Password cracking process consists of recovering a password from information or data storage locations, transmitted by a networked computer system. The term password cracking refers to the group of techniques used to obtain the password of a data system.
Purpose and reason of password cracking includes gaining unauthorized access to a computer system or it can be forgotten password recovery. There may be another reason to use the technique which is to test the password strength so that no hacker could hack into the password system.
Password cracking is normally done by repetitive thinking, a process in which a computer applies different password combinations until an exact match.
Brute force password cracking:
The term brute force password cracking can also be referred to as a brute force attack. Brute force passwords the respective process of guessing the password, in this process the software or tool creates a large number of password combinations. It is basically a trial and error technique used by software to obtain system password information.
Brute force attacks are typically used by hackers when there is no chance to exploit weaknesses in the encryption system or by security analysis experts to test the security of an organization’s network. This method of password cracking is very fast for short-length passwords, but for long-length passwords the dictionary attack technique is typically used.
GPU Cracking Password:
GPU is a graphics processing unit, sometimes also called a visual processing unit. Before talking about GPU password cracking we should have some understanding about hashes. When the user enters a password the password information is stored in the form of a computer hash using the one-way hash algorithm.
In this technique using GPU passwords software take a password guess and look through the hash algorithm and compare or match it with existing hashes until an exact match.
GPU can perform math functions in parallel as GPUs have hundreds of cores which gives a huge password cracking advantage. GPU is much faster than CPU so that is the reason to use GPU instead of CPU.
CUDA password cracking:
CUDA Compute Unified Device Architecture is a model for programming and a platform that performs computations in parallel, created by NVIDIA for graphics processing.
CUDA password cracking includes Password cracking using a graphics card with GPU chip, GPU can perform math functions in parallel so that password cracking speed is faster than CPU. GPUs have many 32-bit chips in it that perform this operation quickly.
We can easily access CUDA through libraries, directives and with the help of different programming languages C, C++ and FORTRAN.
Password cracking tools
Following is the list of Top10 password cracking tools.
1. Cain and Abel: Best Passwords Tool for Windows
Cain & Abel is one of the top password cracking and password recovery tools for Windows operating systems.
Cain & Abel can use dictionary attack techniques, brute force and Cryptanalysis attacks to crack encrypted passwords. It only uses the weakness of the system to crack passwords. Software interface is very simple and easy to use. But with limitations of availability, the tool is only available for window based systems. Cain & Abel tool have very good features, some of the features of the tool are discussed below:
Cain and Abel Characteristics:
- Used for WEP (Wired Equivalent Privacy) cracking
- They have the ability to record conversation over IP
- CAB is used as Network Password Sniffer
- Ability to resolve IP addresses to Mac.
- It can crack verity of hashes like NT and LM hashes, IOS and PIX hashes, radio hashes, RDP passwords and much more than that.
2. John the Ripper: Cross-Platform, Powerful, Flexible Passwords Tool
John the Ripper is a free multi or cross platform password software. It’s called a multi platform which combines different password features in one package.
It is mainly used to crack UNIX weak passwords but also available for Linux, Mac and Windows. We can run this software against different password encryption including many hashes of passwords typically found on different versions of UNIX. These hashes are DES, Windows NT/2000/XP/2003 LM hashes, MD5, and AFS.
Features of John the Ripper
- Support with password brute force and dictionary attacks
- Multi platform
- Available free for use
3. Aircrack: Fast and effective WEP/WPA cracking tool
Aircrack is a combination of different tools for Wifi, WEP and WPA password cracking. With the help of these tools you can crack WEP/WPA passwords easily and effectively.
Dictionary attack, brute force and FMS attack techniques can be used to crack WEP/WPA passwords. It basically collects and analyzes the encrypted packets then using its different packet password cracking tool. Although aircrack is available for Windows, there are various problems with this software if we use this in Windows environment, so it is best when we use it in Linux environment.
- Support with brute force and dictionary attacks cracking techniques
- Available for Windows and Linux
- Available on live CD
4. THC Hydra: multiple support services, network authentication cracker
THC Hydra is a supper fast network password cracking tool. It uses the network to crack passwords for remote systems.
It can be used to crack passwords of different protocols like HTTPS, HTTP, FTP, SMTP, Cisco, CVS, SQL, etc. of SMTP. It will give you the option that you can provide a dictionary file containing the list of possible passwords. The best is when we use it in a Linux environment.
THC Hydra Features
- fast cracking speed
- Available for Windows, Linux, Solaris and OS X
- New modules can be easily added to improve features
- Support with brute force and dictionary attacks
5. RainbowCrack: Innovation in Password Hash Cracker
RainbowCrack software uses rainbow tables to crack hashes, in other words we can say that it uses the process of large-scale trading of time memory to crack passwords fast and effectively.
Large-Scale-Time-Memory-Trade-off is a process of computing all hashes and text using a selected hash algorithm. After calculations, obtained results are stored in the table named rainbow table. Rainbow table creation process is very slow but when your software actually works very fast.
Passwords using rainbow tables are faster than normal brute force attack methods. It is available for Linux and Windows operating systems.
Rainbow Crack Features
- Veracity of Rainbow tables help
- Runs on Windows (XP/Vista/7/8) and Linux operating systems (x86 and x86_64)
- simple in use
6. OphCrack: Windows Password Cracking Tool
Used to crack Windows user passwords with the help of rainbow tables that are available on an OphCrack bootable CD.
Ophcrack is a completely free to download, password cracker that uses rainbow tables for Windows based Windows user passwords. Normally cracks LM and NTLM hashes. Software has a simple GUI and can work on different platforms.
- Available for Windows but also available for Linux, Mac, Unix and OS X
- Uses for Windows LM hashes and Windows Vista NTLM hashes.
- Rainbow of Tables Easily and Freely Available for Windows
- To simplify the cracking process Live CD is available
7. Brutus: A brute force attack cracker for remote systems
Brutus password cracker is the fastest, most flexible and most popular remote system password cracking software. Guess password by applying different permutations or by using a dictionary.
It can be used for different network protocols like HTTP, FTP, IMAP, NNTP and other types like SMB, Telnet etc. It also gives you the facility to create your own type of authentication. It also includes additional upload and resume options, so the process can be paused when necessary and the process can be resumed whenever you want.
It is only available for Windows operating systems. Tool has a limitation that it has not been updated since the year 2000.
- Available for Windows
- Can be used with different network protocols
- Tool has very good extra features
- Support socks proxy for all types of legalizations
- Error handling and recovery capabilities
- Authentication engine is multi stage
8. L0phtCrack: Smart tool for Windows password recovery
Like the OphCrack tool, L0phtCrack is also a Windows password recovery tool that uses hashes to crack passwords, with the added features of brute force and dictionary attacks.
These hashes are typically accessed from directories, network servers, or domain controllers. It is capable of doing hash extraction for 32-bit and 64-bit Windows systems, multiprocessor algorithms, scheduling, and can also perform decryption and network monitoring. However it is still the easiest to use password recovery and auditing software available.
Features of L0phtCrack
- Available for Windows XP, NT, 2000, Server 2003 and Server 2008
- It can work in 32 and 64 bit environments.
- Additional feature of schedule audit routine on daily, weekly, monthly bases
- After running provide full audit summary on report page
9. Pwdump: Password Recovery Tool for Windows
Pwdump is actually different Windows programs that are used to provide NTML and LM hashes of system user accounts.
Pwdump password cracker is capable of extracting target LM, NTLM and LanMan hashes in Windows, in case if Syskey is disabled, software has the ability to extract in this condition.
Software is updated with added features to display password history if history is available. The extracted data will be available in the form that is compatible with the L0phtcrack.
Recently software was updated to the new version called Fgdump as Pwdump does not work well when any antivirus program is running.
- Available for Windows XP, 2000
- Powerful extra features are available in the new version of Pwdump
- Ability to run multiple threads
- Can perform cachedump (crashed credential dump) and pstgdump (protected storage dump)
10. Medusa: Red Speedy Passwords Tool
Medusa is a remote systems password cracking tool just like THC Hydra but its stability and fast login ability prefer it over THC Hydra.
It is a speedy brute force, modular and parallel tool. Software can perform a brute force attack against multiple users, hosts, and passwords. It supports many protocols including AFP, HTTP, CVS, IMAP, FTP, SSH, SQL, POP3, Telnet and VNC etc.
Medusa is the pthread-based tool, this feature prevents unnecessary duplicate information. All modules available as a separate .mod file, so no modification is needed to expand the list that supports brute force attack services.
- Available for Windows, BSD, SunOS and Mac OS X
- Able to perform thread based parallel testing
- Good Flexible user input feature
- Due to the parallel processing speed of cracking is very fast