Sign in to follow this  
Followers 0
mrbond007

PWGT

3 posts in this topic

PWGT is a tool for creating secure cryptic passwords. It allows you to create random passwords that are highly secure and extremely difficult to break due to optional combinations of any or all of the following:

Numbers [0-9]

Lowercase Lettters [a-z]

Uppercase Letters [A-Z]

Special Characters (!@#$%^&*-,)

There's a lot of discussion on how complex/long you should make your password but one common misconception about hacking an account is that it's frequently done through brute force attacks. When a hacker tries to crack a password remotly he/she go after two accounts that everyone has on their Windows NT workstation, Administrator (which you must rename) and Guest (which you must disable).

If your password is easy to guess, it doesn't matter how well it's encrypted, so use something unusual. That's why i have included a unique password tester that tests your passwords in 3 different ways and checks if your password exists in 4 different books:

Hacker Book (2 strong dictionaries used by hackers when they launch brute force attacks)

Hotmail Book (this book belongs to hotmail and is used when you sign up for a new account. This book is actually very good if you use any windows services/OS)

Names Book1 (this book uses populair male/female names that many users use as passwords)

Names Book2 (this book is a newer version of the "Names Book1")

There are still 2 books i didn't include cause they have bad and offensive language.

The difference between normal and brute dictionnary test is simple, the normal test checks to see if the password you're currently testing equals a word found in all 4 books, but the brute test checks to see if a part of your password is found in the 4 books. The second test will most likely mark all of your password as bad cause this way of testing is used by governments.

How strong is your password ?

If someone runs a password cracker, and if it starts at the good length, how much computations he/she could expect to do. This is very simple. First count how much different characters you use. If you use only letters, that's 26, if you use lowcase and upcase letters, it's 52 (26 + 26), if you use only numbers it's 10. If your password is "ni68p14qk", it means you used lowcase letters and numbers, that makes 36 different characters(26 + 10). The password is 9 letters long. So there are more than 100,000,000,000,000 possibilities. (36 ^ 9 is about 1.016*10^14). A thing you should be aware of, is that some systems does not account the case of your password. If that's the case, abc, ABC and aBc are the same password and you can only consider 26 different characters instead of 52. I advise you to use figures an some sings like ( or /.

Anyway when you generate a password you can choose to test it with PWGT or if you like test all the passwords that you're currently using. If the first 3 tests give you a "good" or "excellent" result it doesn't mean that you have to use it, you must also look at the "Books" results, if the password exists in at least one book consider changing it.

We can all use a little extra security :rolleyes:

PWGT.rar

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

I like the books section, very good brute force wordlist :rolleyes:

EDIT: This says my password is in all the dictionaries using brute force dictionary but i dont see it in the source. is it puling this list from somewhere else?

Edited by Mast3rpyr0

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

I like the books section, very good brute force wordlist :rolleyes:

EDIT: This says my password is in all the dictionaries using brute force dictionary but i dont see it in the source. is it puling this list from somewhere else?

This script doesn't connects to the net or anything, look at the source after the books.

If your password is "Yi694nimdaX6" the brute force dictionary checks the password like this :

Checks to see if a part of your password exists in the dictionary [if StringInStr($password, $dictionary, 1)], if it doesn't appear than the your password gets reversed into "6Xadmin496iY" and in this case the string "admin" exists in the ditionary, and than the test fails. It's very difficult to create a password that will pass the brute dictionary test :rambo:

Edited by mrbond007

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0