Generators of usernames and passwords. Best password cracking software Online password cracking

Computer literacy

It is not uncommon for you to come up with a rather complex and unique password using different case, numbers and letters, but it takes a lot of time to create such complex passwords, especially if you need to create a large number of them.

Typically, such situations are faced by all sorts of administrators who need to create and monitor a user base or those who are engaged in security on the Internet and not only, it can still take a long time to list the scope of such complex passwords.

To simplify and speed up this process of coming up with passwords and logins, you can use online services or programs that can be installed and run on a local computer. It is these services that will be discussed in our article.

The list of programs will include the most popular and functional services for creating complex and simple passwords with logins. These services will be presented in two forms, for online use and as a program on a computer.

The article will present the most functional and easy-to-use password and login generators, which are completely free.

Online password generators

Password generators for installation on a computer

Login generator

LastPass….

An online service that allows you to generate a password of any length with a choice of using the case of letters and the presence of symbols. The password is generated directly on your computer using Javascript. All passwords created using this service are not transferred anywhere and are displayed only on your computer.

This service is available not only online, it can also be downloaded and installed on a computer in order to use it locally without the need for an Internet connection.

Password creation options:

  • Password length in characters
  • Create a password in the form of a word, for simplified pronunciation in voice.
  • Number of digital characters in the password
  • Selecting the type of characters to use (case letters, numbers and special characters)

Conclusion

This article presented the most functional and easy-to-use password and login generators. You can familiarize yourself with the general information for each generator and decide on the functionality you need.

Brute force - brute force, brute force hacking
In the article "" it was said that it is impossible to hack VK with a brute force (program).
This is not entirely true, there are still loopholes ...
Below is a working script, but first ...

At the bottom of the article - a free program for generating a brute dictionary and a listing of "top Lokhov passwords"

I make a reservation in advance that we are talking about a classic "search" without any PBKDF2 algorithms, without parsing sha hashing, since at the household level, this is an overwhelming task.

A lot of programs "for hacking VK by brute force (brute force)" are running on the network

Which one to choose? Which one will help (without harming me)?
- No

Each VK account requires a personal approach and template programs from the network are all crap, divorce, bullshit.

Now you will understand why. The mat part is brief.

The minimum length of a VK password is 6 characters.

The password must contain:
figures (0-9 - 10 options),
letters (a-z - 26 in Latin),
capital letters (A-Z is also 26)

Total for each symbol - 10 + 26 + 26 \u003d 62 (!) Options, so the number of combinations for:
6-character password - 56 800 235 584 (56.8 billion)
7-character password - 3 521 614 606 208 (3.5 trillion)
8-character password - 218 340 105 584 896 (218 trillion)
9-character password -13 537 086 546 263 600 (HZ as it is called))))

We do not know the length of the password, so we will have to brute force a range of at least 6-8 characters
Total: 6 + 7 + 8 characters \u003d 221 918 520 426 688 (222 trillion) options

Let's say you have a fairly good computer, but the question arises - how many requests to the VK server can it make?
What is the brute-force speed of a home computer?

Let's count... To do this, open the command line (Start - standard-Command line or start the cmd.exe process)
We drive in the command, we get the server response

"Reply from ... .. time 134ms" (this is mine, your time may differ)

Ping time is the time it takes for the signal to travel from our machine to the server and back.

There are 1000 milliseconds (ms) in one second, so
Brut speed from your machine (requests / sec) will be \u003d 1000 / response time
In my case 1000 / 134ms \u003d 7.4 requests (password) per second

How long will it take to search passwords for VK?

Let me remind you that we are looking at 221,918,520,426,688 (222 trillion) password options.

Therefore, in order to find out how much we will crack the VK password by brute-force, divide the number by the speed, i.e.

221918520426688 passwords / 7.4 passwords per second \u003d 29737081737176sec \u003d 495618028953 min \u003d 8260300483 hours \u003d 344179187 days \u003d 942957 years

Conclusion:a real program for hacking VK could brute-force the password in 94 thousand years.

Question: But what about the video on YouTube, in which the miracle programs brut the VK page in a few minutes / hours?
The answer is: This is a scam created to infect your computer to steal your own data. No more no less.

You can significantly speed up the search process!
For this you need:
1. Increase computing power. For example, infecting 1,000,000 other people's computers and brutalizing VK from all at the same time (already ridiculous)
2. Shorten the brute-dictionary to, for example, a couple of thousand (according to the principle of social engineering)

How to make a brute dictionary?
1. Pens in the notepad program (notepad.exe)
2. Prog "Brutus generator" (link at the bottom of the article)

We fill this brutal dictionary with real variants.

Real ones are those that are somehow connected with the person being hacked:

- telephones (him, his relatives, friends)
Example - numbers with + 7s, 8s, without 8s - rarely comes across

- date of birth (him, his relatives, friends)
Example - (the same date) 010118, 01012018, 20180101, 180101 - often comes across

- Names of loved ones, loved ones
Example - SashaMaria, MariaIvanova, SaNoMaIv - comes across average

Site name (or surname) on a different layout
Example, if you type the word "vkontakte" in the Russian layout, it will turn out - "mlshteflau" - such a scheme, well, very often comes across on all sites.

- lokhovskoy password list for brutus (a list of the most common passwords on the network - link at the end of the article)

How long does it take to write a dictionary? Well, not really - half an hour for the eyes is enough. Who said it would be easy?))

Let's say we have a created brute dictionary and a working program for selecting a VK password (or manual input using a dictionary).

One important problem arises - the server protection system.

Actually its hindrance lies in the fact that with too frequent requests, the server stupidly blocks (temporarily) your IP. In addition, if you work with VK through the standard input form (HTML \\ FORM), then after 3 unsuccessful attempts, VK will ask you to enter a captcha.

In the old version of VK, you could just switch to the mobile version - m.vk.com, but now there is no mobile version as such - in 2016 they made a single adaptive design.

How to bypass Vkontakte captcha?

VK requires captcha input after 3 unsuccessful attempts (restarting F5 does not help), but how does he know that it is you Are you making multiple login attempts?

By IP
- by cookies (cookies), cache and JavaScript

There are no problems with cookies, cache and JavaScript - they can simply be disabled in the browser settings.

IP can be changed by installing a program to change IP - there is nothing tricky about it, the network is full of them (Google help)

You can use the TOR browser (who does not know - this is a browser for anonymous walking on the network, it also changes IP-schnicks with each new session, a useful thing especially for those who surf or work in the SAR)

But almost completely nullifies all attempts to brute force GEOlocation.

The VK server remembers where (geographically) the last login was made.

And if your IP is from another locality, then (possibly) the inscription will pop up:

"You are trying to log in under the name of Ivan Ivanov from an unusual place."

To confirm that you really are the owner of the page, please provide all the missing digits of the phone number to which the page is linked.

Script for brute web forms (such as VK hacking software)

Important! On the VK server there is a script that monitors the frequency of sending packets, i.e. if you hammer at a speed of N times / sec, you will be automatically sent to the ban list by IP.
VK also uses GEO-tracking.

You shouldn't even try to brute force without a dynamic IP, VPN can help.
Personally, I think brute force VK passwords is not very promising, but for connoisseurs I will post an old script on Pearl borrowed from 5p4x2knet a.k.a. Apocalyptic "s and a little fixed.

The script works with the POST method only in two parameters - login and password.

If the login is known (for example, a phone number), then simply fill in the corresponding fields with a value without referring to the dictionary.

Hidden fields - captcha, the script will not transfer pictures, hide the source of requests (yourself) as described above.

Here we need a sane brute-dictionary, which we compiled at the beginning of the article. (let's call it, for example, brut.txt )

We also need a file from which our program will receive information.

The program will brute force all scripts specified in this file. ( infa.txt ). If there is only one script, then you can replace

Naturally, the file for recording the results ( result.txt)

So,
{
# connect the object
$ usagent \u003d LWP :: UserAgent
# open the file with information (if we cannot open it, then exit);
# drop the file into the @infa array and close. (if there is only one script, then it can be specified immediately)
open (INFA, ";
close (INFA);
# open a brute dictionary
open (BRUT, ";
close (BRUT);
# open the file with the results (appends to the end).
open (RESULT, "\u003e\u003e $ ARGV");
# loop start
foreach $ name (@infa)
{
# separate URL, login, variables and error info
($ url, $ login, $ log_vr, $ pwd_vr, $ failed) \u003d split (//, $ name);
# show url
print "$ url ... n";
# start another cycle
foreach $ brut (@brut)
{
# kill spaces and newlines
$ pss \u003d ~ s / //;
$ pss \u003d ~ s / n //;
# connect a new object
$ usagent \u003d LWP :: UserAgent-\u003e new ();
# making requests.
$ req \u003d HTTP :: Request-\u003e new (POST \u003d\u003e $ url);
$ req-\u003e content_type ("application / x-www-form-urlencoded");
$ req-\u003e content ("$ log_vr \u003d $ login & $ pwd_vr \u003d $ pss");
# and sending it
$ result \u003d $ usagent -\u003e request ($ req);
# writing results to a variable
$ res \u003d $ result-\u003e content;
# if it did not work, an error message is generated
if ($ res! ~ / $ failed / i)
{
# output a message with a password; recording into results;
print "brutword found. It isn $ pssnn";
print RESULT "URL: $ urlnLOGIN: $ loginnBRUT: $ pssnn";
# otherwise continue selection
last;
}
}
}
# closing the file result.txt
close (RESULT);

A frequent occurrence on the Internet. It is carried out for different purposes. The most common goal is to send spam and intrusive ads. Sometimes hackers steal money from social media accounts. Hacking of payment systems is dangerous. Hacking an e-mail password, except for sending spam, carries the risk that all other account data can also be found out. Sometimes carried out to steal game content.

Use strong passwords to protect your data

Password cracking techniques

Even the best email passwords can be cracked. The ways hackers operate are improving every day. These are special programs for the selection of combinations, methods of tracking actions on the Internet, etc.

Phishing

This way to find out the password from VK or another social network is popular with hackers. The user is sent a message suggesting they go to a site that looks like the one the hacker is trying to hack. Usually, it is completely copied from it.

By clicking on the link, the user enters other data, thinking that he is trying to log into his usual account. You can get to such a site and trying to find out the password, having a login, that is, using the "Account Recovery" function.

The user clicks the "Login" button and the data instantly gets to the attackers. The user himself is redirected to the page of a real social network, without even noticing what happened. Advanced social engineering allows hackers to find out the password from another person's contact.

After all, in order for a user to follow a fake link, it is necessary to "rub" into his trust. The method is not very effective, but easy to implement. However, the account owner may suspect that the real one is often not very different) and refuse to switch. The attacker can be easily found.

When entering a password, pay attention to the site address: often attackers make the address of a fake site look like the original site

Selection

The main technology by which hackers try to find out the mail password by brute force is BrutFors. It is a method of automated substitution generation and substitution of combinations for an account. To start such a selection, you need a special program, the password cracking of which will be fast. Such a program operates according to the mathematical principle, where the correct solution is recognized by the selection method.

Thus, the program endlessly generates combinations of numbers and letters and checks them for correctness. Due to their high performance, such programs run fairly quickly.

A hacking service for hacking can be either universal or for a specific site. During its operation, a fake proxy is created, thanks to which attackers can hide their IP. In addition, by regularly changing it, it is possible to avoid blocking the computer from which the hack is made. After hacking it, you will see a message stating that your password has been compromised by entering your account. It is urgent to do the following:

  1. Change account details;
  2. Change security question;
  3. Write to the Administration that the password in the Contact (or on another resource) has been compromised.

Although previously used programs operating on, now there are more advanced ones. Now, substitution of a digit to the word will not make your account secure. New programs pick up completely arbitrary alphanumeric combinations, they can crack a very complex combination of characters.

Hacking the password of the social network VKontakte by brute force

Hashes and hacking sites

An effective but difficult hacking method. To find out the password, hackers break into a site that stores hashes of user code combinations. The hash is obtained after the combination of letters has undergone an irreversible complex procedure. When, logging into your account, you enter a combination of characters, the hash is calculated again and if it matches the saved one, then you entered the code word correctly. This data is stolen by cybercriminals by hacking the site. It's even easier with old resources that store not hashes, but the letter combinations themselves.

Hash is not that difficult to decipher. Hackers have many programs and services that allow them to learn and use them. They can see the password in Yandex Mail, having previously hacked the service itself, as follows:

  • Computing hashing algorithms and decrypting data;
  • Having a base of BrutFors code combinations, a hacker also has hashes of these words, encoded by one or another algorithm. The program only needs to compare the existing ones with the new ones;
  • There are not many algorithms, and they are common.

Hashing on websites is a process similar to how cookies work on a PC. Decrypting it is as easy as finding out the password from cookies. Therefore, it is obvious that such storage is not reliable account protection, even with a very complex combination.

Cracking a password by guessing from a dictionary

Spyware

Spyware - The software installed on the PC is hidden. So that the user is not aware of its existence. It is essentially a virus. Designed to collect information about the user, logins, browser request history, code words, etc. Needed for hacking and targeted advertising. With the help of such programs, information is transmitted directly to the attacker.

Such programs are disguised as software that offers to copy the password in the form of asterisks or recover from cookies. You need to be careful when using such programs. Better to use a browser to restore the ability to log in to your account. With the help of spyware, you can find out a friend's password by installing malware on his phone or computer. In this case, the data will be transferred to you.

The spyware program does not crack the password, it just steals it and sends it to the attacker

Have the password been cracked?

Some resources show jailbreak notifications themselves. The VKontakte social network issues a notification that the password has been compromised when entering the account. If you change the code word to the old one, such a notification may appear, since the site keeps a black list of passwords from which spam was sent, etc.

A message box warning the user that his account has been hacked

In addition, there are a number of online services that present accounts that have fallen into the hands of cybercriminals lately. If there are reasons to believe that you tried to hack your email password, then enter the email address (or login, if we are not talking about mailboxes) in the field and you will see if your account was hacked.

You can find out if your account has been hacked in other ways. The main one is the analysis of activity in your account during your absence from the site.

WATCH THE VIDEO

If friends received messages with advertising content or inviting to third-party sites, you see messages and notifications for the first time, although the site shows that they have been viewed, etc. then your page was used in absence. However, she might not have been visible online. There are programs to hide the presence of users on the network.

There are many ways to crack a password. Of course, we provide information on how to crack a password for reference, so that you have an idea of \u200b\u200bhow hackers work, why simple passwords are dangerous and how to protect yourself from being hacked.

How can you crack a password by guessing it?

Most people use simple passwords, and this is what hackers rely on in the first place. They start guessing the password using some initial data - the user's last name, date of birth, and their combinations. Here you do not need to puzzle for a long time over how to find out the password. If the code word is so simple, then it will be determined in a couple of minutes.

The so-called "spider" method can be attributed to the same method. It consists in using knowledge about what the user is doing, who will be hacked. Very often in their passwords, people use words that are related to their professional activities, the name of the company. Using the Internet and specialized literature, they manage to reduce the search for the desired word and not rack their brains over how to crack the password.

How to protect yourself: do not use dictionary words, surnames, first names, dates of birth in your passwords. An automatically generated password using our website negates any attempts at logical word selection.

Brute force password guessing

Another common type of password that can be easily cracked is a dictionary word. Slightly more complex - with the addition of a number. Easily cracked with programs that use dictionaries from different languages. It is highly probable that in a couple of hours the code word will be in the hands of a hacker. Moreover, many sites offer such password selection online for free.

A variation of this method is cracking passwords from a table of hashed passwords. Simply put, a hash is the encrypted value of passwords. For example, password hashes of Windows users are stored in a special registry. If a hacker is skilled and competent enough to determine the password hashes, then in the database he will be able to find the password that matches this hash. There are also pre-prepared tables that help to guess the password by hash even faster.

How to protect yourself:again - don't use dictionary words. It is possible to protect against brute-force passwords by hash, but it is quite difficult, and it will take a whole article. This is a task already for programmers who are working on creating a website.

Find out the password using brute force

How to crack any password? By brute force, or a brute-force search of combinations of symbols. Unlike dictionary search, the maximum possible number of combinations is used here, and the question of time to crack here is only in the length and complexity of the password. For example, if a brute-force program generates 100,000 passwords per second, then it will take 9 days to select a combination of 7 characters, from 8 to 11 months, from 9 to 32 years, and so on.

How to protect yourself: do not use passwords less than 8 characters long, a password of any complexity and size can be generated.

Malware and phishing sites

While wandering around the Internet, downloading something, it is easy to pick up a virus program (they are often called Trojan horses) or get to a phishing site. Depending on the type of malware, it can steal passwords directly from the browser or record keystrokes on the keyboard. This data is then sent to the attacker.

A phishing site is a fake site that copies the design of a popular site. For example, vkkkk.com. The user buys for the design and enters his data, which is instantly received by the attacker.

How to protect yourself: do not download software from dubious resources, software without information about the developer (operating systems inform you about such software), check the authenticity of the site, do not follow the links that come to you from unfamiliar email addresses, do not trust tempting offers in the mail and do not trust your technology strangers.

Password guessing online directly

How can I find out the password yet? The most cunning attackers may not be afraid to enter the office of a company disguised as an employee. They can simply wipe the dust, water the flowers, but carefully record who does what and where he enters what passwords.

Criminals can also work on the phone, posing as technicians and offering to provide him with information so that he can gain access to any system.

How to protect yourself: It is quite difficult to be confident in all employees, but it is important to train employees in basic security methods - do not enter passwords in front of strangers, do not attach stickers with passwords to tables and computer monitors.

These are not all the possibilities in the arsenal of hackers, but knowing these basic techniques will significantly reduce the risk of confidential information theft.

They resort to using programs to guess a password for VK for the following purposes: stealing an account for sending spam and intrusive advertising, obtaining personal information by an interested person about a specific user, entering a personal page without the possibility of password recovery. It's not a secret for anyone that the user's page on VKontakte stores his personal data, personal messages, photo, audio and video materials. In order for confidential information to remain protected, when choosing a password for your own account, you should be guided by your knowledge of existing hacking programs. This article is devoted to acquainting the reader with the most popular means of stealing a page on a social network.

Programs for guessing passwords from the VK page

The social network VKontakte has millions of users, and this figure is growing every day. The increase in this figure is forcing developers to constantly improve the security system. This is due to the fact that interest in hacking pages is proportional to the number of network users. There can be many reasons for hacking a personal page, and for these purposes a large number of different software has been developed that differ in functionality and hacking method. These can be programs for the selection of a unique combination of characters, for tracking actions over the Internet, etc.

In order to protect your page from hacking, below are the most popular programs for gaining access to your personal page, after reading which, you can check your password for security or generate a new unique key to enter the system. If you are aimed at hacking someone else's page, you need to remember that in accordance with the Criminal Code of the Russian Federation ( RF Criminal Code Article 272) this action is a crime and entails criminal liability.

Online password generator

This hacking method is used by those who want to get the personal data of a specific user (friend).

The essence of the method lies in the fact that knowing the login (email or mobile phone number) from the account of the person concerned, it remains only to pick up the key to enter. Selection takes place in two ways:

  1. Manual search... Many users of the social network do not pay special attention to their own security, and when forming a password for entering, they operate with information such as: surname and first name, nickname, date of birth, favorite number or date, etc. Such a page is easy enough to hack by examining the information on it or knowing the person personally.
  2. Automatic search... It implies the use of a special software product. The most popular site for automatic search is Online password generator ... The essence of this system is that with the help of tags, keywords are generated, on the basis of which the password is brute-force. It should be noted that the Online generator can be used not only to recover / hack an account, but also to generate unique keys for entering various personal accounts and pages.

Vklom 3.1

Vklom 3.1 is a special program designed to gain access to the user's personal page of the well-known social network VKontakte. It should be noted that the program does not hack someone else's account, but only simulates the process of entering a personal page. Its main feature is a clear interface and minimum system requirements (Windows Vista, XP, 7, 8, 8.1, 10, there is a version for Android).

VK Hack 2.2

The VK Hack 2.2 utility is designed for efficient selection of keys to personal pages for specified accounts. The mechanism of the program is to select a combination of characters for a given Id on its own base. The effectiveness of this program is 50%, the selection time is several hours. Feature of the program: the presence of additional functions for cheating likes, subscribers, gifts, and so on.

John the ripper

John the Ripper is the most popular software on this topic. The utility is open source and has a number of brute force methods (brute force, dictionary selection, etc.). It is often used to assess the strength of passwords (account protection level) on Windows, MacOS and Linux, as well as Android. The lack of a graphical interface makes it difficult for inexperienced computer users to use the program.

Aircrack-ng

Aircrack-ng is a tool used by hackers to hack and obtain an access code over a Wi-Fi network to access a victim's personal page. The action of the program is based on intercepting a hash or obtaining a ready-made password using PMS and PTW attacks. Works Aircrack-ng on Windows, MacOS and Linux. You can protect yourself from this type of hacking using the WPA2 encryption type.

RainbowCrack

The main advantage of RainbowCrack is the availability of ready-made cracking tables, which multiply the speed of obtaining the desired result. The utility implies the ability to accelerate the enumeration process using a GPU (graphics processor). Only Windows and MacOS users can use RainbowCrack.

THC Hydra

THC Hydra is a console application for "calculating" the password for the login form on your personal VKontakte page and not only. Supports protocols: Astrisk, Cisco auth, AFP, HTTP, HTTP-Proxy, HTTPS-FORM-POST, IMAP, MySQL, Oracle SID, POSTGRES, TS2, SNMP v1 + v2 + v3, SOCKS5, RDP and others. Compiles on Windows, Linux, Solaris, FreeBSD, QNX and OSX. The advantage of the program is the speed of its operation and the presence of files with names / passwords, and its main disadvantage is the complicated interface for inexperienced users.

HashCat

The freely available cross-platform HashCat program is gaining more and more popularity. It conquered many both by the time it took to find the key to enter, due to the use of both a video card and a central processor, and by an impressive list of supporting attacks: Bruteforce, by dictionary, tables, mask, etc. Provides the ability to crack a password via a Wi-Fi network or from hashes of WEB applications.

Crowbar

Crowbar is a script in the programming language Pythonproviding the ability to perform password security checks. Its main difference is its use SSH-key (s), which allows any private keys obtained during penetration testing to be used to attack other SSH servers. Benefit: Support for rare protocols (VNC, OpenVPN and NLA). Compiles on Windows, Linux and MacOS.

coWPAtty

coWPAtty - a dictionary / hybrid network attack tool WPA / WPA2... This product is included with the software "BackTrack" and in the presence of a pre-rendered PMK document for the SSID, it allows for a so-called “fast attack”. It should be mentioned that coWPAtty can use "vocabulary words" from John the Ripper's vocabulary.

Features:

The software considered above has some differences, but they lead to the same result. They all have a number of the following features:

  • The speed of brute-force attacks depends more on the characteristics of the hacker's PC than on the program itself. For example, Pentium II and III provide a search speed of the order of 2 million / sec;
  • An entry code of more than 10 characters will require more time for any of the listed programs;
  • Various attack methods and protocol support.
  • Most of the software is freely available and completely free.
  • Can be blocked by antivirus programs despite a trusted source.

Did you like the article? To share with friends:
You may also be interested in