Password Recovery

• Cain & Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.
http://www.oxid.it/cain.html

• Ophcrack

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms
http://ophcrack.sourceforge.net/

• pogostick

This is a utility to reset the password of any user that has a valid local account on your Windows system.
Supports all Windows from NT3.5 to Win8.1, also 64 bit and also the Server versions (like 2003, 2008, 2012)
http://pogostick.net/~pnh/ntpasswd/

• After an attacker obtains a valid user name and user password hash values (somehow, using different methods and tools), they are then able to use that information to authenticate to a remote server/service using LM or NTLM authentication without the need to brute-force the hashes to obtain the cleartext password (as it was required before this technique was published). The attack exploits an implementation weakness in the authentication protocol in that the password hashes are not salted, and therefore remain static from session to session until the password is next changed.

https://en.wikipedia.org/wiki/Pass_the_hash

• Pass-the-Ticket attacks are typically launched in one of two ways:

The hacker steals a Ticket Granting Ticket or Service Ticket from a Windows machine and uses the stolen ticket to impersonate a user, or
The hacker steals a Ticket Granting Ticket or Service Ticket by compromising a server that performs authorization on the users’ behalf.
http://www.identityweek.com/defending-against-pass-the-ticket-attacks

• John the Ripper is a fast password cracker,

Its primary purpose is to detect weak Unix passwords
http://www.openwall.com/john/

• Preventing brute force attacks

In order to secure your cluster against brute force attacks, Search Guard can limit the number of login attempts by IP or by username.
https://docs.search-guard.com/latest/elasticsearch-brute-force-attacks

Brute Force Attack Mitigation: Methods & Best Practices

Locking the account after a fixed number of failed attempts.
Delaying the response time. The more time between permitted password attempts, the more slowly the brute force attack will proceed, and the more time is available for sysadmins to discover an attack is underway.
IP address lock-out. If failed attempts from a given IP address exceed a maximum predefined number, that address can be locked out
Detection tools. tools such as OSSEC can sometimes detect a brute force attack is underway and take direct action to block it, notify administrators of it, or both.
Brute force site scanners. The idea behind these tools is to go through site logs looking for signs that a brute force exploit has recently been attempted
https://www.alienvault.com/blogs/security-essentials/brute-force-attack-mitigation-methods-best-practices

• Blocking Brute Force Attacks

Locking Accounts
Device Cookies
Finding Other Countermeasures:Sidebar: Using CAPTCHAS
https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks

• What Are Brute Force Attacks? How To Prevent & Stop An Attack?

Limit Failed Login Attempts
Make the root user inaccessible via SSH by edit the sshd_config file
Don’t use a default port, edit the Port line in your sshd_configfile
Use Captcha
Limit Logins to a Specified IP Address or Range
Two Factor Authentication
Unique Login URLs
Monitor Server Logs

https://phoenixnap.com/kb/prevent-brute-force-attacks