Another fast network authentication cracker that supports a lot of different services is the THC-Hydra. It supports various platforms like Linux, BSD, Mac OS X, UNIX and Windows. It comes with IPv6 support, SOCKS and HTTP proxy support, internationalized support and a GUI. There are more than 35 services supported (AFP, HTTP, ICQ, IRC, IMAP, MYSQL, POP3, RDP, SMTP, SSH, VNC and many more).
This software was intended to be a POC (proof of concept) piece of code that would show security
specialists and researchers how easy it is for a hacker to gain unauthorized access from a remote machine to a target system.
Figure 3. THC-Hydra
Ophcrack
This password cracker tool is maybe one of the best free software for Windows as it is very intuitive and fast. It can be also used under Mac OS X, Linux/Unix; it can be used by a “first time” password cracker that has a minimum knowledge of the Windows OS. With the help of Ophcrack you don’t have to gain access to Windows in order to recover your lost password. All you need to do is go from another desktop or laptop visit the Ophcrack website, download the ISO image (that is of course, free), write it to a CD and boot with
this CD the computer you want to crack. After booting, the software will launch and locate the Windows user accounts and try to crack (discover) the passwords automatically.
Figure 4. Ophcrack main window
Ophcrack offers various free rainbow tables that can be downloaded and installed both for Windows XP and Vista/7.
Aircrack-NG
This tool is intended for cracking 802.11 WEP and WPA-PSK keys that can rebuild the keys after enough data packets are captured. Aircrack-NG is not just one tool but a set of tools used to audit wireless networks.
This software has support for both Windows and Linux OS but it is recommended to be used under Linux as Windows simply has little or no support for it (in terms of wireless card drivers).
Figure 5. Aircrack-NG command line
RainbowCrack
cracked, RainbowCrack needs a pre-computing stage. In this stage all the plaintext passwords and their correspondent hashes are stored in files named rainbow table. Although this kind of operation is very time consuming, the rainbow table can be used after that over and over again and the time needed to crack a password using rainbow tables is considerably lower than using a brute force attack.
RainbowCrack can be used on Windows XP, Vista, 7 and 8 both 32 and 64 bit architecture and Linux x86 and x86-64 bit. This password cracking tool is also optimized to use GPU acceleration. It can offload most runtime computation to Nvidia GPUs, thus improving the cracking performance.
Figure 6. RainbowCrack main window
DaveGrohl
This is a brute-force password cracker that works only under Mac OS X. Three years ago this software was designed as a hash extractor but it has become a standalone / distributed password cracker. It supports all the standard Mac OS X user password hashes (MD4, SHA-512 and PBKDF2).
DaveGrohl works with the Dictionary method and with the incremental attack technique. In the latest version (2.1) you can use distributed attacks, meaning that you can run the software from as many Macs as you want in order to have more computing power and attack the same password hash.
Figure 7. DaveGrohl command prompt L0phtCrack 6
Another Password Auditing and Recovery tool that comes with features like hash extraction from 64 bit Windows systems, scheduling and network monitoring. It has support for Windows XP and above as well as most BSD and Linux versions.
L0phtCrack 6 offers support for pre-computed password hashes and that means that cracking a password or conducting a password audit will take significantly less time.
Figure 8. L0phtCrack 6 main window
There a lot more password cracking software out there but in my opinion the ones I have presented above are the most popular ones with the best success rate.
You should remember that if a password is relatively easy to remember then probably it is also easy for an attacker to crack it. But if a user goes for a more difficult to remember password that will translate into a decrease of security for the system as the user might store that password electronically somewhere in a text file (in case he forgets it) or even write it down on a piece of paper. Also a much more complex password might trigger frequent password reset requests.
It is also not a good idea to encourage users to remember a password that contains uppercase, lowercase and numbers as this will often translate into easy-to-crack passwords that will have the letter O substituted with 0, A with 4, I with 1 and so on. These kinds of tricks are very popular and attackers know them very good.
It is better to develop a “personal algorithm” and generate “weird” passwords or combine unrelated words in order to keep attackers at bay.
Preventing password cracking
If you want to prevent attackers from cracking your password or your company’s user passwords, you should make sure that they do not have access even to the hashed passwords. A lot of hashes that are used to store passwords, like SHA or MD5 are created for fast computing and effective implementation in hardware.
Unfortunately, with the help of rainbow tables these kinds of hashes are practically ineffective.
There are several other solutions that could reduce the success rate of a hacker trying to crack passwords:
• Require (if you are a system administrator) long and complex passwords. Passwords that are longer than 15 character will not generate a LM hash (LanManager) and if they are also complex they will not be
• Enable account lockouts (for example if setting the account lockout limit to no more than 5 bad password attempts, limit the lockout to 1 minute and the reset counter after 1 minute will significantly slower or even stop most of the password cracking attacks)
• Lock boot order (if you block access to BIOS booting order you will keep away password resetting attempts like the ones that can be carried out with software like Ophcrack)
• Conduct password audits (take time and crack your own company’s passwords or at least try to before the hackers do)
• Rename important account like the Administrator account into something else
• Impose that users change their passwords frequently (not too frequent though, as they might start to write them down or store them into the computer)
• Use security tokens (security tokens constantly change passwords thus reducing the interval that an attacker has to use brute force attacks)
Risks of cracking passwords
The dangers that involve password cracking are very simple and very real because if you end up caught with password file(s) you that literally mean you have a stolen possession in terms of law. That is why some attackers are using various infected (botnets) computers to try cracking passwords in order to limit their liability. If you are using your own computing power then make sure you are doing it with educational or researching purposes. It is also advisable to encrypt your files and only decrypt them while viewing them and delete them after.
To sum up things, password cracking is not something to play with because crossing the line can get you in a lot of troubles. There are lots of free and paid tools that can help you crack a password but you should use them only if you have lost your own passwords or if you want to conduct a password audit inside your company.
You have plenty of password cracking methods at your disposal like the Brute Force Attack method, the Dictionary method or the Rainbow Table method. Depending on the computing power that you have at your disposal you can choose which method suits your needs better.
References
• http://lastbit.com/password-recovery-methods.asp
• http://en.wikipedia.org/wiki/Password_cracking
Glossary
LM Hash – a compromised password hashing function that was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to Windows NT used to store user passwords.
WEP – a (deprecated) wireless network security standard AFP – Apple Filing Protocol
WPA-PSK – a form of encryption, WPA/WPA2 Personal is appropriate for use in most residential and small business settings
About the Author
Cazangiu Constantin Iulian is the webmaster of http://www.securitynet.org an online network security resource. He has more than 10 years of IT experience, both practical and theoretical, currently working as Senior Sales Representative at one of the Top 10 IT companies in Romania.