Professional Documents
Culture Documents
It is very fast and flexible, and new modules are easy to add.
This tool makes it possible for researchers and security consultants to show how
Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1,
For HTTP, POP3, IMAP and SMTP, several login mechanisms like plain and
It can also perform a variety of alterations to the dictionary words and try these.
Many of these alterations are also used in John's single attack mode, which
modifies an associated plaintext (such as a username with an encrypted
password) and checks the variations against the hashes.
John also offers a brute force mode. In this type of attack, the program goes
through all the possible plaintexts, hashing each one and then comparing it to
the input hash.
John uses character frequency tables to try plaintexts containing more frequently
used characters first. This method is useful for cracking passwords which do not
appear in dictionary wordlists, but it takes a long time to run.
PWDump
pwdump is the name of various Windows programs that output the LM and
NTLM password hashes of local user accounts from the Security Account
Manager (SAM).
In order to work, it must be run under an Administrator account, or be able to
access an Administrator account on the computer where the hashes are to be
dumped.
Pwdump could be said to compromise security because it could allow a
malicious administrator to access user's passwords. Most of these programs are
open-source.
If you have had LSASS crash on you using older tools, this should fix that.
fgdump is a more powerful version of pwdump6.
pwdump tends to hang and such when antivirus is present, so fgdump takes
care of that by shutting down and later restarting a number of AV programs.
L0phtCrack
L0phtCrack is a password auditing and recovery application originally produced by
Mudge from L0pht Heavy Industries.
It uses multiple assessment methods to assist administrators in reducing security
risks.
L0phtCrack helps to identify and remediate security vulnerabilities that result from
the use of weak or easily guessed passwords and recover Windows and Unix
account passwords to access user and administrator accounts whose passwords
are lost or to streamline migration of users to another authentication system.
It is used to test password strength and sometimes to recover lost Microsoft
Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow
tables.
It was one of the crackers' tools of choice, although most use old versions because
of its low price and high availability.
Additionally, some versions of L0phtCrack can process accounts using pre-
computed password tables that contain trillions of passwords.