Password cracking methods

 

<< Click to Display Table of Contents >>

Navigation:  System and Data Recovery Programs > Proactive Password Auditor > How to work with the program > Password cracking >

Password cracking methods

 

PPA supports different methods of password recovery: Dictionary attack, Brute-force attack and Rainbow attack (see further chapters for details). Once you select the desired method, the second tab in the main window is modified, reflecting the options that are appropriate for the selected method.

 

Also, you have to select LM attack or NTLM attack, depending on the authentication method used, i.e., the types of password hashes available. Once the password hashes are obtained, the Hash type field shows either LM+NTLM (which means that both LM and NTLM hashes are present), or NTLM (if LM hash is not available); see About Windows passwords for explanation.

 

If some users are listed with a LM+NTLM hash type, it is recommended to start with the LM attack. Both attacks run at about the same speed, but as already noted, an effective password length for LM hash is limited to 7 characters, and LM passwords are always in uppercase. So you can complete the LM attack for all 14-character passwords in reasonable time from several minutes to several hours, depending on the selected character set and the speed of your CPU.

 

For all users with NTLM hash, however, you will still have to run the NTLM attack.

 

Please note that you can perform the attack simultaneously on multiple users. Because of the weak implementation of password hashing (no salt), it takes almost the same time to try the same password for one user, 100 users, or 10,000 users. Select all users that have the same hash type (LM or LM+NTLM) for the most efficient attack. To select user accounts for recovery, put check marks at the left of the user names; you can also use the context menu for easier selection, or hot keys: Ctrl+A to select all users, Ctrl-U to clear selection.

 

Once the passwords are recovered, the accounts with known/recovered (or empty) passwords are shown in red, and the Audit time column shows the total time spent on that account/password.