Lately I came up with a new methodical challenge. One of my friend is writing white paper on the effect of different tools used in hacking and penetration testing. He came to me with a weird kind of problem. He wants to categorize the password cracking tools according to their usage and effectiveness. It took my whole weekend to complete this work, but its worth like spending so much time. I learned what I thought never existed. Rare elites are out there in World. I am sharing the part of my work in this blog. KNOWLEDGE FOR ALL, ALL FOR KNOWLEDGE. I tried my best to omit any lame mistake and keep the content appropriate. I know many websites are also giving these lists but I tested each tool with my hands on practical experiences.
1. Cain and Abel :
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.
It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
2. John the Ripper
It works on Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
3.THC Hydra :
When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC.
The project supports a wide range of services and protocols: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP, PostgreSQL, Teamspeak, Cisco auth, Cisco enable, and Cisco AAA. It is licensed under version 2.0 of the GNU General Public License with the additional terms that the software may not be used for illegal purposes, and any commercial service or program that uses Hydra must give credit to THC.
4. Aircrack-ng:
Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless card whose driver supports raw monitoring mode (for a list, visit the website of the project) and can sniff 802.11a, 802.11b and 802.11g traffic. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).
5. L0phtcrack:
L0phtCrack attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionarybrute-force, hybrid attacks, and rainbow tables
External Links:
6. AirSnort:
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys.
External Links:
- AirSnort Homepage
- AirSnort Installation Guide on openSUSE10.1
- AirSnort Installation Guide on Windows
7. Solar Wind:
It includes various Security-related tools such as many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.
External Links:
8. PwdDump:
Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. In order to work, it must be run under an Administrator account, or be able to access an Administrator account on the computer where the hashes are to be dumped.
9. RainbowCrack:
The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack differs from “conventional” brute forcerainbow tables to reduce the length of time needed to crack a password drastically.
External Links:
crackers in that it uses large pre-computed tables called
- Project RainbowCrack – Developer’s official site.
- Rainbow Tables & Rainbow Crack tutorial
10. Brutus:
Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more.
External Links:
See this for John-The-Ripper, find the others on Youtube..
Hey could I use some of the material from this blog if I link back to you?