[John the Ripper v1.8.0] Fast Password Cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Changelog v1.8.0

• Revised the incremental mode to let the current character counts grow for each character position independently, with the aim to improve efficiency in terms of successful guesses per candidate passwords tested.
• Revised the pre-defined incremental modes, as well as external mode filters that are used to generate .chr files.
• Added makechr, a script to (re-)generate .chr files.
• Enhanced the status reporting to include four distinct speed metrics (g/s, p/s, c/s, and C/s).
• Added the “–fork=N” and “–node=MIN[-MAX]/TOTAL” options for trivial parallel and distributed processing.
• In the external mode compiler, treat character literals as unsigned.
• Renamed many of the formats.
• Updated the documentation.
• Relaxed the license for many source files to cut-down BSD.
• Relaxed the license for John the Ripper as a whole from GPLv2 (exact version) to GPLv2 or newer with optional OpenSSL and unRAR exceptions.
• Assorted other changes have been made.

Download John the Ripper v1.8.0

[Hashcat v0.45] Advanced Password Recovery

* changes v0.44 -> v0.45:

Release with some new algorithms:

• AIX smd5
• AIX ssha1, ssha256, ssha512
• GOST R 34.11-94

We managed also to fix some bugs and implement some additional feature requests

Full changelog:

type: feature

file: hashcat-cli
desc: show status screen also when all hashes were recovered AND add start/stop time too

type: feature
file: hashcat-cli
desc: added -m 6300 = AIX {smd5}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6400 = AIX {ssha256}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6500 = AIX {ssha512}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6700 = AIX {ssha1}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6900 = GOST R 34.11-94
cred: Xanadrel

type: feature
file: hashcat-cli
desc: dropped predefined charsets ?h, ?F, ?G and ?R
trac: #55

type: feature
file: hashcat-cli
desc: added a collection of language-specific charset-files for use with masks
trac: #55

type: feature
file: hashcat-cli
desc: changed the E rule to lowercase all input before processing, its more intuitive
trac: #110

type: feature
file: rules
desc: added a more more complex leetspeak rules file from unix-ninja
trac: #112

type: feature
file: hashcat-cli
desc: changed outfile opts to line up with OCL style
trac: #120

type: feature
file: hashcat-cli
desc: --remove in combination w/ external salts should output plain hash files only (no salt)
trac: #153

type: bug
file: hashcat-cli
desc: fix progress line in status screen when all hashes were recovered

type: bug
file: hashcat-cli
desc: fix for some possible memory overflow problems

type: bug
file: hashcat-cli
desc: an external salt sort failure caused some hashes not to be checked against the digests
trac: #74

type: bug
file: hashcat-cli
desc: fixed a null-pointer dereference that can lead to a segmentation fault
trac: #104

type: bug
file: hashcat-cli
desc: fixed a bug if hashlist contains words with ascii character code >= 0x80
trac: #108

Download Hashcat v0.45

[Cain & Abel v4.9.44] Password recovery tool for Microsoft Operating Systems

Cain & Abel is a password recovery tool for Microsoft Operating Systems.

It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.

The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks.

The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms.

The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.

03/05/2013

Cain & Abel v4.9.44 released

• Added Windows 8 support in LSA Secret Dumper.
• Added Windows 8 support in Credential Manager Password Decoder.
• Added Windows 8 support in EditBox Revealer.
• Added ability to keep original extensions in fake certificates.
• Winpcap library upgrade to version 4.1.3 (Windows8 supported).
• OUI List updated.

Download Cain & Abel v4.9.44

[BSNL Password Decryptor] Tool to Recover the Login Password of BSNL modem/router

BSNL Password Decryptor is a free desktop tool to instantly recover the Login Password of BSNL modem/router.

If you have lost login authentication password of your BSNL modem and you have backup configuration file then you can use this tool to quickly recover your password.

It supports dual mode of password recovery. You can either enter the encrypted BSNL password directly or specify the BSNL Modem's backup configuration file. In second case, it will automatically detect the login password from config file and decrypt it instantly.

Note that it currently supports limited number of BSNL modems (mainly UT-300 Series). Hence it may or may not work with other models.

This can be very handy tool for all Network Administrators as well as penetration testers.

It is successfully tested on both 32 bit & 64 bit windows systems starting from Windows XP to Windows 8

Download BSNL Password Decryptor

[DynDNS Password Decryptor] Free Desktop Tool to Recover DynDNS Password

DynDNS Password Decryptor is a free desktop tool to instantly decode and recover DynDNS password.

DynDNS - a popuar Dynamic DNS management solution offering enterprise-level DNS performance and reliability. This tool automatically detects locally installed 'DynDNS Updater Client' and displays the configuration file ('config.dyndns')

It supports dual mode of password recovery. You can either enter the encrypted DynDNS password directly or specify the DynDNS configuration file. In second case, it will find the username/password from the config file and decrypt it instantly.

You can also use it to recover the password from DynDNS config file of another system. In such case, you can either enter the encrypted password or the config file path manually.

It has been successfully tested with latest version (v4.1.10) of 'DynDNS Updater Client'.

DynDNS Password Decryptor is fully portable and works on all windows systems starting from Windows XP to Windows 8.

Screenshot 1: DynDNS Password Decryptor is showing the decrypted DynDNS Password

Screenshot 2: Showing Username & Password recovered from the DynDNS configuration file.

Download DynDNS Password Decryptor
License : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

[DLink Password Decryptor] Tool to recover the Login Password of D-Link modem/router

DLink Password Decryptor is a free desktop tool to instantly recover the Login Password of D-Link modem/router.

If you have lost login authentication password of your D-link modem and you have backup configuration file then you can use this tool to quickly get back your password.

It supports dual mode of password recovery. You can either enter the encrypted D-link password directly or specify the D-Link Modem's backup configuration file. In second case, it will automatically detect the login password from config file and decrypt it instantly.

Note that it is tested with limited number of D-link modems including latest model DSL-2750U. Hence it may or may not work with other models.

This is very handy tool for all Network Administrators as well as penetration testers.

It is successfully tested on both 32 bit & 64 bit windows systems starting from Windows XP to Windows 8

Screenshots

Screenshot 1: DLink Password Decryptor is showing the recovered Password from the encrypted D-Link Login Password

Screenshot 2: Showing Password recovered from the D-Link backup configuration file.

Download DLink Password Decryptor v1.0 
License  : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

[Hashcat v0.44] Advanced Password Recovery

Features

• Multi-Threaded
• Free
• Multi-Hash (up to 24 million hashes)
• Multi-OS (Linux, Windows and OSX native binaries)
• Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
• SSE2 accelerated
• All Attack-Modes except Brute-Force and Permutation can be extended by rules
• Very fast Rule-engine
• Rules compatible with JTR and PasswordsPro
• Possible to resume or limit session
• Automatically recognizes recovered hashes from outfile at startup
• Can automatically generate random rules
• Load saltlist from external file and then use them in a Brute-Force Attack variant
• Able to work in an distributed environment
• Specify multiple wordlists or multiple directories of wordlists
• Number of threads can be configured
• Threads run on lowest priority
• Supports hex-charset
• Supports hex-salt
• 30+ Algorithms implemented with performance in mind
• ... and much more

Attack-Modes

• Straight ^*
• Combination ^*
• Toggle-Case
• Brute-Force
• Permutation
• Table-Lookup

Download here: http://hashcat.net/hashcat/

type: feature

file: hashcat-cli
desc: added mode -m 9999 = Plaintext
trac: #45

type: feature
file: hashcat-cli
desc: added mode -m 5500 = NetNTLMv1 + ESS
trac: #96

type: feature
file: kernels
desc: added -m 5700 = Cisco-IOS SHA256
cred: philsmd

type: change
file: hashcat-cli
desc: changed the hash-format for NetNTLMv1 and NetNTLMv2 to .lc format
cred: #98

type: bug
file: hashcat-cli
desc: fixed bug in 32 bit version, did not crack -m 1800 sha512crypt
trac: #92

type: bug
file: hashcat-cli
desc: fixed bug in NetNTLMv2 parser
trac: #95

[Juniper Password Decryptor] Tool to Decode and Recover Juniper $9$ Passwords

Juniper Password Decryptor is a free desktop tool to instantly decode and recover Juniper $9$ Passwords.

Juniper Router allows you to configure 2 types of passwords,

• Juniper $1$ Password: Here MD5 hash of the password is stored. It starts with $1$ and requires brute-force technique to recover the password
• Juniper $9$ Password: These passwords are encoded using Juniper's private encryption algorithm. Password hash starts with $9$ text & can be decrypted instantly.
  

You can use Juniper Password Decryptor tool to quickly decrypt these Juniper $9$ passwords.

It supports dual mode of password recovery. You can either enter the encrypted Juniper $9$ password directly or specify the Juniper router configuration file. In second case, it will automatically detect the $9$ password from config file and decrypt it instantly.


This is very handy tool for all Administrators as well as penetration testers.
It is successfully tested on both 32 bit & 64 bit windows systems starting from Windows XP to Windows 8.


Screenshots

Screenshot 1: Juniper Password Decryptor is showing the recovered Password from the encrypted Juniper $9$ Password

Screenshot 2: Showing Password recovered from the Juniper configuration file.

Download Juniper Password Decryptor v1.0
License  : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

[Password Sniffer Console] Password Sniffing Tool to capture Email, Web and FTP login passwords

Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network.

It automatically detects the login packets on network for various protocols and instantly decodes the passwords.

Here is the list of supported protocols,

• HTTP (BASIC authentication)
• FTP
• POP3
• IMAP
• SMTP

In addition to recovering your own lost passwords, you can use this tool in following scenarios,

• Run it on Gateway System where all of your network's traffic pass through.
• In MITM Attack, run it on middle system to capture the Passwords from target system.
• On Multi-user System, run it under Administrator account to silently capture passwords for all the users.

It includes Installer which installs the Winpcap, network capture driver required for sniffing. ForWindows 8, first you have to manually install Winpcap driver (in Windows 7 Compatibility mode) and then run our installer to install only Password Sniffer Console.

It works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Download  Password Sniffer Console

[SHA256 Salted Hash Kracker]Tool to Crack your Salted SHA256 Hash

SHA256 Salted Hash Kracker is the free tool to crack and recover your lost password from the salted SHA256 hash.

These days most websites and applications use salt based SHA256 hash generation to prevent it from being cracked easily using precomputed hash tables such as Rainbow Crack. In such cases, 'SHA256 Salted Hash Kracker' will help you to recover your lost password from salted SHA256 hash.

It uses dictionary based cracking method which makes the cracking operation simple and easier. By default small dictionary file is included but you can find good collection of password dictionaries (also called wordlist) here & here.

Though it supports only Dictinary Crack method, you can easily use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with 'SHA256 Salted Hash Kracker'.

It also allow you to specify the salt position either in the beginning of password [ sha256(salt+password)] or at the end of the password [sha256(password+salt)]. In case you want to perform normal SHA256 hash cracking without the salt then just leave the Salt field blank.

It works on both 32-bit & 64-bit Windows platforms starting from Windows XP to Windows 8.

Download SHA256 Salted Hash Kracker

[WS_FTP Password Decryptor] Recover FTP login passwords stored by WS_FTP

WS_FTP Password Decryptor is the FREE software to instantly recover FTP login passwords stored by WS_FTP - one of the popular FTP client application.

WS_FTP stores the password for all the past FTP sessions in the "ws_ftp.ini" file so that user don't have to enter it every time. WS_FTP Password Decryptor makes it easy to quickly scan & decrypt all these encrypted FTP login passwords. 

It presents both GUI as well as command line interface which will be useful for Penetration Testers & Forensic investigators.  You can either use it to automatically recover the stored passwords from local system or recover passwords from remote machine by manually feeding WS_FTP "ws_ftp.ini" file.

It works on most of the Windows platforms starting from Windows XP to latest operating system, Windows 8.

Features

Here are main features of WS_FTP Password Decryptor

Instantly scan and recover all stored FTP login passwords from WS_FTP.  Comes with both GUI interface & Command-line version.  Useful for Penetration testers as well as Forensic investigators.  Recover WS_FTP passwords from local as well as remote system.  Save the recovered password list to HTML file for transferring to other system or for future use.  Easier and faster to use with its enhanced user friendly GUI interface.  Support for local Installation and uninstallation of the software.

Screenshots

Here are the screenshots of WS_FTPPasswordDecryptor

Screenshot 1:WS_FTP Password Decryptor is showing the recovered ftp login passwords. Passwords are not shown being sensitive data, you can turn on by clicking on 'Show Password' button below.

Screenshot 2:  Command line usage of WS_FTPPasswordDecryptor showing various examples.

Screenshot 3:  Exported list of of recovered ftp login passwords by WS_FTPPasswordDecryptor in HTML format.

FREE Download WS_FTP Password Decryptor v1.5    License  : Freeware Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

[Fcrackzip] Romper Contraseñas de archivos *.zip

La utilidad de este programa es mas bien simple, se basa en atackes con diccionario o con fuerza bruta para obtener la clave de un archivo .zip . Es muy parecido en uso y funcion a crark, asi que si habeis usado este no nos estrañara mucho la forma de usarlo.

Para compilarlo desde los repositorios seria:

sudo apt-get install fcrackzip
o lo podemos descargar y compilar desde AQUI .

Y ahora intentare detallar el modo de uso y las opciones disponibles que nos ofrece este programa:

fcrackzip [-bDBchVvplum2] [--brute-force] [--dictionary] [--benchmark] [--charset characterset] [--help] [--validate] [--verbose] [--init-password string/path] [--length min-max] [--use-unzip] [--method name] [--modulo r/m] file…

Opciones:

-H , -help : Imprime el numero de version y (con suerte) algunas ideas utiles -V , -verbose : hace el programa mas detallado.
-B , -brute-force : Utiliza la fuerza bruta con los parametros que detallemos. -D , -dictionary : leera un diccionario seleccionado por nosotros el cual solo puede contener una palabra por linea.
-C , -charset -charset-set-specification : selecciona los caracteres a usar en un ataque de fuerza bruta

- a - incluira todas las letras en minusculas [abc...]
- A - incluira todas las letras en mayusculas [ABC...]
- 1 - usara solamente numeros [ 1234567890 ]
- ! - usara solo caracteres especiales [ !:$%&/()=?[]+*~# ]
- : - tendra en cuenta los caracteres que especifiquemos siempre y cuando no sean binarios null (al menos bajo unix).

Por ejemplo, a1: $% selecciona los caracteres en minúsculas, dígitos, el dólar y el signo de porcentaje

- P , -init-password string - permite seleccionar el inicio de la contraseña (en el caso en que lo sepamos) tanto en modo de fuerza bruta como en modo de diccionario.
- L , -length min[-max] : Indicamos la longitud de la contraseña o desde cuantos cararteres tiene que empezar y en cuantos terminar.
- U , --use-unzip : esta opcion intenta descomprimir el archivo al encontrar la contraseña para evitar falsos positivos.
- M , --method name : Usa el metodo numero "nombre" en lugar del metodo predeterminado, puedes usar --help para ver los metodos disponibles.
- 2 , --modulo r/m : calcula solo el r/m de la clave. - B , --benchmark : poner una pequeña referencia.
- V , --validate : hacer comprobaciones sobre el archivo.

Unos ejemplos:fcrackzip-ca-p sample.zip aaaaaa
- selecciona la longitud y que use los carateres en minusculas
fcrackzip --method cpmask --charset A --init AAAA test.ppm
- comprueba test.pmm para cuatro caracteres. -TP fcrackzip -D -p passwords.txt sample.zip verifica cada contraseña que se encuentre en el archivo password.txt

Este programa promete ser rapido pero no especifica que equipo minimo hace falta para ello asi que espero que os valla bien.

[Fuente]

[DroidSheep] Aplicación de Android para hackear contraseñas en red WIFI

Si usted no sabe una de estas herramientas, voy a tratar de explicar lo que es DroidSheep.

Tal vez conozcas a Bob. Bob es una persona muy conocida y Bob le gusta el café. Cada mañana, se lleva su computadora portátil y una visita los famosos bares de café verde, tiene un “grande latte de vainilla” y escribe mensajes a sus amigos de Facebook. Para hacer esto, Bob utiliza las barras de café WiFi – porque es gratis y rápido.

Una mañana, Bob está escribiendo un mensaje a su novia, Eva entra en la cafetería. Eva tiene un teléfono con Android y Eva utiliza DroidSheep. Después de pedir un “caramelo macchiato venti”, Eva se sienta, toma su teléfono y empieza a navegar por Facebook. Usando la identidad de Bob. Se puede ver a sus amigos. Leer sus mensajes. Escribir mensajes. Escribe artículos de la pared. Quitar amigos. Eliminar cuenta Bobs. Sin entrar nunca en contacto con Bob.

¿Qué pasó?

Cuando Bob está utilizando el WiFi, el portátil envía todos los datos destinados a ser recibidos por facebook, a través del aire con el router inalámbrico de café bares. Como “over the air” significa “captureable por todo el mundo”, Eva (o su teléfono) se pueden leer todos los datos enviados por Bob. Ya que algunos datos son encriptados antes de ser enviado, no sabe leer Bobs contraseña de Facebook, pero para no hacer Bob ingresar su contraseña después de cada clic, facebook envía a Bob un así llamado “session id” después de iniciar la sesión, que Bob envía con cada interacción , haciendo posible que Facebook para identificar a Bob. Por lo general, sólo Bob sabe id, como él lo recibe codificado. Pero cuando Bob utiliza las barras de café, WiFi, extiende sus identificador de sesión en el aire a todo el mundo. Así que Eva tiene este identificador de sesión y la utiliza como la suya – y Facebook no puede determinar, si Bob y Eva usa este identificador.

DroidSheep hace que sea fácil de usar para todos. Simplemente comienza a DroidSheep, haga clic en el botón de inicio y esperar a que alguien usa uno de los sitios web compatibles. Saltando en su sesión sólo necesita un clic más. Eso es todo.

Es necesario un dispositivo con Android, ejecutar al menos la versión 2.1 de Android

• - Es necesario ser root. 
• - Es necesario DroidSheep 

Bueno eso es todo les dejo el link de descarga y un pequeño tutorial, comenten y dejenme ps puntitos.
Link del .apk
http://www.mediafire.com/?eb15h5pxb03mfyq

VIDEO TUTORIAL

[Fuente]

Windows Autologin Password Dumper & Manager

Windows Autologin Password is the free command-line tool to quickly dump and manage the Windows Automatic Logon Password.

Automatic Logon is one of the useful feature in Windows which allows you to login to system automatically without entering the password everytime. This tool helps you to easily dump the current Autologon password as well as quickly change the Autologon settings with just one command.
Here is the complete list of things that you can do with it,

• Dump the Windows Auto Logon User & Password
• Enable the Windows Auto Logon
• Specify your Username & Password for Windows Auto Logon.
• Disable the Windows Auto Logon
  

Once you set the Auto Logon username & password, you have to restart and next time you will be logged in automatically.
It is simple & easy to use tool. Also being a command-line based tool makes it perfect for automation.

'Windows Autologin Password' works on both both 32 bit & 64 bit versions and tested successfully on all Windows Platforms starting from Windows XP to latest version, Windows 8.        

Web: http://securityxploded.com/windows-autologin-password.php
Download  [Windows Autologin Password Dumper & Manager]