Many of you probably test the strength of your users' passwords now and then to ensure that people are picking something strong enough to resist attack. Others of you might test password strength as part of your consulting services for various customers. Of course, sometimes you might need to recover a lost password, in which case you need a password cracker. Several tools that attempt to crack passwords of various types are available, including LCP (at the first URL below) and John the Ripper (at the second URL below). Both these tools can brute-force guess passwords; however, they can take some time, depending on the complexity of the password. Another tool, pwdump2 (at the third URL below), dumps password hashes from within Active Directory (AD) or the Windows SAM database. You'll need pwdump2 or a similar tool to use LCP or John the Ripper.
Another method of cracking passwords is to use rainbow tables, which are sets of possible password hashes and their precomputed plain text equivalents. Having the hashes computed ahead of time saves a lot of time when password cracking because then the cracking software just needs to find the hash of the unknown password in the tables. Once the hash is found, the plain text version of the password is also found. The downsides to this approach are of course the lengthy computation time required to create the tables and the storage requirements for the tables, which can be in the hundreds of gigabytes, depending on a variety of parameters including possible password lengths, character sets, and hash algorithms.
Tools are available to produce rainbow tables. One toolkit, called RainbowCrack, includes tools to generate and sort rainbow tables and a tool to discover an unknown password--assuming of course that you have a copy of the password hash.
If you don't want to generate your own tables, you can buy precomputed tables or use the recently launched RainbowCrack-Online, a subscription service that can crack your passwords for a fee. The fee, which can range from $29.95 per month to $2499 per year, depends on the number of passwords you want to crack and the length of time you want to use the service. As you would guess, the service uses massive rainbow tables to make password discovery relatively quick.
Using the service to test password strength is probably not practical in many cases. However, you could use the service to discover unknown passwords for a variety of systems because the service supports passwords hashed with LAN Manager, NT LAN Manager (NTLM), Message Digest 5 (MD5), Message Digest 4 (MD4), Secure Hash Algorithm 1 (SHA1), Cisco PIX, and MySQL. Check it out at the URL below.