Windows Password Recovery - dictionary attack

In contrast with a brute-force attack, where all possibilities are searched through exhaustively, a dictionary attack only tries possibilities which are most likely to succeed, typically derived from a wordlist or a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short, single words in a dictionary, or are simple variations that are easy to predict.
On the Dictionaries tab, set up the list of dictionaries to be used in the attack. Supported are plain-text dictionaries in the formats ASCII, UNICODE and UTF8, as well as encrypted/compressed dictionaries in the native PCD format, developed in Passcape Software. ZIP and RAR packed wordlist are supported as well with some restrictions. To deactivate a dictionary, simply clear the checkbox by its name. In this case, the dictionary, although it remains on the list, will be skipped during an attack. The software comes with a 360000-word dictionary. For the complete list of dictionaries, check out our wordlist collection, please. Or you can use our Online dictionaries as an alternative.
The Filters tab filters the words from a dictionary by the include/exclude principle. If the first, inclusive, filter is enabled, the attack will accept only the words that contain at least one of the characters entered in the filter. If the second, exclusive, filter is set, the program will skip the words that contain at least one of the entered characters.
You can use Dictionary Generator to create your own wordlists based on options of the first three tabs.
The Mutation tab allows setting all kinds of possible combinations of the words to be searched. For example, if you set a strong mutation, the program will create several hundreds of analogs for each word from the dictionary. For example, secret - Secret - s3cr3t - secret123, and so on. You can set up to three mutation rules: Weak - less number of mutations and, in its turn, greater verification speed; Strong - for a greater number of mutations, to the prejudice of the speed, and the happy medium, Default option.
Customizing mutations
Starting with version 4.0, the program has the ability to customize the smart mutation of the Dictionary attack. All mutation rules are clustered into 16 primary groups. You can set one of three mutation levels or disable mutation separately for each group.

For example, you can turn off OEM mutation (and thus double your Dictionary attack speed) if you sure the password you're looking for contains Latin characters only. A simple description of what all these mutation groups mean is given below:
Group name |
Description |
Examples (for word 'password') |
Comments |
Character case |
Checks case combinations of the input word. |
Password, PassworD, PaSsWoRd |
Maximal (Strong) level of the mutation group DOES NOT generate all possible case combinations of input words. To check all possible case variants, consider using Hybrid dictionary attack (aN rule). |
Digits append/prepend |
Adds digits to the beginning or to the end of the word. |
password99, 2Password, PASSWORD3 |
Maximal level adds 2 digits. |
Head and tail |
Almost the same as the previous one, but appends or prepends words, abbreviations, characters, keyboard combinations, etc. |
#Password#, password12345, 4everPASSWORD, Passwordqwerty |
|
l33t |
Creates different combinations using leet language. |
p@ssword, P@$$w0rd, P@$$W0RD |
|
Abbreviation |
Converts several character combinations (if the initial word contains any) into abbreviations. |
ihateyou -> ih8you, Ih8u |
|
Dups and revers |
Revers, duplicates the word, etc. |
drowssap, passwordpassword, PasswordDrowssap |
|
Vowels and consonants |
Mutate vowels and consonants (English characters only). |
Psswrd, PaSSWoRD, pAsswOrd |
|
Character skip |
Skips a single character of the original word. |
assword, Passwrd, Pasword |
|
Character swap |
Exchanges two adjacent characters. |
apssword, Passowrd |
|
Character duplicate |
Duplicates characters. |
ppasword, ppaasswwoorrdd, Passworddddd |
|
Delimiters |
Separates characters with delimiters. |
p.a.s.s.w.o.r.d, P-a-s-s-w-o-r-d |
Maximal level uses 10 delimiters. |
Dates |
Adds dates to the end of the word. |
Password2010, password1980 |
Even though the mutation engine can generate more complicated variations (for example, password03171998 or Password19710830), this feature if turned off here even in maximal mutation level. |
Oem conversion |
Converts English word into another language and vice-versa using alternative keyboard layout (the second language of the OS). |
If your OS has 2 languages installed (let it be English and Russian), the program will convert initial word password into Russian зфыыцщкв, and Russian пароль will be converted into gfhjkm. |
The program works correctly for 2 or even more languages. So if you have 5 languages installed locally (including English one), there will be 4 different combinations of the input word. |
Word shift |
Simply shifts all characters of the word to the right or to the left. |
asswordp, dpasswor |
|
Character substitution |
Replaces a character of the initial word. |
oassword, passqord |
This is quite a helpful rule assuming the fact that the characters for substitution are taken from a special table. For example, the character 's' will be replaced with the following ones: 'a', 'w', 'e', 'd', 'x', 'z'. You can notice that all of these characters are located near 's' on any qwerty keyboard. |
Length truncates |
Truncates word length to probe all possible length combinations. |
passwor, passwo, passw |
|
The program has a great feature that allows downloading and using existing dictionaries available on the Passcape website. We have accumulated quite a large dictionary collection - over 250 items. That should get you rid of the extra hassle on finding the required content on the Net.
|