Password cracking methods
|Previous Top Next|
The program supports different methods of password recovery: Dictionary attack, Brute-force attack and Rainbow attack (see further chapters for details). Once you select the desired method, the second tab in the main window is modified, reflecting the options that are appropriate for the selected method.
Also, you have to select LM attack or NTLM attack, depending on the authentication method used, i.e., the types of password hashes available. Once the password hashes are obtained, the Hash type field shows either LM+NTLM (which means that both LM and NTLM hashes are present), or NTLM (if LM hash is not available); see About Windows passwords for explanation.
If most (or even some) users are listed with LM+NTLM hash type, it is recommended to start with the LM attack. Actually, both attacks run at about the same speed (i.e., PPA can try about the same number of passwords per second), but as already noted, an effective password length for LM hash is just 7 characters, and besides, LM passwords are in uppercase. So you can complete a full LM attack (for all 14-character passwords) in a very reasonable time – from a few minutes and up to a few days, depending on the selected character set and the speed of your CPU.
For all users with NTLM hash, however, you will still have to run the NTLM attack.
Please also note that you can perform the attack on as many users as you want (simultaneously). Because of the weak implementation of password hashing (Windows does not add random characters to the password before calculating its hash), it takes almost the same time to try the same password for 2 users, or for 100 users, or even as many as 10,000 users. So for most effective attack, it is recommended to select all users that have the same hash type (LM or LM+NTLM). To select the user accounts for recovery, simply put the check marks at the left of desired user names; you can also use the context menu (on right mouse click) for easier selection, or hot keys: Ctrl+A to select all users, Ctrl-U to clear selection.
Once the passwords are recovered, the accounts with known/recovered (or empty) passwords are shown in a red color, and Audit time column shows the total time spent on that account/password.
Get more information about Proactive Password Auditor
Get full version of Proactive Password Auditor
(c) 2009 ElcomSoft Co.Ltd.