Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: L0phtcrack

From: Anders Thulin <Anders.X.Thulin () telia se>
Date: Tue, 18 Sep 2001 09:05:55 +0200
Jim Miller wrote:


Last I heard, mostly from this list, L0phtcrack version 2, which was free, was
doing the job, but version 3, which costs money, was having problems cracking on time.


  Noone seems to have adressed the time problem yet.

  atstake recently sent out a mail to their customers saying:

    An updated release of LC3 (version 3.02) boosts performance
    in the Dictionary and Hybrid audits. We encountered and fixed
    a bug that slows the Dictionary and Hybrid audits, and in
    certain cases, caused the Hybrid to seemingly grind to a
    crawl. The NTLM cracking process was being unnecessarily
    invoked in these cases.

    3.02 also resolves an issue in which launching LC3 from a
    session saved on a drive other than the one where LC3 is
    installed could revert a registered version of LC3 to Trial
    mode.

  I haven't tested this in depth yet, though, to say if there's
a solid improvement.


Has the situation changed?  Is LC3 now a stable product?  Is it worth the cost of
oftware, the cost of installation and the cost of the learning curve?


  It's still an enabling tool, rather than a supporting tool: you get the tools
for collecting passwords, and cracking them from dictionary etc., but the
tools are separate, and may not work together well enough to make your 
particular job easier.

  A comprehensive password crack will require using a number of passwords lists
in some specific order, typically: passwords cracked in earlier sessions,
other 'well-known' passwords, names of people, various other names
(products, places, characters, etc), and full dictionaries, before the brute
force session starts.  LC3 gives you only one dictionary -- so it's
hand reconfiguration to switch password dictionaries, and that upsets the
session concept of LC3.

  John the Ripper is easier to tailor in this respect, but it also has
some shortcomings: you get only two word transformation rule sets, and
only one of those can be applied to word lists.   To get approximately the
same functionality as with LC3, JtR needs to be complemented with
pwdump (or one of its later incarnations pwdump2 or pwdump3).
I'm not sure of JtR will do both Lan Manager hashes and NT hashes, like LC3.
It does Lan Manager hashes, though.

  Furthermore LC3 does not seem to make it possible to export password hashes
in text form as earlier versions of L0phtcrack did -- thus, you get rather
locked into the program.

  I still use LC3, but I find I'm using the JtR/pwdump combo more and more.

-- 
Anders Thulin     Anders.X.Thulin () telia se     040-661 50 63
Telia ProSoft AB, Carlsgatan 6, SE-201 20 Malmö, Sweden

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: