Q: My granddaughter changed her Windows password but does not recall what she changed it to. Am I supposed to locate the password file on her PC to use your tool? Basically, after starting your program, I don't know what to do next.A: Hash Suite is primarily a tool for system administrators and security consultants to audit large sets of password hashes to identify weak passwords. Password recovery is a possible secondary use.Starting with version 2.0, Hash Suite is able to import local and remote accounts without reliance on any additional tools. This requires administrator privileges.You can also use one of the PWDUMP tools to obtain the password hashes. This requires either administrator privileges or reboot from a CD that will access the hard drive directly (bypassing the installed copy of Windows). Some programs of both kinds are listed here:

Q: I just bought the full version, but it won't let me choose length higher than 7 when cracking LM hashes! Is Hash Suite capable of cracking longer passwords from LM hashes?A: Yes. This apparent length limit is a genuine property of LM hashes, not a limitation of Hash Suite. Due to the way LM hashes use the DES encryption algorithm, it is possible for password crackers such as Hash Suite to split LM hashes into two "halves", which are then processed separately. One of these halves corresponds to password characters 1 through 7, the other - 8 through 14. Thus, only strings of up to 7 characters need to be tested as candidate password halves, which greatly reduces the total number of combinations to test, thereby speeding up attacks. It is possible that during a Hash Suite attack only one of the two halves is already cracked for a password - in that case, Hash Suite will display in place of the cleartext password. Once both halves are cracked, Hash Suite will display the full cleartext password - up to its maximum possible length of 14 characters.

Hash Suite Pro Cracked 14

Q: What if there is a password of length 15 or longer?A: Windows does not generate LM hashes for such passwords - it only generates the NTLM hash, which you may crack with Hash Suite (including for length 15 and longer).Additional information regarding LM hashes may be found in Wikipedia: _hash

Note that key-provider performance varies by CPU, Operating System and other factors. Also note that these numbers are theoretical, whereas actual numbers will be lower. This means that adding more than 2 threads when cracking NTLM hashes with the keyboard key-provider does not increase performance; actually, it may hurt performance.Solving this problem is a complex task, one we're going to address in the future. Nevertheless Hash Suite, as far as we're aware, is the fastest CPU cracker out there. Most common CPUs (Intel Core 2 or Core i*) have 4 cores or fewer (hyper-threading "cores" do not count for this problem), so this scalability problem currently affects only a relatively small fraction of the Hash Suite user base.Starting with Hash Suite 2.1 we have solved the problem for NTLM charset, which is the most used key-provider that had this problem.

Storing user passwords in plain text naturally results in an instant compromise of all passwords if the password file is compromised. To reduce this danger, Windows applies a cryptographic hash function, which transforms each password into a hash, and stores this hash. This hash function is one-way in the sense that it is infeasible to infer a password back from its hash, except via the trial and error approach described below. To authenticate a user, the password presented by the user is hashed and compared with the stored hash.

Hash Suite, like all other password hash crackers, does not try to "invert" the hash to obtain the password (which might be impossible). It follows the same procedure used by authentication: it generates different candidate passwords (keys), hashes them and compares the computed hashes with the stored hashes. This approach works because users generally select passwords that are easy to remember, and as a side-effect these passwords are typically easy to crack. Another reason why this approach is so very effective is that Windows uses password hash functions that are very fast to compute, especially in an attack (for each given candidate password). More information about password cracking can be found here.

The benchmark lasts 12 minutes (and you may stop it whenever you want) on our system composed of one CPU (Core i5-4670) with a high-end gaming GPU (GeForce GTX 970). Hash Suite automatically selects Threads=3 (of 4), which means we dedicate 3 CPU cores to hashing and 1 CPU core to GPU communication. This is the best setting for our hardware. You may need to manually configure Threads by pressing alt+h+t (fig 3) to obtain the best performance when CPU and GPU are used concurrently.

To crack hashes we first need to obtain them. Normally you obtain the hashes from a local/remote machine; however, in this tutorial we will use hashes from password cracking contest Crack Me If You Can 2010 (available from here). These are publicly available hashes of realistic yet artificial passwords (so anyone can access them without concerns), and many of the hashes are of types used on Windows systems (and thus are supported by Hash Suite). The contest lasted 48 hours, which corresponds to a reasonable effort for us to spend as well, and in the end we can compare our results with those of contest participants. First import the hashes (alt+f+i) (fig 5).

You will import 3380 LM, 30640 NTLM, 326 raw SHA1, 10582 SSHA, 4716 MD5CRYPT, 80 BCRYPT hashes (fig 6), excluding possible duplicate hashes (resulting from the same passwords seen more than once). In this tutorial we will focus on LM and NTLM hashes and superficially consider SSHA and MD5CRYPT.

LM hashes were introduced in earlier versions of Windows and support for them continued in later versions for backwards compatibility, even though they were recommended by Microsoft to be turned off. As of Windows Vista, the protocol is disabled by default, but continues to be used by some non-Microsoft CIFS implementations. These hashes were very weak: we can crack ANY valid LM hash password within hours by brute-force (additional information regarding LM hashes may be found here).

We then increase the password length to the maximum value for LM hashes: 7 and deselect the Symbol characters (fig 8). This will use only Upper and Digit characters, and will find common passwords first. Note that Hash Suite is smart enough not to use lower-case characters (which the LM hash algorithm would have converted to upper-case anyway) even if selected.

NTLM is the successor of LM. It was introduced in Windows NT and it is still in use. First, select the NTLM hashes with alt+m+f (fig 9). Then, infer the case of characters of our cracked LM hash passwords: select the LM2NT key-provider (fig 10) and start the attack (alt+1), which should complete instantly.

It is time to move on to more intelligent cracking and try to find patterns in the found hashes. We can sort the accounts by Cleartext clicking twice in the header (fig 20). Then we can manually cycle through the pages trying to find patterns. There are some easily seen patterns like:

Let's make a quick stop at SSHA and MD5CRYPT hashes and how to crack them, given that there are some differences with the hash types we tried cracking so far. These are salted hashes, meaning an expected-unique value (normally random and called salt) is added to the hash computation. This causes the need to test each key for each different salt, effectively reducing the performance of the attack by the number of salts used. Note that performance of attack on one salted hash is similar to that of attack on a non-salted hash; it's only when many hashes are attacked the use of salts strengthens the security of hashes. What this means is that we need to use more efficient/intelligent methods to attack salted hashes.

We don't use wikipedia-wordlist-sraveau-20090325.txt.bz2 as it is very large for the performance of the attack with this number of MD5CRYPT hashes. Let's try DB Info key-provider without rules enabled.

We have enough time left that we can employ "smart" brute-force. We plan what we will do for password length from 8 and up. Given a speed of 9.60 billion hashes/second, we calculate the number of different characters to try assuming that we want to spend 10 hours on each candidate password length:

How good is this? We crack 2360 LM, 24576 NTLM, 1618 SSHA, and 924 MD5CRYPT hash passwords (alt+v+s and see Matches; the difference is because there are some accounts that share the same password). We score 29478 and would end up 4th of the 18 teams that participated in the contest. Note that we focus on only 2 types of hashes (LM and NTLM; SSHA and MD5CRYPT were only superficially touched) out of the 8 types given by the contest organizers, and we only had one PC system, whereas high-scored teams had multiple members and used multiple machines. On the other hand, Hash Suite 3.4 and the GTX 970 graphics card were not yet available in 2010 (when the contest occurred).

Cracking passwords may be fun, but each cracked password is a weak password that represents a security risk. Hash Suite Pro can help to mitigate this risk disabling the account or forcing the user to change the weak password, with alt+f+a (fig 24). This only works when you import the accounts from a local/remote machine (not from a file).

After gaining access to a root account, the next order of business is using that power to do something more significant. If the user passwords on the system can be obtained and cracked, an attacker can use them to pivot to other machines if the login is the same across systems. There are two tried-and-true password cracking tools that can accomplish this: John the Ripper and Hashcat. 2ff7e9595c