Best Password Cracking tools
1. Brutus
One of the widely used remote online tools used for password-cracking is Brutus. Brutus claims to be the fastest-paced and flexible password cracking tool. It is available free of cost and can only be operated in Windows. It was released in October 2000.
HTTP for Basic Authentication, Pop3, Telnet, HTTP (HTML Form/CGI), FTP, SMB, and other types such as NetBus, IMAP, NNTP, etc. are supported in this. One can also create his own types of authentication. This tool supports multi-stage authentication engines and is also capable of connecting with 60 simultaneous targets. Resume and Load are two of their good features. Using these features, one can halt the attack process any time and then resume whenever one would want to resume.
This tool hasn’t been updated for years now. However, it can still be used in the current times.
2. RainbowCrack
It falls in the hash cracker tool category that utilizes a large-scale time-memory trade-off process for faster password cracking compared to traditional brute force tools. Time & memory trade-off is a process of computation where all plain text and hash pairs get calculated by using a chosen hash algorithm. The results are then stored in the rainbow table. This process can be very time-consuming. But, once the table is ready, it is capable of cracking passwords much faster than tools using brute force.
One doesn’t necessarily need to make tablets (rainbow) by themselves. RainbowCrack’s makers have been successful in generating rainbow tables (LM), MD5 rainbow table, rainbow table (NTLM), and sha1 rainbow table.
The tables are free, therefore, anyone can get these tables and utilize them for their cracking of password processes.
This tool is for Linux and Windows systems also.
3. Wfuzz
Wfuzz is a web application for password cracking that cracks passwords using brute-forcing. It can be used to find hidden resources too like servlets, directories and scripts. This tool is also capable of identifying different kinds of injections with, XSS Injection, LDAP Injection, SQL Injection, etc. in applications of Web.
Prominent features of Wfuzz tool:
The capability of injecting via multiple dictionaries with multiple points.
Output with coloured HTML.
Headers, post and authenticated data brute-forcing.
SOCK and Proxy Support.
Multiple Proxy Support.
Multi-Threading.
Brute Force HTTP Password.
GET and POST Brute force.
The time delay between two requests.
Fuzzing of cookies.
4. Cain & Abel
Cain and Abel is a popular password cracking tool. It can handle varying tasks. The most noticeable thing is the tool’s availability only in Windows platforms. It can function as a sniffer on the network, for cracking encrypted passwords by the dictionary attack, uncovering cached passwords, decoding scrambled passwords, brute attacks, recording VoIP conversations, password boxes revelation, cryptanalysis attacks, and analysing protocols of routing.
Abel & Cain don’t exploit any bugs or vulnerabilities. It covers only the security weakness of a protocol to grab the password. This tool was mainly developed for network administrators, forensics staff, security professionals, and testers of penetration.
5. John the Ripper
John the Ripper is yet another popular free open source tool for password cracking in Linux, Mac OS X and Unix. A version for Windows is also available. This tool detects weak passwords. The pro-version of this tool is also available, which offers greater features with native packages for the test of target operating systems.
6. THC Hydra
THC Hydra can be said to be the fast paced network logon tool for password cracking. In comparison to other similar tools, it is clearly shown why it is faster. New modules can be easy to install in the tool. One can easily enhance the features by adding modules. It is available only for Windows, Free BSD, Linux, Solaris and OS X. The tool supports a large variety for network protocols. Currently supporting HTTP-FORM-POST, HTTP-PROXY, HTTP-GET, HTTPS-FORM-POST, HTTP-HEAD, HTTPS-FORM-GET, HTTP-FORM-GET, Ms(sql), Nntp, My(SQL), Ncp, PCNFS, Oracle’s Listener, Oracle, HTTPS-HEAD, pc-anywhere, Oracle’s SID, Pop3, Postgres, R.D.P, Rlogin, Rsh, rexec, SAP’s R3, Asterisk, Afp, Cisco’s AAA, Cisco auth, Cisco enable, Cvs, Firebird, FTP, HTTPS-GET, Telnet, Icq, IRC, HTTP-Proxy, SSH v1 & v2, Teamspeak (TS2), VMware-Auth, Subversion , XMPP & VNC, Imap, SIP, LDAP, SMB, SMTP Enum, SMTP, SOCKS5 and SNMP (Here's the perfect guide that will walk you through the cyber security certification).
If one is a developer, then he can also contribute to the development of the tool.
7. Medusa
Medusa is another tool for password cracking like THC Hydra. It is known to be a speedy parallel, login brute forcing tool and modular. When cracking the password; host, password and username can be a flexible input while the performance of the attack.
Medusa is popular for being the command line tool, so one need to understand commands before utilizing the tool. Tool’s efficiency depends on network’s connectivity. It can test 2000 passwords per minute on a local system. In this tool the attacker can also carry out parallel attacks at one time. It allows one to crack passwords of multiple email accounts simultaneously. He can specify the username list along with the password list.
8. OphCrack
OphCrack is available for free which is a rainbow-table based tool for password cracking on Windows. It is a popular Windows password cracking tool which can also be used on Linux or Mac. It can crack LM and NTLM hashes. For cracking Windows 7, Vista or Windows XP, free rainbow-tables are made available.
A live CD of OphCrack is made available for the simplification of the cracking. One can utilize the Live CD of OphCrack to crack the Windows-based passwords. This tool is made available for free.
9. L0phtCrack
L0phtCrack serves as substitute to OphCrack. It makes various attempts on cracking Windows passwords from hashes. For cracking these passwords, it utilizes the primary controllers of domain, workstations (windows), network server, also Active Directory. It also makes use of dictionary attack and brute force attacking in guessing and generating of passwords. It became an acquisition to Symantec and discontinued in the year 2006. Later developers of L0pht again re-acquired it and launched their L0phtCrack in the year 2009.
It is available with an audit feature of schedule routine. One can set daily, weekly or monthly audit, it will still start scanning on the scheduled time.
10. Aircrack-NG
Aircrack-NG is a tool for cracking of WiFi passwords that can crack WPA or WEP passwords. It analyses wireless encrypted packets also then tries to crack the passwords with cracking its algorithm. The FMS attack is utilized with other useful attacking methods for cracking of passwords. It is available on Linux and Windows systems. CD of Aircrack is also made available live.
Things to Be Considered While Creating a Password
Uniqueness
Words
Symbols
Numbers
Upper & Lower case
Username not be used as a password.
Make it difficult to crack.
Do not use known things to people about yourself like birthdate.
Dictionary words are not to be used.
Do not use keystrokes adjacent to each other like “1234”, etc.
Avoid the exact same password everywhere.
Do not store the passwords as a list on the system.
There are online third-party services that help users to safeguard sensitive passwords, along with LastPass, DashLane, and 1Password that store passwords at the cloud and secure them all using a master password.
Conclusion
As weak as passwords are generally, they're not going to fade away anytime soon in future. Every coming year we have rising number of passwords to deal with, and every coming year they are getting easier to break. Therefore the strategies mentioned above will make one’s password difficult to crack if frequent change is implemented along. The effectiveness of password cracking depends largely on two independent things which are power and efficiency. Power is simply computing power. Computers have become faster and are capable to test multiple passwords per second which can be eight million every second. Such crackers run for days, rather months Efficiency deals with the capability to guess passwords cleverly. It makes no sense to go through every eight-letters of combination right from "aaaaaaaa" to "zzzzzzzz" in such an order. That will be 200 billion possible passwords, many of them are unlikely. Password crackers then try the most common passwords first.
Password cracking tools are however used with various motives, sometimes negative other times, positive. Being aware of such software enlightens the people especially in the information technology and security domain. In the study of information security, such applications are taught with more detail. There are certain applications available to reduce the chances of cyber security attacks through the above mentioned tools and techniques. Whether it is a password for bank account, broking account, social media account or a document password it is ought to be made unbreakable to ensure its utmost security and avoiding unauthorized access. But having mentioned this, the easiest way to guess a password isn't to guess it at all, but to exploit the inherent insecurity in the underlying operating system.
Commenti