There are many password cracking tools available. Many are multi-featured. Some tools, like Hashcat, use the additional processing power of the computer's graphics card (GPU). Others, like John the Ripper, have the ability to coordinate cracking across multiple networked computers. Here are some common Windows password cracking techniques and tools:
Technique | Tools |
Network brute forcing |
Note: For some password dictionaries and rainbow tables, see https://github.com/ah8r/password-dictionaries and http://project-rainbowcrack.com/table.htm. |
Dumping LSA secrets |
Note: For more information on using PowerShell to decrypt LSA secrets, see https://blogs.technet.microsoft.com/heyscriptingguy/2012/07/06/use-powershell-to-decrypt-lsa-secrets-from-the-registry/. |
Online SAM cracking |
|
Impersonating user tokens | Meterpreter steal_token command (formerly Incognito) |
Dumping Windows Vault passwords |
|
Kerberoasting | Some of these tools are used together, and may require additional support tools:
|
Recovering the SYSKEY bootkey |
|
Dumping cached domain login information |
|
Offline SAM cracking |
|
Offline Active Directory cracking |
|
Dumping GPP file cPasswords |
|
Keylogging |
|
Social engineering |
|
Dumping unattended installation answer file passwords |
|
Hard Drive overwriting |
|
