What is password cracking?

John the Ripper is another password cracker software for Linux, MAC. Ophcrack is a brute force software that is available to the Mac users. Aircrack-ng This is a popular wireless password-cracking tool available for free.

Password cracking process involves recovering a password from storage locations or from data, transmitted by a computer system on network. Password cracking term refers to group of techniques used to get password from a data system.

Purpose and reason of password cracking includes gaining an unauthorized access to a computer system or it can be recovery of forgotten password. There might be another reason of using password cracking technique that is for testing password strength so hacker could not hack into system.

Password cracking is normally performed thought repetitive process in which computer applies different combinations of password till the exact match.

Brute Force Password Cracking:

Term brute force password cracking may also be referred as brute force attack. Brute force password cracking is respective process of guessing password, in this process software or tool creates a large number of password combinations. Basically it’s a trail-and-error technique used by software to obtain password information from system.

A brute force attack are normally used by hackers when there is no chance of taking advantage of encrypted system weakness or by security analysis experts to test an organization’s network security .This method of password cracking is very fast for short length passwords but for long length passwords dictionary attack technique is normally used.

Time taken by brute force password cracking software to crack password is normally depend upon speed of system and internet connection.

GPU Password Cracking:

GPU is graphics processing unit, sometimes also called visual processing unit. Before talking about GPU password cracking we must have some understanding about hashes. When user enter password the password information stored in form of computer hashes using the one-way hashing algorithm.

In this password cracking technique using GPU software take a password guess and look through hashing algorithm and compare it or match it with the existing hashes till the exact match.

GPU can perform mathematical functions in parallel as GPU have hundreds of core that gives massive advantage in cracking password. GPU is much faster than CPU so that’s the reason of using GPU instead of CPU.

CUDA Password Cracking:

CUDA Compute Unified Device Architecture is a model for programming and a platform that perform computations in parallel, created by NVIDIA for graphic processing.

CUDA Password cracking includes cracking passwords using Graphics card which have GPU chip, GPU can perform mathematical functions in parallel so the speed of cracking password is faster than CPU.GPU have many 32bit chips on it that perform this operation very quickly.

We can easily access CUDA through libraries, directives and with the help of different programming languages that includes C, C++ and FORTRAN.

Password Cracking Tools

Given below is the list of Top10 Password cracking tools.

1. Cain and Abel : Top password cracking tool for Windows

Cain & Abel is one of the top cracking tool for password cracking and password recovery for Windows OS.

Cain & Abel can use techniques of Dictionary Attack, Brute-Force and Cryptanalysis attacks to crack encrypted passwords. So it only uses the weakness of system to crack password. GUI Interface of software is very simple and easy to use. But have availability limitation, tool only available for window based systems .Cain & Abel tool have many good features some of the features of tool are discussed below:

Features of Cain & Abel:

• Used for WEP (Wired Equivalent Privacy) cracking
• Have ability to record conversation over IP
• Cab be used as Network Password Sniffer
• Ability to resolve addresses IP to MAC.
• Can crack verity of hashes including LM and NT hashes, IOS and PIX hashes, RADIUS hashes, RDP passwords, and lots more than that.

Site for Download:

2. John the Ripper : Multi-platform, Powerful, Flexible password cracking tool

John the Ripper is a free multi or cross platform password cracking software. Its called multi platform as it combines different password cracking features into one package.

It’s primarily used to crack weak UNIX passwords but also available for Linux, Mac, and Windows. We can run this software against different password encryptions including many password hashes normally found in different UNIX versions. These hashes are DES, LM hash of Windows NT/2000/XP/2003, MD5, and AFS.

Features of John the Ripper

• Supportive with Brute force password cracking and dictionary attacks
• Multi platform
• Available free for use
• Pro version is also available with additional features

Site for Download:

3. Aircrack : Fast and effective WEP/WPA cracking tool

Aircrack is a combination different tools used for Wifi, WEP and WPA passwords cracking. With the help of these tools you can crack WEP/WPA passwords easily and effectively

Brute force, FMS attack, and dictionary attacks techniques can be used to crack WEP/WPA passwords. Basically it collects and analyzes encrypted packets then using its different tool crack password out of the packets. Although aircrack is available for Windows but there are different issues with this software if we use this in Windows environment, so it’s best when we use it in Linux environment.

Features of Aircrack

• Supportive with both Brute force and dictionary attacks cracking techniques
• Available for Windows and Linux
• Available in live CD

Site for Download:

4. THC Hydra : Multiple services supportive, Network authentication cracker

THC Hydra is a supper fast network password cracking tool. It uses network to crack remote systems passwords.

It can be used to crack passwords of different protocols including HTTPS, HTTP, FTP, SMTP, Cisco, CVS, SQL, SMTP etc. It will give you option that you may supply a dictionary file that contains list of possible passwords. It’s best when we use it in Linux environment.

Features of THC Hydra

• Fast cracking speed
• Available for Windows, Linux ,Solaris and OS X
• New modules can be added easily to enhance features
• Supportive with Brute force and dictionary attacks

Site for Download:

https://www.thc.org/thc-hydra/

5. RainbowCrack : New Innovation in Password Hash Cracker

RainbowCrack software uses rainbow tables to crack hashes, in other words we can say it uses process of a large-scale time-memory trade for effective and fast password cracking.

Large-scale-time-memory-trade-off is a process of computing all hashes and plain text using a selected hash algorithm. After calculations, obtained results are stored in the tables called rainbow table. Process of creating rainbow tables is very time consuming but when its done software works very fast.

Password cracking using rainbow table is faster than the normal brute force attack method. It’s available for Linux and Windows operating system.

Features of Rainbow Crack

• Support verity of Rainbow tables
• Runs on Windows (XP/Vista/7/8) and Linux operating systems (x86 and x86_64)
• Simple in use

Site for Download:

6. OphCrack : Tool for Windows password cracking

OphCrack used to crack Windows user passwords with the help of rainbow tables that are available in a bootable CD.

Ophcrack is completely free to download, Windows based password cracker that uses rainbow tables to crack Windows user passwords. It normally cracks LM and NTLM hashes. Software has simple GUI and can runs on different platforms.

Features of OphCrack

• Available for Windows but also available for Linux, Mac, Unix, and OS X
• Uses for LM hashes of Windows and NTLM hashes of Windows vista.
• Rainbow tables available free and easily for Windows
• To simplify the process of cracking Live CD is available

Site for Download:

http://ophcrack.sourceforge.net/

7. Brutus : A brute force attack cracker for remote systems

Brutus is the fastest, most flexible, and most popular software used to crack remote system passwords. It guess password through applying different permutations or by using a dictionary.

It can be used for different network protocols including HTTP, FTP, IMAP, NNTP and other types such as SMB, Telnet etc. It also gives you facility of creating your own authentication type. It also includes extra options of load and resume, so process can be paused when required and you can resume process when you want.

It is only available for windows operation systems. Tool has a limitation that it has not been updated since 2000.

Features of Brutus

• Available for Windows
• Can be used with different network protocols
• Tool have many good extra features
• Support SOCK proxy for all types of authentications
• Capability of error handling and recovery
• Authentication engine is multi stage

Site for Download:

8. L0phtCrack : Smart tool for Windows password recovery

Just like OphCrack tool L0phtCrack is also a Windows passwords recovery tool uses hashes to crack passwords, with extra features of Brute force and dictionary attacks.

It normally gains access to these hashes from directories, network servers, or domain controllers. It is capable of doing hash extraction from 32 & 64 bit Windows systems, multiprocessor algorithms, scheduling, and can also perform decoding and monitoring networks. Yet it is still the easiest to use password auditing and recovery software available.

Features of L0phtCrack

• Available for Windows XP, NT, 2000, Server 2003,and Server 2008
• Can work in both 32- and 64-bit environments
• Extra feature of schedule routine auditing on daily, weekly, monthly bases
• After run it provide complete Audit Summary in report page

Site for Download:

9. Pwdump : Password recovery tool for Windows

Pwdump is actually different Windows programs that are used to provide LM and NTML hashes of system user accounts.

Pwdump password cracker is capable of extracting LM, NTLM and LanMan hashes from the target in Windows, in case if Syskey is disabled, software has the ability to extract in this condition.

Software is update with extra feature of password histories display if history is available. Extracted data will be available in form that is compatible with L0phtcrack.

Recently software is updated to new version called Fgdump as Pwdump not work fine when any antivirus program is running.

Features of Pwdump

• Available for Windows XP, 2000
• Powerful extra feature are available in new version of Pwdump
• Ability to run multithreaded
• It can perform cachedump (Crashed credentials dump) and pstgdump (Protected storage dump)

Site for Download:

10. Medusa : Speedy network password cracking tool

Medusa is remote systems password cracking tool just like THC Hydra but its stability, and fast login ability prefer him over THC Hydra.

It is speedy brute force, parallel and modular tool. Software can perform Brute force attack against multiple users, hosts, and passwords. It supports many protocols including AFP, HTTP, CVS, IMAP, FTP, SSH, SQL, POP3, Telnet and VNC etc.

Medusa is pthread-based tool, this feature prevent unnecessarily duplicate of information. All modules available as an independent .mod file, so no modification is required to extend the list that supports services for brute forcing attack.

Features of Medusa

• Available for Windows, SunOS, BSD, and Mac OS X
• Capable of performing Thread based parallel testing
• Good feature of Flexible user input
• Due to parallel processing speed of cracking is very fast

Site for Download:

Introduction :

In the world of cybercrime, Brute force attacks have become very popular as the number of attacks in a day is counted from thousands to several million.

Brute force is a trial and error method for cracking the username or password for a particular account. It creates a lot of combinations and keeps on guessing the password or the username until both the aspects form a perfect combination.

It is also known as Brute force or Brute force cracking, and the technique is exclusively used for cracking password or usernames of a target account.

Basically, a lot of combinations are tried until you get the right password. But it is not as simple as it sounds, even an ATM cards pin or mobile phones pin has a minimum of 4 characters which are a combination of numbers, so here the possibility will be a total of 9000 attempts, but do you really think that you will be getting so many attempts before you get locked down.?

When it comes to attempting for the right password, you might have noticed with facebook or Gmail that it gives you a maximum of 4 attempts after which you get locked down, In some cases the lockdown is carried for 24-48 hours however if the security is high there are chances that you may lose your account.

Let us make it simpler for you. Let us imagine a password having 8 characters which can be alphanumeric.

By calculating the number of characters which is 26 Uppercase and 26 lower case letters along with 10 digits making it 62 in total. For an 8 character password, the number combination will be 628 which is around 218 trillion combinations, taking it one try per second will be 7 million years for trying all the combination and I am sure no one is going to live that long.

If you have supercomputer which can make which can make at the least 1000000000 tries in a second then the password can be cracked in 22 seconds which is practically impossible unless you have a supercomputer.

If you think that it is the only type of attack that can reveal the password, you are wrong, there is another one which works the same way but with reverse phenomenon, which is Reverse Brute force attacks.

A reverse brute force attack is the same phenomenon which is widely used for password cracking, but there is a small change, this is used when you know the password and you will have to guess the username, but this is not similar to Brute force attack where you will have to guess millions of combinations before finding the right working combination.

Aircrack-Ng :

Aircrack Ng is a popular tool used for password cracking, It uses the WEP/WPA/WPA2 protocol for Wifi 802.11. If you under a brute force attack you should know that password cracking mainly depends on the dictionary of the password combination available on the cracking tool. More effective the dictionary, sooner are the chances of cracking the password.

This tool is available on Windows and Linux Operating systems, However it is also imported to run on Android and iOS platforms as well. You can download the tool from the official website

John The Ripper :

This is another popular tool used for password cracking, Next to Aircrack, John the Ripper is the second most widely used tool for Brute force attacks.

This tool was first developed only for Unix systems, due to the sudden gain in popularity, developers started working on different operating systems and today it is available on more than 10 widely used operating systems including Windows, DOS, Linux, BeOS and many more.

This tool normally performs password cracking using all the combinations of alphabets and numbers, but if you on a dictionary attack, it can use the dictionary of password to perform a dictionary attack.

This tool can be downloaded here

Rainbow Crack :

Rainbow crack is another tool used by most of the hackers in cracking password, this tool is famous for the rainbow tables of combinations to perform attacks,

Rainbow tables are a precomputed set of values or combinations that reduce the time taken to crack a password.

This application is still active and is available only on Windows and Linux platforms,

The tool can be downloaded from the link : http://project-rainbowcrack.com/

Cain and Abel :

This is a popular and multi-tasking tool for hackers, Similar to the tools discussed above, this tool helps in cracking password and also dictionary attacks.

You should know that this tool is recognised as malware by most of the Antivirus software. Make sure you turn off Antivirus if you are installing the tool.

As the tool is labelled as a multitasking tool, below are some of the known features which can be performed using Cain and Abel.

• Network Sniffing
• Dictionary attacks
• Decoding passwords
• Analysing routing protocols
• Recovering network keys

Click here to download the tool.

HashCat :

A lot of hackers claim that Hashcat is the fastest CPU based tool for cracking passwords, This tool is available for free and is available on Linux, Windows and MAC OS versions.

The speciality of this tool is that it supports all the hashing algorithms like LM hashes, SHA-family, MD4, MD5 etc. Also, you should know that this tool is not only used for Brute force attacks but also used for Dictionary attacks, fingerprint attacks, Mask attacks and many more.

This tool can be downloaded from the official website.

NCrack :

We have discussed a lot of tools that work on common Operating system platforms. This tool gained popularity for being usable on RDP, SSH, FTP, SMB and other platforms.

This tool also supports all the versions of Linux, BSD, Windows operating systems.

SAM Inside :

SAM inside is another popular tool used for cracking Windows OS passwords, It is similar to tools like Ophcrack or Lophtcrack. This tool can crack around 10 million passwords in a second if you have a computer with good speed and high-end configuration. This tool supports over 400 hashing algorithms including SHA-family, MD4, MD5 and many more.

This tool can be downloaded here

Dave Grohl :

Dave Grohl is a popular password hacking tool for MAC OS and supports This is an open all versions of MAC, This is a specialised tool for brute force attacks and dictionary attacks as well. It is so advanced that it can be performed from multiple computers to attack or work on a single hash code. This is a open source application and all the source codes are available here

Simple Steps to prevent Brute Force Attacks :

Password Length : Always make sure that you set a password strong enough from being hacked and which can be remembered easily, Do not keep your birthdays, pet names, phone numbers which can be easily guessed.

Password Complexity : Complexity of the password can be measured by the number of characters and the combinations used. Nowadays it is recommended to have a password of 8-15 characters, which includes the use of alphabets( upper and lower cases ), numbers and special characters.

Limited Login attempts : This is the best feature developed till date which helps you keep your account safe, Social media applications like Facebook, Instagram and Email services like Gmail have already got this feature in use.

This feature locks you down from your own account if you exceed the number of failed login attempts, the criteria can be either Username or the password, if the combinations do not match, the account will be locked. Some accounts get locked for a few hours a whereas some go up to 24-48 hours.

Two-Factor Authentication : This is another unique way of protecting your account from brute force attacks, Two Factor authentication helps in being logged into your account using 2 ways, For example, Gmail uses two-factor authentication using the password and your phone number.

Whenever you are logged into your account from a new network or a different device, it sends you a code to your phone number which has to be validated and you will be able to proceed.

Using a strong encrypted VPN : Virtual private networks are more commonly used when you want to secure your connection, Nowadays it is widely observed that VPN is used for accessing Geo-restricted sites, but that is not actually VPNs were introduced for. Once you are connected to a VPN server, all your browsing activities are channeled through a 256 bit encrypted tunnel which takes millions of years to bypass.

Conclusion :

Brute Force cracking is the best possible password cracking method, practically being impossible on a normal computer, it is still recommended to have a strong and lengthy password with all the combinations like alphabets, numbers and special characters, It does not avoid a brute force attack but surely makes it tough and time consuming further. Another solution will be using a VPN service to completely encrypt your connection. With the likes of LimeVPN, rest assured that all your data will be secure as LimeVPN uses a 256 bit military grade encryption on their servers.

Any suggestions or doubts, write to us in comments.

Rachael Chapman

A Complete gamer and a Tech Geek. Brings out all her thoughts and love in writing blogs on IOT, software, technology etc