ELCOMSOFT.COM » Proactive System Password Recovery

Bruteforce attack

Top  Previous  Next

If you have completed a dictionary attack, but the password still has not been recovered, you have to follow-up with a brute-force attack. In this attack, the program tries to guess your password by trying every single combination of characters until your password is found. For example, the program might follow a sequence like this:







until the password is found. Obviously, this method will take time: for an eight-character alphabetic password there are 200 Billion combinations to be checked. But with modern computers this sort of attack doesn't take as long as you might think.


The brute force attack is the slowest method of password attack, but can often be successful on short and simple passwords.


Select the full path to your PWL file, as well as login name. The other options follow:


Character set


Instructs the program what characters have been used in the password. You can choose from all capital letters, all capital OEM letters (according to current code page), all digits, all special symbols and the space. The special characters are:




Charset string (which is being filled with the characters according to your selections) can be edited, e.g., you can add or remove any characters there. For example, if you remember that your password was entered in the bottom keyboard row ("zxcv...") - your password range should be "zxcvbnm,./" (or in caps: "ZXCVBNM<>?"). You can also define both of these: "zxcvbnm,./ZXCVBNM<>?".


Start from and End at


When you start the brute-force attack from scratch, these fields should be either empty, or selected according to the desired minimum and maximum password length. It is NOT recommended that you edit these fields manually: instead, use the >  buttons to select the length, and they will be filled automatically.  This minimizes the chances that some combinations could be skipped.


CPU type


Select from Intel PII/PIII/Celeron and AMD Athlon, depending on your processor. If you are not sure or your processor is not in the list, you can try both, and stay with the option that gives you better performance.


When all the options have been selected (there are also a few others, see Attacks options), press the Start button to run the attack. When/if the proper password is found, PSPR will decrypt the PWL file and show all information extracted from it. During the attack, current password and recovery speed is shown.

Get more information about Proactive System Password Recovery
Get full version of Proactive System Password Recovery

(c) 2014 ElcomSoft Co.Ltd.