What's My Pass? » Files

Hashcat v0.30

Dev Team — Mon, 28 Dec 2009 04:19:47 +0000

A new multi-platform password cracking tool hashcat was just released publicly.
Tested on XP, Win7, Gentoo, Debian

The main features of hashcat are:

* It is free.
* Native binaries for Linux and Windows.
* Multi-threaded.

* Supports the following hashes:

* MD5
* md5($pass.$salt)
* md5($salt.$pass)
* md5(md5($pass))
* md5(md5(md5($pass)))
* md5(md5($pass).$salt)
* md5(md5($salt).$pass)
* md5($salt.md5($pass))
* md5($salt.$pass.$salt)
* md5(md5($salt).md5($pass))
* md5(md5($pass).md5($salt))
* md5($salt.md5($salt.$pass))
* md5($salt.md5($pass.$salt))
* md5($username.0.$pass)
* md5(strtoupper(md5($pass)))
* SHA1
* sha1($pass.$salt)
* sha1($salt.$pass)
* sha1(sha1($pass))
* sha1(sha1(sha1($pass)))
* MySQL
* MySQL4.1/MySQL5
* MD5(WordPress)
* MD5(phpBB3)
* MD5(Unix)
* SHA-1(Base64)
* SSHA-1(Base64)

* Supports the following attacks:

* Straight-Words Attack
* Combination-Words Attack
* Toggle-Case Attack
* Brute-Force Attack

* All Attack-Modes except Brute-Force can be extended by Hybrid-Attack rules.
* Hybrid-Attack engine is mostly compatible with JTR / PasswordsPro.
* Possible to resume or limit session.

It also has some special features:

* Automatically recognizes already recovered hashes from outfile at startup.
* Automatically generate random rules for Hybrid-Attack.
* Load hashlist that include more than 3 million hashes of any supported type at once.
* Load saltlist from external file and then use them in a Brute-Force Attack variant.
* Able to work in an distributed environment.

There are some more things you should know:

* You can specify multiple wordlists and also multiple directories of wordlists.
* Number of threads can be configured.
* Threads run on lowest priority.

Get It Here: hashcat

l0phtcrack is back

Dev Team — Tue, 02 Jun 2009 13:54:58 +0000

Three years after Symantec pulled the plug on L0phtcrack, the tool for auditing and cracking windows passwords is back. It was pulled from the market in late 2005 shortly after Symantec acquired @stake, @stake took control of the rights a year or so earlier when it merged with L0pht. With a price starting at $295, will it live up to it’s name when the market has many freeware options to choose from?

L0phtcrack team member Christien Rioux says the features such as scheduling and a dashboard that simplifies the process of disabling users with weak passwords makes the program stand out. “There are a number of enterprise administrative features that make the product worth it for organizations that are doing this on a regular basis,” he said. “It’s been a very long time that this has been out there. The benefit is that we’ve had the opportunity to interact and fix [customer] issues and take [in] their concerns.”

The $295 Professional versions includes:

Password assessment
Password recovery
Dictionary support
Hybrid support
Brute force support
International character support
Wizard-based GUI
Password quality scoring
Remediation
Windows & Unix support
Executive reporting
Remote system scans
500 User Accounts (Professional Version)

Chalk up another $300 for the admin version and it gives you support for

Unlimited accounts
Pre-computed hash (rainbow) table support
Assessment scheduling

http://www.l0phtcrack.com

AIM Recover

Dev Team — Fri, 27 Mar 2009 04:20:29 +0000

AOL Instant Messenger Password Recovery Software easily recovers and exposes all lost or forgotten AIM saved passwords. Easily retrieves password information instantly regardless of the password length and complexity with full support to all AIM 6.x versions. AIM Recover is written in pure assembly language.

AIM 6.x (6.5 & beta 6.8) uses 2 algorithms to encrypt your AIM password. First the Blowfish algorithm is used to encrypt the AIM password using a 448 bit keyword.
The encrypted string is then encoded using base64 and stored in the registry at:
\\HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

Software Requirements

Processor: Pentium class or equivalent processor
RAM: 64MB RAM recommended
Hard Disk: 15kb free hard disk space
Supported Operating System: Windows 98/ ME/ NT/ 2000/ 2003/ XP/ Vista /Win7

Trial and registration

Evaluation version is available for FREE download. This unregistered (demo) software recovers only the first 3 characters in password (rest is shown as ‘*’).

Download Aim Recover Demo

967 downloads

In order to display full Password you should register for licensed Software.
Only $4.99!! All proceeds go to supporting this site!

Scanning Your Network for Default Passwords

admin — Tue, 14 Oct 2008 02:41:24 +0000

Midnight Research Labs has just published a new tool. Depant will scan your network and check to see if services are using default passwords. It starts by performing an Nmap scan to discover available services on the network. It organizes these services by speed of response. Using Hydra it does brute force password checking of these services with a default password list. The user can supply an alternate list for the first phase or an additional list to be used in a followup check. Depant has many different options for configuring your scan and will certainly help you find that rogue piece of hardware on your network that someone failed to set up securely.

IE Recover 1.0

admin — Sun, 28 Sep 2008 01:21:07 +0000

When you visit website ftp site in Internet Explorer version 4.x-6.x and you choose the “Remember password” when you login, the password is saved in the Protected Storage in the registry, and this utility can recover it.

The Protected Storage information is saved in a special location in the Registry. The base key of the Protected Storage is located under the following key: “HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider”
You can browse the above key in the Registry Editor (RegEdit), but you won’t be able to watch the passwords, because they are encrypted. Also, some passwords data are hidden by the operating system.

We are releasing a Demo version of IE Recover that recovers the first 3 characters of your password.

Download IE Recover Demo

702 downloads

The full version is available for $4.99 that shows the complete password.
Built in pure Assembly language this program is only 7kb and fits perfectly on a thumbdrive to carry with you anywhere.

Help support this site by purchasing it ,so we can continue to off you the latest password recovery info.

You can purchase through paypal or e-gold from the links below. Thank you.

Free ‘Trojan-Proof’ Password Tool Released for Windows

Dev Team — Mon, 22 Sep 2008 16:02:12 +0000

A trio of German software firms claims to have developed a password system that prevents Trojans and viruses from stealing passwords from a Windows machine.

The “Trojan-proof” virtual keyboard software, which was developed by Global IP Telecommunications, PMC Ciphers, and CyProtect AG, is available in a free beta version for download.

“This development can make input of PIN codes and transaction numbers for online banking completely safe in the near future,” said C.B. Roellgen, creator of the password dialog and CTO of PMC Ciphers, in a statement.

It works like this: the software flashes a virtual keyboard onto the video display that flickers the characters on and off at high speeds, with the keys displayed in random locations on the screen rather than as a standard Qwerty keypad. As soon as the user types a character in his or her password on the virtual keyboard, that key is moved to another location on the keyboard.

In a demonstration of the technology, the simulated Trojan was only able capture “skin of the dialog window” and not the actual key characters making up the password code, according to the developers. And their high-powered Trojan simulator ate up about 11 percent to 15 percent of the machine’s CPU.

“A real Trojan horse must be programmed to consume less than one percent of CPU time in order not to be detectable by professionals,” the developers say in a video demonstration of the software.

Bernd Roellgen with PMC Ciphers and Global IP Telecommunications, says the developers wanted to fill in the gap of existing Trojan protection solutions. “We found that there wasn’t a solution so far that was software-only,” Roellgen said in an interview with Dark Reading. So that’s the approach the developers took, he says.

But security expert Thierry Zoller, product manager and senior security engineer for n.runs AG, says that though he hasn’t tested the software, he doesn’t think it would be completely Trojan-proof. “The video shows that they use certain dithering tricks to foil screen cams to record what button has been pressed. This is nice, but surely not every way to find what keys have been pressed, not to mention there are DirectX-based screen recorders, which I doubt would not register these tricks,” he says.

This new virtual keyboard is not the first attempt at preventing password sniffing, either. “Attempts to prevent password sniffing have been appearing in various forms for years,” says Nate Lawson, principal with Root Labs. “There’s no perfect solution to this problem. The best thing to do is vary the scheme occasionally, based on what attackers are doing and try to keep Trojan software off PCs in the first place.”

SamRape 2.1

Dev Team — Thu, 17 Jul 2008 04:16:07 +0000

Lost your password for NT,2K,XP,2K3?
illwill from illmob.org created a DOS based floppy that you can boot with that will mount an ntfs drive and extract the SAM hashes from an NT based system. You can then use any cracking software or free hash cracking sites to recover your lost password.

You can download Sam Rape 2.1

Router Passwords

Dev Team — Thu, 12 Jun 2008 18:43:24 +0000

Having trouble remembering the default password to the router you setup and never changed any settings to because “it worked so i left it alone”? Well here’s a continuously updated list of default passwords.

http://www.phenoelit-us.org/dpl/dpl.html

TrillianView 1.0

Dev Team — Tue, 01 Apr 2008 02:12:01 +0000

TrillianView demo version is now available for download . This version will recover all your Trillian Messenger screen names and only the first 3 letters of your password. If you would like to purchase the full version for $4.99 USD , which shows the complete password, you can do so by choosing paypal or e-gold for payments in the links below.

Windows Password Recovery Tools

Dev Team — Fri, 14 Mar 2008 05:51:13 +0000

There are several ways to obtain password hashes, depending on their location and existing access. Password hashes can be obtained from SAM file or its backup, directly from local or remote computer registry, from registry or Active Directory on local or remote computer by means of DLL injection, from a network sniffer. The SAM file located in the %SystemRoot%\system32\config directory or %SystemRoot%\repair directory. It is also possible to recover the password itself from memory.

Here’s a few free tools to help you recover lost/unknown Windows passwords, most come with the source code included.

LCP 5.04 – user account passwords auditing and recovery in Windows NT/2000/XP/2003. Can get local or remote hashes and recovers by using
* dictionary attack;
* hybrid of dictionary and brute force attacks;
* brute force attack;

PWDump7 – A newer Windows password hash dumper using rootkit technology to inject and dump Windows password hashes. The resulting hashes can be then be cracked by a program such as John the Ripper(free),or SamInside(not free) or using Rainbow Tables

CachedPasswordDumper v1.3 – This program dumps the password to the screen from the account that is logged in at that time. Currently only Windows XP (up to SP1) and Windows 2003 Server (SP0) are supported. For WinNT/2K use Password Reminder

Alternatively you can boot from a Floppy or CD and use Offline NT Password & Registry Editor which allows you to reset your password to a blank password

CacheDump – The default behavior of Microsoft Windows domain members is to cache the last 10 different login credentials in the registry. Using a tool called CacheDump written by Arnaud Pilon you can dump the cached credentials to a file and this can be cracked with a plugin for john the ripper

PwDumpX 1.4 – is a tool that combines PWDump, Cachedump, and LSADump all in one tool. It allows a user with administrative privileges to
retrieve the domain password cache, password hashes and LSA secrets
from a Windows system