(1) Crunch
Tool to bruteforce keyspace
$: crunch 7 7 AB
Bruteforces all 7 character passwords composed of only the characters A and B
(2) ceWL
Tool to map a website and pull potentially interesting words to add to a wordlist
$: cewl -w [words].txt -d 1 -m 5 http://www.[website].com
Depth 1
Minimum length of word is 5 characters
(3) Hydra
Online password cracking tool
$: hydra -L userlist.txt -P passwordfile.txt 192.168.20.10 pop3
Offline Password Attacks
We got access to a backup of the SAM and SYSTEM files with the directory traversal vulnerability.
You can also get access to these files with physical access unless they have a BIOS password in place.
$: bkhive system xpkey.txt
$: samdump2 sam xpkey.txt
(2) John the Ripper
$: john xphashes.txt johnlinuxpasswords.txt –wordlist=passwordfile.txt
(3) oclHashcat
Can use GPUs to crack faster
Online Password Cracking
http://tools.question-defense.com
http://cloudcracker.com
Windows Credential Editor
Tool to pull plaintext passwords etc out of the memory of the LSASS process
*Have to drop the binary onto the system
wce.exe -w
Reverse Engineering, Malware Deep Insight 