User Tools

Site Tools


wiki:password

Password Cracking

Sometimes we come accross files that are password protected. More often than not, we are the legit owner of the file and we need access to it. Maybe we forgot the password, maybe you work as system administrator and your coworker needs access and forgot the password. This section not only describes how we can crack passwords but also what a good password can mean, and the proper type of format to use to secure your own stuff better.

WARNING: Brute-force password cracking is all about the efficiency of the tool you are using, benchmark carefully the tools you want to try before you get serious!

Recovering locally stored passwords

NirSoft.net Nir Sofer basically has a monopoly on tools to recovery locally stored passwords of about all application that you can think of, most notably, web browsers such as Internet Explorer, Chrome and Firefox but also e-mail clients such as Outlook. His tools can also be used from the commandline, it's highly recommended to get these tools! Whenever I re-install a computer for friends or family I always dump their stored passwords for them because many people don't remember their passwords after a while.

Compressed files (zip/rar/7z)

7-Zip-JBinding by boris_brodski able to brute force using 7-zip 9.20 these formats: 7z Zip RAR TAR Split LZMA ISO HFS GZip CPIO BZIP2 Z ARJ CHM LHZ CAB NSIS DEB RPM WIM UDF

Cracx by tillriemer also a wrapper for brute forcing, depends on 7-zip or WinRAR to be installed, capable of brute forcing many formats that the archivers themselves support.

NOTE: These 2 are wrappers for archivers and thereby very slow on bruteforcing. There are better but non-freeware alternatives.

Hashes

mdcrackGUI by j2be featureful password cracker designed to bruteforce 21 algorithms: MD2, MD4, MD5, HMAC-MD4, HMAC-MD5, FreeBSD, Apache, NTLMv1, IOS and PIX (both enable and user) hashes

Cryptohaze by bitferret A CUDA & OpenCL accelerated rainbow table implementation from the ground up, and a CUDA hash brute forcing tool with support for many hash types including MD5, SHA1, LM, NTLM, and lots more!

Hashcat Advanced password recovery, basically can crack anything: 200+ Hash-types implemented with performance in mind and GPU acceleration, highly recommended!

Microsoft Office

Microsoft Office 2013 DocRecrypt Tool This tool allows admins to unprotect or change the password on password protected OOXML Word, Excel and PowerPoint files. For Office 2007 to 2013 and probably 2016 as well.

wiki/password.txt ยท Last modified: 2017/11/24 15:24 by stephan

Page Tools