" Hashes passwords recovery, passwords storage and generation "
- From InsidePro
The range of hashes supported include: MySQL, MySQL5, DES(Unix), MD4, MD4(HMAC), MD5, MD5(HMAC), MD5(Unix), MD5(APR), SHA-1, SHA-1(HMAC), SHA-256, SHA-384, SHA-512, Domain Cached Credentials, Haval-128, Haval-160, Haval-192, Haval-224, Haval-256, Tiger-128, Tiger-160, Tiger-192, Whirlpool and others. The program also supports many complex hashes like md5($pass.$salt), md5($salt.$pass), md5(md5($pass)), md5(md5($pass).$salt), md5($salt.md5($pass)), md5($salt.$pass.$salt), sha1($username.$pass) and others.
The software's primary features include:
– 7 types of attacks for recovering passwords to hashes.
– Maximum number of hashes in the licensed version reaches 10 millions.
– Comfortable and quick handling of large hash lists.
– Recovery of passwords of up to 127-characters length long.
– Recovery of passwords for to incomplete hashes of any type.
– Recovery of passwords in Unicode.
– Support for third-party developer's hashing modules.
– Support for using plugins.
– Editing user hashes and other data.
– Adding hashes to the list from a text file using a dialog window or clipboard.
– Copying hashes and found passwords to clipboard.
– Exporting hashes to text or HTML file.
– Searchable list of users with hashes.
– Checking current password against all or selected users on the list.
– Verifying user hashes and their passwords.
– Automatic accumulation of found passwords in the file "PasswordsPro.dic".
– Sorting hash list.
– Exporting hashes with found passwords in the format common for the InsidePro Software forum.
– Support for the "hidden" operating mode – when the program doesn't appear on the taskbar.
Types of attacks supported by the software:
Preliminary Attack – this is a quick check of user hashes for matching to simple passwords like "123", "qwerty", "99999", etc., as well as to passwords found by the program earlier.
Brute Force Attack – this is the exhaustive search through all possible passwords in a certain range; e.g., "aaaaaa"..."zzzzzz".
Mask Attack – this attack is used when some information on the lost password is known. To use the attack, make sure to specify the mask for each character in the password to be recovered in the attack settings. For mask characters you can use the conventional characters for the standard or custom character sets – ?u, ?d, ?2, etc. (see the "Character Sets" tab in the program's settings).
Simple Dictionary Attack – during this attack, the program simply checks hashes against passwords in dictionaries.
Combined Dictionary Attack – during this attack, passwords are made of several words taken from different dictionaries. That allows to recover complex passwords like "superadmin", "admin*admin", etc.
Hybrid Dictionary Attack – this attack allows modifying passwords taken from dictionaries (for example, shift the password to upper case, append '1' to the end of the password, etc.) and validating them as user passwords. The actions performed over source passwords are called "rules", and the full list of those is available in the file "Rules.txt" in the software distributive.
Rainbow Attack – this attack attempts to recover passwords using the pre-calculated Rainbow tables.
Limitations in downloadable version
Data export for the "Password keeper" tool is unavailable. Maximal number of users to import working with "Hashes passwords recovery" tool is 20.
|