Password Attack Tools: Brute Force
Popular tools for brute-force attacks
Aircrack-ng
I am sure you already know about Aircrack-ng tool. This is a popular wireless password-cracking tool available for free. I also mentioned this tool in our older post on most popular password cracking tools. This tool comes with WEP/WPA/WPA2-PSK cracker and analysis tools to perform attack on WIFi 802.11. Aircrack NG can be used for any NIC, which supports raw monitoring mode.
It basically performs dictionary attacks against a wireless network to guess the password. As you already know, success of the attack depends on the dictionary of passwords. The better and effective the password dictionary is the more likely it is that it will crack the password.
It is available for Windows and Linux platforms. It has also been ported to run on iOS and Android platforms. You can try on given platforms to see how this tool works.
======================================================
John the Ripper
John the Ripper is another awesome tool that does not need any introduction. It has been a favorite choice for performing brute-force attack for long time. This free password-cracking software was initially developed for Unix systems. Later, developers released it for various other platforms. Now, it supports fifteen different platforms including Unix, Windows, DOS, BeOS, and OpenVMS. You can use this either to identify weak passwords or to crack passwords for breaking authentication.
This tool is very popular and combines various password-cracking features. It can automatically detect the type of hashing used in a password. Therefore, you can also run it against encrypted password storage.
Basically, it can perform brute-force attack with all possible passwords by combining text and numbers. However, you can also use it with a dictionary of passwords to perform dictionary attacks.
=================================================
Rainbow Crack
Rainbow Crack is also a popular brute-forcing tool used for password cracking. It generates rainbow tables for using while performing the attack. In this way, it is different from other conventional brute-forcing tools. Rainbow tables are pre-computed. It helps in reducing the time in performing the attack.
The good thing is that there are various organizations, which already published the pre-computer rainbow tables for all Internet users. To save time, you can download those rainbow tables and use in your attacks.
This tool is still in active development. It is available for both Windows and Linux and supports all latest versions of these platforms.
==================================================
Cain and Abel
I am sure you have already heard the name of this password-cracking tool. It can help in cracking various kind of passwords by performing brute-forcing attacks, dictionary attacks, and cryptanalysis attacks. Cryptanalysis attacks are done by using the rainbow tables as mentioned in the previous tool.
It is worth to mention that some virus scanners detect it as malware. Avast and Microsoft Security Essentials report it as malware and block it in system. If it is in your system, you should first block your antivirus.
Its basic functions:
Sniffing the network
Cracking encrypted passwords using Dictionary
Brute-Force and Cryptanalysis attacks
Recording VoIP conversations
Decoding scrambled passwords
Recovering wireless network keys
Revealing password boxes
Uncovering cached passwords
Analyzing routing protocols.
The latest version of the tool has many features, and has added sniffing to perform Man in the Middle attacks.
===================================================
L0phtCrack
L0phtCrack is known for its ability to crack Windows passwords. It uses dictionary, brute-force, hybrid attacks, and rainbow tables. The most notable features of l0phtcrack are scheduling, hash extraction from 64 bit Windows versions, multiprocessor algorithms, and networks monitoring and decoding. If you want to crack the password of Windows system, you can try this tool.
=======================================================
Ophcrack
Ophcrack is another brute-forcing tool specially used for cracking Windows passwords. It cracks Windows password by using LM hashes through rainbow tables. It is a free and open-source tool. IN most of the cases, it can crack Windows password in few minutes. By default, Ophcrack comes with rainbow tables to crack passwords of less than 14 characters, which contains only alphanumeric characters. Other rainbow tables are also available to download.
Ophcrack is also available as LiveCD.
====================================================
Crack
Crack is one of the oldest password cracking tools. It is a password-cracking tool for the UNIX system. It is used to check weak passwords by performing dictionary attacks.
========================================================================
Hashcat
Hashcat claims to be the fastest CPU based password cracking tool. It is free and comes for Linux, Windows and Mac OS platforms. Hashcat supports various hashing algorithms including LM Hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, Cisco PIX. It supports various attacks including Brute-Force attack, Combinator attack, Dictionary attack, Fingerprint attack, Hybrid attack, Mask attack, Permutation attack, Rule-based attack, Table-Lookup attack and Toggle-Case attack.
===================================================
SAMInside
SAMInside is another popular password-cracking tool for cracking Windows OS passwords. It is similar to the Ophcrack and Lophtcrack tools. It claims to crack around 10 million passwords per second on a good computer. It supports various attacking methods including Mask attack, Dictionary attack, Hybrid attack and Attack with Rainbow tables. It supports over 400 hashing algorithms.
===========================================================================
DaveGrohl
DaveGrohl is a popular brute-forcing tool for Mac OS X. It supports all available versions of Mac OS X. This tool supports both dictionary attacks and incremental attacks. It also has a distributed mode that lets you perform attacks from multiple computers to attack on the same password hash. This tool is now open source and you can download the source code.
================================================
Ncrack
Nrack is also a popular password-cracking tool for cracking network authentications. It supports various protocols including RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet. It can perform different attacks including brute-forcing attacks. It supports various platforms including Linux, BSD, Windows and Mac OS X.
===================================================
THC Hydra
THC Hydra is known for its ability to crack passwords of network authentications by performing brute-force attacks. It performs dictionary attacks against more than 30 protocols including telnet, ftp, http, https, smb and more. It is available for various platforms including Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1, OpenBSD, OSX and QNX/Blackberry
<----------------------------------->
These are a few popular brute-forcing tools for password cracking. There are various other tools are also available which perform brute-force on different kinds of authentication. If I just give example of few small tools, you will see most of the PDF cracking, ZIP cracking tools use the same brute-force method to perform attacks and cracks passwords. There are many such tools available for free or paid.
