How crackers get your password

May 30th, 2013 by admin in cracking, News

Good article on how your complex password gets cracked

Huge Password List for sale

February 22nd, 2013 by admin in cracking, News

CrackStation’s password cracking dictionary list is available to download (Pay what you want) 15GB 1.5 billion words.

Comprehensive list of Password dumping tools for windows

February 5th, 2013 by admin in cracking, News, Password Info, Privilege Escalation

Bernardo Damele compiled a list of password dumping tool into a google spreadsheet:

Top 25 passwords of 2012

November 9th, 2012 by admin in cracking, Life, Password Info

The rankings were created by SplashData who compiled from files containing millions of stolen passwords posted online by hackers in 2012 and ranked them in order of popularity. It’s all similar to year’s past but we’ve got some new additions at the end of the list in Jesus and password1. The company advises consumers or businesses using any of the passwords on the list to change them immediately.

“Even though each year hacking tools get more sophisticated, thieves still tend to prefer easy targets,” Slain said. “Just a little bit more effort in choosing better passwords will go a long way toward making you safer online.”


Here’s the full list: (more…)

Oracle Logon Protocol Flawed

September 20th, 2012 by admin in cracking

There is a serious vulnerability in the authentication protocol used by some Oracle databases, a flaw that could enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password. The attacker could then log on as an authenticated user and take unauthorized actions on the database. The researcher who discovered the bug has a tool that can crack some simple passwords in about five hours on a normal PC.

The vulnerability exists in Oracle Database 11g Releases 1 and 2 and is caused by a problem with the way the authentication protocol protects session keys when users try to log in. The first step in the authentication process when a client contacts the database server is for the server to send a session key back to the client, along with a salt. The vulnerability enables an attacker to link a specific session key with a specific password hash.

3 Tricks to bypass an Android lockscreen

September 20th, 2012 by admin in cracking, Linux, Mobile

It can be extremely frustrating when you’ve forgotten the pattern you use to lock your smartphone, and even more so if someone has managed to prank you by changing it. Luckily, there’s an easy fix if you know the username and password for the Gmail account you used to set up the lock.

If you’ve somehow forgotten your Gmail info, it’s a bit trickier to bypass the lock screen. As a last resort, there’s always resetting your phone to factory settings, but no one wants that hassle. So, here are a couple of ways to avoid starting from scratch, if you can.

Free Rainbow Table Torrents

September 20th, 2012 by admin in cracking, Files

Have alot of hard drive space and alot of bandwidth? Need to crack and 8character or less MD5,NTLM,LM,SHA1 password? here’s a list of torrents that you can download for free. Happy Cracking!

Quarks PwDump

May 22nd, 2012 by admin in cracking, Password Info, Privilege Escalation

Quarks PwDump is new open source tool to dump various types of Windows credentials:

It currently extracts :

  • Local accounts NT/LM hashes + history
  • Domain accounts NT/LM hashes + history
  • Cached domain password
  • Bitlocker recovery information (recovery passwords & key packages)

The tool is currently dedicated to work live on operating systems without injecting in any process, limiting the risk of undermining their integrity or stability. it requires administrator’s privileges and is still in beta test. more info

OpenCL Multiforcer

May 7th, 2012 by admin in cracking

In beta testing for linux right now, only supports NTLM and MD5 right now. But you are able to bruteforce passwords from multiple sources at the same time. Download from here:

Crack PDF passwords using BeagleBone

April 3rd, 2012 by admin in cracking

The password protected PDF file is passed to the Beaglebone device on a thumb drive. Since the BeagleBone is running embedded Linux you don’t need to mess around with figuring out how to read from the device. A click of the button starts the process. Currently the code just uses a brute force attack which can test more than 6000 four-character passwords per second on the 700 MHz ARM processor.  This is quite slow for any password more than four or five characters long, but [Nuno] does mention the possibility of running several ARM processors in parallel, or using a dictionary (or rainbow table) to speed things up. Either way it’s an interesting project to try on the hardware.

« Previous ArticleNext Article »