Good article on how your complex password gets cracked
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

CrackStation’s password cracking dictionary list is available to download (Pay what you want) 15GB 1.5 billion words.
http://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

Bernardo Damele compiled a list of password dumping tool into a google spreadsheet:

https://docs.google.com/spreadsheet/ccc?key=0Ak-eXPencMnydGhwR1VvamhlNEljVHlJdVkxZ2RIaWc#gid=0

The rankings were created by SplashData who compiled from files containing millions of stolen passwords posted online by hackers in 2012 and ranked them in order of popularity. It’s all similar to year’s past but we’ve got some new additions at the end of the list in Jesus and password1. The company advises consumers or businesses using any of the passwords on the list to change them immediately.

“Even though each year hacking tools get more sophisticated, thieves still tend to prefer easy targets,” Slain said. “Just a little bit more effort in choosing better passwords will go a long way toward making you safer online.”

Here’s the full list: (more…)

There is a serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password. The attacker could then log on as an authenticated user and take unauthorized actions on the database. The researcher who discovered the bug has a tool that can crack some simple passwords in about five hours on a normal PC.

The vulnerability exists in Oracle Database 11g Releases 1 and 2 and is caused by a problem with the way the authentication protocol protects session keys when users try to log in. The first step in the authentication process when a client contacts the database server is for the server to send a session key back to the client, along with a salt. The vulnerability enables an attacker to link a specific session key with a specific password hash.
(more…)

It can be extremely frustrating when you’ve forgotten the pattern you use to lock your smartphone, and even more so if someone has managed to prank you by changing it. Luckily, there’s an easy fix if you know the username and password for the Gmail account you used to set up the lock.

If you’ve somehow forgotten your Gmail info, it’s a bit trickier to bypass the lock screen. As a last resort, there’s always resetting your phone to factory settings, but no one wants that hassle. So, here are a couple of ways to avoid starting from scratch, if you can.
(more…)

Have alot of hard drive space and alot of bandwidth? Need to crack and 8character or less MD5,NTLM,LM,SHA1 password? here’s a list of torrents that you can download for free. http://www.pwcrack.com/rainbowtables.shtml Happy Cracking!

Quarks PwDump is new open source tool to dump various types of Windows credentials:

It currently extracts :

• Local accounts NT/LM hashes + history
• Domain accounts NT/LM hashes + history
• Cached domain password
• Bitlocker recovery information (recovery passwords & key packages)

The tool is currently dedicated to work live on operating systems without injecting in any process, limiting the risk of undermining their integrity or stability. it requires administrator’s privileges and is still in beta test. http://code.google.com/p/quarkspwdump/ more info http://www.quarkslab.com/en-blog+read+13

In beta testing for linux right now, only supports NTLM and MD5 right now. But you are able to bruteforce passwords from multiple sources at the same time. Download from here: https://sourceforge.net/projects/cryptohaze/files/New-Multiforcer-Linux_x64_1_31.tar.bz2/download

The password protected PDF file is passed to the Beaglebone device on a thumb drive. Since the BeagleBone is running embedded Linux you don’t need to mess around with figuring out how to read from the device. A click of the button starts the process. Currently the code just uses a brute force attack which can test more than 6000 four-character passwords per second on the 700 MHz ARM processor.  This is quite slow for any password more than four or five characters long, but [Nuno] does mention the possibility of running several ARM processors in parallel, or using a dictionary (or rainbow table) to speed things up. Either way it’s an interesting project to try on the hardware.
Src: nunoalves.com