Cracking Passwords & Hashes goes in the Cloud with CloudCracker

An online password cracking service for penetration testers and network auditors who need to check the security of WPA protected wireless networks, crack password hashes, or break document encryption.

Whether it’s a WPA2 network, NTLM hashes, Unix hashes, or an encrypted PDF file, one thing’s for certain. By specializing in optimized cracking solutions and by fine-tuning dictionaries from iteration to iteration, we can provide a solution that’s more effective, faster, and cheaper than anything else.

CloudCracker provides dictionaries for each cracking format we support, and each dictionary is available in a range of sizes. Below is more information on the available dictionaries, their sizes, and their prices. Payments made by Bitcoin are given a discount of 15% off the listed prices.

WPA / WPA2 Dictionaries

These dictionaries are available for WPA / WPA2 cracking jobs. As a salted format with an 8 character minimum password length and a PBKDF2 iteration count of 4096, we know it is critical for our dictionaries to be as accurate as possible. We iterate on them by modeling the data we receive in order to provide accurate dictionaries that are continually sorted for probability.

English

This dictionary is modeled on passwords thare are derived from english language words. It is available in the following sizes:

2WIRE

This dictionary is targeted at the 2WIRE router default password scheme. These routers ship with passwords that are 10-character numerics, creating a “keyspace” of 10¹⁰ — 10,000,000,000 possible permutations. This dictionary is available in the following sizes:

Phone Numbers

Data has shown that 10 digit phone numbers are extremely common choices for WPA passphrases in North America. This dictionary covers every phone number in the US, Canada, Bermuda, and 17 Caribbean nations. It is available in one size:

LM / NTLM Dictionaries

These dictionaries are available for LanMan and NT LanMan cracking jobs. As an unsalted, computationally inexpensive password format, we combine both brute forcing as well as dictionary-derived words for maximum coverage.

Default

There is currently only a single LM / NTLM dictionary, available as a single size:

SHA-512 (Unix) Dictionaries

These dictionaries are available for the modern SHA-512 variation of the salted crypt() format, used in Unix-based password storage. This is a salted format with a high iteration count and a relatively expensive compression function, resulting in computational overhead that demands cloud-scale resources and critically accurate dictionaries like ours.

These hashes are formatted the following way, note the identifying “$6$” sequence to start:
$6$<salt (up to 16 characters)>$<hash (86 characters)>

English

This dictionary is modeled on passwords thare are derived from english language words. It is available in the following sizes:

MD5 (Unix) Dictionaries

These dictionaries are available for the MD5 variation of the salted crypt() format, used in Unix-based password storage.

These hashes are formatted the following way, note the identifying “$1$” sequence to start:
$1$<salt (up to 16 characters)>$<hash (22 characters)>

English

This dictionary is modeled on passwords thare are derived from english language words. It is available in the following sizes:

MS-CHAPv2 Dictionaries

These “dictionaries” are for cracking MS-CHAPv2 handshakes, found in PPTP VPN connections and the inner authentication method for WPA2 Enterprise wireless.

Brute Force

We offer a single MS-CHAPv2 “dictionary”, which represents the entire DES key space, and guarantees a 100% success rate on recovering the MS-CHAPv2 credentials.