Probably our most popular resource here at Concise Courses: Password Cracking Software seems to be in hot demand. We’ve updated our list for 2020.
Posted by Henry Dalziel | December 8, 2019 | Questions / Comments 106
- C|EH, Security+, MSc Marketing Management;
- Based in Hong Kong for the last five years;
- Cybersecurity Pro & Growth Hacker
Password cracking or ‘password hacking’ as is it more commonly referred to is a cornerstone of Cybersecurity and security in general.
Wanting to crack passwords and the security therein is likely the oldest and most in-demand skills that any InfoSec professional needs to understand and deploy.
Password hacking software has evolved tremendously over the last few years but essentially it comes down to several things: firstly, what systems are in place to prevent certain popular types of password cracking techniques (for example ‘captcha forms’ for brute force attacks), and secondly, what is the computing processing power of the hacker?
Typically password hacking involves a hacker brute-forcing their way into a website admin panel (or login page for example) and bombarding the server with millions of variations to enter the system. That requires CPU. The faster the machine the faster the cracking process will be. Yes, a ‘clued-up’ Cybersecurity Professional will be able to prevent brute-forcing but you’ll be amazed at the number of vulnerable websites that can be forced into with the password hacking software that we’ve listed below.
We are all lazy. Period.
I am, you are, and you’ll find ways to make your life more efficient and easier and why shouldn’t you!
Unfortunately, convenience is something that does not play nice with Cybersecurity and especially with regards to password security. The more complex your password the more it will be difficult for a hacker to force their way into your account(s). There are a bunch of password security measures we can all take which will greatly help your security online and many of these we already know extremely well yes few of us really adopt them. For example, do not use the same password – because should a breach happen on one system you’re entire (or potentially a large chunk) of your online presence may also be compromised.
Join Our Mailing List & Get Tool Updates / Tutorial Info
Please Share This Resource! [HINT: We'll LOVE YOU for it!]
By far one of the more popular Wireless Hacking Tools in our list and one in which there are a million YouTube tutorials! This tools ships with Kali Linux. Aircrack-ng is a network hacking tool that consists of a packet sniffer, detector, WPA/WPA2-PSK cracker, WEP and an analysis tool for 802.11 wireless LANs. This tool works with a wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b, and 802.11g traffic. A new attack called “PTW” made by a team at Darmstadt University of Technology which decreases the number of initialization vectors (IVs) needed to decrypt a WEP key has been included in the aircrack-ng suite since the 0.9 release.Is Aircrack-ng Free? This tool is free and you can find many tutorials about it on the internet like on how to install aircrack-ng (https://www.aircrack-ng.org/install.html). Does Aircrack-ng Work on all Operating Systems? This tool can run on various platforms like FreeBSD, OSX, Windows, OpenBSD, and Linux. The Linux version of this tool is packaged for OpenWrt and been ported to Maemo, Zaurus and Android platforms; and a proof of concept port has been made to iPhones. What are the Typical Uses for Aircrack-ng? This tool focuses on areas of Wifi Security which includes monitoring which captures packets and exports the data to text files for processing by 3rd party tools. Replaying attacks, fake access points, deauthentication by using packet injection. Testing of wifi cards and driver capabilities via capture and injection and cracking of WPA and WPA PSK (WPA 1 and WPA 2).
Crowbar is one of brute force attacking tool that provides you an opportunity to be in control what is submitted to a web server. It doesn’t try to identify a positive response like hitting a correct username or password combination but it rather tells you to give a “baseline” – the content of response and content of the baseline are then compared. Is Crowbar Free? Yes, Crowbar is currently free. Does Crowbar Work on all Operating Systems? Crowbar works with Linux operating systems. What are the Typical Uses for Crowbar? This brute-forcing tool is commonly used during penetration tests and is developed to support protocols that are currently not supported by other brute-forcing tools. Currently, this tool supports remote Desktop Protocol with NLA support, VNC key authentication, open VPN and SSH private key authentication.
John The Ripper is perhaps the best known password cracking (hacking) tools out there, and that’s why it will always be in our ‘concise top ten hacking tools’ category. Aside from having the best possible name, we love John, as it is affectionately known because simply said, it works and is highly effective. John The Ripper is, like Metasploit, also part of the Rapid7 family of pentesting/ hacking tools. How do Password Crackers Work? In cryptanalysis, (which is the study of cryptographic systems in order to attempt to understand how it operates, and, as hackers, we’ll try to see if there are any vulnerabilities that will allow them to be broken, with or without the hash/ password key). Password cracking is the process of recovering or hacking passwords from data that have been stored in or has been transmitted by a computer system or within a network. One of the most common types of password hacking is known as a ‘brute-force attack.’ which, simply said, is the process in which a computer system guesses for the correct by cross-checking against an available cryptographic hash of the password. If the brute force attack is against clear-text words then the process derives from a ‘dictionary attack’. If the password is guessed using password hashes (which is faster), then the used process would be a ‘rainbow’ table. If you work in Cyber Security, or are looking to get started in the profession, then it is ‘a must’ that you learn certain aspects of cryptography. We’d therefore strongly suggest that you learn, and try to crack, offline passwords using John The Ripper. How does John The Ripper compare to THC Hydra? THC Hydra, or simply ‘Hydra’, is another very popular password hacking tool that is often referred to in the same context as John The Ripper. The easiest way to describe the difference between John The Ripper (JTR) and THC Hydra is that JTR is an offline password cracker whilst Hydra is an online password cracker. Is John The Ripper Free? Both. There is a very popular free version of John The Ripper, and also a ‘pro’ version. John the Ripper commerical version is used by penetration testers that are interested in password cracking specific operating systems. The commercial version optimized for performance and speed. For the average user John The Ripper ‘open-source’ will work great, for the real hard-core user we’d certainly recommend the Pro Version, available from Rapid7. Does John The Ripper Work on all Operating Systems? John The Ripper was originally developed for Unix operating systems but now runs on various platforms 11 of which are architecture-specific versions of DOS, Unix, BeOS, Win32 and OpenVMS. What are Typical Uses for John The Ripper? John the Ripper is a fast password cracker. Period. In fact, you can consider John The Ripper as ‘the definitive’ password hacking tool! In Summary In summary, this extremely popular password cracking software tool is a behemoth within its’ category. This tool now works on, literally, every single platform you can think of. Users of this software love it, primarily for two specific reasons; firstly, because you can combine it with other password crackers, and secondly because it can autodetect password hash types through its customizable cracking functionality. This tool can easily be executed against various encrypted password formats including (but not limited to) several crypt password hash types most commonly found on various Unix versions (such as DES, MD5, or Blowfish, Kerberos AFS etc). Like other tools such as Metasploit and Nmap, John The Ripper (JTR) can have its performance enhanced by adding on extra modules.
L0phtCrack is a recovery and password auditing tool originally created by Mudge. It tries to crack Windows passwords from obtained hashes from stand-alone Windows workstation, primary domain controllers, networked servers or Active Directory. It can sometimes sniff hashes off the wire. This tool also has several methods of generating password guesses. Is L0phtCrack Free? No, 3 versions of L0phtCrack: Professional, Administrator and Consultant are available for purchase. Does L0phtCrack Work on all Operating Systems? No, It only works for Microsoft Windows. What are the Typical Uses for L0phtCrack? L0phtCrack is used to recover lost Microsoft Windows passwords or to test someone's password strength. It uses brute force, rainbow tables, hybrid and dictionary attacks. Even if this one of the tools of choice, crackers’ use old versions because of its high availability and low price.
Medusa is created to be a massively parallel, modular, speedy and login brute forcer. The aim is to support a lot of services that will allow remote authentication. Key features of this tool includes thread-based parallel testing – Brute force testing can be performed against multiple hosts, passwords or users. Flexible user input – Target information can be specified in different ways. One example is that for each item, it can be either a single entry or file containing multiple entries and Modular design – Every independent mod file exists in each service mod file. This means that no modifications are needed to the core application in order to extend the list of supported services for brute-forcing. Is Medusa Free? Yes, Medusa is free to use. Does Medusa Work on all Operating Systems? Medusa works on Linux and MAC OS X operating systems. What are the Typical Uses for Medusa? Just like THC Hydra, this tool focuses on cracking passwords by brute forcce attack. This tool can perform rapid attacks against large number of protocols that includes telnet, http, https, databases and smb.
Ophcrack is a rainbow-table based password cracker. This tool can import hashes from different formats included dumping directly from the SAM files of Windows. Some Rainbow tables are free to download but if you want larger ones, you can buy it from Objectif Sécurité. Is ophcrack Free? Yes! Does ophcrack Work on all Operating Systems? This tool works on Linux, Microsoft Windows and MAC OS X. What are the Typical Uses for ophcrack? The primary use of this tool is for password discovery. It can fork out simple passwords within minutes. Buying additional rainbow tables will enable you to crack complex passwords.
RainbowCrack is a hash cracker tool that makes use of a large-scale time memory trade off. A common brute force cracker tries every possible plaintext one by one which is time-consuming for complex passwords but this tool uses a time-memory trade-off to do an advance cracking time computation and store results in “rainbow tables”. Password crackers take a long time to precompute tables but this tool is hundred of times faster than a brute force once it finishes the precomputation. Is RainbowCrack Free? Yes. RainbowCrack is free to use. Does RainbowCrack Work on all Operating Systems? It works on Linux, Microsoft Windows and MAC OS X (You should have mono or CrossOver for this one). What are the Typical Uses for RainbowCrack? The use of this tool is to crack hashes with rainbow tables that makes password cracking easier.
SolarWinds Firewall Security Manager (FSM) is a great solution for organizations and companies who need reporting and expert management on their most critical security devices. Set-up and configuration of this product is pretty straightforward and multi clients can be deployed to allow multiple administrators to access the system. Is SolarWinds Free? No. SolarWinds is a paid product offered by an excellent and well-respected company. Does SolarWinds Work on all Operating Systems? SolarWinds works on Windows operating systems. What are the Typical Uses for SolarWinds? Uses of this tool include network discovery scanners, router password decryption, SNMP brute force cracker, and TCP connection reset program.
THC Hydra is a password cracking tool that can perform very fast dictionary attacks against more than fifty protocols. It is a fast and stable Network Login Hacking Tool which uses dictionary or brute-force attacks to try various password and login combinations against a login page. Is THC Hydra free? Yes! THC Hydra is free. This tool is a proof of concept code giving researchers and security consultants the possibility to know how easy it would be to gain unauthorized access from remote to a system. Does THC Hydra Work on all Operating Systems? Hydra was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX. What are the Typical uses for THC Hydra? Hydra is used as a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add. This tool shows how easy it would be to gain unauthorized access to a system remotely.
Wfuzz is a hacking tool use created to brute force Web Applications. Some of the features of this tool includes multiple Injection points capability with multiple dictionaries, output to HTML, recursion (When doing directory bruteforce), colored output, post, headers and authentication data brute forcing, cookies fuzzing, time delays between requests, SOCK support, authentication support (NTLM, Basic), proxy support, payload combinations with iterators, HEAD scan (faster for resource discovery), brute force HTTP methods, multiple proxy support (each request through a different proxy) and hide results by return code, word numbers, line numbers, regex. and a whole lot more… Is Wfuzz Free? Yes! Wfuzz is free. Does Wfuzz Work on all Operating Systems? It works on Linux, Windows and MAC OS X operating systems. What are the Typical Uses for Wfuzz? This tool is used to brute force Web Applications and can be used to find resources not linked (servlets, directories, scripts, etc.), POST parameters for various injections like SQL, LDAP, XSS, form parameters brute-forcing (username/password), fuzzing and a lot more.
You may also like...
We've interviewed over 25 Cybersecurity Professionals to ask them that exact question...
Social engineering and brute-forced password attacks are the two most common ways (methods) to hack into someone’s account. Sometimes the most inane reasons are attributed to a password breach, for example, the Uber hack of 2016, was the result of a programmer leaving password credentials for their AWS account within their GitHub account. Admittedly their account was private but yet a skilled hacker was able to penetrate that account and compromise a ton of data.
What’s the solution?
Be secure and use common sense!
The questions we’ve pinned to the bottom are some of the most commonly asked questions we’ve received over the years regarding password cracking.
The accepted answers are that of course, it depends on the processing power of your machine (or the system that is running the password hacking method). To put that into numbers, if you’re on a basic low-spec computer that was running a brute-force hack then it will take (1.7*10^-6 * 52^8) seconds / 2, or 1.44 years. The faster the processor the less that number becomes. A supercomputer or a botnet powered tool would take a lot less time (maybe about ten minutes at best). The moral of the story here is to have a complex password that is longer than eight characters.
Brute Force Attack and social engineering scams are the two easiest and best-known methods of being able to hack passwords. Most password cracking tools can crack simple passwords by guessing a specific number of passwords (see tools like cup.py). Hackers use tools listed within our resource that will try to crack passwords by simply entering different passwords over and over until it’s cracked. There’s more to it than this but essentially that’s how passwords are cracked. The other solution is social engineering. Uber was hacked, for example, because some developers left login credentials on their GitHub account. Such an error was human, but the access to their GitHub account was likely due to social engineering.
The five stages are: Reconnaissance > Scanning > Gaining Access > Maintaining Access > Covering Tracks.
Yes and no.
Yes, because it practice you certainly can scan the IP to see what’s on it and from that information launch at attack but likely that will be very difficult because even rudimentary client-facing ports (IP Addresses) will have some form of firewall or packet filtering. Also, typically, a semi-decent Firewall will be able to instantly detect an nmap scan (for example) and block the origin IP and subsequent rotated IP’s. An expert hacker or Penetration Tester can send creative packets to test the system and may be able to penetrate the network or IP Address. In summary therefore, the best answer is: it depends!
Yes, but it would require a significant skill. There is a multitude of ways to hack into someone’s phone. The easiest way would be to get the target to download a vulnerable “mobile app” that could then be used to remotely access that targets phone. This question is almost impossible to answer in a “yes” or “no” but in summary, I’d say that a mobile phone (iOS or Android) is, of course, a computer and therefore can be hacked so I’d lean towards always saying “yes” a mobile phone can be hacked. How easy that is of course depends on a wide range of factors.
The answer here is that it totally depends. Using creative hacking tools you can create specific dictorinary attacks based upon your target which would be really focused on getting the correct pattern or likely passwords. Such an attack would be referred to as a “Brute Force” attack. So, in summary – the harder the password the harder it is to crack! Get creative and have unqique passwords per account.
Based upon research we’ve looked at here at Concise Courses each PIN entry can take about 40 seconds to execute. Based upon that metric it would take over 112 to brute force a 4 digit PIN.
The first step of password hacking is known as “Footprinting (Reconnainsance) or “Information Gathering”. This phase is also known as OSINT (Open Source Intelligence) where the hacker (or “Ethical Hacker”) would collect as much information as possible about their target and with regards to password cracking they’d have to create their own unique rainbow/password list.