Latest Post
Showing posts with label Password Recovery. Show all posts
Showing posts with label Password Recovery. Show all posts
07:06

hashkill-0.3.1 released!

Written By Unknown on Thursday, 13 December 2012 | 07:06

Hashkill is an open-source password recovery tool. Its features are:

  • Multi-threaded so that it can benefit from multi-core/multi-CPU systems
  • SSE2/AVX/XOP/AES-NI-accelerated algorithms to achieve high speeds on modern x86 CPUs
  • Very powerful rule engine plus optimized bruteforce/markov codepaths for fast algos.
  • 50 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to WPA, passworded RAR files, MS Office documents and LUKS encrypted partitions)
  • Supports session save/restore. Sessions are auto-saved each 3 seconds. Password cracking can resume after the last checkpoint in case the program is stopped/killed/system crashes/power down/etc.
  • Multi-hash support
  • Very fast GPU support on both Nvidia and AMD. GCN and Kepler architecture supported.
  • Multi-GPU support (even AMD+NVidia systems).
  • Session save/restore, markov/rule/bruteforce also on GPUs
Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid) and has 31 plugins for different types of hashes (md5, sha1, phpbb3, mysql, md5 (unix), des(unix), sha(unix), vbulletin, smf, etc). It is multithreaded and supports session save/restore.

Current version is 0.3.1. You may download it here.
hashkill-0.3.1 released!on 11 Dec 2012 ,Here is the list of new features:

  • 9 new plugins: bfunix, drupal7, django256, sha256unix, mssql-2012, o5logon, msoffice-old, msoffice, luks. Of them msoffice-old is currently supported on CPU only, the rest are GPU-accelerated
  • Improved build scripts
  • Added a "fastdict" rule clause which enables very fast GPU-offloaded combinator attacks. The limitation is that wordlist candidates of len<=16 can be used.
  • Improved bitmaps handling in non-salted kernels. Now  huge hashlists would be cracked at faster speeds
  • Rules that start with "must add str .." are no more a badass bottleneck for the GPU-offloaded rule attacks
  • Hash type auto-detection. Yes it works (although not 100% correct - in case there are several plugins that can crack that plugin, you will be presented a list of possible options)
  • Added average speed indicator together with the current speed one.
  • New hotkeys while cracking: 't' would display GPU temps, 's' would display short stats
  • Thermal monitoring can now be disabled using -T 0 command-line argument
Bugfixes:
  • A new test framework was introduced. This in turn helped me to fix a LOT of bugs in the plugins. This is probably the first (well sort of) _STABLE_ hashkill version.
  • Stack overflow issues were fixed in several plugins' CPU code
  • Issues with progress indicator inaccuracy were fixed.
  • Critical issue with thermal monitoring which lead to program crashes was solved
  • Large file support for x86
  • Thread-safety issues in rule engine were fixed that could lead to spontaneous errors
  • Race condition that could lead to a deadlock was fixed
  • Several CPU plugins had bugs that allowed false negatives. Fixed.
Screenshot -

Source-

Labels: ,
06:35

Hash Code Cracker v1.2.1- Peneteration Testing Tool

Written By Unknown on Tuesday, 23 October 2012 | 06:35

This password cracker was written in Java and is intended for Pen Testers and Security Professionals. Please Use this software for legal purposes(Testing the Password Strength).


Features
This software will crack the MD5, SHA,NTLM(Windows Password),CISCO 7 hash codes.
No need to install.
Supports All platforms.

Download -
HashCodeCracker v121.jar - updated version
HashCodeCracker.zip  - older version

V1.2.1 Changelog

Online cracking support for SHA-256,SHA-384,SHA-512,CISCO7

"Cancel " button

GUI changed

Minimum Requirements

Operating system: Any OS.

Java Runtime Environment: JRE 1.6 should be installed.(you can get it from oracle.com)
How to run the software?

Download the "Hash Code Cracker v121.jar" file.

Method 1: Double click the jar file, it will automatically run with JRE.

Method 2: Open the Terminal and navigate to the jar file path.

Type this command "java -jar HashCodeCracker v121.jar".

Source -
http://code.google.com/p/password-cracker/

Screenshot -

Labels: , , ,
22:59

Hashcat v0.41 released

Written By Unknown on Monday, 24 September 2012 | 22:59

Hashcat Released new version on 24Sept2012.

Features

  • Multi-Threaded
  • Free
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux, Windows and OSX native binaries)
  • Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
  • SSE2 accelerated
  • All Attack-Modes except Brute-Force and Permutation can be extended by rules
  • Very fast Rule-engine
  • Rules compatible with JTR and PasswordsPro
  • Possible to resume or limit session
  • Automatically recognizes recovered hashes from outfile at startup
  • Can automatically generate random rules
  • Load saltlist from external file and then use them in a Brute-Force Attack variant
  • Able to work in an distributed environment
  • Specify multiple wordlists or multiple directories of wordlists
  • Number of threads can be configured
  • Threads run on lowest priority
  • 30+ Algorithms implemented with performance in mind
  • ... and much more

Download latest version (older versions)

NameVersionmd5sumDate
hashcatv0.415934c2782284a2f0c2e03a8734263cb92012.09.24

Hashcat Screenshot


























Attack-Modes

  • Straight *
  • Combination *
  • Toggle-Case
  • Brute-Force
  • Permutation
  • Table-Lookup
* accept Rules
Algorithms
  • MD5
  • md5($pass.$salt)
  • md5($salt.$pass)
  • HMAC-MD5 (key = $pass)
  • HMAC-MD5 (key = $salt)
  • SHA1
  • sha1($pass.$salt)
  • sha1($salt.$pass)
  • HMAC-SHA1 (key = $pass)
  • HMAC-SHA1 (key = $salt)
  • MySQL
  • MySQL4.1/MySQL5
  • phpass, MD5(Wordpress), MD5(phpBB3)
  • md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
  • SHA-1(Django)
  • MD4
  • NTLM
  • Domain Cached Credentials, mscash
  • SHA256
  • sha256($pass.$salt)
  • sha256($salt.$pass)
  • HMAC-SHA256 (key = $pass)
  • HMAC-SHA256 (key = $salt)
  • md5apr1, MD5(APR), Apache MD5
  • SHA512
  • sha512($pass.$salt)
  • sha512($salt.$pass)
  • HMAC-SHA512 (key = $pass)
  • HMAC-SHA512 (key = $salt)
  • SHA-512(Unix)
  • Double MD5
  • MD5(Sun)
  • md5(md5(md5($pass)))
  • md5(md5($salt).$pass)
  • md5($salt.md5($pass))
  • md5($salt.$pass.$salt)
  • md5(md5($pass).md5($salt))
  • md5($salt.md5($salt.$pass))
  • md5($salt.md5($pass.$salt))
  • md5($username.0.$pass)
  • md5(strtoupper(md5($pass)))
  • md5(sha1($pass))
  • sha1(sha1($pass))
  • sha1(sha1(sha1($pass)))
  • sha1(md5($pass))
  • MD5(Chap)
  • nsldap, SHA-1(Base64), Netscape LDAP SHA
  • nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
  • SMF > v1.1
  • OS X v10.4, v10.5, v10.6
  • MSSQL
  • OS X v10.7
  • MSSQL 2012
  • vBulletin < v3.8.5
  • vBulletin > v3.8.5
  • IPB2+, MyBB1.2+
Tested OS
  • All Linux, Windows and OSX versions should work on both 32 and 64 bit

Source -

Download older versions

This is a list of older hashcat versions, it's not always bad to grab the latest version.
NameVersionmd5sumDate
hashcatv0.40357205982dbd41dc093c1e497fe3df8e2012.08.05
User Manual *outdated*v1.2a2b1080a9b78c844dd9554991fb173bd2011.08.09

Previous post regarding Hashcat -
http://santoshdudhade.blogspot.in/2012/05/oclhashcat-lite-worlds-fastest-ntlm-md5.html
Labels: , , ,
01:54

Johnny - GUI for John the Ripper v1.1.1

Written By Unknown on Friday, 17 August 2012 | 01:54

Johnny is a GUI for John the Ripper. It was proposed by Shinnok. You could look onto original version onJohn the Ripper GUI sketches page.

Release 1.1

After small fixes release version is 1.1.2.
This Johnny release is oriented onto core john. It was tested with john 1.7.9. Though all versions should work, even jumbo. All basic things work well:
  1. export of cracked passwords through clipboard,
  2. export works with office suits (tested with LibreOffice Calc),
  3. user could start, pause and resume attack (though only one session is allowed globally),
  4. all attack related options work,
  5. all input file formats are supported (pure hashes, pwdump, passwd, mixed),
  6. “smart” default options,
  7. accurate output of cracked passwords,
  8. smooth work, i.e. no lags,
  9. config is stored in .conf file (~/.john/johnny.conf),
  10. nice error messages and other user friendly things,
  11. many minor fixes to polish ui.
You could download and unpack tarball or use git:
  git clone https://github.com/AlekseyCherepanov/johnny.git -b release1.1
Then build and run (no installation required):
  cd johnny
  qmake
  make && ./johnny
Binaries will come soon…

Release 1

The first release is prepared to take more opinions from real users. This release includes all things from development release plus nice tabbed panel for mode selection and some additional clean-ups. Basic functionality is supposed to work: password could be loaded from file and cracked with different options.
What do you think? Your opinion is very welcome!
You could download and unpack tarball or use git:
  git clone https://github.com/AlekseyCherepanov/johnny.git -b release1
Then build and run (no installation required):
  cd johnny
  qmake
  make && ./johnny
You could affect decisions about GSoC 2012. Please tell us your suggestions!

Development release

To review current state and make new decisions for GSoC 2012 here is cleaned up version (that has all not implemented features not available).
  1. Download tarball and unpack it,
    • Or clone using git,
  2. Enter directory,
  3. Build and run,
  4. Review and post your suggestions on john-dev list (subsribe here).
    • You are welcome!
For instance,
git clone https://github.com/AlekseyCherepanov/johnny.git -b gsoc2012review
cd johnny
qmake && make && ./johnny
...

Current state

Johnny is in development. Development was started as part of Summer of Security 2011 by Aleksey Cherepanov while Shinnok became a mentor for Aleksey.

Downloads

Source code is available through git:
git clone git://github.com/AlekseyCherepanov/johnny.git
Links to other downloads are spread over this page.

For more information -
http://openwall.info/wiki/john/johnny
Screenshot -

Labels: ,
23:06

thad0ctor's Backtrack 5 toolkit

Written By Unknown on Friday, 20 July 2012 | 23:06

Thad0ctor's BT5 Toolkit is designed to stream line many BT5 processes

Originally designed and focuesed as a word list creation tool, Thad0ctor's BT5 Toolkit has become an all purpose script to simplify many Backtrack 5 functions to help Pentesters strengthen their systems.

The backbone of Thad0ctor's BT5 Toolkit is the Wordlist Toolkit that contains a plethora of tools to create, modify, and manipulate word lists in order for end users to strengthen their systems by testing their passwords against a variety of tools designed to expose their pass phrases.

Download thad0ctor_s Word List Toolkit v1.2.zip (97.2 kB)
Download other versions -
http://sourceforge.net/projects/thad0ctorstools/files/word_list_toolkit/
Readme -
http://sourceforge.net/projects/thad0ctorstools/files/word_list_toolkit/word%20list%20toolkit%20v1.2/

Requirements -
-This scripts requires Backtrack 5 Linux based on Ubuntu, although
it has not been tested on other DISTROS it could work with the proper configuration.
-In order to run this script you will need the following programs:
-Zenity (optional for the GTK version)
-Policygen
-Crunch
-Find
-Cat
-Sed
-Grep
-Pyrit (for the benchmarks)
-Aircack-NG (for the benchmarks)
-PDFtoText

-System wise recommend a minimum of a dual core setup with
2 GB of RAM in addition to at least 50 GB of HDD space if you plan on making some word lists.

visit website -
http://sourceforge.net/projects/thad0ctorstools/
Screenshot -










Labels: , , ,
04:23

Quarks PwDump v0.2b! released

Written By Unknown on Wednesday, 18 July 2012 | 04:23


Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems.
It currently extracts :
  • Local accounts NT/LM hashes + history
  • Domain accounts NT/LM hashes + history
  • Cached domain password
  • Bitlocker recovery information (recovery passwords & key packages)
Supported OS : XP/2003/Vista/7/2008/8
Bitlocker and domain accounts information are extracted offline from NTDS.dit. It's not currently full offline mode cause the tool is dynamically linked with ESENT.dll which differs between Windows version (see README.txt for details).
Local account and cached information are extracted live from SAM and SECURITY hive in a proper way and without code injection or service installation.
In all cases, the tool must be executed on the targeted machine with administrator privileges.
The project is still in beta test and we would really appreciate to have feedbacks or suggestions/comments about potential bugs.

Quarks PwDumpv0.2b change log -
> Short command flags are available, checkREADME.txt
> NTDS.dit file could be specified at any position but -nt flag must be used now
> README updated for ntds.dit backup on Win 2003 operating systems
Labels: , ,
 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger