Top 10 Password Cracking Tools
for Windows, Linux and Web
Applications
Posted in Download , Security , Technology • 1 year
ago • Written by Shais • 10 Comments
A simple details about password cracking tools
from wiki. In cryptanalysis and computer security ,
password cracking is the process of recovering
passwords from data that have been stored in or
transmitted by a computer system. A common
approach ( brute-force attack ) is to try guesses
repeatedly for the password and check them
against an available cryptographic hash of the
password. Generally Password cracker not hacking
a password ,these software is only recover your
password. Got it? So don’t use against someone’s
system or illegally.
The other purposes of password cracking tools
might be to help a user recover a forgotten
password of a system or any software. But in the
world of hacking, hackers are using such a tools to
break or crack the stolen password hashes of a
database. Or using them to hack wireless network
and crack the passwords. So hope you completely
understand the main purpose of password cracking
tools.
List of Top 10 Password Cracking
Tools
OphCrack
#1. OphCrack
It is a free Windows password cracker based on
rainbow tables. It is a very efficient implementation
of rainbow tables done by the inventors of the
method. It comes with a Graphical User Interface
and runs on multiple platforms. See some features
of Ophcrack password cracking tools. The uploaded
version of Ophcrack compiled for Windows 64-bit
platforms. This version can preload tables using the
whole RAM available instead of only 2GB on 32-bit
platforms.
Features:
Runs on Windows, Linux/Unix, Mac OS X, …
Cracks LM and NTLM hashes.
Free tables available for Windows XP and
Vista/7/8.1.
Brute-force module for simple passwords.
Audit mode and CSV export.
Real-time graphs to analyze the passwords.
Live CD available to simplify the cracking.
Dumps and loads hashes from encrypted SAM
recovered from a Windows partition.
Free and open source software (GPL).
Download the latest Ophcrack version
from sourceforge , the open source software
storage.
RainbowCrack
2. RainbowCrack
The RainbowCrack password cracking tolls is a
general propose implementation of Philippe
Oechslin’s faster time-memory trade-off technique.
It crack hashes with rainbow tables. RainbowCrack
uses time-memory tradeoff algorithm to crack
hashes. It differs from brute force hash crackers.
A brute force hash cracker generate all possible
plaintexts and compute the corresponding hashes
on the fly, then compare the hashes with the hash
to be cracked. Once a match is found, the plaintext
is found. If all possible plaintexts are tested and no
match is found, the plaintext is not found. With this
type of hash cracking, all intermediate computation
results are discarded.
Features:
Full time-memory tradeoff tool suites, including
rainbow table generation, sort, conversion and
lookup
Support rainbow table of any hash algorithm
Support rainbow table of any charset
Support rainbow table in raw file format (.rt) and
compact file format (.rtc)
Computation on multi-core processor support
GPU acceleration with NVIDIA GPUs (CUDA
technology)
GPU acceleration with AMD GPUs (OpenCL
technology)
GPU acceleration with multiple GPUs
Runs on Windows operating systems
Windows XP 32-bit / 64-bit
Windows Vista 32-bit / 64-bit
Windows 7 32-bit / 64-bit
Windows 8 32-bit / 64-bit
Runs on Linux operating systems (x86 and
x86_64)
Unified rainbow table file format on all supported
operating systems
Command line user interface
Graphics user interface
Download the latest version of RainbowCrack
password cracking tools from project-rainbowcrack
website.
HashCat Advanced Password Recovery
3. HashCat
Hashcat is the world’s fastest CPU-based
password recovery tool. While it’s not as fast as its
GPU counterpart oclHashcat , large lists can be
easily split in half with a good dictionary and a bit of
knowledge of the command switches.
Hashcat was written somewhere in the middle of
2009. Yes, there were already close-to-perfect
working tools supporting rule-based attacks like
“PasswordsPro”, “John The Ripper”. However for
some unknown reason, both of them did not
support multi-threading. That was the only reason
to write Hashcat: To make use of the multiple cores
of modern CPUs.
Features:
Worlds fastest password cracker
Worlds first and only GPGPU based rule engine
Free
Multi-GPU (up to 128 gpus)
Multi-Hash (up to 100 million hashes)
Multi-OS (Linux & Windows native binaries)
Multi-Platform (OpenCL & CUDA support)
Multi-Algo (see below)
Low resource utilization, you can still watch
movies or play games while cracking
Focuses highly iterated modern hashes
Focuses dictionary based attacks
Supports distributed cracking
Supports pause / resume while cracking
Supports sessions
Supports restore
Supports reading words from file
Supports reading words from stdin
Supports hex-salt
Supports hex-charset
Built-in benchmarking system
Integrated thermal watchdog
150+ Algorithms implemented with performance
in mind
… and much more
Download the latest version HashCat
from oclhashcat website.
Cain & Abel
4. Cain & Abel
Is a password recovery tool for Microsoft Operating
Systems. It allows easy recovery of various kind of
passwords by sniffing the network, cracking
encrypted passwords using Dictionary, Brute-Force
and Cryptanalysis attacks, recording VoIP
conversations, decoding scrambled passwords.
It also help you for recovering wireless network
keys, revealing password boxes, uncovering cached
passwords and analyzing routing protocols. The
program does not exploit any software
vulnerabilities or bugs that could not be fixed with
little effort. It covers some security aspects/
weakness present in protocol’s standards,
authentication methods and caching mechanisms;
its main purpose is the simplified recovery of
passwords and credentials from various sources,
however it also ships some “non standard” utilities
for Microsoft Windows users.
Download the latest version of Cain and Abel from
oxit website which crate and support this software.
wfuzz
5. Wfuzz Password Cracking Tools
Time for special password cracking tools for web
applications. The Wfuzz password cracking tools is
a software designed for brute forcing Web
Applications, it can be used for finding resources
not linked (directories, servlets, scripts, etc),
bruteforce GET and POST parameters for checking
different kind of injections (SQL, XSS, LDAP,etc),
bruteforce Forms parameters (User/Password),
Fuzzing,etc. See some features below and read full
details at edge-security website.
Some Features:
Multiple Injection points capability with multiple
dictionaries
Recursion (When doing directory bruteforce)
Post, headers and authentication data brute
forcing
Output to HTML
Colored output
Hide results by return code, word numbers, line
numbers, regex.
Cookies fuzzing
Multi threading
Proxy support
SOCK support
Time delays between requests
Authentication support (NTLM, Basic)
All parameters bruteforcing (POST and GET)
Multiple encoders per payload
Payload combinations with iterators
Baseline request (to filter results against)
Brute force HTTP methods
Multiple proxy support (each request through a
different proxy)
HEAD scan (faster for resource discovery)
Dictionaries tailored for known applications
(Weblogic, Iplanet, Tomcat, Domino, Oracle 9i,
Vignette, Coldfusion and many more.i
(Many dictionaries are from Darkraver’s Dirb,
www.open-labs.org)s
Download the latest version from edge-security
website.
Brutus Password Cracking Tools
6. Brutus Password Cracking Tools
The Brutus is also a good password cracking tools
for web application but it is not updated for many
years. You might still need as web application
password cracker. Brutus was one of the most
popular remote online password cracking tools. It
claims to be the fastest and most flexible password
cracking tool. This tool is free and is only available
for Windows systems. It was released back in
October 2000.
Features:
Brutus version AET2 is the current release and
includes the following authentication types :
HTTP (Basic Authentication)
HTTP (HTML Form/CGI)
POP3
FTP
SMB
Telnet
Other types such as IMAP, NNTP, NetBus etc
are freely downloadable from this site and simply
imported into your copy of Brutus. You can create
your own types or use other peoples.
The current release includes the following
functionality :
Multi-stage authentication engine
60 simultaneous target connections
No username, single username and multiple
username modes
Password list, combo (user/password) list and
configurable brute force modes
Highly customisable authentication sequences
Load and resume position
Import and Export custom authentication types
as BAD files seamlessly
SOCKS proxy support for all authentication types
User and password list generation and
manipulation functionality
HTML Form interpretation for HTML Form/CGI
authentication types
Error handling and recovery capability inc.
resume after crash/failure.
If you would like to use this old and out of date
tools, download from hoobie website.
John the Ripper
7. John the Ripper
The John the Ripper is a fast opensource password
cracking tools, currently available for many flavors
of Unix, Windows, DOS, BeOS, and OpenVMS. Its
primary purpose is to detect weak Unix passwords.
Besides several crypt(3) password hash types most
commonly found on various Unix systems,
supported out of the box are Windows LM hashes,
plus lots of other hashes and ciphers in the
community-enhanced version.
Download John the Ripper from openwall website,
the place to bringing security into open
environment.
THC Hydra
8. THC Hydra
The THC-Hydra is a very fast network logon cracker
which support many different services. When you
need to brute force crack a remote authentication
service, Hydra is often the tool of choice. It can
perform rapid dictionary attacks against more then
30 protocols, including telnet, ftp, http, https, smb,
several databases, and much more.
Download the THC Hydra from THC website and
see feature sets and services coverage also.
L0phtCrack
9. L0phtCrack
The L0phtCrack Password Cracking Tools is an
alternative to OphCrack. It attempts to crack
Windows password from hashes. For cracking
passwords, it uses Windows workstations, network
servers, primary domain controllers, and Active
Directory. It also uses dictionary and brute force
attacking for generating and guessing passwords.
Features:
L0phtCrack 6 is packed with powerful features
such as scheduling, hash extraction from 64 bit
Windows versions, multiprocessor algorithms, and
networks monitoring and decoding. Yet it is still the
easiest to use password auditing and recovery
software available.
Range of Target Systems Software runs On
Windows XP and higher. Operates on networks
with Windows NT, 2000, XP, Server 2003 R1/R2,
Server 2008 R1/R2, on 32- and 64-bit
environments, as well as most BSD and Linux
variants with an SSH daemon.
Password Scoring
Pre-computed Dictionary Support
Windows & Unix Password Support
Remote password retrieval
Scheduled Scans
Remediation
Updated Vista/Windows 7 Style UI
Executive Level Reporting
Password Risk Status
Password Audit Method
Password Character Sets
Password Length Distribution
Summary Report
Download the latest version from l0phtcrack
website.
aircrack-ng
10. Aircrack-NG
The aircrack-ng is an 802.11 WEP and WPA-PSK
keys cracking program that can recover keys once
enough data packets have been captured. It
implements the standard FMS attack along with
some optimizations like KoreK attacks, as well as
the PTW attack, thus making the attack much faster
compared to other WEP cracking tools.
In fact, Aircrack-ng is a set of tools for auditing
wireless networks. To secure a Wireless network
against Wireless hacking read the article “ 5 Steps to
Secure your home Wireless Network“.
Download the Aircrack-ng from aircrack-ng
website, where you can find more information about
this Wireless Password Cracking Tools. You might
need to read “ 5 ways to Hack Wireless Network ”
article that is a good way to secure your Wireless
Network.
Footus Password Cracking Tools
11. Medusa
The Medusa password Cracking tool is intended to
be a speedy, massively parallel, modular, login
brute-forcer. The goal is to support as many
services which allow remote authentication as
possible. The author considers following items as
some of the key features of this application:
Features:
Thread-based parallel testing. Brute-force
testing can be performed against multiple hosts,
users or passwords concurrently.
Flexible user input. Target information (host/
user/password) can be specified in a variety of
ways. For example, each item can be either a
single entry or a file containing multiple entries.
Additionally, a combination file format allows the
user to refine their target listing.
Modular design. Each service module exists as
an independent .mod file. This means that no
modifications are necessary to the core application
in order to extend the supported list of services for
brute-forcing.
Multiple protocols supported. Many services are
currently supported (e.g. SMB, HTTP, POP3, MS-
SQL, SSHv2, among others).
Download the latest Medusa tools from foofus
website which support the fgdump tool for mass
password Auditing of Windows Systems. It is also a
best cracking tools.
Conclusion For Cracking Tools
These are the most popular tools that hackers are
using for cracking password hashes and codes of
web applications and operating systems. I’m sure
that there are many powerful password cracking
tools that I miss to bring the list, so tell us the name
please in order to complete this list.
If you need more information about such a tools,
read the password cracking section of Certified
Ethical Hacking (CEH) from ec-council academy.
And the post “ Certification Road-map for
Information Security ” for security lovers.
for Windows, Linux and Web
Applications
Posted in Download , Security , Technology • 1 year
ago • Written by Shais • 10 Comments
A simple details about password cracking tools
from wiki. In cryptanalysis and computer security ,
password cracking is the process of recovering
passwords from data that have been stored in or
transmitted by a computer system. A common
approach ( brute-force attack ) is to try guesses
repeatedly for the password and check them
against an available cryptographic hash of the
password. Generally Password cracker not hacking
a password ,these software is only recover your
password. Got it? So don’t use against someone’s
system or illegally.
The other purposes of password cracking tools
might be to help a user recover a forgotten
password of a system or any software. But in the
world of hacking, hackers are using such a tools to
break or crack the stolen password hashes of a
database. Or using them to hack wireless network
and crack the passwords. So hope you completely
understand the main purpose of password cracking
tools.
List of Top 10 Password Cracking
Tools
OphCrack
#1. OphCrack
It is a free Windows password cracker based on
rainbow tables. It is a very efficient implementation
of rainbow tables done by the inventors of the
method. It comes with a Graphical User Interface
and runs on multiple platforms. See some features
of Ophcrack password cracking tools. The uploaded
version of Ophcrack compiled for Windows 64-bit
platforms. This version can preload tables using the
whole RAM available instead of only 2GB on 32-bit
platforms.
Features:
Runs on Windows, Linux/Unix, Mac OS X, …
Cracks LM and NTLM hashes.
Free tables available for Windows XP and
Vista/7/8.1.
Brute-force module for simple passwords.
Audit mode and CSV export.
Real-time graphs to analyze the passwords.
Live CD available to simplify the cracking.
Dumps and loads hashes from encrypted SAM
recovered from a Windows partition.
Free and open source software (GPL).
Download the latest Ophcrack version
from sourceforge , the open source software
storage.
RainbowCrack
2. RainbowCrack
The RainbowCrack password cracking tolls is a
general propose implementation of Philippe
Oechslin’s faster time-memory trade-off technique.
It crack hashes with rainbow tables. RainbowCrack
uses time-memory tradeoff algorithm to crack
hashes. It differs from brute force hash crackers.
A brute force hash cracker generate all possible
plaintexts and compute the corresponding hashes
on the fly, then compare the hashes with the hash
to be cracked. Once a match is found, the plaintext
is found. If all possible plaintexts are tested and no
match is found, the plaintext is not found. With this
type of hash cracking, all intermediate computation
results are discarded.
Features:
Full time-memory tradeoff tool suites, including
rainbow table generation, sort, conversion and
lookup
Support rainbow table of any hash algorithm
Support rainbow table of any charset
Support rainbow table in raw file format (.rt) and
compact file format (.rtc)
Computation on multi-core processor support
GPU acceleration with NVIDIA GPUs (CUDA
technology)
GPU acceleration with AMD GPUs (OpenCL
technology)
GPU acceleration with multiple GPUs
Runs on Windows operating systems
Windows XP 32-bit / 64-bit
Windows Vista 32-bit / 64-bit
Windows 7 32-bit / 64-bit
Windows 8 32-bit / 64-bit
Runs on Linux operating systems (x86 and
x86_64)
Unified rainbow table file format on all supported
operating systems
Command line user interface
Graphics user interface
Download the latest version of RainbowCrack
password cracking tools from project-rainbowcrack
website.
HashCat Advanced Password Recovery
3. HashCat
Hashcat is the world’s fastest CPU-based
password recovery tool. While it’s not as fast as its
GPU counterpart oclHashcat , large lists can be
easily split in half with a good dictionary and a bit of
knowledge of the command switches.
Hashcat was written somewhere in the middle of
2009. Yes, there were already close-to-perfect
working tools supporting rule-based attacks like
“PasswordsPro”, “John The Ripper”. However for
some unknown reason, both of them did not
support multi-threading. That was the only reason
to write Hashcat: To make use of the multiple cores
of modern CPUs.
Features:
Worlds fastest password cracker
Worlds first and only GPGPU based rule engine
Free
Multi-GPU (up to 128 gpus)
Multi-Hash (up to 100 million hashes)
Multi-OS (Linux & Windows native binaries)
Multi-Platform (OpenCL & CUDA support)
Multi-Algo (see below)
Low resource utilization, you can still watch
movies or play games while cracking
Focuses highly iterated modern hashes
Focuses dictionary based attacks
Supports distributed cracking
Supports pause / resume while cracking
Supports sessions
Supports restore
Supports reading words from file
Supports reading words from stdin
Supports hex-salt
Supports hex-charset
Built-in benchmarking system
Integrated thermal watchdog
150+ Algorithms implemented with performance
in mind
… and much more
Download the latest version HashCat
from oclhashcat website.
Cain & Abel
4. Cain & Abel
Is a password recovery tool for Microsoft Operating
Systems. It allows easy recovery of various kind of
passwords by sniffing the network, cracking
encrypted passwords using Dictionary, Brute-Force
and Cryptanalysis attacks, recording VoIP
conversations, decoding scrambled passwords.
It also help you for recovering wireless network
keys, revealing password boxes, uncovering cached
passwords and analyzing routing protocols. The
program does not exploit any software
vulnerabilities or bugs that could not be fixed with
little effort. It covers some security aspects/
weakness present in protocol’s standards,
authentication methods and caching mechanisms;
its main purpose is the simplified recovery of
passwords and credentials from various sources,
however it also ships some “non standard” utilities
for Microsoft Windows users.
Download the latest version of Cain and Abel from
oxit website which crate and support this software.
wfuzz
5. Wfuzz Password Cracking Tools
Time for special password cracking tools for web
applications. The Wfuzz password cracking tools is
a software designed for brute forcing Web
Applications, it can be used for finding resources
not linked (directories, servlets, scripts, etc),
bruteforce GET and POST parameters for checking
different kind of injections (SQL, XSS, LDAP,etc),
bruteforce Forms parameters (User/Password),
Fuzzing,etc. See some features below and read full
details at edge-security website.
Some Features:
Multiple Injection points capability with multiple
dictionaries
Recursion (When doing directory bruteforce)
Post, headers and authentication data brute
forcing
Output to HTML
Colored output
Hide results by return code, word numbers, line
numbers, regex.
Cookies fuzzing
Multi threading
Proxy support
SOCK support
Time delays between requests
Authentication support (NTLM, Basic)
All parameters bruteforcing (POST and GET)
Multiple encoders per payload
Payload combinations with iterators
Baseline request (to filter results against)
Brute force HTTP methods
Multiple proxy support (each request through a
different proxy)
HEAD scan (faster for resource discovery)
Dictionaries tailored for known applications
(Weblogic, Iplanet, Tomcat, Domino, Oracle 9i,
Vignette, Coldfusion and many more.i
(Many dictionaries are from Darkraver’s Dirb,
www.open-labs.org)s
Download the latest version from edge-security
website.
Brutus Password Cracking Tools
6. Brutus Password Cracking Tools
The Brutus is also a good password cracking tools
for web application but it is not updated for many
years. You might still need as web application
password cracker. Brutus was one of the most
popular remote online password cracking tools. It
claims to be the fastest and most flexible password
cracking tool. This tool is free and is only available
for Windows systems. It was released back in
October 2000.
Features:
Brutus version AET2 is the current release and
includes the following authentication types :
HTTP (Basic Authentication)
HTTP (HTML Form/CGI)
POP3
FTP
SMB
Telnet
Other types such as IMAP, NNTP, NetBus etc
are freely downloadable from this site and simply
imported into your copy of Brutus. You can create
your own types or use other peoples.
The current release includes the following
functionality :
Multi-stage authentication engine
60 simultaneous target connections
No username, single username and multiple
username modes
Password list, combo (user/password) list and
configurable brute force modes
Highly customisable authentication sequences
Load and resume position
Import and Export custom authentication types
as BAD files seamlessly
SOCKS proxy support for all authentication types
User and password list generation and
manipulation functionality
HTML Form interpretation for HTML Form/CGI
authentication types
Error handling and recovery capability inc.
resume after crash/failure.
If you would like to use this old and out of date
tools, download from hoobie website.
John the Ripper
7. John the Ripper
The John the Ripper is a fast opensource password
cracking tools, currently available for many flavors
of Unix, Windows, DOS, BeOS, and OpenVMS. Its
primary purpose is to detect weak Unix passwords.
Besides several crypt(3) password hash types most
commonly found on various Unix systems,
supported out of the box are Windows LM hashes,
plus lots of other hashes and ciphers in the
community-enhanced version.
Download John the Ripper from openwall website,
the place to bringing security into open
environment.
THC Hydra
8. THC Hydra
The THC-Hydra is a very fast network logon cracker
which support many different services. When you
need to brute force crack a remote authentication
service, Hydra is often the tool of choice. It can
perform rapid dictionary attacks against more then
30 protocols, including telnet, ftp, http, https, smb,
several databases, and much more.
Download the THC Hydra from THC website and
see feature sets and services coverage also.
L0phtCrack
9. L0phtCrack
The L0phtCrack Password Cracking Tools is an
alternative to OphCrack. It attempts to crack
Windows password from hashes. For cracking
passwords, it uses Windows workstations, network
servers, primary domain controllers, and Active
Directory. It also uses dictionary and brute force
attacking for generating and guessing passwords.
Features:
L0phtCrack 6 is packed with powerful features
such as scheduling, hash extraction from 64 bit
Windows versions, multiprocessor algorithms, and
networks monitoring and decoding. Yet it is still the
easiest to use password auditing and recovery
software available.
Range of Target Systems Software runs On
Windows XP and higher. Operates on networks
with Windows NT, 2000, XP, Server 2003 R1/R2,
Server 2008 R1/R2, on 32- and 64-bit
environments, as well as most BSD and Linux
variants with an SSH daemon.
Password Scoring
Pre-computed Dictionary Support
Windows & Unix Password Support
Remote password retrieval
Scheduled Scans
Remediation
Updated Vista/Windows 7 Style UI
Executive Level Reporting
Password Risk Status
Password Audit Method
Password Character Sets
Password Length Distribution
Summary Report
Download the latest version from l0phtcrack
website.
aircrack-ng
10. Aircrack-NG
The aircrack-ng is an 802.11 WEP and WPA-PSK
keys cracking program that can recover keys once
enough data packets have been captured. It
implements the standard FMS attack along with
some optimizations like KoreK attacks, as well as
the PTW attack, thus making the attack much faster
compared to other WEP cracking tools.
In fact, Aircrack-ng is a set of tools for auditing
wireless networks. To secure a Wireless network
against Wireless hacking read the article “ 5 Steps to
Secure your home Wireless Network“.
Download the Aircrack-ng from aircrack-ng
website, where you can find more information about
this Wireless Password Cracking Tools. You might
need to read “ 5 ways to Hack Wireless Network ”
article that is a good way to secure your Wireless
Network.
Footus Password Cracking Tools
11. Medusa
The Medusa password Cracking tool is intended to
be a speedy, massively parallel, modular, login
brute-forcer. The goal is to support as many
services which allow remote authentication as
possible. The author considers following items as
some of the key features of this application:
Features:
Thread-based parallel testing. Brute-force
testing can be performed against multiple hosts,
users or passwords concurrently.
Flexible user input. Target information (host/
user/password) can be specified in a variety of
ways. For example, each item can be either a
single entry or a file containing multiple entries.
Additionally, a combination file format allows the
user to refine their target listing.
Modular design. Each service module exists as
an independent .mod file. This means that no
modifications are necessary to the core application
in order to extend the supported list of services for
brute-forcing.
Multiple protocols supported. Many services are
currently supported (e.g. SMB, HTTP, POP3, MS-
SQL, SSHv2, among others).
Download the latest Medusa tools from foofus
website which support the fgdump tool for mass
password Auditing of Windows Systems. It is also a
best cracking tools.
Conclusion For Cracking Tools
These are the most popular tools that hackers are
using for cracking password hashes and codes of
web applications and operating systems. I’m sure
that there are many powerful password cracking
tools that I miss to bring the list, so tell us the name
please in order to complete this list.
If you need more information about such a tools,
read the password cracking section of Certified
Ethical Hacking (CEH) from ec-council academy.
And the post “ Certification Road-map for
Information Security ” for security lovers.
No comments:
Post a Comment