Sometimes, there are situations when you need to recover a password from MD5, MySQL or other hash. You can do this easy with PasswordsPro. It has several password recovery methods: preliminary attack, brute-force attack, mask attack, dictionary attack, pre-calculated Rainbow-tables attack. Brute-force method supports distributed attack (use of several computers to increase brute-force speed). PasswordsPro recovers passwords from 17 types of hashes, supports unlimited number of user dictionaries and has a intuitive and user-friendly interface.
| Author: | InsidePro |
|---|---|
| Language: | English Russian |
| Date: | 11/30/2006 |
| Size: | 953 kb |
| License: | Shareware |
| Price: | $40 |
| Platform: | Win95 Win98 WinME WinXP WinNT 4.x Windows2000 Windows2003 |
Program description
The program is designated to recover passwords for following types of hashes:
- MySQL
- MySQL5
- MD4
- MD4 (Base64)
- MD4 (HMAC)
- MD5
- MD5 (Base64)
- MD5 (HMAC)
- MD5 (Unix)
- MD5 (APR)
- SHA-1
- SHA-1 (Base64)
- SHA-1 (HMAC)
- DES (Unix)
As well as for hashes used by various PHP-programs:
- md5(md5($pass))
- md5(md5($pass).$salt)
- md5(md5($salt).md5($pass))
Program features
- Passwords recovery using following methods:
- Preliminary attack;
- Full brute-force attack (including distributed attack);
- Mask attack;
- Simple dictionary attack;
- Combined dictionary attack;
- Hybrid dictionary attack;
- Pre-calculated Rainbow-tables attack; - Recovery of passwords up to 128 symbol length;
- Recovery of passwords for incomplete hashes of any type;
- User's hashes editor;
- Quick change of hashes type for one or several users;
- Search of data in the list of imported users;
- Quick add of the hash using dialog box;
- Quick check of the current password for all imported users;
- Use of symbol replace tables for the simple dictionary attack;
- Unlimited number of dictionaries used for dictionary attack;
- Unlimited number of tables used for pre-calculated Rainbow-tables attack;
- Unlimited number of users with hashes (in the licensed version);
Data import
Users' hashes can be imported to the program using one of the following methods:
- Import from PasswordsPro format files (*.Hashes-files).
- Import from text files with hashes given in format:
Login:Hash:Salt(or HMAC-key):Password:Comment.
Program archive includes test files with all the types of supported hashes given in this format. - Using dialog box.
Data export
The program allows to save current users and hashes list to the file of internal program format (*.Hashes-files), as well as export data to text or HTML.
Types of attack
Preliminary attack:
This type of attack is quick check of users' hashes to match simple passwords like - "123", "qwerty", "99999", etc. as well as for earlier found passwords stored by the program in the "PasswordsPro.dic" file.
Full brute-force attack:
This type of attack is total check of all password variants.
Full brute-force attack also includes distributed attack. This type of attack allows using several computers for passwords recovery distributing passwords to process. This type of attack is enabled automatically when the user sets more than one computer to participate in attack. Then ability to set password range to recover for current computer. So to start distributed attack you shall:
- Run program on several computers.
- Choose required number of computers for attack.
- Set the same attack settings for all the computers.
- Choose for every computer own password range to recover.
- Run full brute-force attack on every computer.
Mask attack:
This type of attack is used if any information about the password is provided, i.e. if anything is known about the password. For example:
- Passwords begin with "12345" symbol combination;
- First 4 symbols of the password are numbers, others are Latin letters;
- etc.
For that define mask for every symbol of the password to recover in the mask attack settings. Keys of standard or user symbol sets are used as mask symbols - ?u, ?d, ?2, etc.
Simple dictionary attack:
This type of attack is check of hashes for match from text files - dictionaries. Attack settings also allow to use symbol replace tables what lets to substitute one symbol in the password to another.
Combined dictionary attack:
This type of attack includes check of the passwords made of several words taken from different dictionaries. This attack allows to recover complex passwords like "superadmin", "admin1980", "admin*admin", etc.
Hybrid dictionary attack:
This type of attack allows to change passwords from the dictionaries (for example, shift password to upper case, add symbol "1" to the end of the password, etc.) and to check them as users passwords. Actions performed at source passwords are so called "rules" - full list of these rules can be found in "Rules.txt" file in the program archive.
Pre-calculated tables attack:
This type of attack uses Rainbow-technology (http://www.antsight.com/zsl/rainbowcrack/) of pre-calculated tables generation.
