Back to MacKrack page
MacKrack free download for Mac

MacKrack Reviews

1.5.3
05 August 2006

Password cracking utility.

Anonymous
10 April 2005

Most helpful

Actually it does call home, and report to me all the passwords you cracked along with your IP address, email address, name, address, phone number, weight, and the names of your children. I review it all while cackling demonically, and promptly sell all the information to the Russians (none in particular). But seriously -- what does "I would bother with this dog" mean? Would you feel better if the application WASN'T free? Jeez... just because I write software for free my intentions are in question? Anyway, all password crackers are free as an unspoken rule (LC aside, because its creators are the evil capitalists). Which is not to mention that all the software I've ever written is free. Anyway -- as mentioned by neil_m, Little Snitch is a good program to make sure apps aren't calling home.
Like (2)
Version 1.4

Read 30 MacKrack User Reviews

Rate this app:

St00pid-M0nk3y
05 August 2006
Is there any documentation on how to use this thing?
Like
Version 1.5.3
1 answer(s)
Kobalt
Kobalt
05 August 2006
download the app, mount the dmg, read the documentation file ... admittedly, it's somewhat light on information, but then this is not an app for the faint of heart or the light of brain ... :)
Like
Version 1.5.3
Juliew
05 December 2005
MacKrack worked perfectly for me. Downloaded and ran it, entered my admin password, it extracted the hashes for all users on my system and tested their strength. One of 14 user passwords was cracked within 24 hours and I alerted the user to change their password. Thank you for a great implementation and - as far as I have found - the only program that handles the salted sha1 hashes from tiger on its own. Good work!
Like
Version 1.5.1
Anonymous
17 July 2005
What is this "most dishonest crackers are located offshore..." crap? What sort of idiotic comment is that?
Like
Version 1.5
3 answer(s)
Anonymous
Anonymous
18 August 2005
Anonymous wrote: "most dishonest crackers are located offshore... What sort of idiotic comment is that?" Lets just ask you that question, since you're the one who said that comment. What johannes rexx really said was: "Only a dishonest cracker located offshore would attempt such a thing". How does that translate into "most dishonest crackers are located offshore"? Would it help if he punctuated the sentence for you? "Only a dishonest cracker, located offshore, would attempt such a thing" Is that clear enough for you?
Like (1)
Version 1.5
Anonymous
Anonymous
23 September 2005
Isn't that still saying that a dishonest cracker located onshore wouldn't attempt such a thing?
Like
Version 1.5.1
Anonymous
Anonymous
23 September 2005
Polly want a cracker!
Like
Version 1.5.1
Anonymous
17 July 2005
That's hilarious -- the app actually asks you for your password in order to extract the local password! I certainly hope most aren't so gullible to walk past that one.
Like
Version 1.5
1 answer(s)
Anonymous
Anonymous
03 August 2005
Only for 10.3 and 10.4 hashes does it require a password, but for 10.2 hashes it doesn't. This is just because of the way the permissions in Mac OS X are set up. If you know a way to extract 10.3/10.4 hashes without knowing an administrator password, please do the world a favor and tell. Until then, shut up.
Like
Version 1.5
Anonymous
10 April 2005
I just wanted to make sure, as the developer, that everyone understands that macKrack doesn't actually phone home whether for version checking or any other purposes. It doesn't make any network connections at all, and anyone with basic knowledge of how to use tcpdump or Little Snitch could verify that. So don't worry. I was just kidding before about the Russians....
Like
Version 1.4.3
2 answer(s)
Anonymous
Anonymous
10 April 2005
Most of us got the joke
Like
Version 1.4.3
Anonymous
Anonymous
21 April 2005
Russians? Those weren't Russians. Fnord.
Like
Version 1.5
Anonymous
10 April 2005
Some reviewers have expressed concern that MacKrack might "call home" and reveal cracked passwords and other personally identifying information. The reason I doubt this is because it would be blatantly obvious to detect and document it. Only a dishonest cracker located offshore would attempt such a thing. How about an installer that asks for your admin password? How do you know it's not really the program doing this and phoning home? The way around a lot of this is to distribute code under the GPL so users can judge for themselves if anything is phoning home by reading the code. Does Adobe software phone home when you run it? Does iTunes? Does RealOne. How about Azureus or eDonkey? Muahaahahh!
Like
Version 1.4.3
2 answer(s)
Anonymous
Anonymous
21 April 2005
Does Adobe software phone home when you run it? Does iTunes? Does RealOne. How about Azureus or eDonkey Sometimes, no, sometimes, no, no. Acquisition does, though.
Like
Version 1.5
Anonymous
Anonymous
21 April 2005
'The way around a lot of this is to distribute code under the GPL so users can judge for themselves if anything is phoning home by reading the code.' This only helps if you're capable of building the app yourself. This is an old trick used by programmers for ages. There is no necessary proof the source you read is what made the program. Smell the coffee.
Like
Version 1.5
Anonymous
10 April 2005
Excellent! I'm a bit disappointed though it doesn't send all my info to the FBI, tut tut, where would we be without paranoia. Nice app and useful (although not everyday), Thanks.
Like
Version 1.4.3
Anonymous
10 April 2005
I think the phrase is: "I would not bother with this dog", but then again I am just guessing.
Like
Version 1.4.3
Anonymous
10 April 2005
Actually it does call home, and report to me all the passwords you cracked along with your IP address, email address, name, address, phone number, weight, and the names of your children. I review it all while cackling demonically, and promptly sell all the information to the Russians (none in particular). But seriously -- what does "I would bother with this dog" mean? Would you feel better if the application WASN'T free? Jeez... just because I write software for free my intentions are in question? Anyway, all password crackers are free as an unspoken rule (LC aside, because its creators are the evil capitalists). Which is not to mention that all the software I've ever written is free. Anyway -- as mentioned by neil_m, Little Snitch is a good program to make sure apps aren't calling home.
Like (2)
Version 1.4
1 answer(s)
Anonymous
Anonymous
02 August 2005
LOL Good one. ;-)
Like
Version 1.5
Anonymous
08 April 2005
Can anyone verify that this thing does not "call home" with other information. A free application that can crack passwords sound a bit suspicious to me. I would bother with this dog.
Like
Version 1.4
1 answer(s)
Anonymous
Anonymous
08 April 2005
Calling home check. http://www.macupdate.com/info.php/id/10426 Little Snitch - is the answer to your question
Like
Version 1.4
Anonymous
25 January 2005
On an iMac and an eMac here, the program gives me "OS X is not configured by default to use an Open Firmware password" when I know that both have Open Firmware passwords set. Running OS X 10.3.4 on both, I believe.
Like
Version 1.3
2 answer(s)
Anonymous
Anonymous
03 October 2005
yeah, i got the same thing. any ideas?
Like
Version 1.5.1
Anonymous
Anonymous
03 October 2005
Yes... Ask the developer.
Like
Version 1.5.1
Anonymous
23 October 2004
Guns for example.. They are used to commit crimes and people say they should be outlawed. OK, now they are outlawed, which keeps the legitimate people from using them. I doubt the criminals are not going to go buy a gun on the black market because they are illegal. Denying the public or "public domain" anything that can be used either legitimately or illegitamately is a mistake. Anything can be used to commit a crime, that is no reason to outlaw it. There are still legitimate uses. I don't know what communist country you grew up in, but I enjoy my freedom. Secrecy is not security. Open source and tested software has been proven to be the most secure because it is audited and tested. That is the whole point of testing something, to make it better. Yet you want to deny that ability to legitimate users? That sounds very closed minded and ignorant to think if it is not tested, it will somehow make it more secure. That the tools should only be released in private to a select few. You sound like a Windows user to me.
Like
Version 1.3
1 answer(s)
Anonymous
Anonymous
08 April 2005
While I agree that this software should remain legal, there is a difference between MacKrack and guns. The obvious difference is that while it is possible to test password security with kracking tools, you can not test your flesh's vulnerability to bullets with a gun. Of course, one could argue that bullet-proof vests can be tested with guns, and therein lies the rub. Kracking, viruses, trojans, etc. are inevitable consequences of networked computers, just as viruses and bacteria are inevitable in the biosphere. We accept these things because computers and ecosystems are useful. The "networks" or "ecosystems" supported by the existence of guns are organizations such as the Mafia, terrorists, drug lords, and street gangs. If networked computing was useless, you could simply disconnect your box and be free from kracking and viruses. Since the Mafia, terrorists, drug lords, and street gangs are worse than useless, let us be free of guns.
Like
Version 1.4
Anonymous
05 July 2004
Wonderful software. Provides very nice functionality. The nice thing about software such as this is that it allows security freaks (like me) to gauge security of computer systems. We can argue all day about how software like this is mindless and can only cause problems, but my view is that if more people know how to crack low security, then better security implementations will be developed and used - thus bettering the world.
Like
Version 1.3
1 answer(s)
Anonymous
Anonymous
08 April 2005
Did you read the crap you just wrote. Make the world a better place? You are probably some wanna be criminal that wants nothing more than to hack, crack or attack someone's system. I am sure you are a security freak alright. People like you making the world a better place. What a laugh. You sound like a Republican.
Like
Version 1.4
Anonymous
26 June 2004
Like Sheriff Rosco P. Coltrane said: "I love it, I love it, I love it! Good-good, good, good!"
Like
Version 1.3
Anonymous
25 June 2004
Software like this serves no purpose beyond illegality and ill will. The creation of software like this is inevitable as Apple aims for the popular market. Next on the list are viruses, trojan horses and other computer experience ruining scum by punks with inferiority complexes attempting to lash out at the world for their own lack of self worth. Did the undoubtedly talented creators of this software, like the creators of so many weapons befor them, ever stop to think of the destructive force their creation would inflict? Once again a small group of people do something "because we can" with no regard to consequence, and ruin it for the rest of the world.
Like
Version 1.3
8 answer(s)
Anonymous
Anonymous
25 June 2004
Lighten up, Francis.
Like
Version 1.3
Anonymous
Anonymous
25 June 2004
To say that this software serves no purpose beyond illegality is misinformed at best and willfully ignorant at work. There are a great many people who have a vested interest in learning how hard their own machines are to crack before The Bad Guy finds out first. In fact, you have this interest yourself, even though you may not realize it yet. Don't forget, to a hacker machines aren't only useful for the data they contain. Even a thoroughly boring machine data-wise can be used as a jumping-off point for later hack attacks, and if your machine is used as such a launchpad, you're the one who will be framed for the attack. These tools provide you the ability to better secure your own machine against attacks. No machine is invincible, and pretending that you can't be cracked just because people don't know the tricks is not only naive but outright foolish. What you CAN do is try to ensure that your machine is passed over in favor of easier targets, and programs like these allow you to do that. Or, to put it another way: The Bad Guys have these programs, and will always have them; even if you outlaw them they'll trade the software underground or -if it comes to that- write it themselves. Given that, is it not better that the Good Guys have the same tools so that the playing field is at least level, rather than running away and pretending the problem doesn't exist?
Like
Version 1.3
Anonymous
Anonymous
25 June 2004
"The creation of software like this is inevitable as Apple aims for the popular market." How can you be so obtuse? Apple has been aiming for the "popular market" from day one, and there have been applications like this almost ever since. Just because you happen to see one on MacUpdate, doesn't mean it's the first of the breed - no FAR from it. This is not a precursor to more viruses or anything else.
Like
Version 1.3
Anonymous
Anonymous
25 June 2004
"How can you be so obtuse?" Because he's related to the Shawshank prison warden, maybe. Heh.
Like
Version 1.3
Anonymous
Anonymous
25 June 2004
"Lighten up, Francis" Yeah...lighten up, Francis. :-)
Like
Version 1.3
Anonymous
Anonymous
26 June 2004
Yeah Gost, don't you have to go work on Chit-Chat or somethin'?
Like
Version 1.3
Anonymous
Anonymous
19 August 2004
Necessary Product. As a seasoned technology professional (consultant, IT manager for corporations, university professor in CIS, etc) occasionally I have to work on a machine that is 'secured'. Sometimes it is an executive who is just dropping off a notebook and will be back to pick it up that afternoon..yet they hit the golfcourse before giving me peripherals, power cord or even the password. Utilities like these help me to get the job done in a timely manner. Right now I came across this site, because I was looking for info on MacKrack. I have an AppleScript that has to get root access to function. The VP that left me his notebook doesn't recall that password. This tool saves the day for me. Sure, the script kiddies love utilz like this, but let us instill more proper values into these folks than trying to pull what you think are their tools. That ignorant mindset is the same mentality used in gun control laws or security checkpoints that remove boxcutters from airlines. Criminals use _whatever_ means necessary. If a kid throws a rock through a plate glass window, do you prohibit rocks from your landscape? How about bricks? blocks? your own mailbox? Do you think you are secure if password crackers don't exist? Ridiculous! For every password cracker, exploit and root kit there are at least that many in the wild that are not shared with the community. Remove these from the public eye and you get a false sense of security (because methods and tools will ALWAYS exist). It is better to acknowledge the risk, try to understand it and then brace yourself with the best tools around. Ignorance is pain. www.domain-logic.com
Like
Version 1.3
Anonymous
Anonymous
27 September 2004
In 10.2 Apple chose to use MD5 DES hashes (which aren't uncrackable but not totally insecure either.) Then they stupidly chose to limit the number of characters in the password to 8. Idiots. In 10.3 they chose to use an NTLM hash set as the default authentication. Password length rose from 8 chrs to 14 chrs (as two 7 chr words.) But of course, including the LM hash made them even easier to crack. Idiots. Because 10.3 uses the NTLM hash as the default login, Apple has rendered 10.3 LESS SECURE than Windows XP from the password hash crackability standpoint. Apple clearly does not take security seriously. Why should anyone using Apple's computers??? It's all a joke.
Like
Version 1.3
Anonymous
19 June 2004
To all the people who have something against software that tests and breaks security, why do you believe this is wrong? Is it not the users right to have available the software they want, or the author to write the software they want? Is it not the right of every user to test their own security to improve it or to see the tools that are going to be used to break into computer systems that are available in the underground community? Is it not a law enforcements right to be able to have a tool against certain security precautions to have evidence against child pornographers and terrorists? Or a person to be able to break back into their own system whether the passowrd was lost, stolen, or changed? Is it not the right of an educational system to have the right to learn about security and security precaustions by looking at tools that are used to attack that said security. Should we shut down BitTorrent because someone downloads an illegal file using it, or web browsers for that matter. Sicne computers can copy store bought dvds, does this mean we should outlaw computers altogether like the mpaa suggests? Or for that matter, what about that racist peice of literature you have, should we ban certain types of information and try to regulate every book that comes into this country. What about free thought? I believe a lot of people have unpure thoughts at times. Or cars, I hear people have used those to aid in bank robberies before. Give people the benifit of the doubt, they are not all criminals, theifs, and hackers. Please, before you bash software that can be abused, try to be more optimistic.
Like
Version 1.22
1 answer(s)
Len-Peruski
Len-Peruski
25 June 2004
Your logic and statements are very similar to the arguments used by several governments to develop chemical, biological, and nuclear weapons. If you were truly trying to help legitimate organizations combat legitimate problems, like child pornography, it is far more effective to work through them directly rather than post software such as this in the public domain. To do something such as this, simply because one can, shows the same level of maturity and moral and intellectual courage as a young child, and likely much less.
Like
Version 1.3
Anonymous
06 May 2004
Works fine and the developer keeps improving it. We need this kind of tools. The more we have, the more improved security we'll have in our systems. Remember that we are now in a *nix based system and connecting to the Internet is as easy as pluging your mac to your phone line. Old days died, new ones are here and we need tons of security which we didn't past times. And this kind of apps most probably should be concibed primarily within Apple's engineers' brains.
Like
Version 1.22
Ancientyger
06 May 2004
I thought Mac people "weren't" interested in such destructive behavior. I thought we were encouraging a "safer" more "secure" environment not trying to promote the willful destablization of the network of tool that we've come to enjoy. I figured what we've all learned is that it doesn't take much coaxing to make humans ignore apples, oranges, pears or even life if they think they can obtain the dreams of avarice. Can we learn nothing from Eden? Please, don't leave this tree in the center of our Garden.... at this point, we don't even need a serpent to do the coaxing....
Like
Version 1.22
5 answer(s)
Anonymous
Anonymous
13 June 2004
This is just a program, and I really hope you dont believe in this perfect communistic world of yours where there are no such thing as hackers and such. This simply is not the case, and as long as there are hackers, the more important it is to use the tools they will use to test system security. If you would rather leave these tools hidden, you will be the ignorant one.
Like
Version 1.22
Anonymous
Anonymous
25 June 2004
Apples? Oranges? What are you on and can I have some?
Like
Version 1.3
Anonymous
Anonymous
25 June 2004
Well said.
Like
Version 1.3
The-Valrus
The-Valrus
25 June 2004
Poorly said. Reviewer ignores legitimate uses of this software for security testing and uses an inaccurate and misleading Biblical metaphor. This isn't Eden, it's the real world, and if someone's going to be able to crack one of my passwords I'd prefer to find it out myself first.
Like
Version 1.3
Anonymous
Anonymous
02 April 2005
You guys are all nutz! Mac users cannot be contained or described all at the same time, some like destructive behaviour - others dont. Taking a small minded view like that IS however a complete waste of time and space on this forum. Software like MacKrack - comes along now and then, so there is NO POINT in blaming the publishers or the writers or anyone else for that matter. If somebody uses a tool for right or wrong, it is only they (the user) who can dictate which category they fall into. For instance, some may say that a knife is a murder weapon and is bad - whereas I use a knife every day to cut my toast. Dont blame the brush, blame the artist! Anyway, now I think about it the world is FULL of hackers / crackers and I for one would like access to their methods without having to practice on other peoples computers first. Think about it....
Like
Version 1.3
Anonymous
06 May 2004
The idea that this is intended by its author to be a "security protection tool" and that any ethical problems involved with using this software rest solely on the end-user is, to put it mildly, disingenuous. Licensed locksmiths are allowed to possess lock-picking tools, it is against the law for anybody else to have them. I think right here we have the software analogue of for just that. I hope that the good people at MacUpdate will remove this from their site pronto.
Like
Version 1.22
1 answer(s)
Anonymous
Anonymous
20 May 2004
but this type of software is offered on the internet everywhere. macupdate taking it down wont change that, and there is no legal body that has the authority to limit the transfer of any given type of data via the internet. the lines of who is a digital locksmith and who is not are VERY blurry.
Like
Version 1.22
Anonymous
06 May 2004
Although I don't feel that I should release macKrack as a new version because the changes I made to code were small, the effect is large. The new binary from the site is version 1.22 as of right now, and it is MUCH faster than all previous, maybe on the order of 2 or 3 times.
Like
Version 1.2
Anonymous
21 April 2004
yes, a serious memory leak in 1.2... now repaired and changed to 1.21.... available at same download link.
Like
Version 1.2
Anonymous
21 April 2004
jeepers! Just attempted a crack on a single password from 6 to 8 characters in length, using keyspace (A-9) but gave up after it created 5 swap files 108 thousand pageouts, and didn't show any signs of stopping soon. hmmm. is that supposed to happen?
Like
Version 1.2
Anonymous
21 April 2004
To respond to the last poster: To say that MacKrack is unethical is ridiculous. MacKrack is a security analysis tool, designed to be used by system administrators to check for weak user passwords. Tools aren't unethical; it is those who use tools unethically that are unethical.
Like
Version 1.2
2 answer(s)
Anonymous
Anonymous
21 April 2004
Any admin who is not utterly stupid already knows how to make passwords that are not insecure. The users should be told how to choose passwords or just let the IT people set them (and thus be able to recover them if the stupid user forgets). There are numerous ways to get around "forgotten" passwords for Open Firmware, FileVault and user accounts on OS X that do not require brute-force cracking tools. Plus the kinds of decodings indicate that this tool is not intended for such purposes at all. The only purpose for this kind of thing is to attempt to access another person's system via brute-force attacks. This is a Hacker/Cracker tool period. The limp-wristed "security analysis" excuses given in such mainstream shows as TechTV and here are laughable.
Like
Version 1.2
Anonymous
Anonymous
27 April 2004
The only true security is understanding when you are not secure, to cover your eyes and try to make things secure by hiding or closing the programs that allow you to bypass it is ignorant. It is best to keep these programs mainstream so that people know when they are insecure rather than just giving this tool to the hackers only. Be informed. Stay informed. If it were not for programs like this, security would never progress and be weak only waiting to be picked. Let people test security as they will and quit complaining. If you want, think youre secure, I dont care. I would rather stay informed.
Like
Version 1.2
Anonymous
20 April 2004
Unethical, period.
Like
Version 1.2
Anonymous
14 April 2004
This program is very clean, and simple enough to figure out on your own if you know what you need. It is very straight forward. It has a nice interface and was put together cleanly. As for whether or not it works, I do not have anything I need cracked, but I have in the past. The next time I do run into something, I will have this program in my application folder and hope it works then. ;) I am curious if this will crack md5 shadow passwords, or password files, on Linux systems. That would be very useful if it could. The only thing that this program lacks, is MORE features! It does it's specific job as Im sure was intended, but most users who download these programs might more like a all-in-one sollution to their password cracking needs. Though this would be asking a lot Im sure.
Like
Version 1.1
Fsb-software
14 April 2004
Thanks to last poster for providing some wordlist URL.. Here's the URL I would use and you should definitely check out if you're looking for wordlists-- the definitive collection: http://packetstormsecurity.nl/Crackers/wordlists/ p.s. mackrack is unrelated to unix crack, or the old OS 9 program mackrack, or any other program ever written with a similar sounding name
Like
Version 1.1
2 answer(s)
Jimw
Jimw
14 April 2004
Your list is better than mine but then you should have included it with the readme to begin with. I also would strongly suggest including a word list as an example to use as a dictionary with the program so that new users get a real example on how the program pieces fit together. Perhaps a sample password file to be broken would also be helpful. Giving it the same name as a previously named program is an open invitation to confusion regarding its pedigree. I also suggest you might consider changing the name - perhaps to something that might sound the same but is spelled differently. That way people will not be as likely to mix up its history as you indicate I have done.
Like
Version 1.1
Anonymous
Anonymous
14 April 2004
JimW, I would like to note, I have seen you post on MacUpdate in numerous places, and in all of them you come off as an arrogant jerk. There is no need to be so rude, especially at someone who has spent so much time on a magnificent program which they are releasing for free. Now, I apologize for the flame, I am not trying to start a post war. On a similar note, I agree with the idea to provide a link with the program, and I think it is an excellent idea to provide a sample password file to be cracked.
Like
Version 1.1
Jimw
14 April 2004
I have done some research for interested parties. This program is derivied from a Unix program called Crack written by a fellow by the name of Muffet. It requires a word listing or dictionary to use it. Unfortunately the provider provides no documentation or dictionary. However my research has lead me to a site of extensive dictionaries for the product. While they are designed for the Unix version they should work for the Mac version as well. The compressed image can be opened with Stuffit Expander. While you can only use a single word list at a time, their is nothing keeping you from combining several list into a single document. Just be sure to save it as a plain text document. Hope this helps. The dictionary site is: ftp-//ftp.ox.ac.uk/pub/wordlists/.ftploc
Like
Version 1.1
Fsb-software
14 April 2004
Hi, I'm the developer of this app, my name is Braden. Apparently I didn't give enough information (read the read me file included), and my website doesn't have much info, but it's certainly no trojan. Regarding the file format it cracks, it only accepts text files, one as a dictionary (if in dictionary mode) and the other as a password file. The password file should contain hashes in MD5 or SHA1. It won't crack stuffit files, and is primarily designed for people who want to descrypt passwords from databases or web applications. If you don't know what MD5 or SHA1 are, don't download it.
Like
Version 1.1
1 answer(s)
Jimw
Jimw
14 April 2004
If you were user friendly, you would have taken the slight extra effort it required and provided a dictionary file and some basic usage instructions in your readme. Shame on you.
Like
Version 1.1
Anonymous
14 April 2004
He does not explain to much and his webpage is just to simple with no info. i tould be a trojan. !!! 8-|
Like
Version 1.1
Anonymous
14 April 2004
dont get it - what kind of file format is this suppose to krack - doesn't work with stuffit files that are password protected
Like
Version 1.1
1 answer(s)
Anonymous
Anonymous
14 April 2004
The internal password hashing routines of StuffIt are "closed source", and even if they release the password hashing routines some day as "open source", how do you want to crack passwords up to 64 bytes (512-bits)?
Like
Version 1.1