Passware Kit offers various types of password recovery settings to configure password candidates:
Six basic password recovery attacksDefault set of attacks. |
Dictionary |
| Xieve | |
| Brute-force | |
| Mask | |
| Known Password/Part | |
| Previous Passwords | |
Four advanced password recovery attacksThese attacks are applicable to a limited set of file types, such as WinZip archives or MS Office files. |
Encryption Keys Extraction |
| SureZip Attack | |
| Zip Plaintext Attack | |
| Rainbow Tables Attack | |
Grouping attacksThe section includes methods of grouping attacks together to form complex passwords. |
Join Attacks |
| Append Attacks | |
ModifiersEach password recovery attack can be customized by adding a modifier to match common password patterns and to narrow the search. |
Change case |
| Change chars order | |
| Substitution |
BASIC PASSWORD RECOVERY ATTACKS
Dictionary Attack
A dictionary attack tries thousands of words and frequently used combinations from dictionary files as possible passwords.
Sample passwords: “administrator”, “specialization”, “missionimpossible”, “demo12345”, “passwor<”.
A dictionary attack allows users to customize the following settings:
SETTINGS
- Length
The program searches for a password of the specific length.
- Dictionary file
Passware Kit offers 19 built-in dictionaries: Arabic, Bulgarian, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Irish, Italian, Polish, Portuguese, Romanian, Russian, Slovenian, Spanish, and Swedish.
To upload and compile custom dictionary files, use the built-in Dictionary Manager tool. The tool also allows users to sort, export, and import existing dictionaries, as well as to edit, merge, and delete unnecessary ones.
- Pattern
Defines the known part of the password.
If any part of the password is known, enter it in the “Pattern” field. Use the following symbols to specify unknown part(s):
|
? |
Will be replaced by exactly one letter |
|
* |
Will be replaced by zero or more characters |
|
\ |
Use to insert * and ? symbols |
Examples:
The pattern “new?????” will match “newcomer” and will not match “newton”, “newbold”.
The pattern “mo*” will match “mod”, “moat”, “moanful”, etc.
The pattern “*ple\*” will match “apple*”, “couple*”.
MODIFIERS
To change case type, character order, or substitute characters, add the appropriate Modifier.
Sample passwords
Click Sample passwords link to see passwords that are generated by the attack.
Xieve™
A Xieve attack checks only those combinations of characters that are common in the selected language. It uses a large built-in table of frequencies of different combinations of letters.
Sample passwords: “mycomp” and “sweetemily”.
A Xieve attack allows you to customize the following settings:
SETTINGS
- Length
The program searches for a password of the specific length.
- Language
Passware Kit offers 19 built-in symbol sets for the following languages: Arabic, Bulgarian, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Irish, Italian, Polish, Portuguese, Romanian, Russian, Slovenian, Spanish, and Swedish.
- Symbol Set
The symbol set can include uppercase letters, lowercase letters, and custom characters.
ADVANCED SETTINGS
- Custom Characters
To add special characters to the symbol set, use the “Custom characters” field.
- Pattern
Defines the part of the password.
If any part of the password is known, enter it in the “Pattern” field. Use the following symbols to specify unknown part(s):
|
? |
Will be replaced by exactly one letter |
|
* |
Will be replaced by zero or more characters |
|
\ |
Use to insert * and ? symbols |
Examples:
The pattern “????the?” will match “vlmethey” and “ctesthes”.
The pattern “*to” will match “abato”, “domicato”, etc.
The pattern “?????come??\*” will match “abouncomend*”.
- Xieve level
Select the Xieve level: low, medium, or high. With the high level settings, Passware Kit checks the most common combinations of letters only, skipping all the combinations that are not typical for the language selected.
MODIFIERS
To change case type, character order, or substitute characters, add the appropriate Modifier.
Sample passwords
Click the Sample passwords link to see the passwords that are generated by the attack.
Brute-force
A brute-force attack recovers passwords by checking all possible combinations of characters from the specified symbol set. This is the slowest, but most thorough, method.
Sample passwords: “Pw5@”, “23012009”, and “qw3erty”.
A brute-force attack allows users to customize the following settings:
SETTINGS
- Length
The program searches for a password of the specific length.
- Language
Passware Kit offers 19 built-in dictionaries: Arabic, Bulgarian, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Irish, Italian, Polish, Portuguese, Romanian, Russian, Slovenian, Spanish, and Swedish.
- Symbol Set
The symbol set can include uppercase letters, lowercase letters, numbers, symbols, space, and custom characters.
ADVANCED SETTINGS
- Custom Characters
To add special characters to the symbol set, use the “custom characters” field.
- Pattern
Defines the part of the password.
If any part of the password is known, enter it in the “Pattern” field. Use the following symbols to specify unknown part(s):
|
? |
Will be replaced by exactly one letter |
|
* |
Will be replaced by zero or more characters |
|
\ |
Use to insert * and ? symbols |
Examples:
The pattern “c0ll??” will match “c0ll78” and “c0ll3D” and will not match “c0ll784”
The pattern “h@m*” will match “h@m”, “h@m1987”, etc.
The pattern “pass*\?” will match “passw0rd?”.
MODIFIERS
To change case type, character order, or substitute characters, add the appropriate Modifier.
Sample passwords
Click the Sample passwords link to see the passwords that are generated by the attack.
Mask Attack
A mask attack checks passwords that match a specific pattern. This attack allows users to skip unnecessary character combinations and reduces the time spent on brute-force password recovery. Check out the “How to use a Mask Attack” article.
Known Password/Part
A known password/part attack checks a certain password entered in the “Value” field. There is no need to open a file to check whether a certain password is correct.
This attack can be combined with other attacks using the Join Attacks option. For example, if the password is a word followed by “1980”, use Join Attacks to combine Dictionary attack and Known Password/Part attack with the value set to “1980”.
Previous Passwords
The previously recovered passwords are added automatically to the “Previous Passwords” dictionary to be reused for other files.
FILE-TYPE SPECIFIC PASSWORD RECOVERY ATTACKS
Encryption Keys Extraction (MS Word/Excel/PowerPoint v.2007-2019)
An encryption keys extraction attack instantly decrypts MS Office 2007-2019 files (Word, Excel, PowerPoint) using a memory image of a computer or system hibernation file (hiberfil.sys) acquired while the file was open. The attack instantly extracts the encryption keys and decrypts the file, regardless of the password length.
SureZip™ (WinZip up to v.8.0)
A SureZip attack decrypts zip archives created with WinZip version 8.0 and earlier in less than an hour, regardless of the password used to protect it. At least 5 simultaneously encrypted files are required to process the archive. Archives created with WinZip are supported.
Zip Plaintext (WinZip)
If there is at least one file from a password-protected zip archive available unencrypted, a zip plaintext attack instantly decrypts the whole archive, regardless of the password length. Archives with WinZip standard encryption are supported.
NOTE: AES-encrypted archives are not supported by a Plaintext attack.
You can compress the available unencrypted file with the same version of zip and use it as a plaintext archive. The essential requirement: the plaintext file should be zipped with encryption that is byte-by-byte equal to the one that was used to encrypt the whole archive.
Rainbow Tables (Password Hashes and MS Office files)
A rainbow tables attack recovers hashed passwords from Windows, MD5, LANMAN, NTLM, and SHA1 hashes. To calculate a password, it uses a rainbow table – a precomputed table for reversing cryptographic hash functions. Rainbow tables are available for download at third-party websites, such as FreeRainbowTables.com. The attack supports unpacked .RT tables.
The rainbow tables attack can also be used to decrypt Word and Excel 2003/2002/2000/97 files protected with the original 40-bit encryption instantly. To decrypt the files, the attack requires special rainbow tables that are available as a separate Passware product – Passware Rainbow Tables for Office.
GROUPING ATTACKS
Join Attacks
The join attacks group allows users to combine several attacks together to form complex passwords.
Example: the following join attacks group generates passwords like “apple1987”, “pie1234”, “home1876”.
The join attacks group applies its settings to all parts of the password. It allows users to customize the following settings:
SETTINGS
- Length
The program searches for a password of the total specific length.
- Order of attacks
To change the order of attacks inside the join attacks group, use one of the options below:
- Original
The program checks passwords from the original order of the attacks. For the previous example, sample passwords are: “apple1987”, “pie1234”, “home1876”.
- Original and Reverse
The program checks passwords from both the original and reversed order of the attacks. For the previous example, sample passwords will also include such passwords as: “1987apple”, “1234pie”, “1876home”.
- All possible combinations
The program checks passwords from all possible combinations of attacks. This option is recommended for join attacks groups with more than two attacks inside.
Sample passwords for the attack below are: “pie19grow”, “grow19pie”, “19growpie”,”19piegrow”
Sample passwords
Click the Sample passwords link to see the passwords that are generated by the attack.
Append Attacks
The append attacks group runs attacks to check the shortest passwords first, then runs the same attacks to check increasingly longer passwords.
In the example below, the three independent attacks (dictionary, brute-force, and join attacks group) are added to the append attacks group:
The program starts the search with the shortest password candidates. Sample passwords are:
- Dictionary attack: demo
- Brute-force attack: 1234
- Join attacks group: pie1
Once all the passwords of length 4 are checked, the program switches to 5-character-long passwords. Sample passwords are:
- Dictionary attack: brown
- Brute-force attack: 12345
- Join attacks group: home1
And so on.
When the append attacks group is not used, Passware Kit checks all the passwords of each attack before running the next one.
MODIFIERS
Each password recovery attack can be adjusted by adding a special modifier to match a pattern and to narrow the search.
Change case
The modifier specifies the case of the password candidates.
There are several options to choose from. For example, for the password candidate “Catch”, the change case modifier will generate the following passwords:
- Original: Catch
- Normal: Catch
- Toggle: cATCH
- Upper: CATCH
- Lower: catch
- Reverse: cATCH
- Mixed: cATcH
Change chars order
The modifier reverses the order of characters. For example, the password candidate “Password” will be modified to “drowssaP”.
Substitution
The modifier substitutes characters from the original password in accordance with the selected substitution rule:
⁃ English mistypes: checks words with a possible typo
Password -> Passeord
⁃ English upside down
password -> dɐssʍoɹp
⁃ English to Russian keyboard: English words typed using a Russian keyboard layout
Password -> Зфыыцщкв
⁃ Russian to English keyboard: Russian words typed using an English keyboard layout
Пассворд -> Gfccdjhl
⁃ English to Arabic keyboard: English words typed using an Arabic keyboard layout
⁃ Arabic to English keyboard: Arabic words typed using an English keyboard layout
⁃ Numbers to letters keyboard:
1234567890 -> qwertyuiop
⁃ Letters to numbers keyboard:
qwertyuiop -> 1234567890
⁃ Leetspeaking: replaces ‘a’ with ‘@ or ‘4’, ‘e’ with 3’, etc.
password -> “p@$$wOrd”, “p4$$wOrd”,...
⁃ Russian transliteration:
Пассворд -> Password
Comments
0 comments
Please sign in to leave a comment.