Passware Kit uses five common password recovery attacks, four advanced file-type specific attacks, and two methods of grouping attacks together to form complex passwords.
COMMON PASSWORD RECOVERY ATTACKS
Dictionary Attack
Brute-Force Attack
Xieve Attack
Known Password/Part Attack
Previous Passwords Attack
FILE-TYPE SPECIFIC PASSWORD RECOVERY ATTACKS
Decryptum Attack
Encryption Keys Extraction
SureZip Attack
Zip Plaintext Attack
Rainbow Tables Attack
GROUPING ATTACKS
Join Attacks
Append Attacks
MODIFIERS
Change casing
Order
Substitution
COMMON PASSWORD RECOVERY ATTACKS
Dictionary
Dictionary attack tries thousands of words from dictionary files as possible passwords.
Sample passwords: "administrator", "specialization", "strong".
Dictionary attack allows you to customize the following settings:
Password length
The program searches for the password of the specified length.
Dictionary file
Passware Kit offers 9 built-in dictionaries: Arabic, Dutch, English, French, German, Italian, Portuguese, Russian, and Spanish. The program allows you to compile your own dictionary file by choosing the "Custom" option.
Pattern
Defines the part of the password.
If any part of the password is known, enter it in the "Pattern" field. Known parts can be separated with '*' or '?'. For example, "*p?e*" will match both "apple" and "pie".
All '?' characters in the pattern are replaced by exactly one letter. I.e. pattern "never?????" will match "neveragain" and will not match "forever", "nevermore".
The '*' character is replaced by zero or more letters, i.e., pattern "never*" will match "never", "neveragain", "nevermore", etc.
Casing
You can add Casing Modifier to the Dictionary attack to change the casing of any or all letters of the password.
Reverse Password
You can add Reverse Password Modifier to the Dictionary attack to check for reversed words from the dictionary.
Brute-force
Brute-force attack finds passwords by checking all possible combinations of characters from the specified Symbol Set. This is the slowest, but most thorough, method.
Sample passwords: "Pw5@", "23012009", and "qw3erty".
Brute-force attack allows you to customize the following settings:
Password length
The program searches for the password of the specified length.
Language
Passware Kit offers 9 built-in symbol sets for the following languages: Arabic, Dutch, English, French, German, Italian, Portuguese, Russian, and Spanish. You can also add special characters to the symbol set in the "Custom characters" field.
Symbol Set
The Symbol Set can include Uppercase letters, Lowercase letters, Numbers, Symbols, Spaces, and Custom characters.
Pattern
Defines the part of the password.
If any part of the password is known, enter it in the "Pattern" field. Known parts can be separated with '*' or '?'. For example, "*p?e*" will match both "apple" and "pie".
All '?' characters in the pattern are replaced by exactly one of the symbols from the active Symbol Set, i.e., pattern "never?????" will match "neveragain" and will not match "forever", "nevermore". The '*' character is replaced by zero or more symbols from the active Symbol Set (this number depends on password length specified), i.e., pattern "never*" will match "never", "neveragain", "nevermore", etc.
Xieve™
Xieve optimization dramatically boosts Brute-force attack speed by skipping password checks of nonsensical combinations of characters. It uses a large built-in table of frequencies of different combinations of letters.
Sample passwords: "mycomp" and "sweetemily".
Xieve attack allows you to customize the following settings:
Password length
The program searches for the password of the specified length.
Language
Passware Kit offers 9 built-in symbol sets for the following languages: Arabic, Dutch, English, French, German, Italian, Portuguese, Russian, and Spanish. You can also add special characters to the symbol set in the "Custom characters" field.
Symbol Set
The Symbol Set can include Uppercase letters, Lowercase letters, and Custom characters.
Pattern
Defines the part of the password.
If any part of the password is known, enter it in the "Pattern" field. Known parts can be separated with '*' or '?'. For example, "*p?e*" will match both "apple" and "pie".
All '?' characters in the pattern are replaced by exactly one of the symbols from the active Symbol Set, i.e., pattern "never?????" will match "neveragain" and won't match "forever", "nevermore". The '*' character is replaced by zero or more symbols from the active Symbol Set (this number depends on password length specified), i.e., pattern "never*" will match "never", "neveragain", "nevermore", etc.
Xieve level
You can define the level of Xieve optimization by choosing between Low, Medium and High. With the High level, the application checks the most common combinations of letters only, skipping all the combinations that are not typical for the language selected.
Known Password/Part
Known Password/Part attack checks a certain password entered in the "Value" field. There is no need to open a file in order to check whether a certain password is correct.
This attack can be combined with other attacks using the Join Attacks option. For example, if you know your password is a word followed by "1980", use Join Attacks to combine Dictionary attack and Known Password/Part attack with the value set to "1980".
Previous Passwords
Previous Passwords attack checks passwords that were previously recovered by other attacks for other files. It automatically saves all passwords found.
FILE-TYPE SPECIFIC PASSWORD RECOVERY ATTACKS
Decryptum attack™ (MS Word/Excel up to v.2003)
Decryptum attack is available offline as Decryptum Portable. Passware's portable rainbow tables are used by the Rainbow Tables attack and allow instant offline decryption of MS Word and Excel files up to v.2003.
Learn more about Decryptum Portable...
Encryption Keys Extraction (MS Word/Excel/Powerpoint v.2007-2016)
Encryption Keys Extraction Attack instantly decrypts MS Office 2007-2016 files (Word, Excel, PowerPoint) if there is a memory image of a computer acquired while the file was open. The attack instantly extracts the encryption keys from the memory image or the system hibernation file (hiberfil.sys) and decrypts the file, regardless of the password length.
To acquire the memory image, you can use Passware FireWire Memory Imager.
SureZip™ (WinZip up to v.8.0)
SureZip attack decrypts Zip archives created with WinZip version 8.0 and earlier in less than an hour regardless of password used to protect it. At least 5 simultaneously encrypted files are required in order to process the archive. Archives created with WinZip are supported.
Zip Plaintext (WinZip)
If there is at least one file from a password-protected Zip archive available unencrypted, Zip Plaintext attack instantly decrypts the whole archive, regardless of the password length. Archives with WinZip standard encryption are supported. AES-encrypted archives are not supported by Plaintext attack.
Zip Plaintext attack allows you to customize the following settings:
Plaintext archive
Please compress the known file with the same version of Zip and then apply it to the Zip Plaintext attack as a Plaintext archive.
Plaintext file should be zipped without encryption byte-by-byte equal to the one you have among others in the encrypted zip archive.
Rainbow Tables (Password Hashes and MS Office files)
Rainbow Tables attack recovers hashed passwords from Windows, MD5, LANMAN, NTLM, and SHA1 hashes. To calculate a password, it uses a rainbow table - a precomputed table for reversing cryptographic hash functions. Rainbow tables are available for download at third-party websites, such as FreeRainbowTables.com (free) and Rainbow Crack. The attack supports unpacked .RT tables.
The Rainbow Tables attack can also be used to decrypt instantly MS Word and Excel files up to v.2003. To decrypt the files, the attack requires special rainbow tables that are available as an additional product by Passware - Decryptum Portable.
The attack is available in "Advanced: Custom Settings" when you choose the "New Attack" in case it can be applied. Also, if the file can be attacked with Rainbow Tables, you should see it mentioned in the "File Type" line.
GROUPING ATTACKS
Join Attacks
Join Attacks group applies its attacks to different parts of the password. Set the whole password length first. Then add attacks to the Join Attacks group for each part of the password.
Example: for passwords like "green123", set the following Join Attacks group:
Join Attacks (Password Length: from 8 to 8)
Dictionary Attack: English
(Password Length: from 5 to 5)
+
Brute-force Attack: Numbers
(Password Length: from 3 to 3)
Sample passwords: "admin123" and "black000".
Join Attacks group allows you to customize the following settings:
Password length
The program searches for the password of the total specified length.
Reversed Order
The program also checks passwords from the reversed order of the attacks. For the previous example, sample passwords are: "123green","123admin", "000black".
Append Attacks
Append Attacks group runs attacks to check the shortest passwords first, then runs the same attacks to check increasingly longer passwords.
When Append Attacks group is not enabled, Passware Kit checks all the passwords of each attack before running the next attack.
MODIFIERS
Change casing
Allows specifying the Casing of the password. Should be added to the main attack. There are several options to choose from:
Original:paSsWOrd
Normal:Password
Toggle:pASSWORD
Upper:PASSWORD
Lower:password
Reverse:PAsSwoRD
Mixed:PaSsWoRd
Order
Can be reversed, for example, for the 'Password" it will check for "drowssaP"
Substitution
Substitutes characters from the original password according to a selected substitution rule:
Leetspeak - replaces'a' with '@ or '4', 'e' with 3', etc. "password" -> "p@$$wOrd", "p4$$wOrd",...
Keyboard_EnglishToRussian - English words typed using a Russian keyboard layout.
Keyboard_RussianToEnglish - Russian words typed using an English keyboard layout.
EnglishUpsideDown- "password" -"dɐssʍoɹp"
Comments
0 comments
Please sign in to leave a comment.