| Openwall Project | /home Owl JtR Pro crypt pam_passwdqc tcb phpass scanlogd popa3d msulogin / Linux BIND / advisories presentations / services donations / wordlists passwords / community lists wiki CVSweb mirrors signatures | |
| bringing security into open environments | ||
|
|
passwords.openwall.net /passwords/
Microsoft Office:
Microsoft Internet Explorer,
Outlook Express, Outlook, Internet Mail,
Corel WordPerfect Office:
Lotus SmartSuite:
Intuit Quicken,
Instant Messengers: PGP secret keys, disks, archives
OS passwords: |
Proactive System Password Recovery
by ElcomSoft Proactive System Password Recovery (PSPR; formerly known as Advanced Windows Password Recovery) is a program to recover most types of Windows passwords:
Other information that could be recovered by AWPR is LSA Secrets; the program also allows to run any programs in other user's context, show password history hashes, read password hashes from SAM and SYSTEM files, perform brute-force and dictionary attacks on Windows 9x PWL files, and decrypt product ID and CD key for Windows and Microsoft Office installations.
Elcomsoft System Recovery
by ElcomSoft This is a boot-disk application that makes it easy to access your computer's Windows password settings. If you're locked out of your computer, Elcomsoft System Recovery will give you access and let you troubleshoot problems that are preventing you from running Windows. With it, it's simple to reset and change the passwords of any of the local accounts, detect accounts with empty passwords, and assign Administrator privileges to any user account. It's easy to enable or unlock accounts that have been disabled or locked.
Proactive Password Auditor
by ElcomSoft Proactive Password Auditor (PPA; formerly Proactive Windows Security Explorer) is a password security test tool designed to allow Windows systems administrators to identify and close security holes in their networks. Proactive Password Auditor helps secure networks by executing an audit of account passwords, and exposing insecure account passwords. If it is possible to recover a password within a reasonable time, the password is considered insecure. An administrator can also use this program to recover any lost password and access a user's Windows account. Proactive Password Auditor works by analyzing user password hashes and recovering plain-text passwords. The software supports several different methods of obtaining password hashes for further attack/audit: from dump files generated by tools like pwdump (listed below on this page), Registry of local computer, binary Registry files (SAM and SYSTEM), memory of local computer, and memory of remote computers (Domain Controllers), including ones running Active Directory. It can use brute-force and dictionary attacks on LM and NTLM password hashes, effectively optimized for speed.
John the Ripper
by Openwall Project John the Ripper is primarily a Unix password cracker, but it also supports Windows NT/2000/XP LM hashes (case insensitive, DES-based) and, with one of the contributed patches, NTLM hashes (case sensitive, MD4-based). Please note that it is a command-line (console) application; there's no GUI. The LM hash support in recent versions of John the Ripper is based around bitslice DES implementations (in C and assembly, making use of MMX on x86 and AltiVec on PowerPC processors). Please refer to the Unix password crackers page of this website for more information on John the Ripper.
MDcrack by Gregory Duchemin MDcrack is primarily a fast cracker for (raw) MD5 and MD4 hashes, but it also supports NTLM hashes (case sensitive, MD4-based) that are actually used by Windows NT/2000/XP. It's rather dumb in which candidate passwords it tries and it doesn't support loading of entire password files, so its practical use is limited. However, it demonstrates how it's possible to compute the hashes at a very fast rate.
pwdump2 by Todd Sabin of Bindview This is an application which dumps the password hashes from NT's SAM database, whether or not SYSKEY is enabled on the system. NT Administrators can now enjoy the additional protection of SYSKEY, while still being able to check for weak users' passwords. The output follows the same format as the original pwdump (by Jeremy Allison) and can be used as input to password crackers. You need the SeDebugPrivilege for it to work. By default, only Administrators have this right, so this program does not compromise NT security.
pwdump3 and pwdump3e
by Phil Staubs and Erik Hjelmstad of PoliVec, Inc. pwdump3 enhances the existing pwdump and pwdump2 programs developed by Jeremy Allison and Todd Sabin, respectively. pwdump3 works across the network and whether or not SYSKEY is enabled. Like the previous pwdump utilities, pwdump3 does not represent a new exploit since administrative privileges are still required on the remote system. One of the largest improvements with pwdump3 over pwdump2 is that it allows network administrators to retrieve hashes from a remote NT system. pwdump3e provides enhanced protection of the password hash information by encrypting the data before it is passed across the network. It uses Diffie-Hellman key agreement to generate a shared key that is not passed across the network, and employs the Windows Crypto API to protect the hashes.
pwdump4 by bingle pwdump4 is an attempt to improve upon pwdump3. It might work in cases when pwdump3 fails (and vice versa).
pwdump5 by AntonYo! pwdump5 is an application that dumps password hashes from the SAM database even if SYSKEY is enabled on the system. If SYSKEY is enabled, the program retrieves the 128-bit encryption key, which is used to encrypt/decrypt the password hashes.
pwdump6 by
fizzgig pwdump6 is a significantly modified version of pwdump3e. This program is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether SYSKEY is enabled. It is also capable of displaying password histories if they are available. Currently, data transfer between the client and target is NOT encrypted, so use this at your own risk if you feel eavesdropping may be a problem.
pwdump7 (page in Spanish)
by Andres Tarasco Acuna pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped, the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format.
Offline NT Password & Registry Editor by Petter Nordahl-Hagen This is an utility (available in the form of bootable floppy and CD images) to reset the password of any user that has a valid (local) account on your NT system, by modifying the password hash in the registry's SAM file. You do not need to know the old password to set a new one. The editor works offline, that is, you have to shutdown your computer and boot off a floppy disk or a CD. The boot disks use Linux as the OS and include stuff to access NTFS partitions and scripts to glue the whole thing together. This will also work with SYSKEY, including the option to turn it off.
Windows XP Login Recovery This website provides a tool (boot floppy) and a service (online cracking of Windows password hashes) to recover lost Windows XP passwords. It works for administrator accounts, it doesn't change the password just tells you the old one. It works with encrypted files (EFS) and password hashes. It even works if no passwords at all are known for the machine (as long as you have another computer with Internet access to view this website with). It does not work if the password has uncommon symbols in it. | |
| Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux |
1860191 |