Overview of Windows NT/2000/XP password protection: Historically, all systems of Windows NT branch had to support two user authentication schemes � the so-called LanManager (LM) hashes and NT (NTLM) hashes. The first one contains grave cryptographic flaws. The worst one is that the passwords which are longer than 7 characters aren�t cracked longer than the 7-symbols ones. Nowadays it takes just few minutes to crack a password of any length, consisting of letters of both cases, and the exhaustive search of all printablle passwords will take only couple of weeks.

The second scheme is much more secure, but usually it�s no use cracking it, as the system often stores both hashes, and all attention is paid to the LM-hash.

Windows NT/2000/XP crypto algorithms: proprietary (LM) / MD4 (NT)
Windows NT/2000/XP encryption weakness: human factor, weak hashing algorithm
Possible attacks against Windows NT/2000/XP: exhaustive key search / brute force, dictionary
Attacks complexity: 2⁴³(LM) / 2¹⁰³(NT)

Proactive Password Auditor (PPA) 1.61

(6415 downloads)

by ElcomSoft Co.Ltd.

	: 4.500.000 (LM) / 2.500.000 (NT)
	: *15.000.000^ (LM) / 7.000.000^* (NT)**
	: 8.500.000 (LM) / 4.000.000 (NT)
	: P2,P3; P4; AMD; Dual

Commercial
Price: $299.00

Description: A GUI utility, imports hashes from local machine (memory or Registry; SYSKEY supported), remote machine (AD is supported), binary Registry files (SAM, SYSTEM), dump files. Brute-force and dictionary attacks on LM and NTLM password hashes are effectively optimized for speed; also includes a "rainbow" attack based on pre-computed hash tables that allow to find most passwords in minutes instead of days or weeks.

SamInside 2.5.7.2

(6724 downloads)

by InsidePro

	: 2.500.000 (LM) / 6.000.000 (NT)
	: 6.500.000 (LM) / 13.000.000 (NT)
	: 6.500.000 (LM) / 11.000.000 (NT)
	: P2,P3; P4; AMD

Shareware
Price: $40.00

Description: The Saminside program is designated to recover Windows NT/2000/XP/2003 users' passwords. Could import password hashes from SAM file, local machine memory, from PWDUMP file (SYSKEY supported). Includes all standard attacks plus rainbow (pre-calculated tables) attack.

Cain & Abel 4.9

(59715 downloads)

by Massimiliano Montoro

	: 2.100.000 (LM) / 3.200.000 (NT)
	: 5.000.000 (LM) / 4.800.000 (NT)
	: 5.300.000 (LM) / 5.200.000 (NT)
	: Pentium II/III; Pentium 4; AMD

Free
Price: $0.00

Description: Cain & Abel is primarily a password recovery tool for most types of password Microsoft Operating Systems. It also supports a lot of other applications and hashes, includes sniffers and password dumpers.

LCP 5.04

(25018 downloads)

by nh

	: 800.000 (LM) / 16.000 (NT)
	: 1.300.000 (LM) / 28.000 (NT)
	: 1.000.000 (LM) / 25.000 (NT)
	:

Free
Price: $0.00

Description: Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Could import hashes from local and remote computer, SAM, PWDUMP file.

chntpw 050303

(17854 downloads)

by P. Nordahl-Hagen

	: -
	: -
	: -
	:

Free+sources
Price: $0.00

Description: A command-line utilities, don't crack the password but change it directly on disk.

Proactive System Password Recovery (PSPR) 4.1

(10502 downloads)

by ElcomSoft Co.Ltd.

	: not tested
	: not tested
	: not tested
	: P2,P3; P4; AMD

Shareware
Price: $60.00

Description: A GUI program to recover all types of Windows passwords: logon password (when user is logged on and has Admin privileges), screensaver password, .NET Passport password, RAS and dial-up passwords, passwords to shared resources, SYSKEY startup password, passwords stored in cached credentials, Wireless (WEP and WPA-PSK) encryption keys etc. The program also shows all users and groups (with their properties), allows to run any programs in other user"s context, show password history hashes, read password hashes from SAM and SYSTEM files, read Protected Storage records, decrypt Windows scripts, reveal passwords hidden under the asterisks, enable disabled controls, and run brute-force and dictionary attacks on PWL files (Windows 9x). Finally, it shows product IDs and CD keys for Windows, Microsoft Office and other Microsoft software installed.

Ophcrack 2.2

(17667 downloads)

by Philippe Oechslin

	: few sec. (requires rainbow tables) (LM)
	: not tested
	: few sec. (requires rainbow tables) (LM)
	:

Free (GPL)
Price: $0.00

Description: A Windows logon password cracker based on the faster time-memory trade-off using rainbow tables. It can recover 99.9% of alphanumeric passwords in few seconds. Imports hashes from local or remote computer, SAM file and PWDUMP.

Elcomsoft System Recovery 1.0

(540 downloads)

by ElcomSoft Co.Ltd.

	: not tested
	: not tested
	: not tested
	:

Shareware
Price: $49.00

Description: Are you locked out of your computer because your password isn't working, or because somebody messed up your access rights/privileges? Forgot the Administrator's password? Elcomsoft System Recovery (ESR) makes it simple to gain access to your PC again, without formatting and reinstalling the system. ESR is a special boot disk that works on all PCs. Simply reboot your computer with the ESR CD or USB flash drive, and fix all of your access pro

Elcomsoft Distributed Password Recovery 2.10.142

(9678 downloads)

by ElcomSoft Co.Ltd.

	: not tested
	: not tested
	: not tested
	: Pentium II/III; Pentium 4; AMD

Shareware
Price: $599.00

Description: High-performance distributed password recovery for forensic and government agencies, password recovery and data recovery services and corporations. Recover the most complex passwords and strong encryption keys in realistic timeframes. Accelerate the recovery by offloading calculations to NVIDIA GPUs and scale to over 10,000 workstations with zero scalability overhead.