Important! Using this software for purposes other than recovering your own lost passwords violates License Agreement and may violate the Law!
Program Description
This program is designated for the recovery of passwords for different types of hashes. The program currently supports about 30 types of hashes, and new ones can be easily added by creating a custom external hashing DLL-module. The actual list of available modules can be found on the software-related forum. The peak number of hashes the application is capable of working with simultaneously is 256.
List of supported hashes:
Note: All hashing modules are located in the \Modules subfolder of the software installation archive and can be imported through the program settings menu ("Hashing Modules" tab).
Program Features
– Passwords recovery using the following methods:
• Preliminary attack
• Brute force attack (including distributed attack)
• Mask attack
• Simple dictionary attack
• Combined dictionary attack
• Hybrid dictionary attack
• Rainbow attack
– Recovery of passwords of up to 127-character length
– Recovery of passwords for incomplete hashes of any type
– User hash editor
– Searching data on the list of imported users
– Quick-add hash using a dialog box
– Quick-add hashes from Clipboard
– Quick-check current password for all imported users
– Support of character replacement tables for hybrid dictionary attack
– Unlimited number of dictionaries available for dictionary attack
– Unlimited number of tables available for Rainbow attack
– Unlimited number of servable users with hashes (in the licensed version)
Data Import
User hashes can be imported in the program using one of the following methods:
• Import from PasswordsPro format files (*.Hashes-files).
• Import from text files with hashes given in the following format:
Login:Hash:Salt(or HMAC-key):Password:Comment
The software installation archive includes test files with all types of supported hashes given in this format.
• Using dialog box.
• From Clipboard.
Data Export
The application allows saving current user and hash list to the file of the application's internal format (*.Hashes-files), as well as exporting the data to a text or HTML file.
Password Recovery Preliminary Attack
This type of attack is the quick check of user hashes for a match to simple passwords like – "123", "qwerty", "99999", etc. as well as to passwords found earlier and stored in the "PasswordsPro.dic" file.
Brute Force Attack
This type of attack is the total check of all possible password values.
Brute force attack also includes the distributed attack. This type of attack allows using multiple computers for the recovery of passwords, distributing the recovery calculation load among them. This type of attack takes off automatically when user provides more than one computer for facilitating the attack. At the same time, the range selection feature becomes available for the current computer. So, to start a distributed attack, you'd have to:
1. Run this program on several computers.
2. Choose how many computers are to facilitate the attack.
3. Set the same attack options on all computers that are to facilitate the attack.
4. Choose an individual passwords attack range for each of the computers.
5. Launch brute force attack on all computers.
Mask Attack
This type of password attack is used when user possesses partial information about the lost password. For example:
– Password begins with the "12345" character combination.
– First 4 characters of the password are numbers, others are Latin letters;
– And so on.
For that purpose, define the mask for every character of the password to be recovered in the mask attack settings. Symbolic notations of standard or custom character sets – ?u, ?d, ?2, etc. – are used as mask characters (see the Character sets tab in program options).
Simple Dictionary Attack
This type of attack is the attempt to find the hash match in text files – dictionaries.
Combined Dictionary Attack
This type of attack includes the valIDAtion of passwords made of several words taken from different dictionaries. This attack allows to recover complex passwords like "superadmin", "admin*admin", etc.
Hybrid Dictionary Attack
This type of attack allows changing passwords from the dictionaries (for example, shift password to upper case, append '1' to the end of the password, etc.) and to validate them as users passwords. The actions performed over the source passwords are the so-called "rules" – the full list of these rules can be found in the "Rules.txt" file in the software installation archive.
Plugins
The software includes the following plugins:
Hash Generator – generates any hash of types supported by the program.
Password Generator – generates random passwords with specified parameters.
Dictionary Generator – generates dictionaries of passwords from specified ranges and performs other functions related to dealing with dictionaries – sorting, merging, etc.
Text Converter – converts text from Base64 to plain text format and vice-versa.
Hidden Passwords Recovery – recovers text hidden behind asterisks.
System Information – displays overall system information.
Password Sender – the plugin is purposed for sending recovered passwords to websites.
The application can also be completed with new plugins, which would carry out necessary functions. For the creation of those, please read ReadMe.chm in the \Plugins\API folder of the application distribution. The same folder contains the ready plugin template written in Microsoft Visual C++.
Command Line Parameters
The application supports the following command line parameters:
/config:filename – loads an INI-file other than PasswordsPro.ini.
/auto – automatically launches current attack and exits when the attack is completed.
These parameters allow automating the routine slightly using batch command files (BAT). Do the following:
1. Create several INI-files with different names for different types of attack.
2. Create a BAT-file, for instance, containing (for Windows 2000/XP):
PasswordsPro.exe /auto /config:Preliminary.ini
start /w PasswordsPro.exe /auto /config:DictSimple.ini
start /w PasswordsPro.exe /auto /config:DictHybrid.ini
start /w PasswordsPro.exe /auto /config:BruteLatin.ini
start /w PasswordsPro.exe /auto /config:BruteNumber.ini
etc.
3. Run the created BAT-file.
4. Note: This mode does not assume any user intervention and therefore does not display any messages (neither on the completion of attack, nor on errors occurred). The termination of current attack will close the program and launch the next attack.
Program Status
PasswordsPro is Shareware.
The personal license fee is