Password-cracking tools allow you to reset unknown or lost Windows local administrator, domain administrator, and other user account passwords. In the case of forgotten passwords, it even allows users instant access to their locked computer without reinstalling Windows. Attackers can use password-cracking tools to crack the passwords of the target system. This section discusses some of the popular password cracking tools.
L0phtCrack
Source: https://www.l0phtcrack.com
L0phtCrack is a tool designed to audit passwords and recover applications. It recovers lost Microsoft Windows passwords with the help of a dictionary, hybrid, rainbow table, and brute-force attacks, and it also checks the strength of the password.
As shown in the screenshot, attackers use L0phtCrack to crack the password of the target to gain access to the system.
Figure 4.9: Screenshot of L0phtCrack
ophcrack
Source: https://ophcrack.sourceforge.io
ophcrack is a Windows password-cracking tool that uses rainbow tables for cracking passwords. It comes with a graphical user interface (GUI) and runs on different OSs such as Windows, Linux/UNIX, etc.
As shown in the screenshot, attackers use ophcrack to perform brute-force attacks and crack password hashes of the target system.
Figure 4.10: Screenshot of ophcrack
RainbowCrack
Source: http://project-rainbowcrack.com
RainbowCrack cracks hashes with rainbow tables, using a time–memory trade-off algorithm. A traditional brute-force cracker cracks hash in a manner that is different from that followed by a time–memory-tradeoff hash cracker. The brute-force hash cracker tries all possible plaintexts one after the other during cracking. In contrast, RainbowCrack pre-computes all the possible plaintext hash pairs in the selected hash algorithm, charset, and plaintext length in advance and stores them in a “rainbow table” file. It may take a long time to pre-compute the tables, but once the pre-computation is finished, it is possible to easily and quickly crack the ciphertext in the rainbow tables.
As shown in the screenshot, attackers use RainbowCrack to crack the password hashes of the target system.
Figure 4.11: Screenshot of RainbowCrack
Some password-cracking tools are listed as follows:
John the Ripper (https://www.openwall.com)
hashcat (https://hashcat.net)
THC-Hydra (https://github.com)
Medusa (http://foofus.net)