ELCOMSOFT.COM » Proactive System Password Recovery

NT hash options

Top Previous Next

Check short passwords: performs the fast brute-force attack on user's password hashes, using the character set you supply (press >>> button to set the character set and maximum password length, and get a benchmark to estimate the time that attack will be completed in). You can also enable the Fast check method option if LM authentication is being used.

Dictionary analysis: enables a simple dictionary attack on password hashes, using the dictionary you have set the full path to. To set the advanced dictionary options, press >>> button; here you can set the path to dictionary (wordlist) file location, Dictionary file is in OEM format option (if the given dictionary is in OEM codepage) and several SmartDic (Smart Dictionary) settings:

•	Case mutation

•	Digit mutation

•	Border mutation

•	Freak mutation

•	Abbreviation mutation

•	Order mutation

•	Vowels mutation

•	Strip mutation

•	Swap mutation

•	Duplicate mutation

•	Delimiter mutation

•	Year mutation

All those options allow to generate additional combinations from every word from the dictionary (by changing the case, adding prefix or suffix, swap letters etc), and so seriously increase the probability of finding the password, especially if it has been mistyped when entered. However, please note that if the dictionary is large, and/or the recovery speed is low, that will also increase the time to complete the attack, so you can use Maximize speed and Maximize efficiency for more convenience, Set all to defaults if you are not sure what options would be best (and change them later), or even Disable SmartDic completely.

The same dictionary options are available for all other features of PSPR where dictionary attack is applicable, except just the recovery of PWL passwords.

View only the recovered hashes: if enabled, PSPR will show only those user accounts (in the Recovered hashes page) for which it was able to recover the passwords (using simple attacks mentioned below), including those with empty passwords.

View password history hashes: if password history is enforced (ensuring that old passwords are not continually reused, see Microsoft documentation), then Windows saves the hashes of previous passwords, so PSPR can show (and analyze) them, too.

Look for passwords stored in Active Directory: when enabled, PSPR extracts password hashes not only from SAM database, but also from Active Directory database.

Don't analyze password hashes: force PSPR not to analyze password hashes using brute-force and/or dictionary attacks, just show them.

Get more information about Proactive System Password Recovery
Get full version of Proactive System Password Recovery

(c) 2014 ElcomSoft Co.Ltd.