8)
I am looking at suggestions from members as to which is the best password recovery software or which software package they use that gives the best results.
I am currently using PRTK and find that it is cracking less and less files, evrn using custom dictionaries from the indexes created by FTK.
I have looked at Passware products but am unsureof how well they work.
Any suggestions would be appreciated.
Cheers
Mike
With all due respect, but you do not state exactly which passwords you want to crack? Which OS?
Passware would do most of them, with very good results.
Apologies to all.
I am currently trying to access over 4,000 Zip, Office, PDF and PST files from my client. Most passswords for the PDF files were the default password, but the office ones are all over the place. Dictionary attacks have helped, but I have 69 that just won't crack.
Chers
Mike
You have cracked 3931 out of 4000 documents? Over a 98% success rate?
This is already pretty amazing. The newer versions of Office, Zip etc.. aren't always crackable in a reasonable time frame if the user picked a strong password (regardless of the tool used).
I remember seeing a little paper on how to remove a .PST password from an archive with a Hex editor late last year, I can't recall what version of Outlook it was on, I suspect 2007.
I can try and dig it up if you have some PST archives left over and you think it will be of assistance?
I remember seeing a little paper on how to remove a .PST password from an archive with a Hex editor late last year, I can't recall what version of Outlook it was on, I suspect 2007.
I can try and dig it up if you have some PST archives left over and you think it will be of assistance?
Possibly easier wink
http//
jaclaz
I love Nirsoft D
Thanks Guys for your help. I will run the demo versions for both products and do some comparisons.
Cheers
Mike
I use Passware all of the time now. I work in eDiscovery so I come across password protected files very regularly. Passware will crack something at worst in a few minutes. If you have a lot of DOCX or XLSX files with an even slightly complex password…good luck cracking them. To my knowledge they not only have a proper encryption set but they also have a max password attempts per minute which massively increases the time it takes. On my current machine Passware can do millions of passwords a second on Office 2003 but only a few thousand for Office 2007/2010. Still, Passware seems to do it all for me. Watch out for the webcracker though, it sends your file over the web to try crack it online, just in case you have sensitive data.
I am looking at suggestions from members as to which is the best password recovery software or which software package they use that gives the best results.
I think that would be upside down. The software can do the 'mechanics' of converting a password into a hash or other binary form, and do some mechanical work, like brute force searches.
The best results are usually obtained from well-chosen dictionaries, as well as well chosen transformations of those passwords. Some software can do the latter well, but even so, it's something the user can do as well.
Myself, I tend to use John the Ripper as the base software for general tasks. With a little bit of job by the user, it can do very good password transformations. The brute force search benefits a lot from the statistics collected from 'known passwords', and that often makes a great difference, as some otherwise very hard passwords fall out quickly just because the letter statistics happens to be weak.
Even so, the dictionaries are where the main strength is. And those you usually have to collect yourself, based on whatever cracks you have got. At one time, I got a couple of car registration numbers … built a dictionary of *all* of them, and those are not a problem anymore. A couple of odd geographical names (small villages and streams) led to a huge dictionary collected from detailed geographical databases … and some hundreds of passwords that previously would have to be cracked by brute force opened up.
Of course, if the situation is right for a rainbow table crack approach, and you have the tables, then use that. But then we're into brute force territory.
The thing is that password cracking can't usually be done well by buying a product and pressing a button. It's like pen-testing you have to think like users who are asked to select a new password every three months.
If the user is armed with password management tools, like Password Safe, KeePass, WISeID and others, that will create 20-character random passwords for you … no dictionaries in the world will help. You will have to go brute force … and that takes time. That's where preparation comes in – like creating rainbow tables, or getting a GPU-based crack station, and so on.
If you are faced with password manager passwords, go for the password to that password management tool. That's where the crown jewels are.