Crypto

Cryptography and cryptanalysis

Pwdump

Pwdump or "password dump" is basically what it says it is.
It dumps passwords from a windows host, both lm and ntlm, by use of (or used to use) a dll injection technique in windows.
The data can be written to file and once done, is in l0pht crack compatible format.
See http://www.soldierx.com/tools/L0pht-Crack for further information about l0pht crack and cracking the passwords you just dumped.

L0pht Crack

L0pht Crack was the premier windows password cracking application (back in the day).
Written by a group of hackers called "The L0pht" which was a reference to their apartment/loft they previously rented that was a sort of "safe haven" for hackers and friends a like to come hang out.
L0pht Crack has a multitude of methods for breaking lm and ntlm password hashes to include bruteforce, dictionary attacks, and now rainbow table attacks. Also with the new "L0pht Crack 6" they have now added the ability to break unix/linux password hashes.

Some good/selling points:

THC Hydra

THC is an acronym for "The Hackers Choice"; a group of security experts based out of Germany.
Hydra is their application written for launching brute force password cracking attempts on different protocols.
Commonly used against web and ssh logins, but available for use with other types.
If you run servers and check your /var/log/auth.log text file and see a bunch of wrong connection attempts from the same location to your ssh server, they're probably using this to try and get in.

Currently this tool supports:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,

BarsWF

BarsWF is the worlds fastest md5 bruteforcing password cracker, just in case you didn't already know.
It combines using your computers processor with you graphics cards GPU for computing the largest amount of hashes as quickly as possible. It is not unheard of to get 100's of millions of hashes per second when using this application.

Rcrack

RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.

Some ready to work lanmanager and md5 tables are demonstrated in Rainbow Table section. One interesting table set is the lm configuration #6 tables, with which we can break any windows password up to 14 characters in a few minutes.

My Rating on this: 4/5 (Quite Limited on the MD5 table compared to what you can do with LM and SHA allover power little app)

OTR (Off-The-Record) Messaging

Encryption for Pidgin; this enables secure transmission of encrypted conversation so that you and the person you are speaking with are assured the conversation is not being hijacked by a third party.

TrueCrypt

Free open-source disk encryption software.

Main features:
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed (pre-boot authentication).
- Encryption is automatic, real-time (on-the-fly) and transparent.
- Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
- Encryption can be hardware-accelerated on modern processors.
- Provides plausible deniability, in case an adversary forces you to reveal the password:
- Hidden volume (steganography) and hidden operating system.

Syndicate content