You can try to crack your organization’s operating system and application passwords with various password‐cracking tools:
✓Brutus cracks logons for HTTP, FTP, telnet, and more.
✓Cain & Abel cracks LM and NT LanManager (NTLM) hashes, Windows RDP passwords, Cisco IOS and PIX hashes, VNC passwords, RADIUS hashes, and lots more. (Hashes are cryptographic representations of passwords.)
✓ElcomSoft Distributed Password Recovery cracks Windows, Microsoft Office, PGP, Adobe, iTunes, and numerous other passwords in a distributed fashion using up to 10,000 networked computers at one time. Plus, this tool uses the same graphics processing unit (GPU) video acceleration as the ElcomSoft Wireless Auditor tool, which allows for cracking speeds up to 50 times faster.
✓John the Ripper cracks hashed Linux/ UNIX and Windows passwords.
✓ophcrack cracks Windows user passwords using rainbow tables from a bootable CD. Rainbow tables are pre‐calculated password hashes that can help speed up the cracking process by comparing these hashes with the hashes obtained from the specific passwords being tested.
✓Proactive Password Auditor runs brute‐force, dictionary, and rainbow cracks against extracted LM and NTLM password hashes.
✓Proactive System Password Recovery recovers practically any locally stored Windows password, such as logon passwords, WEP/WPA passphrases, SYSKEY passwords, and RAS/dialup/VPN passwords.
✓pwdump3 extracts Windows password hashes from the SAM (Security Accounts Manager) database.
✓RainbowCrack cracks LanManager (LM) and MD5 hashes very quickly by using rainbow tables.
✓THC‐Hydra cracks logons for HTTP, FTP, IMAP, SMTP, VNC and many more.
Some of these tools require physical access to the systems you’re testing. You might be wondering what value that adds to password cracking. If a hacker can obtain physical access to your systems and password files, you have more than just basic information security problems to worry about, right? True, but this kind of access is entirely possible! What about a summer intern, a disgruntled employee, or an outside auditor with malicious intent? The mere risk of an unencrypted laptop being lost or stolen and falling into the hands of someone with ill intent should be reason enough.
NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.