In beta testing for linux right now, only supports NTLM and MD5 right now. But you are able to bruteforce passwords from multiple sources at the same time. Download from here: https://sourceforge.net/projects/cryptohaze/files/New-Multiforcer-Linux_x64_1_31.tar.bz2/download
The password protected PDF file is passed to the Beaglebone device on a thumb drive. Since the BeagleBone is running embedded Linux you don’t need to mess around with figuring out how to read from the device. A click of the button starts the process. Currently the code just uses a brute force attack which can test more than 6000 four-character passwords per second on the 700 MHz ARM processor. This is quite slow for any password more than four or five characters long, but [Nuno] does mention the possibility of running several ARM processors in parallel, or using a dictionary (or rainbow table) to speed things up. Either way it’s an interesting project to try on the hardware.
Src: nunoalves.com
Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes and Kerberos tickets). This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems. Also dumps passwords in plain-text without the need to crack the hashes. Supports Windows XP, 2003, Vista, 7 and 2008.
Current Version: WCE v1.3beta (32-bit) (download) - WCE v1.3beta (64-bit) (download)
Frequently Asked Questions (FAQ) available here.
Ryan O’Horo from IOActive has a great article discussing how to estimate password and token entropy using Wolfram Alpha, check it out on IOActive’s Blog
Just head over to the service’s website and enter a password in the form. You do not necessarily have to enter a password that you use actively. You can alternatively enter a comparable password to find out how long it would take to hack your password with a brute force, or maybe a combined dictionary and brute force attack.
The latest version of OS X Lion allows any user to easily change the password of any local account, due to permissions oversights on Apple’s part. The news comes less than a month after another Lion vulnerability that let users bypass LDAP without a password gained notoriety.
Originally reported by Defence in Depth blogger Patrick Dunstan, the root of the newly discovered problem in Mac OS X 10.7 is tied to the user-specific shadow files used in modern OS X platforms. These files are essentially hash databases and contain, among other things, the user’s encrypted passwords. Ideally, they should be accessible only via high-privilege accounts.
According to Dunstan, Apple dropped the ball in terms of how Lion handles privilege. “Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Dunstan wrote. “This is accomplished by extracting the data straight from Directory Services.” Any user can accomplish this trick by simply invoking the directory services listing using the /Search/ path — for example, $ dscl localhost -read /Search/Users/bob (where “bob” is the username). This causes Lion OS X to spew out the contents of Bob’s shadow hash file, including data that can be used to crack Bob’s password with a simple script, such as a Python script written by Dunstan.
Source: Info World
Ron over at SkullSecurity had a great 2 part series on using poorly coded password reset snippits used on popular code sites. He goes into depth about how the password reset works , different methods of resets, and how to use the reverse code to crack itself.
Check it out , it’s a great read:
Hacking Crappy Password Resets – Part 1
Hacking Crappy Password Resets – Part 2
Programmable embedded devices have the capability of being detected as a HID device , just like a keyboard or mouse. So if you have physical access and a minute alone you can compromise a system with something the size of your thumb. The possibilities are endless, HTTP/FTP download, injecting binaries into debug or Powershell etc.. Also this device is cross platform which means Windows,Linux,UNIX and Apple are all vulnerable.
Here’s an example project we made for a Windows7 box that adds a new Admin user to the system and hides that user from the logon screen. the whole process takes about 16 seconds , with most of the time taken by the device being detected as a keyboard and the driver installed. The device costs about $20 and can be found here
Lost your IPhone passwords? Just jailbreak it and recover all of them, they’re all in plain-text 
Time it takes a hacker’s computer to randomly guess your password:
of course unless they’re using a nice setup and using gpu power 
