This program is designed for recovering passwords to hashes, and supports over 180 algorithms ( MySQL, MD5, SHA-1, CRC-16, XOR-32 and WPA-PSK PMK and many more ). The software’s primary features include:
- 7 types of attacks for recovering passwords to hashes.
- Maximum number of hashes in the licensed version reaches 10 millions.
- Comfortable and quick handling of large hash lists.
- Recovery of passwords of up to 127-characters length long.
- Recovery of passwords for to incomplete hashes of any type.
- Recovery of passwords in Unicode.
- Support for third-party developer’s hashing modules.
- Support for using plugins.
- Editing user hashes and other data.
- Adding hashes to the list from a text file using a dialog window or clipboard.
- Copying hashes and found passwords to clipboard.
- Exporting hashes to text or HTML file.
- Searchable list of users with hashes.
- Checking current password against all or selected users on the list.
- Verifying user hashes and their passwords.
- Automatic accumulation of found passwords in the file “PasswordsPro.dic”.
- Sorting hash list.
- Exporting hashes with found passwords in the format common for the InsidePro Software forum.
- Support for the “hidden” operating mode – when the program doesn’t appear on the taskbar.
Types of attacks supported by the software :
- Preliminary Attack – this is a quick check of user hashes for matching to simple passwords like “123″, “qwerty”, “99999″, etc., as well as to passwords found by the program earlier.
- Brute Force Attack – this is the exhaustive search through all possible passwords in a certain range; e.g., “aaaaaa”…”zzzzzz”.
- Mask Attack – this attack is used when some information on the lost password is known. To use the attack, make sure to specify the mask for each character in the password to be recovered in the attack settings. For mask characters you can use the conventional characters for the standard or custom character sets – ?u, ?d, ?2, etc. (see the “Character Sets” tab in the program’s settings).
- Simple Dictionary Attack – during this attack, the program simply checks hashes against passwords in dictionaries.
- Combined Dictionary Attack – during this attack, passwords are made of several words taken from different dictionaries. That allows to recover complex passwords like “superadmin”, “admin*admin”, etc.
- Hybrid Dictionary Attack – this attack allows modifying passwords taken from dictionaries (for example, shift the password to upper case, append ’1′ to the end of the password, etc.) and validating them as user passwords. The actions performed over source passwords are called “rules”, and the full list of those is available in the file “Rules.txt” in the software distributive.
- Rainbow Attack – this attack attempts to recover passwords using the pre-calculated Rainbow tables.
The software includes the following plugins (to obtain more information, see the file “ReadMe.txt” in the folder containing each plugin):
Dictionary Generator – generates dictionaries of passwords from a specified range and performs other functions related to using dictionaries – sorting, merging to one file, etc.
- Hash Bruteforcing History – codes and decodes history of hash bruteforcing.
- Hash Generator – generates hashes of all types loaded in the program.
- Hash Queue – handles queues of hashes downloaded from the Internet.
- Hidden Passwords Recovery – recovers text hidden behind asterisks.
- NTLM Password Finder – attempts to find the NTLM password on the PasswordsPro hash list with a known LM password by checking it in all possible character cases.
- Password Generator – generates random passwords with specified parameters.
- Password Sender – sends recovered passwords to websites.
- SQL Dump Parser – extracts hashes from SQL dumps of various forums.
- Text Converter – converts text from Base64 to plain text format and the other way around.