The main features of hashcat are:

* It is free.
* Native binaries for Linux and Windows.
* Multi-threaded.

* Supports the following hashes:

* MD5
* md5($pass.$salt)
* md5($salt.$pass)
* md5(md5($pass))
* md5(md5(md5($pass)))
* md5(md5($pass).$salt)
* md5(md5($salt).$pass)
* md5($salt.md5($pass))
* md5($salt.$pass.$salt)
* md5(md5($salt).md5($pass))
* md5(md5($pass).md5($salt))
* md5($salt.md5($salt.$pass))
* md5($salt.md5($pass.$salt))
* md5($username.0.$pass)
* md5(strtoupper(md5($pass)))
* SHA1
* sha1($pass.$salt)
* sha1($salt.$pass)
* sha1(sha1($pass))
* sha1(sha1(sha1($pass)))
* MySQL
* MySQL4.1/MySQL5
* MD5(Wordpress)
* MD5(phpBB3)
* MD5(Unix)
* SHA-1(Base64)
* SSHA-1(Base64)

* Supports the following attacks:

* Straight-Words Attack
* Combination-Words Attack
* Toggle-Case Attack
* Brute-Force Attack

* All Attack-Modes except Brute-Force can be extended by Hybrid-Attack rules.
* Hybrid-Attack engine is mostly compatible with JTR / PasswordsPro.
* Possible to resume or limit session.

It also has some special features:

* Automatically recognizes already recovered hashes from outfile at startup.
* Automatically generate random rules for Hybrid-Attack.
* Load hashlist that include more than 3 million hashes of any supported type at once.
* Load saltlist from external file and then use them in a Brute-Force Attack variant.
* Able to work in an distributed environment.

There are some more things you should know:

* You can specify multiple wordlists and also multiple directories of wordlists.
* Number of threads can be configured.
* Threads run on lowest priority.

Get It Here: hashcat

src: arstechnica.com

These start-up modes include booting from an install DVD and resetting the password, using Target Disk Mode to use your Mac as an external hard disk, or booting into Unix-style Single User Mode.

There is a way to protect your computer by setting a firmware password. The password is written into the computer’s firmware chips on the motherboard and if anyone tries to use a special start-up mode, they will be prompted for that password.

Apple provides a utility for setting a firmware password called Firmware Password Utility.

For Mac OS X 10.5.x, start from the Leopard Install DVD and choose Firmware Password Utility from the Utilities menu.

1. Click to select the checkbox for “Require password to change Open Firmware settings”, as shown below.

2. Type your password in the Password and Verify fields.

3. Click OK

4. Click lock icon to prevent further changes

5. Choose Quit from the application menu

Now, if anyone attempts to use any of the special start-up modes, they will be prompted for the firmware password you set.

via: mac101.net

ElcomSoft has released a new version its Distributed Password Recovery program for recovering system and document passwords at speeds of up to 1 billion passwords per second. Among the passwords the software can recover are system passwords such as NTLM (Windows logon passwords) and startup passwords, MD5 hashes, password-protected documents created by Microsoft Office 97-2007, PDF files created by Adobe Acrobat, as well as PGP, UNIX, and Oracle.

What’s interesting about the ElcomSoft approach is that the company is using multiple GPU-based video cards such as NVIDIA’s GeForce GTX280 in parallel to process hundreds of billions fixed-point calculations per second. This means, says ElcomSoft, that this release of the Distributed Password Recovery program can try around 5,000 passwords per second for Office 2007 documents with a single GeForce GTX260, while regular Core2Duo processors can only try up to 200 passwords per second.

ElcomSoft claims that all users have to do is insert into a PC video cards (like the GeForce GTX280) to take advantage of the capabilities. Unlike NVIDIA SLI mode (Scan Line Interleaving) that enables transparent use of multiple GPUs, ElcomSoft uses the computational power of several NVIDIA cards no matter if they are of the same kind. Currently supporting all GeForce 8 and GeForce 9 boards, the acceleration technology offloads parts of computational-heavy processing onto the fast and highly scalable processors featured in the NVIDIA’s graphic accelerators.

The acceleration technology developed by ElcomSoft allows the execution of mathematically intensive password recovery code on the massively parallel computational elements found in NVIDIA graphic accelerators. The GPU acceleration is unique to Elcomsoft Distributed Password Recovery, making password recovery up to 50 times faster compared to password recovery methods that only use the computer’s main CPU.

The password checking routine of DriveCrypt fails to sanitize the BIOS keyboard buffer before AND after reading passwords.

Affected Software

Secu Star’s DriveCrypt Plus Pack v3.9 (possibly other versions also)

Technical Description

DriveCrypt’s pre-boot authentication routines use the BIOS API to read user input via the keyboard. The BIOS internally copies the keystrokes in a RAM structure called the BIOS Keyboard buffer inside the BIOS Data Area. This buffer is not flushed after use, resulting in potential plain text password leakage once the OS is fully booted, assuming the attacker can read the password at physical memory location 0×40:0×1e. It is also possible for a root user to reboot the computer by instrumenting the BIOS keyboard buffer in spite of the full disk encryption.

Impact

1) Plain text password disclosure. Required privileges to perform this operation are OS dependant, from unprivileged users under Windows (any), to root under most Unix. 2) A privileged attacker able to write to the MBR and knowing the password (for instance thanks to 1), is able to reboot the computer in spite of the password prompted at boot time (and in spite of disk encryption) by initializing the BIOS keybaord buffer with the correct password (using an intermediary bootloader that will in turn run DriveCrypt).

Full Technical Whitepaper

http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html

Features:
» Runs on Windows, Linux/Unix, Mac OS X, …
» Cracks LM and NTLM hashes.
» Free tables available for Windows XP and Vista.
» Brute-force module for simple passwords.
» LiveCD available to simplify the cracking.
» Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.

Starting with version 2.3, Ophcrack also cracks NT hashes. This is necessary if generation of the LM hash is disabled (this is default for Windows Vista), or if the password is longer than 14 characters (in which case the LM hash is not stored).

Download