Windows Password Kracker is free software to recover lost or forgotten windows passwords. It can quickly restore the original password from the LM hash (LAN Manager) or NTLM (NT LAN Manager).
Windows encrypts login passwords using LM or NTLM hash algorithms. Since one hash algorithm is used, you can not directly decrypt the hash to find out the password. In such cases, "Windows Password Kracker" can help in recovery windows passwords through simple method dictionary search (bruteforce).
FireMasterCracker is a free software for cracking the password wizard in Firefox. This is the Graphical version, the first-ever tool for recovering lost master passwords from Firefox.
The Firefox browser uses a master password to protect saved passwords from all visited websites. If this master password is forgotten, then there is no way to restore it and the user also loses all access to all Web sites.
In such cases, the "Fire Master Cracker" utility can help you recover the lost master password.
Master Password is used to protect logins, passwords and other information about visited websites stored in the firefox browser. If this master password is forgotten, then there is no way to recover the master password and the user loses all the passwords stored in it. However, now you can use FireMaster to restore forgotten master passwords and get back all the saved authentication data (logins and passwords to sites).
Appnimi Password Unlocker is a free, all-in-one universal password recovery tool different types protected files, including ZIP, RAR, PDF, XLS, XLSX, etc.
This utility for password recovery, supports both the dictionary selection method and brute force brute force method, thus allowing the user to easily recover a password of any complexity.
Each of the teams] [their preferences for software and utilities for
pen-test. After consulting, we found out that the choice is so different that you can
make up a real gentleman's set of proven programs. On that and
decided. In order not to make a hodge-podge of solyanka, we have broken the whole list on topics - and in
This time we will touch on utilities for selecting a password for various services.
Brutus AET2
Platform: Windows
The last release of the program was in 2000. For a long time there is no official
site. But in this case Brutus AET2 It is still one of the most
advanced bruteforers for basic Internet protocols. If you need to pick up
password for HTTP (on those pages where authorization is used for
login / password), arbitrary web-service with authorization via form, postal
account, file or Telnet server, know: Brutus - A great option.
In general, to select a password, you must specify the host and port of the service, select
protocol, set the number of threads used (maximum 60), and
time-out. For the sake of anonymity, you can connect a Sox or Proxy. Depending on the
protocol also indicates a number of additional parameters. For example, to select
password on some site (type bruteforce - HTTP Form), you must specify a method
(POST or GET), to designate the form parameters (in Brutus a simple means
for their analysis), and if necessary, to forge the cookie, including
corresponding option.
Selection is carried out in two ways: by dictionary, and the program has
Several built-in utilities for working with large lists of passwords, or with
using stupidly generated passwords. In the latter case, it is necessary
designate the symbols that will be used to compose the pass.
Universal brutforser for HTTP protocols FORM, TELNET, POP3, FTP.
John the Ripper
For brute force RPD-akkov.
RainbowCrack
Site:
project-rainbowcrack.com
Platform: Unix, Windows
Usually, the hashed version of the password is stored in the open access and it is known,
by what algorithm this hash was obtained (for example MD5), but the inverse transformation
It is considered too complex operation, requiring, in the general case, a search of all
possible combinations - this is the basis for the security of many modern
systems. If you have sorted hash tables and their corresponding passwords,
We obtain a system which, using a fast binary table search, can
receive a reverse hash conversion to a password for any existing
hashing algorithm.
The main problem: the tables of all possible passwords are too large
volume on disks. Therefore, the original table format is used: hashes
are assembled into chains of several thousand combinations - each following combination
is obtained from the previous one by the next application of the same hash function. AT
Only the beginning and the end of each such chain is written in the table. In order to
To find the password on such table, it is necessary to apply to the given hash in the same way
The hash function is several thousand times (depending on the length used
chains) and on the next iteration we get a hash, which is the end of one of the
chains in our tables. Then we run this chain anew from the initial
hash to the required and we find the combination preceding our hash - this and
there is the password you are looking for.
RainbowCrack allows us to use this approach. The meaning is,
that it takes a long time to compile the tables, but the password is hacked
hundreds of times faster than bruteforce. RainbowCrack will help how to compile tables,
and use them to crack the hash. By the way, spend a lot of time on
compilation of tables is not necessary - they can be bought and partially downloaded from
torrents.
Extremely fast password recovery by hash using
Rainbow-tables.
Md5 Crack Monster v1.1
Site:
www.darkc0de.com/c0de/perl/mcm.txt
Platform: Unix, Windows
Before you crawl on the rampage, launching the hash brute force, do not be too lazy to break it
on online databases. For example, in gdataonline.com contains more than a billion
unique records, and this is only one of numerous projects (some of them
see below). To simplify the busy work of checking the hash on various
I recommend you a cool script Md5 Crack Monster, written in Perl.
He checks the hash on a solid list of services and produces the result.
Search for the hash value in online databases.
THC PPTP bruter
Platform: Unix
Who said that it's impossible to select a password for the VPN account because of the features
authorization? Nonsense! Guys from the world-known hacker group THC have long
proved the opposite, releasing public-release tools THC-pptp-bruter. This program
is a highly specialized brute-force for PPTP-protocol
(1723 / TCP), which really works! 🙂 True, only in the event,
when the server uses the Microsoft Window Chap V2 authorization. I hasten to please:
most often it is she who is used, and as on Windows servers, and
serious CISCO-systems. As for the old Window Chap V1, its support
you probably have to implement yourself :))
The problem of implementing bruteforce is that Microsoft intentionally
implemented in the PPTP-protocol protection system against bruteforce. If you do not go into
in detail, then its meaning was to set the limit: "in one second
you can enter only one password. "Naturally, with such a speed of busting
The hacker will not go far and the chances of finding the password will be reduced to zero. However, in
implementation of the tradition was not without flaws, which were published on
bugs, and the THC group successfully imported them in a specific program. Through
THC-pptp-bruter You can circumvent Microsoft's limitations and achieve
speed more than 300-400 passwords per second. This figure, naturally, is strong
varies depending on the delay in delivering packets to the server, so that
The greatest speed can be achieved in local Area Networks. Afflicts only that for
pptp-bruter requires a pair of third-party libraries. Without them the program
simply will not compile.
For the brute VPN connection.
CIFSPwScanner
Site:
www.cqure.net/tools/
Platform: Windows, Unix
Scanner for auditing the persistence of passwords from CIFS / SMB-resources. With his help, you
cleverly you can select the necessary data to connect to the enemy ball in
locale. The main thing is to correctly drive in the necessary command and prepare a dictionary
For Brutus, filled with a variety of human thoughts and love. For
CIFSPwS it looks like this: CifsPwScanner -t server -u users. Rest
options you can look in mana to the program or in an interactive help.
CIFSPwScanner is written in Java, and therefore can be run under any
platform.
Selection of the password for the balls.
piggy 1.0.1
Site:
www.cqure.net/tools/
Platform: Windows
Multithreaded Microsoft SQL Server bruteforce, implemented as
console application. Supports range scanning mode when
A given password is checked at once by several servers that store databases. it
especially important, when you performed a service scan of the NMAP subnet on port 1433
(TCP), traditional for this service, received the necessary banner of the database, after
which fed the received addresses piggy. Because the negligence of administrators
often truly immeasurable, the probability of catch is very, very high. Besides
of this piggy works with your files, to conduct an attack on
the dictionary.
Audit of MSSQL server passwords.
Hints for work with dictionaries
You can discard duplicate passwords in the dictionary file using standard
means nicks. To do this, you need one single command:
cat words.txt | sort | uniq\u003e dictionary.txt
If you know that the password policy does not allow users
select a pass that is less than 6 characters long and containing at least one letter
and the figure, then you can save a lot of time on the search, if previously
discard all the impossible options. Together with THC Hydra is a wonderful
utility pw-inspector, with the help of which it is easy to compose from an existing dictionary
The new dictionary, which includes only the "correct" passwords. In our case, this is
is done like this:
cat dictionary.txt | pw-inspector -m 6 -c 2 -n\u003e passlist.txt
WARNING
All programs are provided for information purposes only. When
they can not be used for illegal purposes. Furthermore,
this is directly prohibited by the licenses of most programs. Do not lose your head!
Brutus A2 - one of the most recognized programs for selecting passwords. Forgotten Password - not a rare problem in the modern computer world. Mail, archives with important photos, access to your homepage in popular in social networks, as well as to other sites that require registration - all these are examples of using password protection. Vainly hoping for your memory or forgetting to write down the cherished numbers and letters, we run the risk of losing valuable information. In such cases, bruteforce (brute-force method) cracking passwords can be useful. Download brutus free in Russian you can directly from this page of our site.
In most cases, people choose not too much complex passwords, so for the selection of a secret word it is very useful to use special lists of words. The dictionaries for brutus a2 are free, you can download it on the web, and you can use your own, which is more useful if the goal is yours personal password. To get the brutus a2 password cracker program free download here, just click on the button on the left under the lock picture. Selecting passwords by brute force requires a lot of time, but it's very simple, and if you are not a programmer or a hacker, then this method is for you.
