WinPasswordHacker is a program that allows to get user account passwords by method of sequential search. It tries to get access to the application indicated at startup performing it on behalf of another user searching the password character-by-character. The program does not use any weaknesses in an encryption system, as well as it does not require any access neither to system files, nor to the files that contain encrypted passwords. Another advantage is that there is no need to boot from a special media, as many other programs require to. It is possible to choose one of several search algorithms; for example, you may specify whether the set of possible symbols includes only lower-case or upper-case characters, digits, and so on. Once having decrypted a higher privileged user’s password or administrator’s password, you can run applications on its behalf.
The program runs an action log; it reflects the date and time of the password searching beginning and ending, as well as it indicates the number of already computed variants. The log is updated every time the program starts and stops, the number of tries and the current value of the search are displayed in real time. The protocol field is open for free entry, so that you are able to make your own comment or edit any contained information any time you wish, as well as copy it for storage or further use.
Feel free to stop the password-checking process by selecting the ‘Stop Bruting’ option from the ‘Actions’ menu, should you have decided it takes too long and need to be closed. If such occurs, next time you start the program, the process would not continue “from scratch”, but from the last password value it tried.
The program main usage area is password auditing. If the program managed to decrypt user’s within few days of continuous operation, the password is usually considered to be unstable and should be replaced. The program is easy to use, does not make any changes to the computer registry, is useful and relevant.
WinPasswordHacker is a program that allows to get user account passwords by the sequential search method. It does not exploit any system-protection weaknesses, neither requires an access to system files and boot media. It provides various search algorithms and allows to save the progress state through restarts.
The main usage area is password auditing. The program provides intuitive interface, is easy to use and does change computer’s registry.
WinPasswordHacker is the program that obtains user passwords in a brute-force attack way. It does not use any holes in system-protection, neither it requires an access to system files and registry. Beside, it provides various searching algorithms.
WinPasswordHacker is an audit program that allows to get user account passwords by the sequential search method also known as brute force. It tries to get access to the application indicated at startup performing it on behalf of another user searching the password character-by-character. This kind of operation principle is not good (quite resource consuming (in terms of time required)) because the password searching process is performed comparatively slow. At the same time the program does not use any weaknesses in an encryption system, does not require an access to system files and to the files containing encrypted passwords (which is a big advantage). Simply log in to the system as an ordinary user who does not have any access privileges, and WinPasswordHacker will allow to decrypt (discover) other passwords. The program is a graphical implementation of the "runas" command and dispense the user from the necessity of working on the console.
The program interface is very simple – there are three entry lines and an information field. The first entry line (Command line) allows to specify the path to the application, that the audit program will try to get access to. The path to the ‘Notepad’ operating system program is indicated on default, but you can choose another one (ex. ‘cmd.exe’ or ‘explorer.exe’). The second field (Login) is the name of the account you would like to get the password from (for) by the sequential search. At the first run of the program the Administrator username is chosen. And the third field (Password) is a combination of symbols the program will start going with. On default this value is equal to unity (‘1’).
After all the entry lines are filled, you can launch the brute-force procedure. To do this you need to call the menu (click Actions) and select the required program operation algorithm. There are several of them:
- Brute [a..z] – the password will be chosen only from the Roman alphabet lowercase letters. There will be 26 variants computed for each character of the password.
- Brute [0..9] – the password will be chosen only from the figures. There will be 10 variants computed for each character of the password. This is a quick way to check if it’s known for certain that the password contains only numbers.
- Brute [a..z 0..9] – the password will be chosen from the Roman alphabet lowercase letters and figures. There will be 36 variants computed for each character of the password.
- Brute [a..z A..Z 0..9] – the password will be chosen from the Roman alphabet lowercase and capital letters as well as figures. There will be 62 variants computed for each character of the password, this algorithm will require the most time.
So you’ve started the searching process. Under the entry line there is an information area, where the most committed actions protocol is running . It reflects the information about the date and time of the password searching beginning and ending, and the number of the already computed variants. The protocol is updated when the program starts and stops, and the number of computed variants and the current value of the search are displayed in real time at the bottom line. The protocol field is open for free entry, and at any time you can make your own comment or edit any contained information, as well as copy it for storage or further use.
If you need to stop the brute-force process you need to select the ‘Stop Bruting’ option from the ‘Actions’ menu . In this case, the value of the ‘Password’ field will automatically change to the last of the verified password, and the resumption of testing will begin with this value. This can be useful if the verification takes too long and you need to abort it by closing the program. Also it should be noted that when you close and reopen WinPasswordHacker does not save the protocol - if the information on time and already proven versions of passwords is important, it is necessary to keep it by copying to a file. The information from the entry lines is saved in the configuration file (WinPassBruter.ini) and the next time you run the program it automatically fills in these fields (only if it executed from the media on which current user has a writing access, in other words it will not udate config if executed from CD-disk).
In addition program menu has an ‘Execute Command’ option, that allows you to run a command on behalf of any user whose password is known; the ‘About’ option displays a message box about the program creator, ‘Close’ option closes the program. It is not recommended to use any menu options (except, of course, ‘Stop Bruting’) during the passwords searching process.
A little about the distinctive features of the program. Launching the selected application on behalf of another user, WinPassBruter does not use the weaknesses of the system. It does not require any privileges for its work, in other words you need simply log in to the system using credentials of any "ordinary" user. And after the decryption of the higher privileges user password or administrator password you can run applications on its behalf using this program . So there is no need to work directly with files containing user passwords while searching, and to boot from a special media, as required by many other programs.
Partly such usability of the program is balanced by the low time rate of the brute-force process. For example, when using the computer based on Intel Core 2 Duo E4400 (2000 MHz) and working in the Windows XP SP3 operating system the program checks about 64.5 million variants per minute, it is 1075 variants per second. The processor speed and type and the operating system type affect directly the speed of the program operation.
The program main usage area is password auditing. If the user password with the help of the program could be decrypted during few days of continuous operation, it means that it’s unstable (very weak) and should be replaced. The program is easy to use, does not make any changes to the computer registry. That makes it useful and relevant.