Ntlm Hash Cracker

Passwords are the most commonly used method for user authentication. Passwords are so popular because the logic behind them makes sense to people and they’re relatively easy for developers to implement.

However, passwords can also introduce security vulnerabilities. Password crackers are designed to take credential data stolen in a data breach or other hack and extract passwords from it.

What is password cracking?

The acclaimed Brutalis ™ password cracking appliance by Terahash ® is an 8-GPU monster clawing its way through hashes at unprecedented speeds. The Brutalis ™ is often referred to as the 'gold standard' for password cracking. It crack hashes with rainbow tables. Rainbow table generation, sort, merge, conversion and lookup; Rainbow table of LM, NTLM, MD5, SHA1, SHA256 and customizable hash algorithms; Rainbow table of customizable charset; GPU acceleration with AMD GPUs (OpenCL technology) GPU acceleration with NVIDIA GPUs (CUDA technology).

A well-designed password-based authentication system doesn’t store a user’s actual password. This would make it far too easy for a hacker or a malicious insider to gain access to all of the user accounts on the system.

Instead, authentication systems store a password hash, which is the result of sending the password — and a random value called a salt — through a hash function. Hash functions are designed to be one-way, meaning that it is very difficult to determine the input that produces a given output. Since hash functions are also deterministic (meaning that the same input produces the same output), comparing two password hashes (the stored one and the hash of the password provided by a user) is almost as good as comparing the real passwords.

Password cracking refers to the process of extracting passwords from the associated password hash. This can be accomplished in a few different ways:

  • Dictionary attack: Most people use weak and common passwords. Taking a list of words and adding a few permutations — like substituting $ for s — enables a password cracker to learn a lot of passwords very quickly.
  • Brute-force guessing attack: There are only so many potential passwords of a given length. While slow, a brute-force attack (trying all possible password combinations) guarantees that an attacker will crack the password eventually.
  • Hybrid attack: A hybrid attack mixes these two techniques. It starts by checking to see if a password can be cracked using a dictionary attack, then moves on to a brute-force attack if it is unsuccessful.

Most password-cracking or password finder tools enable a hacker to perform any of these types of attacks. This post describes some of the most commonly used password-cracking tools.

1. Hashcat

Hashcat is one of the most popular and widely used password crackers in existence. It is available on every operating system and supports over 300 different types of hashes.

Hashcat enables highly-parallelized password cracking with the ability to crack multiple different passwords on multiple different devices at the same time and the ability to support a distributed hash-cracking system via overlays. Cracking is optimized with integrated performance tuning and temperature monitoring.

Download Hashcat here.

2. John the Ripper

John the Ripper is a well-known free open-source password cracking tool for Linux, Unix and Mac OS X. A Windows version is also available.

John the Ripper offers password cracking for a variety of different password types. It goes beyond OS passwords to include common web apps (like WordPress), compressed archives, document files (Microsoft Office files, PDFs and so on), and more.

A pro version of the tool is also available, which offers better features and native packages for target operating systems. You can also download Openwall GNU/*/Linux that comes with John the Ripper.

Download John the Ripper here.

3. Brutus

Brutus is one of the most popular remote online password-cracking tools. It claims to be the fastest and most flexible password cracking tool. This tool is free and is only available for Windows systems. It was released back in October 2000.

Brutus supports a number of different authentication types, including:

  • HTTP (basic authentication)
  • HTTP (HTML Form/CGI)
  • POP3
  • FTP
  • SMB
  • Telnet
  • IMAP
  • NNTP
  • NetBus
  • Custom protocols

It is also capable of supporting multi-stage authentication protocols and can attack up to sixty different targets in parallel. It also offers the ability to pause, resume and import an attack.

Brutus has not been updated for several years. However, its support for a wide variety of authentication protocols and ability to add custom modules make it a popular tool for online password cracking attacks.

Get the Brutus password finder online here.

4. Wfuzz

Wfuzz is a web application password-cracking tool like Brutus that tries to crack passwords via a brute-force guessing attack. It can also be used to find hidden resources like directories, servlets and scripts. Wfuzz can also identify injection vulnerabilities within an application such as SQL injection, XSS injection and LDAP injection.

Key features of the Wfuzz password-cracking tool include:

  • Injection at multiple points in multiple directories
  • Output in colored HTML
  • Post, headers and authentication data brute-forcing
  • Proxy and SOCK support, multiple proxy support
  • Multi-threading
  • HTTP password brute-force via GET or POST requests
  • Time delay between requests
  • Cookie fuzzing

5. THC Hydra

THC Hydra is an online password-cracking tool that attempts to determine user credentials via brute-force password guessing attack. It is available for Windows, Linux, Free BSD, Solaris and OS X.

THC Hydra is extensible with the ability to easily install new modules. It also supports a number of network protocols, including Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Download THC Hydra here.

If you are a developer, you can also contribute to the tool’s development.

6. Medusa

Medusa is an online password-cracking tool similar to THC Hydra. It claims to be a speedy parallel, modular and login brute-forcing tool. It supports HTTP, FTP, CVS, AFP, IMAP, MS SQL, MYSQL, NCP, NNTP, POP3, PostgreSQL, pcAnywhere, rlogin, SMB, rsh, SMTP, SNMP, SSH, SVN, VNC, VmAuthd and Telnet.

Medusa is a command-line tool, so some level of command-line knowledge is necessary to use it. Password-cracking speed depends on network connectivity. On a local system, it can test 2,000 passwords per minute.

Medusa also supports parallelized attacks. In addition to a wordlist of passwords to try, it is also possible to define a list of usernames or email addresses to test during an attack.

Read more about this here.

Download Medusa here.

7. RainbowCrack

All password-cracking is subject to a time-memory tradeoff. If an attacker has precomputed a table of password/hash pairs and stored them as a “rainbow table,” then the password-cracking process is simplified to a table lookup. This threat is why passwords are now salted: adding a unique, random value to every password before hashing it means that the number of rainbow tables required is much larger.

RainbowCrack is a password cracking tool designed to work using rainbow tables. It is possible to generate custom rainbow tables or take advantage of preexisting ones downloaded from the internet. RainbowCrack offers free downloads of rainbow tables for the LANMAN, NTLM, MD5 and SHA1 password systems.

Download rainbow tables here.

A few paid rainbow tables are also available, which you can buy from here.

This tool is available for both Windows and Linux systems.

Download RainbowCrack here.

8. OphCrack

OphCrack is a free rainbow table-based password cracking tool for Windows. It is the most popular Windows password cracking tool but can also be used on Linux and Mac systems. It cracks LM and NTLM hashes. For cracking Windows XP, Vista and Windows 7, free rainbow tables are also available.

A live CD of OphCrack is also available to simplify the cracking. One can use the Live CD of OphCrack to crack Windows-based passwords. This tool is available for free.

Download OphCrack here.

Download free and premium rainbow tables for OphCrack here.

9. L0phtCrack

L0phtCrack is an alternative to OphCrack. It attempts to crack Windows passwords from hashes. For cracking passwords, it uses Windows workstations, network servers, primary domain controllers and Active Directory. It also uses dictionary and brute-force attacks for generating and guessing passwords. It was acquired by Symantec and discontinued in 2006. Later, L0pht developers again reacquired it and launched L0phtCrack in 2009.

HashNtlm hash cracker online

L0phtCrack also comes with the ability to scan routine password security scans. One can set daily, weekly or monthly audits, and it will start scanning at the scheduled time.

Learn about L0phtCrack here.

10. Aircrack-ng

Aircrack-ng is a Wi-Fi password-cracking tool that can crack WEP or WPA/WPA2 PSK passwords. It analyzes wireless encrypted packets and then tries to crack passwords via the dictionary attacks and the PTW, FMS and other cracking algorithms. It is available for Linux and Windows systems. A live CD of Aircrack is also available.

Aircrack-ng tutorials are available here.

Download Aircrack-ng here.

How to create a password that’s hard to crack

In this post, we have listed 10 password-cracking tools. These tools try to crack passwords with different password-cracking algorithms. Most of the password cracking tools are available for free. So, you should always try to have a strong password that is hard to crack. These are a few tips you can try while creating a password.

  • The longer the password, the harder it is to crack: Password length is the most important factor. The complexity of a brute force password guessing attack grows exponentially with the length of the password. A random seven-character password can be cracked in minutes, while a ten-character one takes hundreds of years.
  • Always use a combination of characters, numbers and special characters: Using a variety of characters also makes brute-force password-guessing more difficult, since it means that crackers need to try a wider variety of options for each character of the password. Incorporate numbers and special characters and not just at the end of the password or as a letter substitution (like @ for a).
  • Variety in passwords: Credential stuffing attacks use bots to test if passwords stolen from one online account are also used for other accounts. A data breach at a tiny company could compromise a bank account if the same credentials are used. Use a long, random, and unique password for all online accounts.

What to avoid while selecting your password

Cybercriminals and password cracker developers know all of the “clever” tricks that people use to create their passwords. A few common password mistakes that should be avoided include:

  1. Using a dictionary word: Dictionary attacks are designed to test every word in the dictionary (and common permutations) in seconds.
  2. Using personal information: A pet’s name, relative’s name, birthplace, favorite sport and so on are all dictionary words. Even if they weren’t, tools exist to grab this information from social media and build a wordlist from it for an attack.
  3. Using patterns: Passwords like 1111111, 12345678, qwerty and asdfgh are some of the most commonly used ones in existence. They’re also included in every password cracker’s wordlist.
  4. Using character substitutions: Character substitutions like 4 for A and $ for S are well-known. Dictionary attacks test for these substitutions automatically.
  5. Using numbers and special characters only at the end: Most people put their required numbers and special characters at the end of the password. These patterns are built into password crackers.
  6. Using common passwords: Every year, companies like Splashdata publish lists of the most commonly used passwords. They create these lists by cracking breached passwords, just like an attacker would. Never use the passwords on these lists or anything like them.
  7. Using anything but a random password: Passwords should be long, random, and unique. Use a password manager to securely generate and store passwords for online accounts.

Conclusion

Password-cracking tools are designed to take the password hashes leaked during a data breach or stolen using an attack and extract the original passwords from them. They accomplish this by taking advantage of the use of weak passwords or by trying every potential password of a given length.

Password finders can be used for a variety of different purposes, not all of them bad. While they’re commonly used by cybercriminals, security teams can also use them to audit the strength of their users’ passwords and assess the risk of weak passwords to the organization.

In part 1 we looked how to dump the password hashes from a Domain Controller using NtdsAudit. Now we need to crack the hashes to get the clear-text passwords.

Hash Types

First a quick introduction about how Windows stores passwords in the NTDS.dit (or local SAM) files. If you’re not interested in the background, feel free to skip this section. Windows stores passwords using two different hashing algorithms – LM (Lan Manager) and NTLM (NT Lan Manager).

LM Hashes

The LM hashing algorithm is very old, and is considered very insecure for a number of reasons. Firstly, it is case insensitive, with all letters being converted to uppercase, which greatly reduces the possible keyspace. Secondly, and more importantly, the algorithm pads the password to 14 characters, and then splits it into two 7 character strings, which are hashed separately (using DES). This means that cracking a 14 character password is twice as hard as cracking a 7 character password, rather than being billions of times harder as it would be with an algorithm that did not split the passwords. These, and the fact that the LM algorithm is relatively fast and does not use salts, means that almost any LM hash can be cracked using brute-force or rainbow table attacks in a matter of hours (often minutes or seconds), on commodity hardware. Windows stored both LM and NTLM hashes by default until Windows Vista/Server 2008, from which point only NTLM hashes were stored (along with the empty LM hash AAD3B435B51404EEAAD3B435B51404EE). This means that in a modern environment there should only be LM hashes stored on local systems, but Active Directory makes this a bit more complicated. If the Active Directory domain was created before this change was implemented (on Server 2003 or before), it will still store LM hashes, unless a specific Group Policy setting is configured to prevent the storage of LM hashes. However, configuring this policy does not remove existing LM hashes. Any LM hashes already present will remain until the password for that account is changed. This means that in many domains, there are a small number of accounts that still have LM hashes, which are usually accounts that haven’t had password changes in a number of years (and are quite often privileged or service accounts).

NTLM Hashes

In Windows NT Microsoft introduced the newer NTLM hashes type, which is essentially the MD4 algorithm (so would not be considered secure by modern standards). NTLM fixed the main two problems with LM hashes (case sensitivity and splitting passwords), so in a major improvement in those respects. However, it lacks many of the features of modern hashing algorithms such as Bcrypt or PBKDF2, such as being slow, salting and GPU/FPGA/ASIC resistant.

Tools

There are lots of different tools you can use to crack the password hashes – to some extent it comes down to personal preference. Three of the main ones that people use for AD passwords are Cain and John the Ripper (my personal preference), and Hashcat.

Cain & Abel

Cain & Abel is a Windows-based tool with a host of useful features, including a password cracker. Lots of antivirus products incorrectly flag it as malware (mostly due to the Abel component, which can be remotely installed to sniff packets and dump passwords), so your AV may not be happy with you downloading or installing it.

Usage

Cracking passwords with Cain is fairly straightforward. Under the “Cracker” tab, choose “LM & NTLM Hashes” in the bar on the left. You can then right click -> add to list, and import the hashes your pwdump.txt file. Once the hashes are imported, you can select all, right click, and choose one of the cracking options. For each mode you can choose whether to try and crack the LM hashes or NTLM hashes. Cain has three main modes:

Brute Force

Does exactly what it says. It’s single threaded and CPU only, so brute-forcing anything more than 5 characters is unlikely to complete in a reasonable amount of time. However it can be very useful for getting the second half of LM hashes (for example, PASSWORD123 would be stored as two hashes, “PASSWOR” and “D123”). Dictionary Attack Uses a provided wordlist and optionally some permutations. The default Cain wordlist is about 3MB and isn’t bad, but you can get much bigger and better ones online. The “rockyou” wordlist (from the leaked password database of the rockyou website) is a popular choice. The permutations provide a number of options, such as appending numbers of changing the case of the password, however they’re fairly limited and can’t be combined. This is the biggest problem with Cain for password cracking – there’s no rule to capitalise the first letter and append a number, which is what most people do. Because of this, you’ll have much better success with Cain if your wordlist has the first letter capitalised on all the words that if it’s entirely lowercase (which Cain’s default one is). Cryptanalysis Attack (Rainbow Tables) Very effective against LM hashes with either the previously mentioned Ophcrack table, or other larger tables you can get. It’s normally a good idea to break very weak passwords with a simple dictionary attack and short (5 character) bruteforce attack first, then let the Rainbow Tables pick up the rest.

Strengths

The biggest benefit of Cain is that it supports the use of Rainbow Tables for cracking hashes. I won’t go into Rainbow Tables in detail here, but essentially they allow precomputation of password hashes to greatly speed up the cracking process. In practical terms, you can download some (fairly large) tables, and use them to quickly crack hashes. They don’t work very well for longer passwords (unless you have terabytes of fast storage), but for shorter passwords they’re extremely effective. Since LM hashes are a maximum of 7 characters long (due to the way the passwords are split), they’re the perfect target for Rainbow Tables. The “XP free fast” tables from Ophcrack are about 700MB, and will crack most LM hashes in a matter of seconds.

Ntlm Hash Cracker Download

Weaknesses

The bruteforce and dictionary modes that Cain provides are fairly limited, and it doesn’t really provide any customisation. The project is also pretty much abandoned, so it’s unlikely there will any new features added in the future. It also only runs on Windows, and is single threaded, so it’s a lot slower than the alternatives. Finally, it doesn’t scale too well to large pwdump files – thousands of users (especially with history) will make it quite unresponsive. It’s good for cracking the LM hashes with Rainbow Tables, or as a basic GUI tool, but beyond that you’re better off using a tools that’s specifically designed for password cracking.

John the Ripper

John the Ripper was originally designed to crack Unix passwords, but now runs on pretty much everything and cracks pretty much any kind of password. The original version is maintained by Openwall who provide the source code and prebuilt Windows binaries. However, there’s a fork (known as the Jumbo version) on GitHub which provides better performance, more hash types, and new attack modes. This is the version that ships in Kali, and I’d highly recommend using it over the original version. There’s also a GUI for it called Johnny, but I’ve never really used this, so can’t comment on it. John stores cracked passwords in a pot file (the default is “john.pot”), and it’s main configuration file is “john.conf” (which will probably be in /etc/john/ on Linux). There are a lot of command line options and further options in the configuration file.

Usage

Ntlm Hash Crack Hashcat

At the simplest level, you can just point john at a pwdump file, tell it what type of hashes you want it to crack (NTLM) and let it go:

This will perform a number of different attacks (single mode, wordlist mode and incremental mode), but it’s not really the best way to use john. Once it’s finished (although this mode will never finish, so you’ll have to kill it with ctrl+c), you can display the cracked passwords with the show option:

Single Mode Single mode uses information from the pwdump file to try and crack passwords (such as the usernames), as well as some common default passwords and patterns. It’ll probably only take a few minutes (at most) to run and will pick up a decent number of very weak passwords, so it’s usually a good starting point:

Wordlist Mode At the basic level, this is a dictionary attack with a provided wordlist:

Rules However where John starts to shine is the use of password cracking rules. This are similar to the permutations in Cain, but all you a lot more flexibility. A small dictionary with a good set of rules will crack a huge number of passwords, so it really comes down to the quality of the rules you have. Unfortunately the default rules that ship with John are over 15 years old, so aren’t very effective in the days of password complexity. You can try out the default rules with a wordlist:

It should crack a lot more passwords that just the wordlist with no rules, but adding our own rules will make things much better. You can define custom rules in the “john.conf” file. The default rules are defined in the following section:

You can overwrite this section, add your rules here, or create your own rules section. The following rules do some very basic changes (capitalising words, adding 123 or the year, etc). They’re fairly simple and quick to run, but will crack a lot of very weak passwords.

Once these are saved in the configuration file, we can use them by specifying the new “simple” rule set:

The syntax for rules isn’t too complex when you get your head around it, and you can read up the details here if you want to make your own rules. KoreLogic also have a popular set of rules published (although there’s lots of them, so they’ll take a very long time to run). Incremental (bruteforce) Incremental mode is john’s version of a bruteforce attack. Like a normal bruteforce it’ll probably never finish, but it works more intelligently than Cain’s mode. Rather than a simple a-z, it uses an intelligent order based on the most common patterns that occur in passwords. The default charset (where it stores that information) is old, so doesn’t work well, but you can create your own. Once you’ve cracked some passwords, you can create a charset based on those with the following command:

You can then define this charset in John’s configuration file:

And then perform the attack:

Loopback Mode Loopback mode uses all of the previous cracked passwords (from John’s pot) and tries to crack other passwords based on those by permutations (for example changing the number on the end, adding symbols, etc). It’s very effective once you’ve cracked a number of passwords and want to find people who are changing their passwords using weak methods (such as incrementing the number of the end each time they change it).

Other Modes There are lots of other modes in john, some of which are really good at cracking more complex passwords (PRINCE), or passwords based on previously seen patterns (markov and mask). You can also apply rules to these other modes and do other interesting things that there isn’t really time to go into here, but there’s plenty of information online about them.

Strengths

John gives you a great deal of customisation, and supports a lot of different cracking modes and hash types. You can also chain together different modes (such as a combined wordlist and mask attack, or applying rules to a PRINCE attack). It can comfortably handle large (multi GB) wordlists and pwdump files (hundreds of thousands of users). Because John has been around for so long there are lots of other tools that are designed to work with it (and its output).

Ntlm Hash Cracker Kali

Weaknesses

Ntlm Hash Cracker

Although there’s some basic GPU support in the OpenCL builds, it’s not as good as Hashcat’s support (which was very much built with GPU in mind, rather than it being added on decades later). The commandline options can also be a bit finicky, and John can be fussy about the format of some hashes (not usually an issue with pwdump files, but it can be hard to get it to recognise other types).

Hashcat

Hash Cracker Online

Hashcat provides much of the same functionality as John (since they’re both open source they merge features from each other), but is built around using the GPU rather than the CPU for cracking. If you have a GPU it will be orders of magnitude faster for most hash types than just using the CPU, so if you’re looking to do password cracking on a system that has GPU(s) then I’d recommend looking into Hashcat. I’ve not used it a huge amount, and some of the syntax is awkward (especially the hash types), so I’m not going to go into detailed usage here, but there are plenty of guides you can find online. If you’re trying to crack as many complex passwords as possible, Hashcat with a decent GPU rig will probably be the best way to go, but if you just want weak passwords, GPUs are probably overkill.

Password Analysis

Part 3 of this series explores some of the different tools and techniques that can be used to obtain useful metrics from cracked password hashes in order to determine improvements to a password policy.

Conclusion

There are lots of different tools and methods you can use for cracking passwords, including plenty that haven’t been touched on at all in this article. Although it’s interesting (and fun) to try and crack as many passwords as you can, really the objective in most cases (certainly for internal auditing) is to identify the weakest passwords, so unless you have other objectives, it’s not worth investing too much time in all the more sophisticated cracking techniques – especially when there are dozens of accounts out there with Password1. In the next post we’ll look at analysing the results of the password cracking and see what useful information and patterns we can identify there.