Password Cracker | MD5 Cracker | Wordlist Download

wifite r.68 - WEP/WPA Password Cracker for BT4

2011-09-24T11:27:00.000-07:00

Features:
* this project is available in French: all thanks goto Matt² for his excellent translation!
* sorts targets by power (in dB); cracks closest access points first
* automatically deauths clients of hidden networks to decloak SSIDs
* numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
* customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
* "anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
* all WPA handshakes are backed up to wifite.py's current directory
* smart WPA deauthentication -- cycles between all clients and broadcast deauths
* stop any attack with Ctrl+C -- options: continue, move onto next target, skip to cracking, or exit
* switching WEP attack methods does not reset IVs
* intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
* SKA support (untested)
* displays session summary at exit; shows any cracked keys
* all passwords saved to log.txt
* built-in updater: ./wifite.py -upgrade

Download: wifite download

Source: http://code.google.com/p/wifite/

oclHashcat-plus v.0.06 - GPU Password Cracker - Fastest WPA/WPA2 Password Cracker

2011-09-23T02:34:00.000-07:00

* Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker
* Worlds first and only GPGPU based rule engine
* Free
* Multi-GPU (up to 16 gpus)
* Multi-Hash (up to 24 million hashes)
* Multi-OS (Linux & Windows native binaries)
* Multi-Platform (OpenCL & CUDA support)
* Multi-Algo
* Low resource utilization, you can still watch movies or play games while cracking
* Focuses highly iterated modern hashes
* Focuses single dictionary based attacks
* Supports pause / resume while cracking
* Supports reading words from file
* Supports reading words from stdin
* Integrated thermal watchdog
* 20+ Algorithms implemented with performance in mind
* ... and much more

(View the source for list of algorithms)

Download: oclhashcat-plus download
User Manual

Source: http://hashcat.net/oclhashcat-plus/

Hashcat v.0.37 - CPU Password Cracker

2011-09-23T02:29:00.000-07:00

Features:
* Free
* Multi-Threaded
* Multi-Hash
* Linux & Windows native binaries
* Fastest cpu-based multihash cracker
* SSE2 accelerated
* All Attack-Modes except Brute-Force and Permutation can be extended by rules
* Very fast Rule-engine
* Rules mostly compatible with JTR and PasswordsPro
* Possible to resume or limit session
* Automatically recognizes recovered hashes from outfile at startup
* Can automatically generate random rules
* Load hashlist with more than 3 million hashes of any type at once
* Load saltlist from external file and then use them in a Brute-Force Attack variant
* Able to work in an distributed environment
* Specify multiple wordlists and also multiple directories of wordlists
* Number of threads can be configured
* Threads run on lowest priority
* 30+ Algorithms implemented with performance in mind
* ... and much more

(View source for list of hash types supported)

Download: Hashcat Download
User Manual

Source: http://hashcat.net/hashcat/

RecoverMyPass.com - WPA/NTLM Password Recovery

2011-09-21T13:33:00.000-07:00

*Recovers WPA & WPA2 wifi network passwords from an uploaded capture file
*Also recovers NTLM passwords from a given hash
*No automation - techniques for recovery are constantly improved and performed manually
*Current fee is £10.00 GBP (approximately $18 USD)
*Only pay if your password is found
*Useful for penetration testers and system admins alike

https://recovermypass.com/

oclHashcat GUI

2011-05-24T12:39:00.000-07:00

Features:
*Free
*Multi-OS (Linux & Windows native binaries)
*Multi-Platform (32-bit & 64-bit)
*Supports all hashcat implementations (hashcat, oclHashcat, oclHashcat-plus, oclHashcat-lite)
*Supports all platforms used by hashcat (CPU, OpenCL, CUDA)

Download: OclHashcat-GUI

Source: http://www.hashcat.net/hashcat-gui/

oclHashcat-plus v.0.04 - Multi Hash GPU Password Cracker

2011-05-20T12:25:00.000-07:00

Features:
*Worlds fastest md5crypt and phpass cracker
*Worlds first and only GPGPU based rule engine
*Free
*Multi-GPU (up to 16 gpus)
*Multi-Hash (up to 24 million hashes)
*Multi-OS (Linux & Windows native binaries)
*Multi-Platform (OpenCL & CUDA support)
*Multi-Algo (see below)
*Low resource utilization, you can still watch movies or play games while cracking
*Focuses highly iterated modern hashes
*Focuses single dictionary based attacks
*Supports pause / resume while cracking
*Supports reading words from file
*Supports reading words from stdin
*Integrated thermal watchdog
*... and much more

Algorithms Supported:
*MD5
*phpass, MD5(Wordpress), MD5(phpBB3)
*md5crypt, MD5(Unix), FreeBSD MD5
*MD4
*NTLM
*Domain Cached Credentials
*descrypt, DES(Unix), Traditional DES
*md5apr1, MD5(APR), Apache MD5

Runs on both Windows & Linux

Download: oclHashcat-Plus v.0.04
User Manual: oclHashcat-plus User Manual

Source: http://hashcat.net/oclhashcat-plus/

L517 v.0.98 - Wordlist Generator

2011-05-04T14:49:00.000-07:00

L517 is small (considering what it does), it is fast (considering it's a Windows app), and it is lightweight (when not loading astronomically large lists). A user-friendly GUI requires no memorization of command-line arguments!

L517 contains hundreds of options for generating a large, personalized, and/or generic wordlist. With L517, you can generate phone numbers, dates, or every possible password with only a few clicks of the keyboard; all the while, filtering unwanted passwords.

Beta testers have run L517 in Linux under Wine. The Visual Basic 6.0 Runtime Installer needs to be run in Wine before L517 can be executed.

Download: L517 Wordlist Generator

Source: http://code.google.com/p/l517/

oclHashcat-lite v.0.05 - GPU Single Hash Password Cracker / SL3 Unlocker

2011-04-30T16:12:00.000-07:00

Features:
* Worlds fastest MD4, MD5, SHA1, SHA256 and DES(Unix) password cracker
* Free
* Multi-GPU (up to 16 gpus)
* Multi-OS (Linux & Windows native binaries)
* Multi-Platform (OpenCL & CUDA support)
* Multi-Algo (see below)
* Low resource utilization, you can still watch movies or play games while cracking passwords
* Password masks
* Distributed cracking
* Pause / resume while cracking
* Sessions
* Restore
* Hex-salt
* Hex-charset
* Integrated thermal watchdog
* ... and much more

Algorithms:
* MD5
* md5($pass.$salt)
* md5(md5($pass))
* vBulletin < v3.8.5 * SHA1 * sha1($pass.$salt) * MySQL > v4.1
* MD4
* NTLM
* Domain Cached Credentials
* MSSQL
* SHA256
* DES(Unix)
* SL3
* Oracle 11G

Download: oclHashcat-lite

Source: Hashcat.net

John The Ripper v.1.7.7 - CPU Multi Hash Password Cracker

2011-04-28T13:08:00.000-07:00

The following patches are now applied:
john-1.7.6-jumbo-12-alainesp-nt-scale-1.diff - speedup, by Alain Espinosa
john-1.7.6-jumbo-12-hash_sizes.diff - speedup, by magnum
john-1.7.6-jumbo-12-wordistfix.patch - bugfix, by Joshua J. Drake
mkv-warnings-fix.diff - compiler warnings fix, by Dhiru Kholia
rawSHA1_fmt_faster-1.diff - speedup, by JimF

Benchmarks:
On one CPU core (non-OpenMP build):

Benchmarking: Traditional DES [128/256 BS AVX]... DONE
Many salts: 4819K c/s real, 4867K c/s virtual
Only one salt: 4080K c/s real, 4080K c/s virtual

-omp-des-4 (better suited for multi-salt; on 4 cores, 8 threads):

Benchmarking: Traditional DES [128/256 BS AVX]... DONE
Many salts: 19243K c/s real, 2429K c/s virtual
Only one salt: 9682K c/s real, 2060K c/s virtual

-omp-des-7 (better suited for single-salt; on 4 cores, 8 threads):

Benchmarking: Traditional DES [128/256 BS AVX]... DONE
Many salts: 17006K c/s real, 2358K c/s virtual
Only one salt: 14404K c/s real, 2211K c/s virtual

Complete list of changes: JTR - 1.7.7 Changes

Download: JTR v1.7.7

Cain & Abel v.4.9.40 - CPU Password Cracker

2011-04-18T13:15:00.000-07:00

Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security application vendors, professional penetration tester and everybody else that designs to make use of it for ethical reasons. The author won't help or support any illegal activity done with this program. Be warned that there is the chance that you will cause damages and/or loss of information using this application and that in no events shall the author be liable for such damages or loss of information. carefully read the License Agreement included in the program before using it.

Cain & Abel is a password cracker device for Microsoft Operating Systems. It allows simple recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis assaults, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any application vulnerabilities or bugs that could not be fixed with little work. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.

The latest version is faster and contains lots of new features like APR (Arp Poison Routing) which allows sniffing on switched LANs and Man-in-the-Middle assaults. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a variety of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force password crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis assaults, password decoders and some not so common utilities related to network and method security.

Download: Cain & Abel v.4.9.40

Source: http://www.oxid.it/cain.html

Hashcat, oclHashcat, & oclHashcat+ GUI

2011-04-18T12:57:00.000-07:00

Not released yet (will be soon), but screenshots found here:
hashcat gui sneekpeak (sch0.org)

oclHachcat-lite v.0.03 - Multi Hash GPU Password Cracker

2011-04-18T12:55:00.000-07:00

Features:
* Worlds fastest MD4, MD5, SHA1 and SHA256 cracker
* Free
* Multi-GPU (up to 16 gpus)
* Multi-OS (Linux & Windows native binaries)
* Multi-Platform (OpenCL & CUDA support)
* Multi-Algo (see below)
* Low resource utilization, you can still watch movies or play games while cracking
* Password masks
* Distributed cracking
* Pause / resume while cracking
* Sessions
* Restore
* Hex-salt
* Hex-charset
* Integrated thermal watchdog
* ... and much more

Algorithms:
* MD5
* md5($pass.$salt)
* md5(md5($pass))
* vBulletin < v3.8.5 * SHA1 * sha1($pass.$salt) * MySQL > v4.1
* MD4
* NTLM
* Domain Cached Credentials
* SHA256

Download: oclHachcat-lite v.0.03

Source: http://hashcat.net/oclhashcat-lite/

Online MD5 'Decrypter' Project

2011-04-15T14:55:00.000-07:00

I'm working on a system similar to the one found here: http://md5decrypter.co.uk/
The obvious goal is a high success rate in comparison to amount of entries.
For this i have developed ways to extract and mangle commonly used passwords with the aid of many studies to include in the database. Searches, in theory, should be fast as well.
If you have any ideas or comments on this project, or you would like to beta test it, feel free to email me.

oclHashcat-lite Leak

2011-04-04T15:42:00.000-07:00

It appears that the beta application the oclHashcat creator was working on was leaked by one of the beta testers. He is attempting to sell the unstable product in hopes of making a quick buck at any customers misfortune. Surely without any money-back guarantees, you not only get the oclhashcat-lite program (used as a SL3 unlocker) but also "sporadic" hash findings - chance of 50% success rate (where there should be 100%), No restore, so if you need to pause your session for a quick restart you will have to restart the entire process over again - a several day long process, and no support for the HD5970, since opencl on this card does not work yet under windows.
The creator, Atom, plans to release this tool when its fully stable for no charge whatsoever. (Which should be soon!)

Source: http://hashcat.net/forum/thread-345.html

MOSCrack - Distributed WPA Password Cracker

2011-04-04T15:22:00.000-07:00

Moscrack is a perl application designed to facilitate cracking WPA keys/passwords on a cluster of computers. This is accomplished with Mosix clustering software and/or simple ssh connectivity. Cluster nodes can run any Un*x variant (including Cygwin).

Download: MOSCrack - Distributed WPA Cracker

Source: http://sourceforge.net/projects/moscrack/

wifite - wep/wpa cracker for backtrack4

2011-03-10T10:47:00.000-08:00

Features:
*this project is available in French: all thanks goto MattÂ² for his excellent translation!
*sorts targets by power (in dB); cracks closest access points first
*automatically deauths clients of hidden networks to decloak SSIDs
*numerous filters to specify exactly what to assault (wep/wpa/both, above positive signal strengths, channels, etc)
*customizable settings (timeouts, packets/sec, channel, modify mac address, ignore fake-auth, etc)
*"anonymous" feature; changes MAC to a random address before attacking, then changes back when assaults are complete
*all WPA handshakes are backed up to wifite.py's current listing
*smart WPA deauthentication -- cycles between all clients and broadcast deauths
*stop any assault with Ctrl+C -- options: continue, move onto next target, skip to cracking, or exit
*switching WEP assault methods does not reset IVs
*intel 4965 chipset fake-authentication support; makes use of wpa_supplicant workaround
*SKA support (untested)
*displays session summary at exit; shows any cracked keys
*all passwords saved to log.txt
*built-in updater: ./wifite.py -upgrade

Installation Instructions:
http://code.google.com/p/wifite/
(Only works on Backtrack 4)

Download: wifite - wep/wpa cracker for backtrack4

Source: http://code.google.com/p/wifite/

HashCat v.0.36 - Multi Hash CPU Password Cracker

2011-02-15T11:37:00.000-08:00

Features:
*Free
*Multi-Threaded
*Multi-Hash
*Linux & Windows native binaries
*Fastest cpu-based multihash cracker
*SSE2 accelerated
*All Attack-Modes except Brute-Force and Permutation can be extended by rules
*Very fast Rule-engine
*Rules mostly compatible with JTR and PasswordsPro
*Possible to resume or limit session
*Automatically recognizes recovered hashes from outfile at startup
*Can automatically generate random rules
*Load hashlist with more than 3 million hashes of any type at once
*Load saltlist from external file and then use them in a Brute-Force Attack variant
*Able to work in an distributed environment
*Specify multiple wordlists and also multiple directories of wordlists
*Number of threads can be configured
*Threads run on lowest priority
*30+ Algorithms implemented with performance in mind
*... and much more

Algos:
*MD5
*md5($pass.$salt)
*md5($salt.$pass)
*md5(md5($pass))
*md5(md5(md5($pass)))
*md5(md5($pass).$salt)
*md5(md5($salt).$pass)
*md5($salt.md5($pass))
*md5($salt.$pass.$salt)
*md5(md5($salt).md5($pass))
*md5(md5($pass).md5($salt))
*md5($salt.md5($salt.$pass))
*md5($salt.md5($pass.$salt))
*md5($username.0.$pass)
*md5(strtoupper(md5($pass)))
*SHA1
*sha1($pass.$salt)
*sha1($salt.$pass)
*sha1(sha1($pass))
*sha1(sha1(sha1($pass)))
*sha1(strtolower($username).$pass)
*MySQL
*MySQL4.1/MySQL5
*MD5(Wordpress)
*MD5(phpBB3)
*MD5(Unix)
*SHA-1(Base64)
*SSHA-1(Base64)
*SHA-1(Django)
*MD4
*NTLM
*Domain Cached Credentials
*MD5(Chap)
*MSSQL
*SHA256
*MD5(APR)
*SHA512
*SHA-512(Unix)

Download: HashCat v.0.36 - Multi Hash CPU Cracker

Source: http://hashcat.net/hashcat/

oclHashCat v.0.24 - Multi Hash GPU Password Cracker

2011-01-20T07:56:00.000-08:00

Features:
* Free
* Multi-GPU (up to 16 gpus)
* Multi-Hash (up to 24 million hashes)
* Multi-OS (Linux & Windows native binaries)
* Multi-Platform (OpenCL & CUDA support)
* Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
* Fastest multihash MD5 cracker on NVidia cards
* Fastest multihash MD5 cracker on ATI 5xxx cards
* Supports wordlists (not limited to Brute-Force / Mask-Attack)
* Combines Dictionary-Attack with Mask-Attack to launch a Hybrid-Attack
* Runs very cautious, you can still watch movies or play games while cracking passwords
* Supports pause / resume
* The first and only GPU-based Fingerprint-Attack engine
* Includes hashcats entire rule engine to modify wordlists on start
* ... and much more

Algorithms:
* MD5
* md5($pass.$salt)
* md5($salt.$pass)
* md5(md5($pass))
* md5(md5($pass).$salt)
* SHA1
* sha1($pass.$salt)
* sha1($salt.$pass)
* MySQL
* MySQL4.1/MySQL5
* MD4
* NTLM
* Domain Cached Credentials

Huge improvement on multi-hash cracking - see the details here: http://hashcat.net/forum/thread-249.html

Download: oclHashCat v.0.24 - Multi Hash GPU Cracker

Source: http://hashcat.net/oclhashcat/

Unrarhp - RAR -hp Password Cracker

2010-12-20T10:29:00.000-08:00

unrarhp is a Unix command line brute forcer to recover the passwords of RAR archives encrypted with the RAR 3.x "-hp" option. This option, contrary to "-p", also encrypts the block headers & protects metadata such as filenames, etc. As of June 2010, unrarhp is the only RAR "-hp" brute forcer that is open source & free.

Download: Unrarhp - RAR -hp Password Cracker

Source: http://www.zorinaq.com/projs.html

Cell-BF - PS3 DES Password Cracker

2010-12-14T13:19:00.000-08:00

cell-bf is A UNIX crypt() password bruteforcing tool developed and optimized for the Cell B.E. processor. The major advance resides in a new set of bitslice DES "S-Box circuits" that average 45.5 gates per S-box by using all the logical instructions of the SPU ISA. This allows the bruteforcer to fully exploit the SPU cores of the Cell processor.

Download: Cell-BF - PS3 DES Cracker

Source: http://www.zorinaq.com/projs.html

Whitepixel - ATI MD5 BruteForcer

2010-12-14T13:06:00.000-08:00

Whitepixel is an open source (GPLv3) GPU-accelerated password hash auditing software for AMD/ATI graphics cards. It is currently the world's fastest single-hash MD5 brute forcer.
* For AMD Radeon HD 5000 series and above
* Multi-GPU support (tested with 8 GPUs)
* Best MD5 implementation: uses bitalign IL instruction, BFI_INT native instruction, reversing
* Open source: GPLv3
* Basic configurable charsets

Download: Whitepixel - ATI MD5 BruteForcer

Source: http://whitepixel.zorinaq.com/

WPA Wordlist Download - 13GB

2010-12-13T20:42:00.000-08:00

Looks like my wordlists got compiled into a large collection of wpa wordlists for download - well worth the bandwidth. =)
Since it's a wpa wordlist, everything below 8 chars long was removed, which is bad for other practical uses - unless you bruteforce everything to the length of 8.

Please note that i did not create this wpa wordlist torrent.

Download (torrent): WPA Wordlist - 13GB

More wordlists (not just for wpa) can be found here: More wordlist downloads

Cryptohaze Multiforcer v.0.72

2010-12-13T13:30:00.000-08:00

The Cryptohaze Multiforcer is a high performance multihash brute forcer with support for per-position character sets, plus excellent performance scaling when dealing with giant hash lists. As an example, on a list of 10 hashes, the Cryptohaze Multiforcer achieves 390M steps per second on a GTX260/216SP@1.24ghz card. On a list of 1.4 million hashes with the same card, performance drops to 380M steps per second. This is the password stepping rate - not the search rate. The search rate is 380M * 1.4M passwords per second!

Download for Linux 32/64: CUDA-Multiforcer-Linux-0.72

Download for Win64: CUDA-Multiforcer-Windows-0.72

Download for MacOS - Intel: CUDA-Multiforcer-Mac-0.72

Source: http://www.cryptohaze.com/multiforcer.php

Hashcat v.0.35 - Hash Password Recovery

2010-12-13T13:13:00.000-08:00

* Free
* Multi-Threaded
* Multi-Hash
* Linux & Windows native binaries
* quickest cpu-based multihash cracker
* SSE2 accelerated
* All Attack-Modes except Brute-Force and Permutation can be extended by rules
* quick Rule-engine
* Rules mostly compatible with JTR and PasswordsPro
* feasible to resume or limit session
* Automatically recognizes recovered hashes from outfile at startup
* Can automatically generate random rules
* Load hashlist with over 3 million hashes of any type at once
* Load saltlist from external file and then use them in a Brute-Force Attack variant
* Able to work in an distributed environment
* Specify multiple wordlists and also multiple directories of wordlists
* Number of threads can be configured
* Threads run on lowest priority
* 30+ Algorithms implemented with performance in mind
* and more

Source: http://hashcat.net/hashcat/

Download: Hashcat v.0.35 - Hash Password Recovery
Hashcat GUI: http://hashcat.net/files/hashcat-gui-0.2.453.rar

The First Public DES Collision

2010-11-05T11:46:00.000-07:00

This is the first publicly known DES crypt() hashing algorithm collision 05/Nov/2010.

hiH9IOyyrrl4k:cqjmide
hiH9IOyyrrl4k:ifpqgio

A collision occurs when two different plaintexts encrypted produce the same hash string. It was discovered by a student James M. Hall on a single CPU thread overnight
to prove that we should move away from this hashing algorithm if not already to one that is salted, heavily iterated and has a larger keyspace such as SHA-512(Unix).

Source: http://slashdot.org/submission/1381082/Traditional-DES-collision