If there is a site that should be listed here or if a link goes dead, please let us know. Also check out Wayne’s Security Resources.
- Administrator Password, Recover Lost Windows NT
- AccentSoftUtilities: Passwords Recovery Tools
- Access password recovery, Microsoft shareware
- Administrator Password, Who changed it?
Asteriks:
- iOpus Password Recovery XP reveals the password hidden by asterisks (***) in all windows versions including W2K and XP for applications that store the pw behind the asteriks like Outlook.
- Password Spyer 2k reveals the password hidden by asterisks (***) in all windows versions including W2K and XP. You can use it to recover lost or forgotten passwords in most windows applications such as outlook, cute ftp, ws ftp, ICQ and others.
- SnadBoy’s Revelation password revealer – whats behind those asteriks
- Bouncer, Password
- Brutus fast, flexible remote password cracker NT, W2K, freeware, many options
- Cain & Abel : password recovery tool Version 2.5 is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs by hijacking IP traffic of multiple hosts at the same time, routing protocols authentication monitors and routes extractors, crackers for all common hashing algorithms and for other specific authentications. It also ships various password calculators (Cisco PIX, Hashes, RSA SecurID Tokens), decoders (Access Databases, Base64, Cisco Type-7) and some utilities like the SiD-Scanner, the NT Hash-Dumper (works with Syskey enabled), the Abel Remote Console, the MAC Scanner, the Promiscuous-Mode Scanner and the TCP/UDP/ICMP Traceroute + DNS Resolver + Netmask Discovery + WHOIS resolver (extract informations from RIPE’s Database). However the program is still in beta and may contains a lot of bugs.
- Cisco type 7 password decrypter
component in SolarWinds Professional
- Cisco type 7 password decrypter
GetPass Free Utility
- Cisco Password Recovery Procedures requires physical access
- Cisco Pix Password Recovery and AAA Configuration Recovery Procedure
- CMOS Password Recovery Tool : GNU license
- Cracking Windows NT passwords
- Crack : password recovery software
- Crack unix
- Default Password Lists / Known Passwords :
- CIRT.net’s list
- Eric Knight’s list
- www.phenoelit.de/dpl/ (July 2001)
- CIRT.net’s list
- Dictionaries / Wordlists
- Kevin’s Word Lists Page
- Pass-parse
Pass-parse will take any file and turn all the words into a password list stripping anything that’s not alphanumeric.
- Kevin’s Word Lists Page
- Disable DUN’s save password feature
- Distributed password cracker : Medussa
- Elcomsoft’s password recovery software
MS software, archivers, …
- Enforce strong NT passwords
- FPNWCLNT.DLL problems NT
- FPNWCLNT.DLL exploit code NT
- Graphical Identification and Authentication DLL fakegina NT
- HTTP Brute forcer
- IMAP std-authentication brute forcer
- John the Ripper password cracker
- Feasibility of attacking Windows 2000 Kerberos Passwords
- Lepton’s Crack can perform a dictionary-based (wordlist) attack, as well as a brute-force (incremental) password scan. Currently the formats supported are: standard MD4 hash, standard MD5 hash, NT MD4/Unicode, Lotus Domino HTTP password (R4) and SHA-1.
- Lilo Password Crack
- Lucent Orinoco Registry Encryption/Decryption (cquire.net)
Lucent Orinoco Client Manager stores SSID and WEP secret for all known profiles in the Windows registry. The WEP secret is encrypted and the algorithm is not, as far as we know and up until today, publicly documented.
During an assignment, a client asked about the risks of losing a configured laptop 🙂 There are at least two (bad) things an attacker can do to obtain access to the WaveLan:
- It is possible to copy the values right off from one laptop into another and then connect to the WaveLan. Thus, the result of the encryption is not salted nor unique to the installation.
- It is possible to reverse the encryption to get the plain text WEP secret and then use it to configure another card.
- It is possible to copy the values right off from one laptop into another and then connect to the WaveLan. Thus, the result of the encryption is not salted nor unique to the installation.
- Machine Account Password Changes
- Manager, Password Corral freeware password manager
Password Corral uses the 128-bit Diamond2 Block Cipher to encrypt all the information you store in the program, keeping it safe from prying eyes. Each password can have both a short description and a long description which can also contain hyperlinks to launch your web browser, open folders on your PC or launch applications. Each password entry can also have an expiration date to remind you to change the password. The program can be set to time out to the Windows system tray area after a specified period of system inactivity and be protected by your master password, so even if you forget to close Password Corral and walk away from your PC, your password info can still be protected.
- NAT : NetBIOS Cracker
- Notes ID Password Recovery (cquire.net)
better protect your Notes ID file and use a strong pw not vulnerable to dictionary attack. (Jan 2002)
- NTBrute : auditing utility
Information gathering and account security auditing utility for breaking into Windows NT/2000 boxes via anonymous connections. Checks the machine’s Account Security Policy and attacks admin users it finds.
- NTLMv2 NT Authenication
- NT does not delete unattended installation file
- NT, Where Windows NT Stores Passwords
- NT Password Notification Packages
- NT Password Quality: Ensuring Password Quality on NT networks (14 pages, 111k)
- Outlook and Secure Password authentication
- Passware Kit : password recovery software pack
microsoft app & OS products, paradox, peachtree, wordperfect, zip, Act!
- Password Crackers Inc
- Password Portal
- PassStation : permitting employees to easily reset their forgotten password without any assistance from the help desk.
- Password Service
- Password Solutions : Downloadable tools and programs available for unlocking and opening password-protected files
- pwdump3 : extract windows pw hashes to validate pw strength
- Quickbooks, Troubleshooting QuickBooks Passwords Jan 2002
- Russian Password Crackers
- SSL IIS key password retriever Jan 2002
- ShowWin by Robin Keir another password revealer
- SMB:
- CIFS : Common Insecurities Fail Scrutiny tutorial
- SMB Auditing Tool (cquire.net) (Jan 2002)
- Scan hosts for active SMB servers (ie. not only if port is open)
- Automatic enumeration of users
- Support for full automatic mode
- Fast analysis of Windows 2000/XP servers
- Support for SMB over Netbios
- Support for native SMB over port 445
- Compiles on Linux/BSD
- Win32 support with Cygwin
- Scan hosts for active SMB servers (ie. not only if port is open)
- SMB Downgrade Attacker NT, free,grab passwords
- SMBProxy Tool (cquire.net) Got SAM ? Don’t want to spend more time cracking it ?
SMBProxy is a “Passing The Hash” tool that works as a proxy.It makes it possible to authenticate to a Windows NT4/2000server by only knowing the md4 hash. It also makes itpossible to mount shares, access the registry and anythingelse you could do with that particular users privileges.The theory behind this is pretty old, and I don’t take any credit for it. The tools for doing this though, have been quite limited. That’s why I decided to release this proxy, to really demonstrate the magic of “Passing The Hash”.
It succesfully intercepts communication with Windows NT 4.0 and Windows 2000. It looks for the username trying to connect and does a lookup in the pwdump file for the users hash. Currently it only intercepts the NTLM hash.
- CIFS : Common Insecurities Fail Scrutiny tutorial
- SQLDict: dictionary attack tool for SQL Server NT/W2K, freeware
- THC-Hydra: parallized login hacker for FTP, POP3, IMAP, Telnet, HTTP Auth, NNTP, VNC, ICQ, Socks5, PCNFS
- Uncrackable, How to Make Windows 2000 and NT 4 Passwords Uncrackable (July 2001)
- ZIPunlock.com