We are doing our best to continue our forward momentum.

So purehate and I expanded our WPA wordlist to over 1.5 billion combinations and brought our NTLM cracker back online late last night. We are in process of building out wordlists more geared towards hashes and brining other hash crackers online. Our current list of hash crackers we are working on includes DES, MD5, MD4, SHA1, Domain Cached Credentials v2 (mscache2), MSSQL 2000, MSSQL 2005, MySQL (v4.1+), and Oracle 11g. Again if you have any specific services you would like to see online sooner rather than later just let us know.

Stay tuned for further updates…

Today we launched an online hash analyzer which was actually is some code we found on github I believe and we will be expanding in the near future. It is pretty slick but as you know many hashes are made up the same as other hashes such as any hash that is 32 hexadecimal characters in length. Anyhow we are open to suggestions so please send them to us if you have them.

We also launched an automated Domain Cached Credentials(DCCv1) hash cracker. Currently this cracker only has a single option available but we will have some other options by weeks end at the latest. Our system will go through over 4.5 billion combinations a second when attempting to audit DCC version one hashes. Click here to use our online Domain Cached Credentials hash cracker.

Our MD4, MD5, NTLM, and SHA1 hash crackers have been taken offline while we upgrade those automated systems. If you would like any of those style hashes cracked let us know via our contact form here.

Last but not least we would again like to mention the Hashcat team and especially atom from Hashcat. If you want to analyze hash strength on your own without using our automated systems we suggest Hashcat which is open source and available for download here.

Look for more updates in the near future. Don’t forget to follow us on twitter by following @qdtools.

We decided to also launch the long overdue automated MD5(UNIX) hash cracker this afternoon. The same algorithm is used for md5crypt hashes, FreeBSD MD5 hashes, and Cisco IOS MD5 hashes so you can upload any of those hash types by clicking here. The hashes should begin with $1$ and will be a total 35 characters long such as the following hash below which is the MD5(Unix) hash of password.

Example MD5(Unix): $1$9Kz8IJjJ$CP/7PheN7Pz/hkslyJATu/

Currently we are only offering two options in terms of the combinations that will be attempted against MD5(Unix) hashes but we will be adding more in the near future. The first option is our WPA wordlist which has a billion combinations all over 8 characters. The other combination is the same wordlist using the oclHashcat best64.rule which adds 64 variants of the same combinations for a total of around 65 billion combinations attempted. We will be writing out the details of the best64.rule for reference in the near future.

We would like to thank atom and the Hashcat team for putting out the best password cracking software on the planet. It is amazing what has been done with Hashcat, oclHashcat, oclHashcat-plus, etc. in the past year and a half. We look forward to helping to make Hashcat prosper in the future!

Last Saturday Alex and I were asked by Adrian Crenshaw of irongeek.com to come out and help teach a class on password exploitation with him. The class lasted 6 hours and Alex and I got two of them to talk about our favorite new password cracking software hashcat.

Read the rest of this entry »

Tonight we integrated the Question Defense Tools changelog into Twitter so you can follow all of our hardware and software upgrades more easily. Any new products that are released such as new password crackers or other online automated security audit tools will be noted in the QD Tools Changelog. Also if we upgrade or include other enhancements to the current automated tools such as the Online WPA Password Cracker, the Online SHA1 Hash Cracker, the Online MD4 Hash Cracker, the Online MD5 Hash Cracker, the Online NTLM Hash Cracker, or the RaR Password Cracker then we will note the upgrades in our changelog which will automatically be posted to Twitter. We continue to work on making our tools faster, easier to use, and provide more benefits for our customers. If you have any feedback related to the current tools or have suggestions for future tools please let us know by filling out our online contact form by clicking here. We take pride in the services we offer and so regardless of the content we respond to all feedback submitted via our online contact form.

Read the rest of this entry »

Just wanted to mention that we have the capabilities to process up to 1,000 hashes at a time. If you are interested in us running a large number of hashes (md4, md5, sha1, or ntlm) against a certain character set please contact us via our contact form.

We launched a hash cracker today that will crack 32 character NTLM, MD4, and MD5 passwords. Right now there are currently not any howtos on what to do but those will be coming in the near future. This service allows you to insert a 32 character hash online and have the password emailed to you.

Read the rest of this entry »