Passware Kit offers various types of password recovery settings to configure password candidates:
Six basic password recovery attacksDefault set of attacks. |
Dictionary |
Xieve | |
Brute-force | |
Mask | |
Known Passwords/Part | |
Previous Passwords | |
Five advanced password recovery attacksThese attacks are applicable to a limited set of file types, such as WinZip archives or MS Office files. |
AxCrypt Private Key |
Encryption Keys Extraction | |
SureZip Attack | |
Zip Plaintext Attack | |
Rainbow Tables Attack | |
Grouping attacksThe section includes methods of grouping attacks together to form complex passwords. |
Join Attacks |
Append Attacks | |
ModifiersEach password recovery attack can be customized by adding a modifier to match common password patterns and to narrow the search. |
Change case |
Change chars order | |
Substitution |
Passware Tip: The password hints can be extracted for Apple Notes, iWork files, FileVault2 accounts, APFS disk images, and Western Digital digest files. These hints might be helpful for adjusting the settings and make the password recovery process more efficient.
BASIC PASSWORD RECOVERY ATTACKS
Dictionary Attack
A dictionary attack tries thousands of words and frequently used combinations from dictionary files as possible passwords.
Sample passwords: “administrator”, “specialization”, “missionimpossible”, “demo12345”, “passwor<”.
A dictionary attack allows users to customize the following settings:
SETTINGS
- Length
The program searches for a password of the specific length.
- Dictionary file
Passware Kit offers 23 built-in dictionaries: Arabic, Bulgarian, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Icelandic, Irish, Italian, Polish, Portuguese, Romanian, Russian, Slovenian, Spanish, Swedish, Turkish, Ukrainian and Vietnamese.
To upload and compile custom dictionary files, use the built-in Dictionary Manager tool. The tool also allows users to sort, export, and import existing dictionaries, as well as to edit, merge, and delete unnecessary ones.
- Pattern
Defines the known part of the password.
If any part of the password is known, enter it in the “Pattern” field. Use the following symbols to specify unknown part(s):
? |
Will be replaced by exactly one letter |
* |
Will be replaced by zero or more characters |
\ |
Use to insert * and ? symbols |
Examples:
The pattern “new?????” will match “newcomer” and will not match “newton”, “newbold”.
The pattern “mo*” will match “mod”, “moat”, “moanful”, etc.
The pattern “*ple\*” will match “apple*”, “couple*”.
MODIFIERS
To change case type, character order, or substitute characters, add the appropriate Modifier.
Sample passwords
Click Sample passwords link to see passwords that are generated by the attack.
Xieve™
A Xieve attack checks only those combinations of characters that are common in the selected language. It uses a large built-in table of frequencies of different combinations of letters.
Sample passwords: “mycomp” and “sweetemily”.
A Xieve attack allows you to customize the following settings:
SETTINGS
- Length
The program searches for a password of the specific length.
- Language
Passware Kit offers 23 built-in dictionaries: Arabic, Bulgarian, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Icelandic, Irish, Italian, Polish, Portuguese, Romanian, Russian, Slovenian, Spanish, Swedish, Turkish, Ukrainian and Vietnamese.
- Symbol Set
The symbol set can include uppercase letters, lowercase letters, and custom characters.
ADVANCED SETTINGS
- Custom Characters
To add special characters to the symbol set, use the “Custom characters” field.
- Pattern
Defines the part of the password.
If any part of the password is known, enter it in the “Pattern” field. Use the following symbols to specify unknown part(s):
? |
Will be replaced by exactly one letter |
* |
Will be replaced by zero or more characters |
\ |
Use to insert * and ? symbols |
Examples:
The pattern “????the?” will match “vlmethey” and “ctesthes”.
The pattern “*to” will match “abato”, “domicato”, etc.
The pattern “?????come??\*” will match “abouncomend*”.
- Xieve level
Select the Xieve level: low, medium, or high. With the high level settings, Passware Kit checks the most common combinations of letters only, skipping all the combinations that are not typical for the language selected.
MODIFIERS
To change case type, character order, or substitute characters, add the appropriate Modifier.
Sample passwords
Click the Sample passwords link to see the passwords that are generated by the attack.
Brute-force
A brute-force attack recovers passwords by checking all possible combinations of characters from the specified symbol set. This is the slowest, but most thorough, method.
Sample passwords: “Pw5@”, “23012009”, and “qw3erty”.
A brute-force attack allows users to customize the following settings:
SETTINGS
- Length
The program searches for a password of the specific length.
- Language
Passware Kit offers 23 built-in dictionaries: Arabic, Bulgarian, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Icelandic, Irish, Italian, Polish, Portuguese, Romanian, Russian, Slovenian, Spanish, Swedish, Turkish, Ukrainian and Vietnamese.
- Symbol Set
The symbol set can include uppercase letters, lowercase letters, numbers, symbols, space, and custom characters.
The "Symbols" character set contains the following symbols:
@#$%&!?()[]{}\/:;~^"`'+-=*,._€£
ADVANCED SETTINGS
- Custom Characters
To add special characters to the symbol set, use the “custom characters” field.
- Pattern
Defines the part of the password.
If any part of the password is known, enter it in the “Pattern” field. Use the following symbols to specify unknown part(s):
? |
Will be replaced by exactly one letter |
* |
Will be replaced by zero or more characters |
\ |
Use to insert * and ? symbols |
Examples:
The pattern “c0ll??” will match “c0ll78” and “c0ll3D” and will not match “c0ll784”
The pattern “h@m*” will match “h@m”, “h@m1987”, etc.
The pattern “pass*\?” will match “passw0rd?”.
MODIFIERS
To change case type, character order, or substitute characters, add the appropriate Modifier.
Sample passwords
Click the Sample passwords link to see the passwords that are generated by the attack.
Mask Attack
A mask attack checks passwords that match a specific pattern. This attack allows users to skip unnecessary character combinations and reduces the time spent on brute-force password recovery. Check out the “How to use a Mask Attack” article.
Known Passwords/Part (improved in Passware Kit v.2022.1)
Passware Kit now allows users to leverage the Known Passwords attack by specifying multiple passwords but without creating a custom dictionary.
The Attack can support up to 99 passwords and functions as either a separate attack or as part of a Join Attack. For example, if the password is a word followed by the numbers “1980”, use Join Attacks to combine Dictionary Attack and Known Passwords/Part Attack with the value set to “1980”. Or, once 10 possible words are known along with a pattern of 5 numbers, use Join Attack with Known Passwords/Part Attack containing the 10 possible words and Brute-force Attack with 5 numbers.
These passwords can also be modified with the regular Passware Kit modifiers, such as “Change casing”, “Change chars order” and “Substitute chars.”
Previous Passwords
The previously recovered passwords are added automatically to the “Previous Passwords” dictionary to be reused for other files.
FILE-TYPE SPECIFIC PASSWORD RECOVERY ATTACKS
- AxCrypt Private Key
- Encryption Keys Extraction
- SureZip Attack
- Zip Plaintext Attack
- Rainbow Tables Attack
AxCrypt Private Key
When a user creates an AxCrypt account (version 2.x), an unencrypted Public Key and a password protected Private Key are generated and saved locally. The encrypted key is stored in a Base64 format in a UserAccounts.txt file. Passware Kit allows users to brute-force the key password. Once the password is found, Passware Kit creates a decrypted PEM (Private Key) file.
Passware Tip: The encrypted Private Key is always protected with the latest AxCrypt user account password.
The decrypted Private Key PEM file then can be used to unprotect any AxCrypt file of the same account instantly, regardless of its password:
- Drag&drop the AxCrypt file and select Customize Settings
- Click ‘+’. The AxCrypt Private Key attack is listed under Special Attack section
- Browse for the generated “private-key.pem” file and add the attack
- Click Recover to continue with AxCrypt instant decryption
Encryption Keys Extraction (MS Word/Excel/PowerPoint v.2007-2019)
An encryption keys extraction attack instantly decrypts MS Office 2007-2019 files (Word, Excel, PowerPoint) using a memory image of a computer or system hibernation file (hiberfil.sys) acquired while the file was open. The attack instantly extracts the encryption keys and decrypts the file, regardless of the password length.
SureZip™ (WinZip up to v.8.0)
A SureZip attack decrypts zip archives created with WinZip version 8.0 and earlier in less than an hour, regardless of the password used to protect it. At least 5 simultaneously encrypted files are required to process the archive. Archives created with WinZip are supported.
Zip Plaintext (WinZip)
If there is at least one file from a password-protected zip archive available unencrypted, a zip plaintext attack instantly decrypts the whole archive, regardless of the password length. Archives with WinZip standard encryption are supported.
NOTE: AES-encrypted archives are not supported by a Plaintext attack.
You can compress the available unencrypted file with the same version of zip and use it as a plaintext archive. The essential requirement: the plaintext file should be zipped with encryption that is byte-by-byte equal to the one that was used to encrypt the whole archive.
Rainbow Tables (Password Hashes and MS Office files)
A rainbow tables attack recovers hashed passwords from Windows, MD5, LANMAN, NTLM, and SHA1 hashes. To calculate a password, it uses a rainbow table – a precomputed table for reversing cryptographic hash functions. The attack supports unpacked .RT and .RT2 tables.
Rainbow Tables are available as separate Passware products:
- Passware Rainbow Tables for Windows
Designed for immediate recovery of Windows user passwords from NTLM hashes with Passware Kit Business, Forensic or Ultimate. Shipped on a USB SSD. - Passware Rainbow Tables for Office
Designed for instant decryption of Word and Excel 2003/2002/2000/97 files protected with the original 40-bit encryption with Passware Kit Business, Forensic or Ultimate. Shipped on a USB HDD.
Rainbow Tables are also available for download on third-party websites, such as FreeRainbowTables.com.
The attack is available for files with Rainbow Tables attack possible label in the File Type/Additional Options.
GROUPING ATTACKS
Join Attacks
The join attacks group allows users to combine several attacks together to form complex passwords.
Example: the following join attacks group generates passwords like “apple1987”, “pie1234”, “home1876”.
The join attacks group applies its settings to all parts of the password. It allows users to customize the following settings:
SETTINGS
- Length
The program searches for a password of the total specific length.
- Order of attacks
To change the order of attacks inside the join attacks group, use one of the options below:
- Original
The program checks passwords from the original order of the attacks. For the previous example, sample passwords are: “apple1987”, “pie1234”, “home1876”.
- Original and Reverse
The program checks passwords from both the original and reversed order of the attacks. For the previous example, sample passwords will also include such passwords as: “1987apple”, “1234pie”, “1876home”.
- All possible combinations
The program checks passwords from all possible combinations of attacks. This option is recommended for join attacks groups with more than two attacks inside.
Sample passwords for the attack below are: “pie19grow”, “grow19pie”, “19growpie”,”19piegrow”
Sample passwords
Click the Sample passwords link to see the passwords that are generated by the attack.
Append Attacks
The append attacks group runs attacks to check the shortest passwords first, then runs the same attacks to check increasingly longer passwords.
In the example below, the three independent attacks (dictionary, brute-force, and join attacks group) are added to the append attacks group:
The program starts the search with the shortest password candidates. Sample passwords are:
- Dictionary attack: demo
- Brute-force attack: 1234
- Join attacks group: pie1
Once all the passwords of length 4 are checked, the program switches to 5-character-long passwords. Sample passwords are:
- Dictionary attack: brown
- Brute-force attack: 12345
- Join attacks group: home1
And so on.
When the append attacks group is not used, Passware Kit checks all the passwords of each attack before running the next one.
MODIFIERS
Each password recovery attack can be adjusted by adding a special modifier to match a pattern and to narrow the search.
Change case
The modifier specifies the case of the password candidates.
There are several options to choose from. For example, for the password candidate “Catch”, the change case modifier will generate the following passwords:
- Original: Catch
- Normal: Catch
- Toggle: cATCH
- Upper: CATCH
- Lower: catch
- Reverse: cATCH
- Mixed: cATcH
Change chars order
The modifier reverses the order of characters. For example, the password candidate “Password” will be modified to “drowssaP”.
Substitution
The modifier substitutes characters from the original password in accordance with the selected substitution rule:
⁃ English mistypes: checks words with a possible typo
Password -> Passeord
⁃ English upside down
password -> dɐssʍoɹp
⁃ English to Russian keyboard: English words typed using a Russian keyboard layout
Password -> Зфыыцщкв
⁃ Russian to English keyboard: Russian words typed using an English keyboard layout
Пассворд -> Gfccdjhl
⁃ English to Arabic keyboard: English words typed using an Arabic keyboard layout
⁃ Arabic to English keyboard: Arabic words typed using an English keyboard layout
⁃ Numbers to letters keyboard:
1234567890 -> qwertyuiop
⁃ Letters to numbers keyboard:
qwertyuiop -> 1234567890
⁃ Leetspeaking: replaces ‘a’ with ‘@ or ‘4’, ‘e’ with 3’, etc.
password -> “p@$$wOrd”, “p4$$wOrd”,...
⁃ Russian transliteration:
Пассворд -> Password
Comments
0 comments
Please sign in to leave a comment.