Default Router Password List

A list of default passwords for various networking devices

http://www.phenoelit-us.org/dpl/dpl.html

WLAuthor - Customized Wordlist Generator

WLAuthor is an advanced custom wordlist generator. It can be used to create a custom dictionary/wordlist for password guessing or cracking attacks in penetration testing. It now supports better crawling capabilities and a hybrid engine (customized word manipulation). This script takes a target domain, and a manipulation recipe as input and will browse the target web site and parse it for potential words used in passwords. It will then manipulate the wordlist to include special characters and numbers for increased complexity.


http://www.securityexperiment.com/se/documents/WLAuthor-0.12.pl

Medusa - remote login brute-forcer

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:
* Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
* Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
* Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

Supports:
* AFP
* CVS
* FTP
* HTTP
* IMAP
* MS-SQL
* MySQL
* NetWare NCP
* NNTP
* PcAnywhere
* POP3
* PostgreSQL
* REXEC
* RLOGIN
* RSH
* SMBNT
* SMTP-AUTH
* SMTP-VRFY
* SNMP
* SSHv2
* Subversion (SVN)
* Telnet
* VMware Authentication Daemon (vmauthd)
* VNC
* Generic Wrapper
* Web Form

http://www.foofus.net/jmk/tools/medusa-2.0.tar.gz

ruby-words-generators - Wordlist Generator

Ruby-wg is a opensource scalable and reliable wordlist generator written in Ruby. It uses a JMS broker (stomp interface) to store candidate and result words.
ruby-wg is scalable: you can run one or more concurrent "wg.rb run" processes, also from different servers/workstations: in this way the speed will increase with the number of concurrent processes...
ruby-wg is reliable: the processes "wg.rb run" run for at most "max_run_iterations": when they finish, you can stop/start the (JMS) servers and start the "wg.rb run" processes later without missing data and without restarting the wordlist generation from the beginning...
Some Features:
* you can run as many concurrent and remote word generators as you want
* you can "pause" the wordlist generation and go on later (also after a restart of the pc)
* you can monitor jms queues with Activemq Admin Console and jconsole(.exe)

http://code.google.com/p/ruby-words-generators/source/checkout

oclHashCat v.0.19 - Multi Hash GPU Cracker

GPU Driver and SDK Requirements:
* NV users require ForceWare 195.x.
* ATI users require Catalyst 10.4 and ATI Stream SDK v2.1.

Features:
* Free
* Multi-GPU
* Multi-Hash
* Linux & Windows native binaries
* Uses OpenCL
* Fastest multihash MD5 cracker on NVidia cards
* Fastest multihash MD5 cracker on ATI 5xxx cards
* Supports wordlists (not limited to Brute-Force / Mask-Attack)
* Can mix wordlists with Mask-Attack to emulate Hybrid-Attacks
* Runs very cautious, you can still watch movies while cracking
* Kernel workload can be configured while cracking
* Supports pause / resume
* Supports huge numbers of hashes (4 million and more)
* Able to work in a distributed environment
* Includes hashcats entire rule engine to modify wordlists on start
* ... and much more

Algorithms
* MD5
* md5($pass.$salt)
* md5($salt.$pass)
* md5(md5($pass))
* md5(md5($pass).$salt)
* SHA1
* MySQL
* MD4
* NTLM

http://hashcat.net/files/oclHashcat-0.19.rar

Paper - Cracking WEP and WPA Wireless Networks


Covers wep & wpa password/passphrase recovery using the aircrack-ng suite

http://docs.alkaloid.net/index.php/Cracking_WEP_and_WPA_Wireless_Networks

POC - MySQL Password Crack

Proof-of-concept of the MySQL Password crack by Philippe Vigier / iAPX
Passwords/s on P4@2.8Ghz: 1500 Billion
Compile:
- GNU/Linux, BSD, Unix : gcc -O3 -o poc poc.c
- Mac OS X : gcc -O3 -fast -o poc poc.c
- Other platforms : see documentation to compile standard C-code

To search for a fingerprint : ./poc (fingerprint)
Informations : ./poc --help

http://www.sqlhack.com/poc.c

rpisec.net - Distributed Hash Cracker

A free, open source (BSD licensed) distributed password hash cracker being developed in house. It currently supports MD4, MD5, NTLM, SHA-1, and MD5Crypt (IOS enable secrets and Linux/BSD shadow passwords using $1$ prefix), and can batch multiple hashes together for faster processing. For more details see the Supported algorithms page.

The cracker currently runs on x86/amd64 Linux, with experimental Win32/Win64 support in progress. It uses a PHP-based web interface rather than a command-line server executable and should scale well to large (>250 node) grids. It runs one work unit per compute device (GPU or CPU core) rather than one work unit per computer, reducing synchronization overhead and permitting mixed CPU-GPU cracking.

You can clone a read-only copy of the latest source from our public Git repository at git://rpisec.net/cracker. Tarballs of the repository made every Monday are also available for download in the Files section. Please note that these are raw snapshots and may not be suitable for production use.
http://rpisec.net/attachments/download/36/cracker-2009-10-23.tar.gz

CmosPwd - BIOS Password Recovery

CmosPwd decrypts the password stored in cmos used to access the bios setup.
Works with the following BIOSes:
* ACER/IBM BIOS
* AMI BIOS
* AMI WinBIOS 2.5
* Award 4.5x/4.6x/6.0
* Compaq (1992)
* Compaq (New version)
* IBM (PS/2, Activa, Thinkpad)
* Packard Bell
* Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107
* Phoenix 4 release 6 (User)
* Gateway Solo - Phoenix 4.0 release 6
* Toshiba
* Zenith AMI

You can also backup, restore and erase/kill cmos.

http://www.cgsecurity.org/cmospwd-5.0.zip (Win32)
http://www.cgsecurity.org/cmospwd-5.0.tar.bz2 (Source)

Aircrack-ng - Recover WPA-PSK & WEP Keys

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

http://download.aircrack-ng.org/aircrack-ng-1.1.tar.gz (Source)
http://download.aircrack-ng.org/aircrack-ng-1.1-win.zip (Win32)

THC-Hydra

Hydra is a parallized login cracker which supports numerous protocols to attack. New modules
are easy to add, beside that, it is flexible and very fast.

Currently this tool supports:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, LDAP2, Cisco AAA (incorporated in telnet module).

http://freeworld.thc.org/releases/hydra-5.4-src.tar.gz (Source)
http://freeworld.thc.org/thc-hydra/hydra-5.4-win.zip (Win32)

FCrackZip – a Free and Fast Zip Password Cracker

fcrackzip searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.
http://blog.rubypdf.com/wp-download/crack/fcrackzip-1.0-win32.zip (Win 32)
http://www.goof.com/pcg/marc/data/fcrackzip-1.0.tar.gz (Linux)

PDFCrack - PDF File Password Recovery

PDFCrack is a GNU/Linux (other POSIX-compatible systems should work too) tool for recovering passwords and content from PDF-files. It is small, command line driven without external dependencies. The application is Open Source (GPL).
Features:
* Supports the standard security handler (revision 2, 3 and 4) on all known PDF-versions
* Supports cracking both owner and userpasswords
* Both wordlists and bruteforcing the password is supported
* Simple permutations (currently only trying first character as Upper Case)
* Save/Load a running job
* Simple benchmarking
* Optimised search for owner-password when user-password is known
http://blog.rubypdf.com/pdfcrack/pdfcrack-0.11.zip

orabf - Oracle Hash Cracker

Orabf is an extremely fast offline brute force/dictionary attack tool that can be used when the particular username and hash are known for an Oracle account. Obviously the speed of the brute force attack slows down the longer the amount of characters that it is trying to brute force with but for short username/hash combinations it can be over a million tries per second.
http://www.toolcrypt.org/tools/orabf/orabf-v0.7.6.zip

igrargpu - RAR GPU Password Recovery

This software on ATI RV 670/770/870 and nVidia "CUDA" video cards is used to recover passwords for RAR archives v 3.x. Recovery speed at HD4850 is about 20 times better than single core of Q6600 @ 2.4Ghz. (Comparing only optimized SSE2 code running on iCore. Currently only 2 programs heavily optimized for RAR 3.x recovery -- crark & ARCHPR). For non-optimized CPU versions it can be [place your favorite number here, like 100x or 200x].

Performance on nVidia cards slower than with ATI ones (because of nVidia GPU architecture). So, 8600 GT about 2x times faster than single core of Q6600 @ 2.4Ghz. GTX 260 /w 192SP about 12 times faster than single core of Q6600 @ 2.4Ghz.

Plain numbers (for RAR passwords with length == 4) are:
~168 passwords per second on single core of Q6600 @ 2.4Ghz (crark's result)
~325 passwords per second on 8600 GT
~3350 passwords per second on ATI HD4850
~2075 passwords per second on GTX260/192SP

Note that password recovery speed is not constant for RAR archive, it depends on password length (i.e shorter passwords will be checked faster than longer ones).
http://golubev.com/files/igrargpu_v05.zip

VNCPassView - VNC Password Viewer

VNCPassView is a small utility that recover the passwords stored by the VNC tool. It can recover 2 of passwords: password stored for the current logged-on user (HKEY_CURRENT_USER in the Registry), and password stored for the all users.
http://www.nirsoft.net/utils/vncpassview.zip

WirelessKeyView - Windows Wireless Password Viewer

WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard.
Requirements:
* Windows XP with SP1 or greater.
* You must login to windows with admin user.
http://www.nirsoft.net/utils/wirelesskeyview.zip
http://www.nirsoft.net/utils/wirelesskeyview-x64.zip (64 Bit)

OperaPassView - Opera Stored Passwords Viewer

OperaPassView is a small password recovery tool that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file. You can easily select one or more passwords in the OperaPassView window, and then copy the passwords list to the clipboard and save it into text/html/csv/xml file.
http://www.nirsoft.net/utils/operapassview.zip

Chromepass - Google Chrome Stored Passwords Recovery

ChromePass is a small password recovery tool that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry, the following information is displayed: Origin URL, Action URL, User Name Field, Password Field, User Name, Password, and Created Time. You can select one or more items and then save them into text/html/xml file or copy them to the clipboard.
http://www.nirsoft.net/utils/chromepass.zip

PasswordFox - Firefox Stored Passwords Viewer

PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.
http://www.nirsoft.net/utils/passwordfox.zip

Network Password Recovery

Recovers:
* Login passwords of remote computers on your LAN.
* Passwords of mail accounts on exchange server (stored by Outlook 2003)
* Password of MSN Messenger / Windows Messenger accounts
* Internet Explorer 7.x and 8.x: passwords of password-protected Web sites ("Basic Authentication" or "Digest Access Authentication")
The item name of IE7 passwords always begin with "Microsoft_WinInet" prefix.
* The passwords stored by Remote Desktop 6.
http://www.nirsoft.net/utils/netpass.zip

Mail PassView

Mail PassView is a small password-recovery tool that reveals the passwords and other account details for the following email clients:
* Outlook Express
* Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
* Microsoft Outlook 2002/2003/2007 (POP3, IMAP, HTTP and SMTP Accounts)
* Windows Mail
* Windows Live Mail
* IncrediMail
* Eudora
* Netscape 6.x/7.x (If the password is not encrypted with master password)
* Mozilla Thunderbird (If the password is not encrypted with master password)
* Group Mail Free
* Yahoo! Mail - If the password is saved in Yahoo! Messenger application.
* Hotmail/MSN mail - If the password is saved in MSN/Windows/Live Messenger application.
* Gmail - If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.

For each email account, the following fields are displayed: Account Name, Application, Email, Server, Server Type (POP3/IMAP/SMTP), User Name, and the Password.
http://www.nirsoft.net/utils/mailpv.zip

MessenPass - IM Password Recovery

MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:
* MSN Messenger
* Windows Messenger (In Windows XP)
* Windows Live Messenger (In Windows XP/Vista/7)
* Yahoo Messenger (Versions 5.x and 6.x)
* Google Talk
* ICQ Lite 4.x/5.x/2003
* AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
* Trillian
* Trillian Astra
* Miranda
* GAIM/Pidgin
* MySpace IM
* PaltalkScene
* Digsby

MessenPass can only be used to recover the passwords for the current logged-on user on your local computer, and it only works if you chose the remember your password in one of the above programs. You cannot use this utility for grabbing the passwords of other users.
http://www.nirsoft.net/utils/mspass.zip

Asterisk Key - Hidden Password Recovery

* Uncovers hidden passwords on password dialog boxes and web pages
* State of the art password recovery engine - all passwords are recovered instantly
* Multilingual passwords are supported
* Full install/uninstall support
http://www.lostpassword.com/f/downloads/ariskkey/ariskkey.exe

Messenger Key - IM Password Recovery

* All versions of Mirabilis ICQ starting with ICQ 99 are supported
* Mirabilis ICQ Lite is supported
* MSN Messenger is supported
* Google Talk Messenger is supported
* Yahoo Messenger is supported
* State of the art password recovery engine - all passwords are recovered instantly
* Multilingual passwords are supported
* Full install/uninstall support
http://www.lostpassword.com/f/downloads/msgrkey/msgrkey.exe

MDCrackGUI

A simple GUI for the mdcrack application. -MDCrack is a free featureful password cracker designed to bruteforce 21 algorithms: MD2, MD4, MD5, HMAC-MD4, HMAC-MD5, FreeBSD, Apache, NTLMv1, IOS and PIX (both enable and user) hashes
http://sourceforge.net/projects/mdcrackgui/files/MDCrack%20GUI/mdcrackGUI-1.0.3781.27414.exe/download

Wordlist Menu Tool for BT4 Final

Options:
Run the entire otimization script
Sort a wordlist in alphabetical order
Sort a wordlist in reverse alphabetical order
Remove all duplicates form a wordlist
Remove all whitespace from the begining of each line
Remove all non ascii chars from a wordlist
Remove all comments from a wordlist (except first line)
Specify a min and max password length in a wordlist
Manipulate a wordlist with the --rules fuction of john the ripper
L33tify a wordlist
Delete all lines that match a specific pattern from a file
Create a wordlist with crunch
Create a wordlist with wyd.pl
Create a wordlist wordlist with CUPP
Create a wordlist based on phonenumbers
Combine a directory full of files into one big list
Split a large text file into smaller files
Capitalize the first letter of each line in a file

http://tools.question-defense.com/wordlist_tools.sh

crunch - wordlist generator

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.

http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch2.4.tgz/download

drcrack - a dictionary based rainbow table password cracker

* Menu based rule generator
* Config files -table generation info is no longer stored in the filename!!
* Multi-threaded support for multi-core CPUs, (Linux and MacOSX only)
* Various other performance tweaks such as using optimized hashing functions for the most common password hashes, (goodbye openssl).
* Backwards compatible with traditional rcrack rainbow tables

Supported Systems:
Config Generator and Multi-Threaded Version
Most flavors of Linux
MacOSX
Single Threaded Version
Windows (coming soon)

http://sites.google.com/site/reusablesec2/drcrack.tar

oclHashCat v.0.18 - Multi Hash GPU Cracker

Features
* Free
* Multi-GPU
* Multi-Hash
* Linux & Windows native binaries
* Uses OpenCL
* Fastest multihash MD5 cracker on NVidia cards
* Fastest multihash MD5 cracker on ATI 5xxx cards
* Supports wordlists (not limited to Brute-Force / Mask-Attack)
* Can mix wordlists with Mask-Attack to emulate Hybrid-Attacks
* Runs very cautious, you can still watch movies while cracking
* Number of workload can be configured (like -n in hashcat)
* Supports pause / resume
* Supports huge numbers of hashes (4 million and more)
* Able to work in a distributed environment
* Includes hashcats entire rule engine to modify wordlists on start
* ... and much more

Algorithms
* MD5
* md5(md5($pass))
* md5(md5($pass).$salt)
* MD4
* NTLM

GPU Driver and SDK Requirements:
* NV users require ForceWare 195.x.
* ATI users require Catalyst 10.3 and ATI Stream SDK v2.01.



http://hashcat.net/files/oclHashcat-0.18.rar

hash krackin rss feed Subscribe in a reader


Copyright 2011 | All software listed is freeware unless otherwise stated. All software listed is property of the publisher. The software on this website may be reported by antivirus as malicious, however this can be disregarded due to the nature of these tools. Hash Krackin can not be held responsible for any of your actions performed by the resources of this website. Please contact the webmaster of any broken links or password cracker resources you would like featured on this site.