Top 10 Password Cracking Tools for Windows, Linux and Web Applications
Hacking has been in existence for more than a century. It all began when a group of teenage boys who were interested in knowing how the telephone worked than in making proper connections and directing calls to the correct place. Originally, hacking was not even seen as a negative connotation with which we associate the term with in today’s world. The term “hack” is a shortcut that would modify and improve the performance of a computer’s operating system that would take less time to complete.
The recent years have seen the technology advance in a huge way with almost everything that can be done online such as banking, shopping, investments, etc. and much more. All you need to do is create an id for the website that you wish to visit and secure it with a strong password.
A password is the secret word or phrase that is used for authentication to prove identity or access approval to gain access to accounts and resources. A password protects our accounts or resources from unauthorized access.
What is Password Cracking?
Password cracking is the process of guessing or recovering a password from stored locations or from data transmission system. The purpose of password cracking might be to help a user recover a forgotten password, or gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. In penetration testing, it is used to check the security of an application.
Passwords are the necessary evil of today’s world. You require a complex, unique password for your everyday online activities like email, social media, etc. If your password is short or simple, you always run the risk of hacking.
In recent years, computer programmers have been trying to create algorithms for password cracking in less time. Most of the password cracking tools try to login with every possible combination of words. If login is successful, it means the password was found. However, on the other hand, it may take hours to weeks or months to crack a password, if it is strong enough with a combination of numbers, characters and special characters. A few password cracking tools use a dictionary that has passwords. But the success rate of these tools is lower, as they are totally dependent on the dictionary.
Programmers in the past few years have developed many password cracking tools. Every tool has its own advantages and disadvantages. In this article, we provide you some of the most popular password cracking tools.
Please note that this article is for educational purpose only and should not be used as it is illegal and prohibited in many countries. Techworm shall not be responsible for any consequences.
Released in October 2000, Brutus is one of the most popular remote online password cracking tools. It claims to be the quickest and most flexible password cracking tool. This tool is free and is only available for Windows systems.
It supports HTTP (Basic Authentication), HTTP (HTML Form/CGI), FTP, POP3, SMB, Telnet and other types such as NNTP, IMAP, NetBus, etc. You can also create your own authentication types. This tool also supports multi-stage authentication engines and is able to connect 60 concurrent targets. It also contains resume and load options. So, you can pause the attack process at any time and then resume whenever you want to resume.
While this tool has not been updated for many years, it still can be useful for you.
2. Cain and Abel
Cain and Abel is a well-known password cracking tool for Microsoft Operating Systems. It allows easy recovery of various kinds of passwords by sniffing the network, decoding scrambled passwords, recovering wireless network keys, cracking encrypted passwords using Dictionary, recording VoIP conversations, Brute-Force and Cryptanalysis attacks, disclosing password boxes, analysing routing protocols, and uncovering cached passwords.
The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms. This tool was developed for network administrators, penetration testers, security professionals, and forensics staff.
Download here: http://www.oxid.it/ca_um/
RainbowCrack differs from “conventional” brute force crackers as it uses large pre-computed tables called rainbow tables to reduce the length of time needed to crack a password considerably. It is a computer program which generates rainbow tables to be used in password cracking. Time-memory trade-off is a computational process in which all plain text and hash pairs are calculated by using a selected hash algorithm. The results are stored in the rainbow table after computation. This process is very time consuming. However, once the table is ready, it can crack a password must faster than brute force tools.
You also do not need to generate rainbow tablets by yourselves. Developers of RainbowCrack have also generated LM rainbow tables, MD5 rainbow tables, NTLM rainbow tables, and Sha1 rainbow tables. Like RainbowCrack, these tables are also available for free. You can download these tables and use for your password cracking processes.
Download Rainbow tables here: http://project-rainbowcrack.com/table.htm
A few paid rainbow tables are also available, which you can buy from here: http://project-rainbowcrack.com/buy.php
This tool is available for both Windows and Linux systems.
Download Rainbow crack here: http://project-rainbowcrack.com/
4. John the Ripper
John the Ripper is a well-known and fast open source password cracking tools, currently available for many flavours of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Further, several crypt (3) password hash types that are most commonly found on various Unix systems, and supported out of the box are Windows LM hashes, along with several other hashes and ciphers in the community-enhanced version.
A pro version of the tool is also available, which provides better features and native packages for target operating systems. You can also download Openwall GNU/*/Linux that comes with John the Ripper.
Download John the Ripper here: http://www.openwall.com/john/
The Wfuzz password cracking tools is software designed for brute forcing Web Applications. It can be used for finding resources not linked to (directories, servlets, scripts, etc), bruteforce Forms parameters (User/Password), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), Fuzzing, etc.
6. AirCrack NG
The AirCrack NG is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It analyses wireless encrypted packets and then tries to crack passwords via its cracking algorithm. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. It is available for Windows systems and Linux. A live CD of AirCrack is also available.
If you want to use AirCrack NG for password cracking, read tutorials here: http://www.aircrack-ng.org/doku.php?id=getting_started
Download AirCrack-NG here: http://www.aircrack-ng.org/
7. THC Hydra
THC Hydra is often the tool of choice when you need to brute force crack a remote authentication service. It can perform rapid dictionary attacks against more than 30 protocols, including TELNET, FTP, HTTP, HTTPS, SMB, several databases, and much more. It also shows why it is faster when it is compared with other similar tools. New modules are easy to install in the tool. You can easily add modules and improve the features. It is available for Windows, Linux, OS X, Solaris, and Free BSD. This tool supports various network protocols.
Currently, it supports Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Download THC Hydra here: https://www.thc.org/thc-hydra/
If you are a developer, you can also make contributions to the tool’s development.
Medusa is also a password cracking tool similar to THC Hydra. It claims to be a speedy parallel, modular and login brute forcing tool. It supports HTTP, FTP, CVS, AFP, IMAP, MS SQL, MYSQL, NCP, NNTP, POP3, PostgreSQL, pcAnywhere, rlogin, SMB, rsh, SMTP, SNMP, SSH, SVN, VNC, VmAuthd and Telnet. While cracking the password, host, username and password can be flexible input while performing the attack.
Since, Medusa is a command line tool, you need to learn commands before using the tool. Efficiency of the tool depends on network connectivity. It can test 2000 passwords per minute on a local system.
You can also carry out a parallel attack with this tool. For instance, you want to crack passwords of a few email accounts at the same time, you can mention the username list along with the password list.
Read more about this here: http://foofus.net/goons/jmk/medusa/medusa.html
Download Medusa here: http://www.foofus.net/jmk/tools/medusa-2.1.1.tar.gz
The L0phtCrack Password Cracking Tools is an alternative to OphCrack. It attempts to crack Windows password from hashes. It uses Windows workstations, primary domain controllers, network servers, and Active Directory for cracking passwords. It also uses dictionary and brute force attacking for producing and guessing passwords.
L0phtCrack is packed with powerful features such as scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding.
It was acquired by Symantec and discontinued in 2006. Later, L0pht developers again re-acquired it and launched L0phtCrack in 2009. It also comes with a schedule routine audit feature. One can set daily, weekly or monthly audits, and it will start scanning on the scheduled time.
Download L0phtCrack: http://www.l0phtcrack.com/download.html
OphCrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface (GUI) and runs on multiple platforms. It can also be used on Linux and Mac systems. It cracks LM and NTLM hashes. For cracking Windows XP, Vista and Windows 7, free rainbow-tables are also available.
A live CD of OphCrack is also available to streamline the cracking. One can use the Live CD of OphCrack to crack Windows-based passwords. This tool is available for free.
Download OphCrack here: http://ophcrack.sourceforge.net/
Download free and premium rainbow tables for OphCrack here: http://ophcrack.sourceforge.net/tables.php