|
|
|
OctoPass™ - Distributed Password Recovery
System |
OctoPass™ is a new powerful password recovery system made for recovering
forgotten or lost passwords using distributed computing. The current version
supports brute force attack only.
Who and Why Needs OctoPASS?
Password Recovery is extremely resource-consuming task. If a password
protection is well done, brute force attack may be the only recovery
method available. If the password is long enough, it may take a lot of
time to break it. By using the power of multiple computers, you can reduce
the recovery time. OctoPASS first of all, targets security professionals
and forensic examinators. Naturally, utilizing OctoPASS makes sense only
when several computers are available. The more computers you have, the
higher search speed and better results you obtain.
OctoPass Key Features
- Scalable
architecture optimized for the best performance.
- OctoPass™
supports remote web-based management.
- Highly
optimized recovery engines that support all major algorithms.
- OctoPASS
Agents (worker) interacts with OctoPASS Server through the common HTTP
protocol. OctoPASS Agents and OctoPASS Server could be installed in
different LAN segments or even interact through a global WAN.
- Lightweight
installation size, ease deployment.
- Special
hardware support. We offer special versions for IBM Cell processor
(available in Sony PlayStation 3) and GPU Password Recovery Engine for
NVIDIA video cards.
Supported algorithms
OctoPASS supports distributed brute force attack for the following
algorithms:
- MD4
(ASCII and UNICODE)
- MD5
(ASCII and UNICODE)
- SHA1
(ASCII and UNICODE)
- OneNote
(2003, 2007, 2010)
- Access
2007, 20101
- MS
Money2
- PDF
- PowerPoint
(all versions through 2010)
- Act!
- Quicken
- Quickbooks3
- WinRar4
- VBA
- Word
97 - 20105
- Excel
97 - 20105
Notes:
- Password
protection in the earlier versions of Access (prior to 2007) is weak;
all passwords could be recovered instantly without brute force attack.
- Passwords
to old MS Money files could be recovered instantly.
- It
is possible to reset password on a Quickbooks document, so brute force
attack is required only if only you need to find the original password.
- Currently
we support the recovery of WinRAR passwords, only if file names in the
archive are encrypted.
- There
are five different types of passwords used in Word and Excel:
- Modification
passwords, document protection passwords, workbook passwords, and all
other passwords - except document access passwords - all these
passwords are recoverable instantly, and OctoPASS is not required for
handling them.
- Access
passwords to the old Office (95 and earlier) documents - these
passwords are also recoverable instantly.
- Access
passwords to Office 97 - 2003 documents - these passwords are
supported by OctoPASS; however, please keep in mind that you can take
advantage of the Express Recovery service to recover these passwords
quicker.
- Advanced
encryption passwords available as an option in Office XP and 2003. By
default, Office XP/2003 uses Office 97-compatible password protection
mode; however, user can choose the "advanced options" and change the
encryption settings. Express Recovery will not handle such documents.
- Office
2007/2010 passwords. These passwords are very hard to crack, so OctoPASS
can be extremely useful in breaking such passwords.
OctoPass Architecture
OctoPass consists of the following components:
- OctoPass
Server
OctoPass Server is to be installed on a single computer, which would
coordinate the recovery process.
OctoPASS Server carries out three functions:
1) Receives password recovery tasks,
2) Hands out the tasks and coordinates the performance of agents in
the network,
3) Allows administering and managing the recovery process.
- OctoPass
Agent
OctoPass Agent is to be installed on all computers connected to the
network. OctoPass Agent carries out the password recovery job utilizing
the power of the computer it is installed on .
Since OctoPASS Server consumes very little computing power, literally
any computer can be used as the server. To utilize the computing
power of the server, install OctoPASS Agent on it also.
- Password
Recovery Modules (Engines)
The components that immediately execute the password recovery
algorithms.
- Password
Recovery Software
Password Recovery Software - the program that analyzes password-protected
document , generates password recovery task and submits it to OctoPASS
Server. The password recovery task contains user-selected parameters
of the brute force attack (password length, character set, etc.) and
DocumentData - the information extracted from the password-protected
document, necessary and sufficient for the recovery of the password.
In case of hash algorithms (MD4, MD5, SHA1), DocumentData contains
the actual hash. With the purchase of the OctoPASS license, you will
obtain the full versions of all of our password recovery programs.
OctoPass Server is a CGI application running under on HTTP server.
Please note that requests are always sent from agents to server; server
never sends requests to agents. The network settings must provide that
agents' HTTP requests are not blocked and able to reach server. To add a
new computer to an OctoPASS network, simply install OctoPASS Agent on
that computer; no other settings or configurations are necessary .
OctoPASS Agent can be installed in the completely automatic silent mode;
simply run a single application that doesn't require any configurations.
This lightens the deployment of OctoPASS on a large number of computers .
System Requirements
OctoPASS Server
- Windows
2000/XP/2003/2008/Vista
OctoPASS Agent
- Windows
98/Me/2000/XP/2003/2008/Vista
- High-performance
CPU is recommended. The faster CPU is, the better are the results.
Multicore, multiCPU is a plus. Other PC components (RAM, HDD, ets) do
not affect the performance.
Special Hardware Support
You can dramatically increase the search speed by using special hardware.
Currently we provide software for NVIDIA GPUs (video cards) and IBM Cell
processor (Sony PlayStation 3). You can find more information here.
To take advantage of GPU Password Recovery Engine, please download GPU
Password Recovery Engine from www.LastBit.com/gpu.asp and install it
on each and every computer running OctoPASS Agent. OctoPASS Agent automatically
uses GPU Password Recovery Engine if it is installed. To disable GPU Password
Recovery Engine, simply uninstall it. If you are interested in the
Cell processor version, please contact us for the further information.
Licensing Terms
The free demo version of the software is available for the evaluation
only. The demo mode doesn't have restrictions on the number of agents
allowed to be in an OctoPASS network; however, the only algorithm supported
by the demo version is MD4 (ASCII). No restrictions are imposed on password
length . Each OctoPASS license purchased entitles user to install OctoPASS
on one server. We offer several types of licenses , which differ by the
number of agents supported in an OctoPASS network. You can find further
information and place an order here.
With the purchase of an OctoPASS license, you also obtain LastBit Software MegaPack - all our password
recovery programs.
Helpful Links
GPU Password
Recovery Engine
Password
Calculator - estimate the recovery
time
Password Recovery Methods
OctoPASS Documentation
Screenshot (click to enlarge)
Download the demo version
Please fill the following form.
Buy the fully functional version
|
