Posts tagged: Password Hacking Tool

Jan 20 2012

Patator – Multi-Purpose Brute Forcing Tool

Brute Force AttackPatator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Currently it supports the following modules:

  • ftp_login : Brute-force FTP
  • ssh_login : Brute-force SSH
  • telnet_login : Brute-force Telnet
  • smtp_login : Brute-force SMTP
  • smtp_vrfy : Enumerate valid users using the SMTP VRFY command
  • smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
  • http_fuzz : Brute-force HTTP/HTTPS
  • pop_passd : Brute-force poppassd (not POP3)
  • ldap_login : Brute-force LDAP
  • smb_login : Brute-force SMB
  • mssql_login : Brute-force MSSQL
  • oracle_login : Brute-force Oracle
  • mysql_login : Brute-force MySQL
  • pgsql_login : Brute-force PostgreSQL
  • vnc_login : Brute-force VNC
  • dns_forward : Forward lookup subdomains
  • dns_reverse : Reverse lookup subnets
  • snmp_login : Brute-force SNMPv1/2 and SNMPv3
  • unzip_pass : Brute-force the password of encrypted ZIP files
  • keystore_pass : Brute-force the password of Java keystore files

Download: patator_v0.3.py

Project Home: http://code.google.com/p/patator/

Nov 30 2011

BozoCrack – MD5 Password Hash Cracker

BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load. Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results.

It works way better than it ever should.

How?
Basic usage:

$ ruby bozocrack.rb my_md5_hashes.txt

The input file has no specified format. BozoCrack automatically picks up strings that look like MD5 hashes. A single line shouldn’t contain more than one hash.

Example with output:

$ ruby bozocrack.rb example.txt
Loaded 5 unique hashes
fcf1eed8596699624167416a1e7e122e:octopus
bed128365216c019988915ed3add75fb:passw0rd
d0763edaa9d9bd2a9516280e9044d885:monkey
dfd8c10c1b9b58c8bf102225ae3be9eb:12081977
ede6b50e7b5826fe48fc1f0fe772c48f:1q2w3e4r5t6y

Why?
To show just how bad an idea it is to use plain MD5 as a password hashing mechanism. Honestly, if the passwords can be cracked with this software, there are no excuses.

Who?
BozoCrack was written by Juuso Salonen

Download: bozocrack.rb

Oct 01 2011

EPPB – BlackBerry, iPhone Password Recovery Tool

EPPBElcomsoft Phone Password Breaker (EPPB) enables forensic access to password-protected backups for smartphones and portable devices based on RIM BlackBerry and Apple iOS platforms. The password recovery tool supports all Blackberry smartphones as well as Apple devices running iOS including iPhone, iPad and iPod Touch devices of all generations released to date, including the latest iPhone 4 and iOS 4.3.

The new tool recovers the original plain-text passwords protecting encrypted backups for Apple and BlackBerry devices. The backups contain address books, call logs, SMS archives, calendars and other organizer data, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache.

BlackBerry Password CrackerBut, there is a catch. The new feature requires Media Card encryption to be switched on and set to either “Security Password” or “Device Password” mode. If this condition is met, EPPB will be able to run password recovery against device security password. What is also important and rather exciting is that you don’t need the BlackBerry device itself. All that is needed is a media card that was used in that device. Actually, that only need one specific file from that media card, so yes, the recovery can be off-loaded and the password can be recovered offline.

Download : EPPB 1.80