What Is This Resource?
Password cracking or ‘password hacking’ as is it more commonly referred to is a cornerstone of Cybersecurity and security in general.
Password hacking software has evolved tremendously over the last few years but essentially it comes down to several thing: firstly, what systems are in place to prevent certain popular types of password cracking techniques (for example ‘captcha forms’ for brute force attacks), and secondly, what is the computing processing power of the hacker? Typically password hacking involves a hacker brute forcing their way into a website admin panel (or login page for example) and bombarding the server with millions of variations to enter the system. That requires CPU. The faster the machine the faster the cracking process will be. Yes, a ‘clued-up’ Cybersecurity Professional will be able to prevent brute forcing but you’ll be amazed at the amount of vulnerable websites that can be forced into with the password hacking software that we’ve listed below.
To submit a tool please click here or for further information on the range of hacking tools and software that we list please follow this link.
Last Updated: September 23rd, 2017
Aircrack Resources: Books, Courses & Software
What is Aircrack-ng?
Aircrack-ng is a network hacking tool that consists of a packet sniffer, detector, WPA/WPA2-PSK cracker, WEP and an analysis tool for for 802.11 wireless LANs. This tool works with wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. A new attack called “PTW” made by a team at Darmstadt University of Technology which decreases the number of initialization vectors (IVs) needed to decrypt a WEP key has been included in the aircracl-ng suite since the 0.9 release.
Is Aircrack-ng Free?
This tool is free and you can find many tutorials about it on the internet like on how to install aircrack-ng (https://www.aircrack-ng.org/install.html).
Does Aircrack-ng Work on all Operating Systems?
This tool can run on various platforms like FreeBSD, OSX, Wubdows, OpenBSD and Linux. The Linux version of this tool is packaged for OpenWrt and been ported to Maemo, Zaurus and Android platforms; and a proof of concept port has been made to iPhones.
What are the Typical Uses for Aircrack-ng?
This tool focuses on areas of Wifi Security which includes monitoring which captures packets and export the data to text files for processing by 3rd party tools. Replaying attacks, fake access points, deauthentication by using packet injection. Tesing of wifi cards and driver capabilities via capture and injection and cracking of WPA and WPA PSK (WPA 1 and WPA 2).
Crowbar Resources: Books, Courses & Software
What is Crowbar?
Crowbar is one of brute force attacking tool that provides you an opportunity to be in control what is submitted to a web server. It doesn’t try to identify a positive response like hitting a correct username or password combination but it rather tells you to give a “baseline” – the content of response and content of the baseline are then compared.
Is Crowbar Free?
Yes, Crowbar is currently free.
Does Crowbar Work on all Operating Systems?
Crowbar works with Linux operating systems.
What are the Typical Uses for Crowbar?
This brute forcing tool is commonly used during pentration tests and is developed to support protocols that are currently not supported by other brute forcing tools. Currently, this tool supports remote Desktop Protocol with NLA support, VNC key authentication, open VPN and SSH private key authenticaion.
John the Ripper Resources: Books, Courses & Software
What is John The Ripper?
John The Ripper is perhaps the best known password cracking (hacking) tools out there, and that’s why it will always be in our ‘concise top ten hacking tools’ category. Aside from having the best possible name, we love John, as it is affectionately known, because simply said, it works and is highly effective. John The Ripper is, like Metasploit, also part of the Rapid7 family of pentesting/ hacking tools.
How do Password Crackers Work?
In cryptanalysis, (which is the study of cryptographic systems in order to attempt to understand how it operates, and, as hackers, we’ll try to see if there are any vulnerabilities that will allow them to be broken, with or without the hash/ password key). Password cracking is the process of recovering or hacking passwords from data that have been stored in or has been transmitted by a computer system or within a network. One of the most common types of password hacking is known as a ‘brute-force attack.’ which, simply said, is the process in which a computer system guesses for the correct by cross-checking against an available cryptographic hash of the password. If the brute force attack is against clear-text words then the process derives from a ‘dictionary attack’. If the password is guessed using password hashes (which is faster), then the used process would be a ‘rainbow’ table.
If you work in Cyber Security, or are looking to get started in the profession, then it is ‘a must’ that you learn certain aspects of cryptography. We’d therefore strongly suggest that you learn, and try to crack, offline passwords using John The Ripper.
How does John The Ripper compare to THC Hydra?
THC Hydra, or simply ‘Hydra’, is another very popular password hacking tool that is often referred to in the same context as John The Ripper. The easiest way to describe the difference between John The Ripper (JTR) and THC Hydra is that JTR is an offline password cracker whilst Hydra is an online password cracker.
Is John The Ripper Free?
Both. There is a very popular free version of John The Ripper, and also a ‘pro’ version. John the Ripper commerical version is used by penetration testers that are interested in password cracking specific operating systems. The commercial version optimized for performance and speed. For the average user John The Ripper ‘open-source’ will work great, for the real hard-core user we’d certainly recommend the Pro Version, available from Rapid7.
Does John The Ripper Work on all Operating Systems?
John The Ripper was originally developed for Unix operating systems but now runs on various platforms 11 of which are architecture-specific versions of DOS, Unix, BeOS, Win32 and OpenVMS.
What are Typical Uses for John The Ripper?
John the Ripper is a fast password cracker. Period. In fact, you can consider John The Ripper as ‘the definitive’ password hacking tool!
L0phtCrack Resources: Books, Courses & Software
What is L0phtCrack?
L0phtCrack is a recovery and password auditing tool originally created by Mudge. It tries to crack Windows passwords from obtained hashes from stand-alone Windows workstation, primary domain controllers, networked servers or Active Directory. It can sometimes sniff hashes off the wire. This tool also have several methods of generating password guesses.
Is L0phtCrack Free?
No, 3 versions of L0phtCrack: Professional, Administrator and Consultant are available for purchase.
Does L0phtCrack Work on all Operating Systems?
No, It only works for Microsoft Windows.
What are the Typical Uses for L0phtCrack?
L0phtCrack is used to recover lost Microsoft Windows passwords or to test someome’s password strength. It uses brute force, rainbow tables, hybrid and dictionary attacks. Even if this one of the tools of choice, crackers’ use old versions because of its high availability and low price.
Medusa Resources: Books, Courses & Software
What is Medusa?
Medusa is created to be a massively parallel, modular, speedy and login brute forcer. The aim is to support a lot of services that will allow remote authentication. Key features of this tool includes thread-based parallel testing – Brute force testing can be performed against multiple hosts, passwords or users. Flexible user input – Target information can be specified in different ways. One example is that for each item, it can be either a single entry or file containing multiple entries and Modular design – Every independent mod file exists in each service mod file. This means that no modifications are needed to the core application in order to extend the list of supported services for brute-forcing.
Is Medusa Free?
Yes, Medusa is free to use.
Does Medusa Work on all Operating Systems?
Medusa works on Linux and MAC OS X operating systems.
What are the Typical Uses for Medusa?
Just like THC Hydra, this tool focuses on cracking passwords by brute forcce attack. This tool can perform rapid attacks against large number of protocols that includes telnet, http, https, databases and smb.
ophcrack Resources: Books, Courses & Software
What is ophcrack?
Ophcrack is a rainbow-table based password cracker. This tool can import hashes from different formats included dumping directly from the SAM files of Windows. Some Rainbow tables are free to download but if you want larger ones, you can buy it from Objectif Sécurité.
Is ophcrack Free?
Does ophcrack Work on all Operating Systems?
This tool works on Linux, Microsoft Windows and MAC OS X.
What are the Typical Uses for ophcrack?
Primary use of this tool is for password discovery. It can fork out simple passwords within minutes. Buying additional rainbow tables will enable you to crack complex passwords.
RainbowCrack Resources: Books, Courses & Software
What is RainbowCrack?
RainbowCrack is a hash cracker tool that makes use of a large-scale time memory trade off. A common brute force cracker tries every possible plaintext one by one which is time consuming for complex passwords but this tool uses a time memory trade off to do an advance cracking time computation and store results in “rainbow tables”. Password crackers take a long time to precompute tables but this tool is hundred of times faster than a brute force once it finishes the precomputation.
Is RainbowCrack Free?
Yes. RainbowCrack is free to use.
Does RainbowCrack Work on all Operating Systems?
It works on Linux, Microsoft Windows and MAC OS X (You should have mono or CrossOver for this one).
What are the Typical Uses for RainbowCrack?
The use of this tool is to crack hashes with rainbow tables that makes password cracking easier.
SolarWinds Resources: Books, Courses & Software
What is SolarWinds?
SolarWinds Firewall Security Manager (FSM) is a great solution for organizations and companies who need reporting and expert management on their most critical security devices. Set-up and configuration of this product is pretty straightforward and multi clients can be deployed to allow multiple administrators to access the system.
Is SolarWinds Free?
No. SolarWinds is a paid product offered by an excellent and well-respected company.
Does SolarWinds Work on all Operating Systems?
SolarWinds works on Windows operating systems.
What are the Typical Uses for SolarWinds?
Uses of this tool includes network discovery scanners, router password decryption, SNMP brute force cracker and TCP connection reset program.
THC Hydra Resources: Books, Courses & Software
What is THC Hydra?
THC Hydra is a password cracking tool that can perform very fast dictionary attacks against more than fifty protocols. It is a fast and stable Network Login Hacking Tool which uses dictionary or brute-force attacks to try various password and login combinations against a login page.
Is THC Hydra free?
Yes! THC Hydra is free. This tool is a proof of concept code giving researchers and security consultants the possibility to know how easy it would be to gain unauthorized access from remote to a system.
Does THC Hydra Work on all Operating Systems?
Hydra was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.
What are the Typical uses for THC Hydra?
Hydra is used as a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add. This tool shows how easy it would be to gain unauthorized access to a system remotely.
Wfuzz Resources: Books, Courses & Software
What is Wfuzz?
Wfuzz is a hacking tool use created to brute force Web Applications. Some of the features of this tool includes multiple Injection points capability with multiple dictionaries, output to HTML, recursion (When doing directory bruteforce), colored output, post, headers and authentication data brute forcing, cookies fuzzing, time delays between requests, SOCK support, authentication support (NTLM, Basic), proxy support, payload combinations with iterators, HEAD scan (faster for resource discovery), brute force HTTP methods, multiple proxy support (each request through a different proxy) and hide results by return code, word numbers, line numbers, regex.
and a whole lot more…
Is Wfuzz Free?
Yes! Wfuzz is free.
Does Wfuzz Work on all Operating Systems?
It works on Linux, Windows and MAC OS X operating systems.
What are the Typical Uses for Wfuzz?
This tool is use to brute force Web Applications and can be used to find resources not linked (servlets, directories, scripts, etc.), POST parameters for various injections like SQL, LDAP, XSS, form parameters bruteforcing (username/password), fuzzing and a lot more.
[continued from top of page]