Top ten password crackers

Posted by | December 05, 2010 | Password crackers | No Comments

These are the top ten password crackers you might consider using.

Cain and Abel : One of the top password recovery tool for Windows
UNIX users often smugly assert that the best free security tools support their platform first, & Windows ports are often an afterthought. they are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles a giant variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force & Cryptanalysis assaults, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords & analyzing routing protocols. it is also well documented.

John the Ripper : A powerful and flexible, yet a fast multi-platform password hash cracker
John the Ripper is a rapid password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, & OpenVMS. Its primary intention is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most often found on various Unix flavors, as well as Kerberos AFS & Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. You will wanna start with some wordlists, which you can find here, here, or here.

THC Hydra : A speedy network authentication cracker which supports plenty of different services
When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform speedy dictionary assaults against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC.

Aircrack : The quickest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once encrypted packets have been gathered. It can also assault WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).

L0phtcrack : Windows password auditing & recovery application
L0phtCrack attempts to crack Windows passwords from hashes which it can receive (given proper access) from stand-alone Windows workstations, networked servers, primary domain controllers, or Active listing. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). LC5 was discontinued by Symantec in 2006, then re-acquired by the original L0pht guys & reborn as LC6 in 2009. free options, consider Ophcrack, Cain & Abel, or John the Ripper.

Airsnort : 802.11 WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) instrument that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when packets have been gathered. You may even be interested in the similar Aircrack.

SolarWinds : A plethora of network discovery/monitoring/attack tools
SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include plenty of network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the quickest and simplest router config download/upload applications obtainable and more.

Pwdump : A window password recovery tool
Pwdump can extract NTLM & LanMan hashes from a Windows target, irrespective of whether Syskey is enabled. it is also able to displaying password histories if they are obtainable. It outputs the information in L0phtcrack-compatible form, & can write to an output file.

RainbowCrack : An Innovative Password Hash Cracker
The RainbowCrack gizmo is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all feasible plaintexts one after the other, which can be time consuming for complex passwords. RainbowCrack makes use of a time-memory trade-off to do all the cracking-time computation in advance & store the leads to so-called “rainbow tables”. It does take a very long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is completed.

Brutus : A network brute-force authentication cracker
This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a glance at THC Hydra.

About Network Security

At we believe each of us plays an important role in network security, and data protection. The articles on this site were written to keep each of us informed on the ever changing security scene so that we might stay one step ahead of those who would compromise our systems. If you have an article that you feel our visitors would benefit from please submit it via the contact form, or via email and we will publish it in the next available slot.