Search the Community

Showing results for tags 'password'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin
  • Null3D's Nulled Group

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 115 results

  1. dEEpEst

    What is password salting ?

    ✓What is password salting ? Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them. Salting prevents hackers who breach an enterprise environment from reverse-engineering passwords and stealing them from the database. Password salting increases password complexity, making them unique and secure without affecting user experience. It also helps prevent hash table attacks and slows down brute-force and dictionary attacks. ✓ Password hashing and why salting is required Hashing prevents passwords from being exposed or stolen by threat actors, since they are not stored as plaintext. For example, when users create an account with a username and password on a website, their password is hashed and stored in an internal file system in an encrypted form. When users log in, the password runs through a one-way hashing algorithm that converts the password into a different and unrecognizable string of characters. During login, this string is compared to the other hashes stored in the website's database. If the credentials match the stored hash, users can access the account. If it doesn't match, hash verification fails, and users are not able to log in.
  2. dEEpEst

    What is password cracking ?

    What is password cracking ? - Password cracking is the process of using an application program to identify an unknown or forgotten password to a computer or network resource. It can also be used to help a threat actor obtain unauthorized access to resources. - With the information malicious actors gain using password cracking, they can undertake a range of criminal activities. Those include stealing banking credentials or using the information for identity theft and fraud. - A password cracker recovers passwords using various techniques. The process can involve comparing a list of words to guess passwords or the use of an algorithm to repeatedly guess the password.
  3. Accdb Password Get Accdb Password Get – is a program to recover passwords for Microsoft Access 2007/2010/2013/2016 is supported. databases(.accdb). Accdb Password Get is a handy application designed to help you recover the forgotten password for a ACCDB file. You only need to specify the password length and scan the file. Features • Microsoft Access 2007/2010/2013/2016 is supported. • Recovering passwords for Access 2007/2010/2013/2016 database files (*.accdb) [Hidden Content] [hide][Hidden Content]]
  4. Adept PDF Password Remover can be used to decrypt protected PDF files, which have an "owner" password set, preventing the file from editing (changing), printing, selecting text and graphics (and copying them into the Clipboard), or adding/changing annotations and form fields. PDF decrypt is being done instantly. Decrypted files can be opened in any PDF viewer (e.g. Adobe Acrobat Reader) without any restrictions --- with print/copy/edit functions enabled. All versions of Adobe Acrobat are supported. PDF Password Remover does not rely on any other third-party software, of course, Adobe Acrobat and Reader are NOT required. [Hidden Content] [hide][Hidden Content]]
  5. What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray365 different from the many other password spraying tools that are already available? Spray365 enables passwords to be sprayed from an “execution plan”. While having a pre-generated execution plan that describes the spraying operation well before it occurs has many other benefits that Spray365 leverages, this also allows password sprays to be resumed (-R option) after a network error or other interruption. While it is easiest to generate a Spray365 execution plan using Spray365 directly, other tools that produce a compatible JSON structure make it easy to build unique password spraying workflows. Spray365 exposes a few options that are useful when spraying credentials. Random user agents can be used to detect and bypass insecure conditional access policies that are configured to limit the types of allowed devices. Similarly, the –shuffle_auth_order argument is a great way to spray credentials in a less-predictable manner. This option was added in an attempt to bypass intelligent account lockouts (e.g., Azure Smart Lockout). While it’s not perfect, randomizing the order in which credentials are attempted has other benefits too, like making the detection of these spraying operations even more difficult. Spray365 also supports proxying traffic over HTTP/HTTPS, which integrates well with other tools like Burp Suite for manipulating the source of the spraying operation. Changelog v0.1.3 beta What’s New Added behavior to ensure that results from password spraying are saved on exit (even when an exception is thrown or the application is interrupted) What’s Changed Duplicate usernames are removed before generating an execution plan Better error handling when parsing a malformed execution plan [hide][Hidden Content]]
  6. LDAP Password Hunter It happens that due to legacy services requirements or just bad security practices passwords are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter is a tool which wraps features of getTGT.py (Impacket) and ldapsearch in order to look up passwords stored in the LDAP database. Impacket getTGT.py script is used in order to authenticate the domain account used for enumeration and save its TGT Kerberos ticket. TGT ticket is then exported in KRB5CCNAME variable which is used by ldapsearch script to authenticate and obtain TGS Kerberos tickets for each domain/DC LDAP-Password-Hunter is running for. Based on the CN=Schema,CN=Configuration export results a custom list of attributes is built and filtered in order to identify a big query which might contain interesting results. Results are shown and saved in a sqlite3 database. The DB is made of one table containing the following columns: DistinguishedName AttributeName Value Domain Results are way more clean than the previous version and organized in the SQL DB. The output shows the entries found only if they are not in DB, so new entries pop up but the overall outcome of the analysis is still saved in a file with a timestamp. [hide][Hidden Content]]
  7. ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. This is done programmatically by using COM objects to access the GUI-based functions in Windows via the generated JScript loader, executing the loader inside the password-protected zip without having to unzip it first. By password protecting the zip file, it protects the binary from EDRs and disk-based or anti-malware scanning mechanisms. [hide][Hidden Content]]
  8. What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray365 different from the many other password spraying tools that are already available? Spray365 enables passwords to be sprayed from an “execution plan”. While having a pre-generated execution plan that describes the spraying operation well before it occurs has many other benefits that Spray365 leverages, this also allows password sprays to be resumed (-R option) after a network error or other interruption. While it is easiest to generate a Spray365 execution plan using Spray365 directly, other tools that produce a compatible JSON structure make it easy to build unique password spraying workflows. Spray365 exposes a few options that are useful when spraying credentials. Random user agents can be used to detect and bypass insecure conditional access policies that are configured to limit the types of allowed devices. Similarly, the –shuffle_auth_order argument is a great way to spray credentials in a less-predictable manner. This option was added in an attempt to bypass intelligent account lockouts (e.g., Azure Smart Lockout). While it’s not perfect, randomizing the order in which credentials are attempted has other benefits too, like making the detection of these spraying operations even more difficult. Spray365 also supports proxying traffic over HTTP/HTTPS, which integrates well with other tools like Burp Suite for manipulating the source of the spraying operation. Changelog v0.1.2 beta What’s New Added -k, --insecure argument to ignore TLS errors, which is useful when proxying traffic (@fang0654) Added urllib3 (>= 1.26.5) dependency to a requirements file What’s Changed Usernames read from file have whitespace stripped before their usage Fixed resume index usage so that -R RESUME_INDEX, --resume_index RESUME_INDEX argument will resume spraying from the specified index in the execution file (1-based index), instead of starting at the credential prior to the targeted index (an off-by-one error) Requirements file is more relaxed [hide][Hidden Content]]
  9. The Trident project is an automated password spraying tool developed to meet the following requirements: the ability to be deployed on several cloud platforms/execution providers the ability to schedule spraying campaigns in accordance with a target’s account lockout policy the ability to increase the IP pool that authentication attempts originate from for operational security purposes the ability to quickly extend functionality to include newly-encountered authentication platforms v0.1.5 Latest fixed bug in o365 nozzle (thank you jfish) [hide][Hidden Content]]
  10. hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking. Features World’s fastest password cracker World’s first and only in-kernel rule engine Free Open-Source (MIT License) Multi-OS (Linux, Windows and macOS) Multi-Platform (CPU, GPU, DSP, FPGA, etc., everything that comes with an OpenCL runtime) Multi-Hash (Cracking multiple hashes at the same time) Multi-Devices (Utilizing multiple devices in same system) Multi-Device-Types (Utilizing mixed device types in same system) Supports password candidate brain functionality Supports distributed cracking networks (using overlay) Supports interactive pause / resume Supports sessions Supports restore Supports reading password candidates from file and stdin Supports hex-salt and hex-charset Supports automatic performance tuning Supports automatic keyspace ordering markov-chains Built-in benchmarking system Integrated thermal watchdog 200+ Hash-types implemented with performance in mind … and much more Changelog v6.2.5 ## Algorithms ## – Added hash-mode: CRC32C – Added hash-mode: CRC64Jones – Added hash-mode: MultiBit Classic .wallet (scrypt) – Added hash-mode: MurmurHash3 – Added hash-mode: Windows Hello PIN/Password ## ## Performance ## – PDF Kernel (10700): Improved performance on AMD GPUs by using shared memory for the scratch buffer and disabled inlining to save spilling ## ## Bugs ## – Fixed divide by zero error because backend_ctx->hardware_power_all was not re-inserted after refactoring device_param->hardware_power – Fixed invalid handling of initialization value for -m 11500 – Fixed invalid progress counter initialization in attack-mode 9 when using –skip or –restore – Fixed out-of-boundary reads in attack-mode 9 that were caused by a missing work item limit in the refactored autotune engine – Fixed out-of-boundary reads in hash-mode 22400 (AES Crypt) kernel – Fixed strategy for eliminating hashes with zero length in LM when multiple hashes contain a zero hash ## ## Technical ## – AMD Driver: Updated requirements for AMD Linux drivers to ROCm 4.5 or later due to new HIP interface – Backend devices: In -S mode, limit the number of workitems so that no more than 2GB of host memory is required per backend device – Backend devices: In non -S mode, limit the number of workitems so that no more than 4GB of host memory is required per backend device – Backend types: The default filter for the device types is now set so that only the GPU is used, except for APPLE, where we set CPU – Benchmark: Update benchmark_deep.pl with new hash modes added (also new hash modes which were added with v6.2.3) – Electrum Wallet: Added new entropy-based check to test whether the decryption was successful or not – Module Optimizers: Added OPTS_TYPE_MAXIMUM_THREADS to deactivate the else branch route in the section to find -T before compilation – Makefile: Added wildcard include src/modules/module_*.mk directive so that plugin developers can add 3rd party libraries for their plugins – Rejects: Disabled checking of the minimum and maximum length of the password candidate in attack-mode 9 because they are incompatible – POCL: Added a workaround for an issue in POCL where a quote character is used as a part of the path itself which is passed as a path for the -I option – Device Threads: The default maximum device thread number has been reduced from 1024 to 256, users can still overwrite with the -T option – Tuning-DB: Add missing entries for -m 25600 and -m 25800 for CPU cracking – OpenCL Backend: added workaround to support Apple Silicon (GPU: M1, M1 Pro, and M1 Max) – MacOS v10.8+ (PBKDF2-SHA512): Added support for parsing new mac2john hash format directly in the module for -m 7100 [hide][Hidden Content]]
  11. itsMe

    Password Cracker 4.50

    The tool for restoring forgotten passwords (also on Internet Explorer). A simple software that was created to ensure that you never worry about misplacing or forgetting passwords. Tool for restoring forgotten passwords (also in Internet Explorer). So using this application, you will no longer have to panic when you lose any of your passwords. Using: Just hover the mouse on the password and inhospitable place of asterisks see the desired password. Multilingual version supports follows languages: English, Chinese, Czech, French, German, Hindi, Italian, Portugues (Brazilian), Spanish, Nederlands, Russian, Ukrainian. How to use Password Cracker? Start pwdcrack.exe. Click on button Enable. Move mouse pointer on password. See to field View. [hide][Hidden Content]]
  12. Accdb Password Get – is a program to recover passwords for Microsoft Access 2007/2010/2013/2016 is supported. databases(.accdb). Accdb Password Get is a handy application designed to help you recover the forgotten password for a ACCDB file. You only need to specify the password length and scan the file. Features • Microsoft Access 2007/2010/2013/2016 is supported. • Recovering passwords for Access 2007/2010/2013/2016 database files (*.accdb) [Hidden Content] [hide][Hidden Content]]
  13. What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray365 different from the many other password spraying tools that are already available? Spray365 enables passwords to be sprayed from an “execution plan”. While having a pre-generated execution plan that describes the spraying operation well before it occurs has many other benefits that Spray365 leverages, this also allows password sprays to be resumed (-R option) after a network error or other interruption. While it is easiest to generate a Spray365 execution plan using Spray365 directly, other tools that produce a compatible JSON structure make it easy to build unique password spraying workflows Spray365 exposes a few options that are useful when spraying credentials. Random user agents can be used to detect and bypass insecure conditional access policies that are configured to limit the types of allowed devices. Similarly, the –shuffle_auth_order argument is a great way to spray credentials in a less-predictable manner. This option was added in an attempt to bypass intelligent account lockouts (e.g., Azure Smart Lockout). While it’s not perfect, randomizing the order in which credentials are attempted has other benefits too, like making the detection of these spraying operations even more difficult. Spray365 also supports proxying traffic over HTTP/HTTPS, which integrates well with other tools like Burp Suite for manipulating the source of the spraying operation. [hide][Hidden Content]]
  14. Powerful All-In-One Password Recovery Software Password Recovery Bundle is a handy toolkit to recover all your lost or forgotten passwords in an easy way! Quickly recover or reset passwords for Windows, PDF, ZIP, RAR, Office Word/Excel/PowerPoint documents. Retrieve passwords for all popular instant messengers, email clients, web browsers, FTP clients and many other applications. A useful password recovery software for both newbie and expert with no technical skills required. No need to call in an expensive PC technician. [Hidden Content] [Hidden Content]
  15. ZipExec ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on a disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip file on disk and execute it. This is done programmatically by using COM objects to access the GUI-based functions in Windows via the generated JScript loader, executing the loader inside the password-protected zip without having to unzip it first. By password protecting the zip file, it protects the binary from EDRs and disk-based or anti-malware scanning mechanisms. [hide][Hidden Content]]
  16. itsMe

    Password Cracker 4.49

    The tool for restoring forgotten passwords (also on Internet Explorer). A simple software that was created to ensure that you never worry about misplacing or forgetting passwords. Tool for restoring forgotten passwords (also in Internet Explorer). So using this application, you will no longer have to panic when you lose any of your passwords. Using: Just hover the mouse on the password and inhospitable place of asterisks see the desired password. Multilingual version supports follows languages: English, Chinese, Czech, French, German, Hindi, Italian, Portugues (Brazilian), Spanish, Nederlands, Russian, Ukrainian. How to use Password Cracker? Start pwdcrack.exe. Click on button Enable. Move mouse pointer on password. See to field View. [hide][Hidden Content]]
  17. L0phtCrack Password Auditor Enterprise L0phtCrack Password Auditor Enterprise is a powerful program to check and crack the password, there are many advanced functions and professional. The software integrates powerful features such as scheduling, extract hash according version Windows 64-bit, algorithms, multi-processor, and the monitoring and decoding network. L0phtCrack v7.2.0 Release Notes Open source release Replaced commercial libraries with OpenSSL and LibSSH2 Improved SSH importing to support IPV6 [hide][Hidden Content]]
  18. Content: [hide][Hidden Content]]
  19. dEEpEst

    What is password cracking ?

    What is password cracking ? - Password cracking is the process of using an application program to identify an unknown or forgotten password to a computer or network resource. It can also be used to help a threat actor obtain unauthorized access to resources. - With the information malicious actors gain using password cracking, they can undertake a range of criminal activities. Those include stealing banking credentials or using the information for identity theft and fraud. - A password cracker recovers passwords using various techniques. The process can involve comparing a list of words to guess passwords or the use of an algorithm to repeatedly guess the password.
  20. Email OSINT and password finder. Use h8mail to find passwords through a different breach and reconnaissance services, or the infamous “Breach Compilation” torrent. Features Email pattern matching (reg exp), useful for reading from other tool outputs Pass URLs to directly find and target emails in pages Loosey patterns for local searchs ("john.smith", "evilcorp") Painless install. Available through pip, only requires requests Bulk file-reading for targeting Output to CSV file or JSON Compatible with the "Breach Compilation" torrent scripts Search cleartext and compressed .gz files locally using multiprocessing Compatible with "Collection#1" Get related emails Chase related emails by adding them to the ongoing search Supports premium lookup services for advanced users Custom query premium APIs. Supports username, hash, ip, domain and password and more Regroup breach results for all targets and methods Includes option to hide passwords for demonstrations Delicious colors [hide][Hidden Content]]
  21. itsMe

    VPS Password List Maker

    VPS stands for virtual private server which definitely means having the independency of managing the entire resource of the server with no partner. It is virtually administered. The management aspect means a customer has total and absolute control of the private server and is able to do whatever he or she wants to do. It differs from shared server that you have to follow what the server consists of and what recourses it contains rather than the settings that may not be convenient for some customers’ applications, or does not have the functional ability to run their programs. Here we have the VPS password list generator for you that you can use to make password list in order to brute servers through RDP. Copy to clipboard Load/Save As Files 3 Part Inputs Remove Duplicate Passwords Change Characters To Symbols Easy to use Very quick No lag [hide][Hidden Content]]
  22. SharpSpray SharpSpray is a Windows domain password spraying tool written in .NET C#. SharpSpray is a C# port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and outside a domain context. Exclude domain disabled accounts from the spraying. Auto gathers domain users from the Active directory. Avoid potential lockouts by excluding accounts within one attempt of locking out. Avoid potential lockouts by auto-gathering domain lockout observation window settings. Compatible with Domain Fine-Grained Password policies. Custom LDAP filter for users, e.g. (description=admin) Delay in seconds between each authentication attempt. Jitter between each authentication attempt. Support a single password or a list of passwords. Single file Console Application. [hide][Hidden Content]]
  23. Kraker Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash cracking and make it fault-tolerant. Kraker consists of two main components – a server and an agent, which communicate through a REST API. You can read about their installation and configuration below. Kraker continues to be in development, so the new functionality, documentation, and updates will be released as they become available. Changelog v1.2 Fixed: Mur-mur-hash instead of MD5. [hide][Hidden Content]]
  24. itsMe

    Password Cracker 4.48

    The tool for restoring forgotten passwords (also on Internet Explorer). A simple software that was created to ensure that you never worry about misplacing or forgetting passwords. Tool for restoring forgotten passwords (also in Internet Explorer). So using this application, you will no longer have to panic when you lose any of your passwords. Using: Just hover the mouse on the password and inhospitable place of asterisks see the desired password. [hide][Hidden Content]]
  25. imyPass Windows Password Reset The best solution to reset/remove the forgotten Windows password and delete/create a Windows account. imyPass Windows Password Reset – Secure & Trustworthy It must be a disaster to find that you have lost your Windows password and cannot access your Windows PC. To enter your computer, what you need is a reliable Windows password cracker to recover your password without any data loss. [Hidden Content] [hide][Hidden Content]]