords, and it can be used by criminals to crack lists of stolen passwords of up to 55 characters.
  • Bruter is a parallel login brute-forcer for the Win32 platform. Bruter demonstrates the importance of choosing strong passwords. Bruter supports a variety of services that allow remote authentication: FTP, HTTP (Basic), HTTP (Form), IMAP, MSSQL, MySQL, POP3, SMB-NT, SMTP, SNMP, SSH2, Telnet. Requires OpenSSL and Libssh2.
  • unixcrypt-breaker Break unix “crypt” encryption
  • Ncrack test devices for poor passwords
  • Kon-Boot Windows and Linux access without password
  • Ophcrack Windows password recovery. Runs on Windows, Linux/UNIX, and Mac. Cracks LM and NTLM hashes; uses free rainbow tables for XP, Vista, and 7; includes a brute-force module for simple passwords; offers an audit mode and a CSV export; presents real-time graphs; has a LiveCD for easier (and more efficient) recovery; and dumps and loads hashes from encrypted SAM.
  • LCP Windows NT/2000/XP/2003 password recovery
  • Windows Key to reset the Windows password
  • Windows Password Unlocker
  • A pwdump utility and Hash Suite can interpret Windows password hashes.
  • SXPasswordSuite collection of tools for password recovery
  • WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the ‘Wireless Zero Configuration’ service of Windows XP and by the ‘WLAN AutoConfig’ service of Windows Vista.
  • chntpw (found on many Live CD distributions) can change a Windows password
  • L0phtCrack is a password audit and recovery tool for Windows and UNIX passwords. It has powerful features such as scheduling, hash extraction multiprocessor algorithms, and networks monitoring and decoding.
  • John the Ripper  is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of “native” packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance
  • LCP for user account passwords auditing and recovery in Windows NT/2000/XP/2003
  • SID&User for getting SID and user names for Windows NT/2000/XP/2003
  • RainbowCrack hash cracker is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique.
  • mimikatz to recover cleartext passwords of logged-on Windows users. See Grabbing Passwords from Memory using Procdump and Mimikatz

Application Password Cracking

  • Elcomsoft password recovery products
  • Passware password recovery products
  • Passware Kit Enterprise for application password recovery
  • Nirsoft password recovery tools (NirLauncher is a package of more than 100 portable freeware utilities for Windows, all of them developed for NirSoft Web site during the last few years.)
  • Intelore password recovery tools
  • SpotAuditor password recovery
  • VNCrack crack VNC
  • PHoss is a sniffer designed to find HTTP, FTP, LDAP, Telnet, IMAP4 and POP3 logins/passwords on your network. It also sniffs the VNC challenge/response handshake.
  • chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes.
    1. Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance).
    2. Use chapcrack to parse relevant credentials from the handshake (chapcrack parse -i path/to/capture.cap).
    3. Submit the CloudCracker token to
    4. Get your results, and decrypt the packet capture (chapcrack decrypt -i path/to/capture.cap -o output.cap -n).

Dictionaries, Word Lists


Why passwords have never been weaker—and crackers have never been stronger

Comments are closed.