Passware Kit Business and Forensic support password recovery for multiple different hashing algorithms:
Hash type | Environment | Salt | Recovery complexity |
GPU support | Rainbow Tables support |
MD4 | Windows, macOS X | — | Brute-force - Fast | Yes | Yes |
LanMan | Windows | — | Brute-force - Fast | — | Yes |
NTLM2 | Windows | — | Brute-force - Fast | Yes | — |
MD5 | Unix | Yes / — | Brute-force - Fast | — | — / Yes* |
Unix DES | Unix | Yes | Brute-force - Medium | — | — |
Unix MD5 | Unix | Yes | Brute-force - Slow | — | — |
Unix SHA256 | Unix | Yes | Brute-force - Slow | — | — |
Unix SHA512 | Unix | Yes | Brute-force - Slow | — | — |
Netscape LDAP SHA1 | Netscape Directory Server | Yes / — | Brute-force - Fast | — | — |
MacOS X SHA1 | macOS X | Yes | Brute-force - Fast | — | — |
MacOS X SHA 512 | macOS X Lion | Yes | Brute-force - Fast | — | — |
SHA1 | Yes / — | Brute-force - Fast | — | — / Yes* | |
SHA 256 | Yes | Brute-force - Fast | — | — | |
SHA 512 | Yes | Brute-force - Fast | — | — | |
OpenBSD Blowfish | Yes | Brute-force - Slow | Yes | — | |
yescrypt |
Linux |
Yes | Brute-force - Slow | — | — |
BitLocker |
Windows |
Yes |
Brute-force - Slow | Yes | — |
APFS |
macOS X | Yes |
Brute-force - Slow | Yes | — |
* Rainbow Tables attack is applicable to non-salted hashes only
Check out the full list of supported hash types and GPU options at:
https://www.passware.com/kit-forensic/filetypes/
NOTE: Hardware acceleration for hash files is available starting from Passware Kit 2020.x.
Passware Tip: Use the Rainbow Tables attack to recover passwords almost instantly for Raw unsalted MD5, SHA1, and Windows NT/LanMan.
Sample Hash Files: structure and format
Passware Kit recovers passwords for hashes from hash list (TXT) files. To attack a hash file, click "Browse for file" in "Recover File Password" section and locate the .TXT file with hash.
Single or multiple hashes of the same type can be added in one text document, each on a separate line with the [account:hash] structure as follows (bcrypt example):
NOTE: If the hashes are encrypted with salt, all hashes in one text file should have the same salt. Otherwise, they will not be supported by Passware Kit. "Account:" is a required part of the structure, although, any word can be used if original account name is unknown (BitLocker hash is an exception, it does not need the account).
___________________________
Below are the examples of some hash structures with multiple hashes of the same type.
Passware Tip: In the downloadable sample files, the passwords are listed in the description after the ‘#’ symbol, i.e. [username: password].
# Raw MD5, no salt, ASCII password
user:5f4dcc3b5aa765d61d8327deb882cf99
Alex:5a105e8b9d40e1329780d62ea2265d8a
Sandra:ad0234829205b9033196ba818f7a872b
kate:8ad8757baa8564dc136c1e07507f4a98
mike:86985e105f79b95d6bc918fb45ec7727
Passware:378e2c4a07968da2eca692320136433d
Download sample MD5-nosalt.txt
# with salt:
user-password:$MD5$salt$67a1e09bb1f83f5007dc119c14d663aa
Download sample Raw-MD5-salt.txt
# NTLM hash
Admin:500:AEBD4DE384C7EC43AAD3B435B51407EE:7A21990FCD3D759941E45C490F173D5F:::
Login-1:501:NO PASSWORD*********************:NO PASSWORD*********************:::
Login-2:1000:15E05A3C6D967536C8C9B0C7468727C6:8E90874E5F0C1CA822487EEA0983CBDC:::
Login-3:1002:NO PASSWORD*********************:A5865B74725716CB71131C351FEEDA45:::
Login-5:1004:598DDCE2660D3193A7D3B435B51404EE:2D20D252A479F4857F5E171D93985BF:::
Login-6:1006:23CE5FB4C15F9103AAD77635B51404EE:12C7A1918EBCDA1356818A4FB803C792:::
Download sample NTLM.txt
Download sample NTLMv2.txt
Passware Tip: :500: (:501:, :502:, etc.) is User RID or Runtime Identifier
For the built-in Administrator, the value is always ‘500’ (0x1f4), whereas other users start at ‘1001’ (0x3e9) and increment from there.
# Raw SHA512, no salt
Passware:5b722b307fce6c944905d132691d5e4a2214b7fe92b738920eb3fce3a90420a19511c3010a0e7712b054daef5b57bad59ecbd93b3280f210578f547f4aed4d25
Download sample Raw-SHA512-nosalt.txt
# with salt:
Username:$SHA512$virus$279a392edac6d241f437d19d2c00cebc1cf67c05408ee523e072707366903693ad0b65e595f5a2e7c0783f99251364d069dfc210f5ef1552c3ec43c5f55d7724
Download sample Raw-SHA512-salt.txt
# Raw SHA1, no salt
Username:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
Download sample Raw-SHA1-nosalt.txt
# with salt:
Username:01295B67659E95F32931CEDB3BA50289E2826AF3D5A1422F
Download sample SHA1-salt.txt
# Unix SHA-256 (CRYPT)
classic:$5$MnfsQ4iN$ZMTppKN16y/tIsUYs/obHlhdP.Os80yXhTurpBMUbA5
user-:$5$jmDV2B9yon94T9La$FRNcNfqSk.Wu4yQD3rx619/Hi7dAK1vW7CAnCoob4y4
Download sample Unix-SHA256.txt
# Blowfish-based Unix crypt ("bcrypt")
classic: $2a$05$bvIG6Nmid91Mu9RcmmWZfO5HJIMCT8riNW0hEp8f6/FuA2/mHZFpe
Passware: $2a$10$udNiQiN9SMssaS8kxJ520.vGLq02V3Fe1luTuBif.Xjhq4bud/Ccq
Download sample Bcrypt.txt
# yescrypt
montgomery:$y$j9T$a2HdqrokU.Ik1ziKV3vBt/$0jf0xIU9oWGa7jIRSK34nqnzriS5IT096ixh5yJpq8C:19779:0:99999:7:::
Download sample yescrypt.txt
# BitLocker
$bitlocker$1$16$e5ae936df32f9d27331182491d911be3$1048576$12$30b9318b7dfdd70103000000$60$6b9a0a46e92a97b2f00f1d7718ac71261c719c67c478ddf9336b0c60a3f8a5f39173f84900f9d0b4aa301ff2945bfce649ef4a91a8b15aa4743dde39
Passware Tip: Only $bitlocker$1$ hash is supported. Save the hash as a text file or use a hashcat file to proceed with password recovery. Only one hash per file is supported.
Download sample Bitlocker-password.txt
# APFS
$fvde$2$16$4D29DF2A830CA34B41C8786D769304FD$100000$DCF2CEF0E78F909012254CCEA6E51A1F97EA5601881F0A98BD1FCF19300AFBE7FB1253BB40170AE8
Passware Tip: Only one hash per file is supported. Save the hash as a text file or use a hashcat file to proceed with password recovery.
Download sample APFS_Hash.txt
Comments
0 comments
Article is closed for comments.