BN+ Brute Force Hash Attacker
BN+ Brute Force Hash Attacker is a tool for the recovery of passwords stored in hash formats, using brute force methods. It's completely open source and available under the GNU General Public License. This application uses BN+ Library, an open source .Net utilities library.
 Release status: stable | |
|---|---|
| Type | Application |
| Description | A simple recovery tool for passwords stored in hash format using brute force methods. |
| Author(s) | Jeroen De Dauw |
| Last Version | 1.2.0warning.png".0" is not declared as a valid unit of measurement for this property. (2010-02-15) |
| License | GPL v2 |
| Download | Setup |
|
Requires .Net 4.0 beta 2 or above | |
Contents |
Downloads
- Setup file (zip, windows installer, includes update platform)
- Executables tarball (latest version of the executables)
- SVN repostory
Change log
Version 1.2.0 - 2010-02-15
- Replaced custom BigInteger class by native .Net 4.0 class.
- Replaced update platform with native ClickOnce deployment updater.
- Refactored code structure and reduced required assemblies to BN+ Framework core.
- Improved Help menu links.
- Fixed Import/Export issue.
- Redesigned about screen.
Version 1.1.0 - 2009-03-21
- Added multi hash attack capabilities
- Added update platform
- Added bug submit tool
- Added text based hash import and export functionallity
- Added statusbar flashing (occurs when an attack is completed and the form isn't focused)
- Made the layout dynamical
- Fixed validation issue in the load and new settings functionallity
Version 1.0.8 - 2009-02-16
- Added a menu to the interface
- Added MD4 hash
- Added 'start from' option that will auto fill when an attack is aborted
- Added attack rate statistic
- Added options dialog
- Added save and load functionallitytific notation when very large
- Improved the display of remaining time (no
Version 1.0.5 - 2008-12-16
- Use of BigInteger class in the complete attack algorithm.
- Implemented automated selection of optimized algorithm for both small and large amounts, and attacks using the replace option.
- Fixed bug that caused wrong char set buil
Version 1.0.0 - September 2008
- Developpement start
Usage
NOTICE: these docs are for version 1.0.5, and might not be accurate for the current version.
Installation, start-up
You can choose to download the direct run files, or the fully integrated setup. When downloading the direct run files, just un-archive it (with WinRar), and run the .exe file. The application will start without any further user interaction needed. You can put the direct run files on your usb, and run the application anywhere you like, without needing administration privileges. Note that all files need to be placed in the same folder for the application to work. If you download the fully integrated setup, you should un-archive it (with WinRar), and run the setup file. The setup will show you several dialogues, including one where you can choose the installation location. When finishing the setup, a short cut to the application will be placed on your desktop, and in your start menu, from which you can run it.
Use of the interface
The interface can be divided into 4 regions: charset configuration, password configuration, control panel and statistics. Sections 3, 4, 5 and 6 describe the functions of these regions in greater detail.
Charset configuration (Brute force charset)
Only combinations with symbols that are in the charset will be created during the attack. Passwords with characters that are not part of the charset will therefore not be found. It is however important that you keep the charset as small as possible, as it's seize has a drastic result on the amount of possible passwords. The check boxes provide some basic combinations, but custom charsets can also be used by entering them into the custom character set field.
Password configuration (Password configuration)
This section enables you to set the minimum and maximum length of the password, the hash format used, and a known format. When setting the length, keep in mind that covering a large range, especially big numbers, will increase the amount of possible passwords exponentially, and consequently also the time it will take to complete the attack. The format can be used in cases where characters at the start and/or end of the password are known. The more characters known, the smaller the amount of passwords will become. Note that using this functionality decreases the attack speed notably, in some cases up to 70% or more.
Control panel (Attack control panel)
The control panel contains a field where you have to enter the hash you want to attack, and buttons to start, pauze, resume, stop and restart the attack. Note that the start button will only be enabled when the attack can start. This means that the amount of possible passwords needs to be greater then 0, and the entered hash needs to be valid. m
Statistics (Attack statistics)
This section does not contain any control elements, but provides you with data on the progress of the current attack. Note that the 'time remaining' is only an estimation based on the passed time and the percentage of attack completion, and can vary depending on the use of system resources by other applications.
Performance
The speed of the attack depends on many factors, including the clock rate of your cpu, the amount of available memory, the amount of resources required by other applications, and the nature of the attack itself. Basic attacks (password amounts to 9223372036854775807) have a better performance then larger attacks, which will run up to 40% slower. As described in section 4, the use of the password format option will also have a negative effect on the attack speed.
See also
