Sometimes you just need the password


Why Password Recovery?

Password recovery is a legitimate requirement for many organizations and individuals. The reasons for needing to recover a password vary depending on the circumstance, but can include:

  • The simple mistake of forgetting the password to an important document or file. Many document formats including Microsoft Word (doc, docx), Microsoft Excel (xls, xlsx) and pdf’s are a few examples of document formats that have the ability to be locked by a password. Other file types that can be encrypted with passwords are compressed archives such as zip files and rar files.
  • Perhaps a former employee password protected documents that the business requires, and for whatever reason getting the password from the individual is no longer possible.
  • During a penetration test (an aggressive security audit of a computer network) the penetration tester would be doing their best to get the hands on passwords whether they are for password protected files or to gain access to computer systems.
  • Understanding weakness / strength of different hashing algorithms allows developers and network defenders to better secure the web applications and systems they are charged with protecting.

When recovery of a password can affect the businesses bottom line it pays to have an understanding of the art of password recovery. Different versions of products (such as the Microsoft Office Suite) can significantly affect the difficultly in being able to recover the required password. A hash type such as MD5 while commonly used in the past is relatively easy to break (through brute force matching of the computed hashes).

Cracking and Decrypting Passwords

Password recovery has a wealth of jargon that can mean the same thing or very different things depending on the password breaking technique being used. Decrypting, decoding and brute forcing are all different ways that a password can be attacked. In the end the correct technical phrase does not matter when you just want to get the password to your locked up XLS budget!

"No, I never surf the net. I don't know the password."
George Harrison (The Beatles)

Network based Password Attacks

Passwords can be be attacked a number of ways. If the target for access is an online service with credentials for access, then the only option may be to throw guesses at the login form or service. This includes services such as HTTP forms, FTP, SSH, Remote Desktop and many others. Since these types of attacks are occurring over the network they are inherently slower as each attempt has to travel over the network and a response has to then come from the service. Depending on the network and system being attacked this could be very slow. In addition the service may have rate limiting imposed to limit attempts.

Computing Hashes

Recovering a password from a hash offline is a much more devastating password attack. A few ways that the password hash may be obtained:

  • User Database Access (database leaks / dumps / system access)
  • Network traffic intercepts (NTLM / NTLM2)
  • Extracting the hash from a password protected file (docx / xlsx / zip / rar)

Password attacks are then able to be conducted against the hash using raw computing power. It involves simply calculating possible matches to the hash as quickly as possible. The rate of these attacks varies greatly depending on the hashing algorithm and whether a salt was used.

Crunching Hashes - Nvidia 2080ti (released Sep 2018 / ~ $1200)

"Never Send A Human To Do A Machine's Job."
Agent Smith (The Matrix)

Hash of a File

A hash of a file is a computed value that corresponds to the file content. Instead of identifying a file by its filename and extension, a hash is a unique value to the contents. The filename and extension can be renamed or changed but this will not affect the contents. Therefore the hash of the files contents will remain the same, allowing a renamed file to be identified or confirmed to be intact (not corrupted or modified).

Going the other way, a files name may be the same but the contents may be different. The hash allows even the slightest modification of a file to be identified as even a single character change will change the hash value of the file.

Background Information


Project Inception

Cracking passwords for Fun!

A few years ago the first seeds of this project were planted. It began when I repurposed my gaming NVIDIA (GPU) video card and started computing hashes using the GPU. It was amazing to see the rate at which hashes could be generated using the GPU when compared to the CPU. Since then I have expanded building a lab with a number of hefty NVIDIA based GPU’s and have played with EC2 GPU instances in the Amazon cloud. #hashcat #jtr
11:09 PM - 1 Jan 2016

Passwords are Everywhere

Improve your security by understanding weakness

Whether you are a Cyber Security professional or something entirely different, you will use passwords everyday. Knowing the strength and weakness of password security will help you make informed risk based decisions. #phone #passcode
12:09 PM - 1 Feb 2017