| Openwall Project | /home Owl JtR Pro crypt pam_passwdqc tcb phpass scanlogd popa3d msulogin / Linux BIND / advisories presentations / services donations / wordlists passwords / community lists wiki CVSweb mirrors signatures | |
| bringing security into open environments | ||
|
|
passwords.openwall.net /passwords/
Microsoft Office:
Microsoft Internet Explorer,
Outlook Express, Outlook, Internet Mail,
Corel WordPerfect Office:
Lotus SmartSuite:
Intuit Quicken,
Instant Messengers: PGP secret keys, disks, archives
OS passwords: |
The primary legitimate purpose of Unix password crackers is for a system's administrator to detect and eliminate weak user passwords. This requires access to the password hashes, which modern Unix systems only grant to the administrator (root). Not all Unix passwords may be cracked in a reasonable time (and this is why it makes sense to enforce strong passwords). If you're looking for a way to recover or bypass a lost password, it's usually easiest to just change it or ask your system administrator to do so. If it's the administrator (root) password that is lost, there's almost always a way to bypass and change it with physical access (the exact details are very specific to your Unix flavor and setup). There are several password hash types used by different Unix flavors, with different properties. Some are also re-used on non-Unix. In particular, the MD5-based hashes which originate in FreeBSD are now also used by Cisco IOS for "enable" passwords. It means that these crackers may be used on such passwords as well.
John the Ripper
by Openwall Project John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Besides the crypt(3) password hash types most commonly found on various Unix flavors (several DES-based, MD5-based, and Blowfish-based), supported out of the box are Kerberos AFS and Windows NT/2000/XP LM hashes. John uses efficient special-purpose cryptographic algorithms (such as bitslice DES) and implementations (including in assembly, making use of MMX on x86 and AltiVec on PowerPC processors). Four cracking modes are implemented: "single crack" (derives candidate passwords to try from information in the password files themselves), wordlist with word mangling rules, "incremental mode" (tries all possible character combinations in an optimal order based on statistical information), and external (allows you to program an algorithm in a C-like language). There are contributed patches which add support for OpenVMS passwords (SYSUAF.DAT), Windows NT/2000/XP NTLM (MD4-based) hashes, S/Key skeykeys files, AFS/Kerberos v4 TGT, Kerberos v5 TGT, Netscape LDAP server (SHA, SSHA) passwords, MySQL passwords, Eggdrop IRC bot userfiles, Apache MD5-based "apr1" password hashes, raw MD5 hashes (hex-encoded), and more. An implementation of one of the modern password hashes found in John is also available separately for use in your software or on your servers. There's a proactive password strength checking module for PAM-aware password changing programs, which can be used to prevent your users from choosing passwords that would be easily cracked with programs like John or Crack.
Crack by Alec Muffett Crack is the classical Unix password cracker. The distribution includes Eric Young's fcrypt, - an implementation of the traditional DES-based Unix password hashing (quite efficient, yet typically several times slower than what John the Ripper is able to achieve). When generating candidate passwords to try, Crack will use information from the password files and wordlists with word mangling rules. One feature specific to Crack is its DAWG (Directed Acyclic Word Graphs) wordlist compression, which saves disk space needed to store wordlists. | |
| Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux |
184484 |