Password Recovery, Hash Analysis & Hash Cracking

Weak Passwords Are
Not a New Issue

Despite having decades to address the issue, user passwords continue to top the list of critical security vulnerabilities. Weak policies have allowed users to create short and guessable passwords and many organizations are reluctant to require passphrases. Service account passwords often go decades without being changed and password reuse can be rampant. Combine this with missing or lacking multifactor authentication and your organization could be in serious trouble.

Contact Us!

Did you know?

Authentication systems store and use hashes rather than passwords to authenticate users. Hashing is a one-way cryptographic function that converts a password into a representative value. One-way means that unlike encryption, a hash can’t be reversed or unencrypted with a key. So, when somebody says, “password cracking” they probably mean to say, “hash cracking”.

Password Hash Analysis, Hash Cracking & Recovery

SynerComm’s penetration testers routinely need to guess and crack passwords. With most engagements limited by time, cracking performance is critical. Your company shouldn’t wait for a pentest (or a breach) to learn that you have weak passwords. SynerComm provides Hash Analysis, Hash Cracking and Password Recovery as a standalone service. Our team can attempt to recover passwords for nearly any hash type, but our most common crack jobs are for Microsoft Windows NTLM hashes.

Two Affordable and Easy Solutions

Hash Analysis     Hash Analysis Plus
Check for Weak Hashing Algorithm (LANMan)
Check for Blank/Default Passwords
Check for Password Reuse
Password Policy Review
(Active Directory Default Domain Policy)
SynerComm’s Custom Hash Attack Playbooks
(dictionary + rules, brute-force & hybrid masks)
Custom Report
(Executive summary, analysis and vulnerability findings)
Password Analysis Spreadsheet
(Including cracked/recovered passwords)
Multiple AD Group Policy Review  
Identify Privileged Accounts and Group Members  
Additional Hash Attack Playbooks Tailored to Your Organization
(dictionary + rules, brute-force & hybrid masks)
Trend Analysis
*Requires Hash Analysis Plus Quarterly Assessments

SynerComm is well-known for cracking power, our 2017 blog proved the naysayers wrong when we loaded 8 Nvidia GPUs into a single server chassis. Over the next two years, we updated that cracker to the latest/fastest GPUs and built a 2nd 8 GPU cracker to double our capacity. As of October 2022, we’re designing and testing what will be our 4th generation cracker.

Password Facts & Statistics

  • Most organizations still only require an 8-10 character minimum length for Active Directory passwords
  • Modern password crackers can crack any 8-character Windows NTLM hash in a few hours
  • Long passphrases are the solution to strong passwords; brute-force cracking is exponentially more difficult with each additional character
  • Even 14-character passwords can be easy to guess; September2022# cracked nearly instantly using a mask attack

Did you know?

Many hashes (like MS Windows NTLM hashes) can be analyzed for security violations without cracking. Password reuse is a critical flaw and can be easily detected by identifying duplicate hashes.

Contact Us

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram