WPA Cracker is a WiFi security compromiser in the cloud, running on a high-performance cluster. Send them a dump of captured network traffic and $35, and they will try 136 million passwords in 40 minutes, tops (for $17, they’ll run the same attack at half speed) — the same crack would take five days on a “contemporary desktop PC.” They also have an extended, 284 million word dictionary that you can run for $55 in 40 minutes. They’ll also use the same process to crack the passwords on encrypted ZIP archives.

At Defcon 2010 on Thursday, at a specified time, KoreLogic will release a file containing 53,000 password hashes. The file will contain passwords of varying types (such as SHA, SSHA, MD5, DES, Lanman, NTLM, etc.) and will range from being “easy” to extremely difficult to crack. The password file is not simply 53,000 randomly generated passwords which would favor the person or group with the most GPU/CPU bruteforcing horsepower. Instead, the password file contains passwords based on what we believe are challenging patterns. Passwords will be of varying lengths, patterns, and complexity. Creative password cracking techniques, rules, dictionaries, and tools will be needed. The teams who are smart about the methods they use (i.e., teams who can crack more, with less work) will most likely be the most successful.

KoreLogic will be giving away the following prizes for first, second, and third place:

• First Place: $600 (or equivalent item)
• Second Place: $300 (or equivalent item)
• Third Place: $100 (or equivalent item)

More Info: http://www.korelogic.com/defcon_2010-contest.html

WhatsMyPass now introducing BIOS Password Recovery Services!!!
We can recover Dell (2A7B, 595B, A95B or D35B service tag), Sony VAIO PCG & VGN models, Samsung,Fujitsu-Siemens, Hewlett-Packard, Compaq, Phoenix BIOS. You will receive the password within a few hours, sometimes almost instantly. The price is only $10 per password recovered, if we can’t recover it, you get your money back.

For more info and a list of supported computer models visit here:
BIOS Password Recovery Service

Enter Challenge Hash and click “Pay Now”:

We reviewed Kon Boot 1.0 last year HERE which was a great breakthrough program that allowed you to boot into a Windows machine and bypass the logon screen without entering a password. To accomplish this, Kon Boot hooks the bios on the fly subverting the Windows kernel authentication temporarily and allowing you access. Since this is a temporary process the computer is back to normal when you reboot. This allowed you to access the computer without having to take the time to reset the password or crack it, and it left the computer untouched. Now, a year later, Kon Boot v1.1 has been released with new features, such as booting from floppy,CD, or usb, privilege escalation support which allows you to gain SYSTEM privileges from ANY account on the system. For example, you can boot from Kon Boot and log in as Guest and run ‘Net User’ command to add a new user,reset admin passwords etc as SYSTEM

It also has a bunch of new bug fixes/updates.

1. - Added 64-bit environment support
2. - Added USB support tools (grldr, klmemusb)
3. - Added debugging code to make it easier to track down various compatibility problems
4. - Fixed bug in Windows 7 support failures
5. - Removed Linux support
6. - Many performance improvements to source code
7. - Improved BIOS support by reducing code size significantly

Unfortunately it is no longer free. But for a meager price of $15.99 for a personal license, it gives you free updates and support for a period of 6 months. You can still use it without restrictions after that period.
They also offer a commercial license, for $75.99 with 1 year of support and updates, allowing you to use on business environment.
To purchase Kon Boot v1. 1,visit their website http://www.kryptoslogic.com

We are also giving away 10 personal licenses this week to some lucky readers!!! More details to come!!!

This pdf document is for people who want to learn to the how and why of password cracking. There is a lot of information being presented and you should READ IT ALL BEFORE you attempted doing anything documented here. (more…)

Ophcrack Password-cracking tool was optimised to work with SSDs have achieved speeds up to 100 times faster when compared to their old 8GB Rainbow Tables for XP hashes. After optimizing its rainbow tables of password hashes to make use of SSDs Swiss security firm Objectif Sécurité was able to crack 14-digit WinXP passwords with special characters in just 5.3 seconds. A free test can be found here.

A new multi-platform password cracking tool hashcat was just released publicly.
Tested on XP, Win7, Gentoo, Debian

The main features of hashcat are:

* It is free.
* Native binaries for Linux and Windows.
* Multi-threaded.
(more…)

Three years after Symantec pulled the plug on L0phtcrack, the tool for auditing and cracking windows passwords is back. It was pulled from the market in late 2005 shortly after Symantec acquired @stake, @stake took control of the rights a year or so earlier when it merged with L0pht. With a price starting at $295, will it live up to it’s name when the market has many freeware options to choose from?

L0phtcrack team member Christien Rioux says the features such as scheduling and a dashboard that simplifies the process of disabling users with weak passwords makes the program stand out. “There are a number of enterprise administrative features that make the product worth it for organizations that are doing this on a regular basis,” he said. “It’s been a very long time that this has been out there. The benefit is that we’ve had the opportunity to interact and fix [customer] issues and take [in] their concerns.”

The $295 Professional versions includes:

• Password assessment
• Password recovery
• Dictionary support
• Hybrid support
• Brute force support
• International character support
• Wizard-based GUI
• Password quality scoring
• Remediation
• Windows & Unix support
• Executive reporting
• Remote system scans
• 500 User Accounts (Professional Version)

Chalk up another $300 for the admin version and it gives you support for

• Unlimited accounts
• Pre-computed hash (rainbow) table support
• Assessment scheduling

http://www.l0phtcrack.com

One effective way of assessing password strength is to try and crack them, and as most of you probably know, dictionary attack is the simplest yet formidable technique for cracking passwords. Sébastien Raveau generated a quick & dirty wordlist from Wikipedia in a dozen of languages. It helped quickly crack countless passwords, a lot of which bruteforcing would never get to. The wordlist download can be found at his blog