gHacks technology news » password

GPU Password Recovery For Rar Archives

Martin — Sat, 05 Sep 2009 15:07:20 +0000

The latest video card generation that is manufactured by ATI and Nvidia can be used to speed up password recovery attempts tremendously. Toolkits like Nvidia’s CUDA offer drivers and development examples to aid developer’s in the integration of gpu accelerated password recovery programs. One of the programs that is making use of the gpu to recover passwords is Rar GPU Password Recovery. The supported video cards at this point in time are ATI HD RV7×0s cards that include ATI Radeon 4870, 4890 and 4770 or Nvidia cards supported CUDA including GTX 260, 8600 GTS or 8600 GT. It is also recommended to have the latest Catalyst or Geforce drivers installed.

The developer provides some plain numbers to show the effectiveness of using the GPU to recover a rar password with four characters:

~168 passwords per second on single core of Q6600 @ 2.4Ghz (crark’s result)
~325 passwords per second on 8600 GT
~3120 passwords per second on ATI HD4850
~2075 passwords per second on GTX260/192SP

The performance of the listed ATI card is almost 20 times that of a password recovery where only the cpu is used. The password recovery software is a command line utility and the developer is offering extensive information on the possible parameters that can be used to recover the password. The suggested length of the password should not exceed six characters although it is theoretically possible to start a password recovery for a password with up to 17 chars.

The basic command for the password recovery is:

igrargpu.exe [switch:param] filename.rar

The command

igrargpu.exe /a:b /c:s /min:1 /max:4 archive.rar

will for example check all four letter combinations of lower case Latin characters. Known characters of the password can be added to the command to speed up the recovery attempt.It is advised to check the readme for a detailed overview of all possible parameters. The password recovery program can also use a dictionary based attack with rules. RAR GPU Password recovery should work on most versions of the Microsoft Windows operating system. The portable software is available for download at the developer’s website.

Configure Fine-grained Password Policies In Windows Server 2008

Martin — Wed, 20 May 2009 21:03:02 +0000

So called fine-grained password policies are a new feature of Windows Server 2008. This new feature allows system administrators to configure password policies for different user groups. Windows Server 2003 was not as flexible as it only allowed to set one password policy for all users. The manual configuration of fine-grained password policies requires quite some time. A software program like Specops Password Policy Basic is therefor a handy addition for every system administrator dealing with Windows Server 2008 systems.

The free program is a limited version of the commercial software from the same developer. It requires the Microsoft .net Framework 2, the Microsoft Management Console and PowerShell. The interface of the application makes it less time consuming to configure password policies for specific user groups in Windows Server 2008. It basically centers around creating, configuring and managing password policies.

The following parameters can be defined for each password policy:

A Password Settings object (PSO) has attributes for all the settings that can be defined in the Default Domain Policy (except Kerberos settings). These settings include attributes for the following password settings:

Enforce password history
Maximum password age
Minimum password age
Minimum password length
Passwords must meet complexity requirements
Store passwords using reversible encryption
Account lockout duration
Account lockout threshold
Reset account lockout after

User groups can be added to newly created policies. It has to be noted that user groups cannot be empty as empty user groups cannot be added to password policies. The program displays an overview of all password policies on the computer system. The order can be changed which is important if users are members of multiple user groups.

Specops Password Policy Basic can be downloaded from the developer’s homepage.

Tags: fine-grained password policy, password, password policy, specops password policy, system administrator, windows server, windows server 2008, windows software

Password Protect Applications

Martin — Sat, 06 Dec 2008 11:26:19 +0000

If you do not want that your kids are running the latest ID software blockbuster, that someone snoops around in your email client or that someone destroys your perfect win streak in Solitaire you might want to consider using a software like Empathy which can password protect any executable file.

Empathy is a portable application that should run fine on most Windows operating systems. The main purpose is the protection of software by password protecting the executable files. The whole process of protecting applications is configured in the program’s main interface.

It starts by selecting an executable from the computer’s hard drive. Once a file has been selected a password can be entered that will be used to protect it. A click on the Protect button will password protect the file which from that moment on can only be accessed by supplying the password first.

The same interface contains an option to unlock files again or to test them to see if everything is working as intended. The last option available is to create a backup of a file before processing it.

Empathy is postcardware. It has one severe restriction which is a bit hilarious. The unregistered version accepts only 1 char passwords. Now, this might be enough for most users as long as they do not know about the limit because the main purpose is clearly to keep casual users from accessing the application and not a IT professional. The limit can be lifted if you send the software developer a postcard to his address in Slovakia.

Tags: empathy, password, password protect, password software, portable software, security-software, software, windows software

Lockcrypt Password Safe

Martin — Thu, 14 Feb 2008 14:25:04 +0000

Where do you store your usernames and passwords ? In a text document on your computer ? In your wallet ? Storing sensible information like passwords, but also other type of data like information about medication or credit card numbers, unencrypted is a security risk. If someone is after those information he immediately knows how to use them against you.

One possible solution are Password Safes that can store an unlimited amount of text. Lockcrypt [homepage] which I discovered at Connected Internet [link] is one solution that works extremely well. The Java application stores all relevant information in a highly encrypted container which means that those information can only be accessed if the correct pass phrase is entered at the start of the application.

Lockcrypt uses a clean interface that is highly customizable to display the information once the login was successful. The left pane contains different accounts and subgroups that contain the information. You could create an account for financial information, one for Internet Passwords and one for Contacts for instance.

Each account has a number of subgroups that contain the information. Subgroups for Internet Passwords could be for instance the site names that you have accounts at, for Contacts the names of the contacts.

If you click on a subgroup its information will be displayed in the main window. The user can add as many fields that contain information as he likes. To stay with the Internet Passwords example, lets say you have a subgroup named Ghacks there. Fields could be the url of the website, the username and password.

Several default account types are available but it is also possible to create a new account type in the Options. Lockcrypt offers a password generator as well which comes in handy when creating new accounts.

A mobile version for mobile phones that support Java is available as well which can be used to store and view the information when you are out of house. The mobile version has however no option to add new entries to the database as far as I can tell.

Lockcrypt should work in all operating systems that support Java.

Tags: lockcrypt, password, password-safe, software, Windows

Where’s that darn router password?

Daniel Pataki — Mon, 17 Dec 2007 08:22:37 +0000

I think this has happened to many of us before. There are as many passwords and user names to routers as stars in the sky and even if you’ve used one before, you’ll ask: “is it admin – admin, or admin – password, or user – admin?”

Now you can stop wondering, since Routerpasswords has all the answers. Just select your router, click find password and it will list all default user names and passwords for the routers of that company.

This is an immensely helpful tool if you’re trying to work out someone else’s router problem, or your own, in case you’ve lost the manual. I’m afraid if you’ve changed your password from the default one this won’t work, but then shame on you for not remembering!

Found via Emergingtechs

Tags: lost password, password, router

Distributed Password Recovery using Geforce 8 Video Cards

Martin — Sat, 08 Dec 2007 10:00:49 +0000

The software Elcomsoft Distributed Password Recovery was designed for distributed recovery of lost passwords providing hardware acceleration for NTLM password recovery using GeForce 8 video cards which speeds up the process by a factor of up to 25).

The software package consists of three components which can act independently from each other: The agent, the server and the console. The server is started at the beginning of the password recovery process. Then a new task is created using the console (on the same or a different computer) and Agents that connect to the server are assigned parts of the work that has to be done.

Agents then report back to the server once their work is done and receive another part until the password is recovered. The Agents post a status message to the server once every 60 seconds.

The server receives its task from the console and distributes it among the agents. The console in its turn is designed to manage the server it is connected to and the agents that are registered on the server. The agents are registered on the server when they connect to it for the first time.

Among other formats Microsoft Office 2007 and prior documents, PGP, Adobe Acrobate PDF documents, Windows NT, XP, Vista logon passwords, Windows syskey passwords and several other are supported by Distributed Password Recovery.

The product comes at a price though which is only affordable to companies. I still thought it would be nice to write about it due to its hardware acceleration feature that I never heard about before.

Tags: crack, lost password, password, Security

Find out your bios password

Martin — Wed, 03 Jan 2007 16:01:05 +0000

The bios can be protected with a password to prevent others from accessing its settings. You have to enter the password to be able to access it, if you can’t provide the correct one the access gets denied. The following method describes a way to recover the password if you forgot it or bought a used computer with a bios password.

CmosPwd is a free program that is able to display information about the bios once it is executed. You do need to create a bootable disk to be able to execute the program in dos mode. To create a bootable disk in windows right-click the disk drive and select format from the list of options. It is important that you enable the option Create an MS-DOS startup disk.

Once the disk is created copy the contents from the dos folder of cmospwd to the disk and restart the computer. You will have to remove all hard drives from the system if you do not automatically boot from disk drive. Type cmospwd.exe in the command line and the password should appear. Ignore the information about the other bios manufacturers and take a look at the one your computer is using.

Another possible method would be to start the computer in safe mode with command prompt which could work as well. You still need to access the files somewhere so make sure that the hard drive is accessible.

Tags: bios, cmos, cmospwd, discover, dos, hack, motherboard, password, pwd, reveal, Windows

Create a secure USB Data Safe

Martin — Sat, 07 Oct 2006 17:13:38 +0000

I’m going to show you how to create a secure usb data safe that can be used to store sensitive data. Secure means it is encrypted and will only be encrypted if you need the data that is saved on the stick. This method is also working with other removable media such as zip drives and hard disks.

There are some prerequisites that have to be met: You need of course the software that makes all of this possible – True Crypt. You also need a mobile device and administrators privileges on the computer you intend to run true crypt to decrypt the data on the device – which means that this setup won’t work if you intend to use it on e.g. public computers or computers with no administrators privileges.

Once downloaded and installed you select Tools > Traveler Disk Setup from the menu. Browse to the volume that you want to use for this, make sure you select the right one. Don’t change any of the other settings and click on create to make the device ready for traveler mode. Some True-Crypt files are copied to the mobile device and can be run from there whenever you connect the device to the computer.

We are of course not done yet. You need to create the encrypted part of the device that can be used to store data in it. Select Create Volume to create a new encrypted volume. Create a standard true crypt volume is the default option and we use that as well, click next.

Select File in the next screen, navigate to the mobile device, add a filename that you like (test, container or work are possibilities) and click on open.
We have to select an algorithm, or more than one, to encrypt the data on the device, for more information check out the wikipedia entries on the algorithms. Each is secure so use the default ones if you like.

Specify the size of your container in megabytes, this depends of course on the size of the device and what you intend to do with it. If you only want to save passwords you need some megabytes at most, if you want to save word documents, images and music you might need some hundred.

You have to enter a password in the next dialog. Make sure it is a long password. Mine for instance is longer than 35 chars and I’am very proud that I can remember it, hehe. Select something that you can remember but no one is able to find out by looking into your background.

Leave everything else the way it is. Leave everything the way it is in the next screen and click on format. This creates the encrypted container on the drive. The larger the container the longer it takes of course. Took 19 seconds for my 55 megabytes test usb stick. Click ok and cancel on the next screen.

Congratulations, you have created a secure container on that mobile device. If you take a look in windows explorer you see the filename with the file size you specified.

Using this is now pretty simple. Start True Crypt again, remember the files are on the stick and select a drive letter that you want to assign the container to. Choose select file and mark the file that you have created before on the device. Click mount and enter your password. Et Voila, your device is mounted and ready for use.

You can now use all file operations that are normally associated to drives. Copy files, edit files, read from files, everything is there. Once you are done you select unmount and no one will be able to access the files on the device anymore without mounting it first.

Please be advised that it might be possible to find out if someone used true crypt on a computer by examining the registry. Nevertheless you should be pretty safe if for example you are the only user on that computer and just want to make sure your personal data is safely stored.

Tags: encryption, password, true-crypt, usb safe, usb storage

Ultra High Security Password Generator

Martin — Sat, 27 May 2006 11:17:55 +0000

If you´re ever in the need of a high security password the Ultra High Security Password Generator Website might be exactly what you´ve been looking for. Everytime you visit or refresh the website it will display three randomly generated passwords, one 64 random hexadecimal charakters password, one 63 random printable ASCII chars and finally a 63 random alpha-numeric characters password.

“Every one is completely random (maximum entropy) without any pattern, and the cryptographically-strong pseudo random number generator we use guarantees that no similar strings will ever be produced again. Also, because this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this page which was custom generated just now for you will not be cached or visible to anyone else.”

Just one hint, make sure you save the password somewhere because I think it´s rather difficulty to remember the passwords. You might want to consider using a password safe like keepass which I also recommended here at ghacks some time ago.

Tags: generator, password, passwords, Security

Related posts

Remove Stored .Net User Names and Passwords (2)

Password Recovery Speeds (0)

Password Recovery Questions Make Online Accounts Vulnerable (10)

Log in to websites with your site’s URL as your OpenID (4)

Let Password Gorilla store all of your passwords (7)

Introduction Series Part 3: User Name and Password Protection

Martin — Thu, 11 May 2006 18:23:27 +0000

Protecting yourself on the internet is at the forefront of nearly everyone’s mind these days yet so many people are careless when it comes to this area. It is easier than ever for hackers to break in and get all of the personal information from your computer in this day and age and few people are doing anything to counteract this theft.

This is a sad state of affairs to say the least but that is the truth of the matter. The main area where people are lacking is the protection of their user names and passwords for the various sites that require log in to enter. The act of logging in is to protect the various details of your account in privacy and to prevent the theft of your information. So you can see that this information is something that needs to be protected to the fullest that you can manage.

But yet so many people decide to give it little thought and thus open themselves up to the threat of the theft that is so common on the net these days. Your password for any site should be something that not only you can remember with ease, but also something complicated that the hackers can not gain access to. This means that you should carefully choose the password using a series of not only letters but also numbers. This will prevent the hackers from using the software that they have from being able to guess it outright. Never use the password that is your name or just a basic date.

Mix it up as much as possible and keep it as something that you can yourself remember by way of association. Most sites will offer a secret question that you can answer should you forget your password. This is a good way to maintain a certain level of security as well. Do not give the most obvious answer to the question and do not make the answer something that is common knowledge. Make it as difficult as possible.

Never give out any of your information in an email or instant message. Any site that is legitimate will never ask for this information through any of these methods and these are nothing more than a hacker trying to gain access to your accounts. These emails and instant messages will often times look very real and may even point to the site itself, but this is nothing more than a very well planned fake to get your information.

Tags: password, protection, Security

Top 15 Security and Hacking Tools & Utilities

admin — Mon, 17 Apr 2006 07:35:03 +0000

Finally a great darknet.org.uk article that lists 15 Security and Hacking Tools & Utilities. Users who are working in the security field will recognize many if not all of them and beginners will have a great list of tools with explanation that they can work with. You find for instance the telnet and ssh tool putty in the list next to the tool Eraser which overwrites files on your windows system more than once to make sure it can´t be restored that easily.

Here is a short list of all the other tools mentioned: Nmap, Nessus Remote Security Scanner, John the Ripper, Nikto, Superscan, pof, Ethereal, Yersinia, LCP, Cain and Abel, Kismet, Netstumbler and hping. Make sure you check the tools that you do not know about yet, it might be worth it.

Tags: ethereal, freeware, Hacking, jtr, password, ping, port, Security, sniff, ssh, telnet, Tools, utilities

Building a better Password

Martin — Wed, 01 Feb 2006 08:26:54 +0000

Most people tend to use passwords that they can rememeber easily. If you take a deeper look many use the same password for most of their password protected activities which is a high security risk. Break one, get access to all.

The article Build a better Password gives a short introduction to password formats. A password can either be something you know, something you have or something you are.

The author recomments that users follow three simple guidelines to make their passwords more secure: Increase the lenght of the password by adding more information, Eliminate spaces and add special characters to make dictionary attacks worthless.

Those are simple measures that can tremendously boost your security. Of course, no password is 100% secure.

Tags: guideline, password, Security, tutorial

Password resetting and recovering techniques

Martin — Thu, 05 Jan 2006 07:51:27 +0000

There are several methods to reset and recover your windows administrators password. The fastest method is to use a freeware tool like Offline NT Password & Registry Editor or the Linux live distribution Austrumi.

The author of Offline NT Password & Registry Editor provides a bootdisk for his program while austrumi already is bootable. A detailed instruction for the first tool can be found at the authors website, with Astrumi you simply enter nt_boot when the command prompt appears.

You could also try to bruteforce your way in again but this is not recommended because the other two methods are easier and faster.

Last but not least this was taken from a user comment and not checked.

1) copy cmd.exe out of system32
2) rename as logon.scr
3) paste it back in system32 and replace current one
4) log off and wait for the screensaver. it will be a command prompt. use [net user]

Tags: password, password recovery, reset password

Change your Windows XP Password although you´ve forgotten it

Martin — Thu, 17 Nov 2005 10:41:06 +0000

I found an interesting article over at logicalexpressions.com that presents an astonishing solution if you have forgotten your windows xp password. This is clearly a security hole because everyone is able to change the passwords, the only requirement would be to have the original windows xp cd at hand.

I don´t want to repeat the whole article, just the essence of it. Fire up your windows xp cd, boot from it, select Repair and let the repair process work. Reboot when its finished and when you see the Installing Devices progress bar, press SHIFT + F10.

A console appears, enter nusrmgr.cpl and you have graphical access to your user accounts. You can change or remove passwords for all accounts and or type control userpasswords2 and login without being asked for a password. You will have to continue with the repair process though, it won´t work otherwise.

A pretty handy solution, the article also gives tips on creating a password rescue disk.

Tags: change xp password, lost password, password, windows xp password, xp