Instant Password Recovery Tool
I made this back in April 2004, it only took a couple of hours to write and build the database.
Basically, I took a wordlist of 535,683 words and hashed them in MD5, SHA1 & LANMAN. The results are stored in a simple MySQL table, indexes on that table make lookups REALLY fast and thats about it. You enter the hash you want to lookup, select the type of hash it is *if you know it*, then hit “Look It Up”.
The MySQL table is fairly lightweight, 535,683 rows, 48,164 KB total ( 37,030 KB of Data, 11,134 KB of Indexes ).
It’s mostly useful for recovering / auditing passwords on web applications like PhpBB & Bugzilla where the database stores unsalted hashes. It found about 90% of the passwords on a PhpBB message board I administer. You can also use it to test Windows NT/2000 passwords provided you’ve extracted the LANMAN hashes from the system first.
About this entry
You’re currently reading “Instant Password Recovery Tool,” an entry on Weblog of Michael Cutler
- Published:
- 13th May 2005 / 8:05pm
Related Entries
- What not to do when you’ve installed sshdfilter
13th July 2006 - Brute force password attacks on Linux over SSH
8th February 2006 - Using sshdfilter to secure an SSH server
13th February 2006 - Wordpress Hack » Reading MySQL username & password from wp-config.php
24th January 2006 - MediaCodeSpeedEdit tool for DVD-Writers by ala42
14th November 2005
No comments
Jump to comment form | comments rss [?] | trackback uri [?]