Wikipedia describes THC-Hydra as “… software … that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services.” Its useful for doing quick tests against your servers to make sure that your users are not using simple passwords. In pen tester speak, this is called a brute-force attack.
Installing THC-Hydra on Ubuntu Intrepid Ibex can be a bit of a pain. Here is how I did it.
Whatever your reason for changing any users password, this simple howto will surely satisfy that need. The only way to prevent this currently is with full disk encryption. Here is how you change windows password within Ubuntu.(Other distro’s may have this nifty app in their repos as well)
nmap has -D option. It is called decoy scan. With -D option it appear to the remote host that the host(s) you specify as decoys are scanning the target network too. Thus their IDS might report 5-10 port scans from unique IP addresses, but they won’t know which IP was scanning them and which were innocent decoys. While this can be defeated through router path tracing, response-dropping, and other active mechanisms, it is generally an effective technique for hiding your IP address.
John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (11 architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL and others.
Method #2: Download the ophcrack live cd burn the iso to cd, boot your computer off the cd, and ophcrack should spend 5-15 minutes to crack the password.
Method #3: Cain and Abel Password Cracker (can be used over a network)
WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping. Wikipedia
Why, the hell, another zip cracker? fcrackzip isnt just any other file cracker, it is quiet old (born in 1998) and I believe the last version was from 2004. However it is simple mentioned for being the first open-sourced zip-cracker out there.
fcrackzip searches each zipfile given for encrypted files and tries to guess the password. All files must be encrypted with the same password, the more files you provide, the better.
FCrackZip is The Ultimate password cracker for zip archives fcrackzip is a fast password cracker partly written in assembler. It is able to crack password protected zip files with brute force or dictionary based attacks, optionally testing with unzip its results.
