Professional Documents
Culture Documents
MADE BY:-
SURABHI VARMA
Introduction
L0phtCrack is a password auditing and recovery application originally produced by Mudge from
L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost
Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow
tables. It was one of the crackers’ tools of choice, although most use old versions because of its
low price and high availability.
Security experts from industry, government, and academia agree that weak passwords
represent one of the ten most critical Internet security threats, and are receiving more attention
as a source of vulnerability, both on client desktop computers and in networks. L0phtCrack
identifies and assesses password vulnerability over local machines and networks in a
streamlined application, with built-in reports and remediation tools.
Brief History about L0phtCrack Password
Cracker
The producer of this application was @stake later the L0pht merged with the @stake in 2000. In 2004
the @stake was then acquired by the company named Symantec. Then the US Government export
regulations put a law due to which the Symantec stopped selling this tool to the new customers, and its
support was also canceled in December 2006.
Then in January 2009, the L0phtcrack was owned by the Zatko, Rioux, and Wysopal who were the
original authors from the Symantec. Then the newest version of the L0phtcrack 7 was introduced and
announced by its owner at the SOURCE Boston Conference on the date of 11 March 2009.
The 64-bit Platforms of Windows also support this version of the L0phtcrack and it also contains the
upgraded rainbow table’s support. Then on the 30 August 2016, the L0phtcrack7 was released, which
was launched after the seven years of the previous version of the L0phtcrack. Now, this updated version
of the L0phtcrack contains the increasing performance which is approximately up to 500 times than the
older version of L0phtcrack, and it also supports the cracking of the GPU which wasn’t available for the
older versions of the L0phtcrack.
How L0phtCrack Audits and Cracks
Passwords
L0phtCrack is software which pursuits to crack any Windows passwords with the help of the hashes
due to which it can obtain (gain total access) from the servers of the network, stand-alone
Windows workstations, Active Dictionary or Primary Domain Controllers. In some of the other
cases, it can also detect the hashes even if they are off the wire.
L0phtcrack works by first obtaining password hashes. L0phtCrack has the ability to obtain password
hashes directly from other machines on the network remotely, making it easy for network
administrators. Audits performed by L0phtCrack can be done manually or can be scheduled to run
at predetermined times. Once L0phtcrack is in possession of groups of password hashes, it subjects
them to several attacks. After checking that the password is not the same as the username, the
program performs a dictionary attack, a hybrid attack, a pre-computed attack using rainbow tables,
and a brute-force attack.
This particular software has diverse methods or ways of generating password guesses and all the
related password assumptions including the Brute Force or Dictionary etc.
L0phtCrack Important Features
A dimension of the Target System
This software can run on all of the versions of the Microsoft Windows and all of its higher versions. It can
also be operated over the networks by the use of the Windows XP, 2000, NT, Server 2008 R1/R2, Server
2006 R1/R2, the operating system can work on both types of environments 320-bit or 64-bit. There is also
another version of this software available for the Linux variants and BSD with another SSH Daemon.
An option of Remediation
The newest version of the L0phtcrack which attempts the possibility of providing the remediation
assistance to required system administrators and it also assists about how to take severe action
against the poor passwords which can be applied on the several different accounts. These type of
reports passwords can expire from within the L0phtcrack interface, and they can also be disabled.
Updated Interface
The Graphical User Interface (GUI) of this particular software is very user-friendly and can easily be
understood by any new users. This updated version of the L0phtcrack has several options which are
displayed on the main window of the software, and they can be easily accessed and used by the user, it
does not require any special education to use this software.