L0phtCrack

MADE BY:-
SURABHI VARMA
Introduction
L0phtCrack is a password auditing and recovery application originally produced by Mudge from
L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost
Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow
tables. It was one of the crackers’ tools of choice, although most use old versions because of its
low price and high availability.

Security experts from industry, government, and academia agree that weak passwords
represent one of the ten most critical Internet security threats, and are receiving more attention
as a source of vulnerability, both on client desktop computers and in networks. L0phtCrack
identifies and assesses password vulnerability over local machines and networks in a
streamlined application, with built-in reports and remediation tools.
Brief History about L0phtCrack Password
Cracker
The producer of this application was @stake later the L0pht merged with the @stake in 2000. In 2004
 the @stake was then acquired by the company named Symantec. Then the US Government export
regulations put a law due to which the Symantec stopped selling this tool to the new customers, and its
support was also canceled in December 2006.
Then in January 2009, the L0phtcrack was owned by the Zatko, Rioux, and Wysopal who were the
original authors from the Symantec. Then the newest version of the L0phtcrack 7 was introduced and
announced by its owner at the SOURCE Boston Conference on the date of 11 March 2009.
The 64-bit Platforms of Windows also support this version of the L0phtcrack and it also contains the
upgraded rainbow table’s support. Then on the 30 August 2016, the L0phtcrack7 was released, which
was launched after the seven years of the previous version of the L0phtcrack. Now, this updated version
of the L0phtcrack contains the increasing performance which is approximately up to 500 times than the
older version of L0phtcrack, and it also supports the cracking of the GPU which wasn’t available for the
older versions of the L0phtcrack.
How L0phtCrack Audits and Cracks
Passwords
L0phtCrack is software which pursuits to crack any Windows passwords with the help of the hashes
due to which it can obtain (gain total access) from the servers of the network, stand-alone
Windows workstations, Active Dictionary or Primary Domain Controllers. In some of the other
cases, it can also detect the hashes even if they are off the wire.
L0phtcrack works by first obtaining password hashes. L0phtCrack has the ability to obtain password
hashes directly from other machines on the network remotely, making it easy for network
administrators. Audits performed by L0phtCrack can be done manually or can be scheduled to run
at predetermined times. Once L0phtcrack is in possession of groups of password hashes, it subjects
them to several attacks. After checking that the password is not the same as the username, the
program performs a dictionary attack, a hybrid attack, a pre-computed attack using rainbow tables,
and a brute-force attack.

This particular software has diverse methods or ways of generating password guesses and all the
related password assumptions including the Brute Force or Dictionary etc.
L0phtCrack Important Features
A dimension of the Target System
This software can run on all of the versions of the Microsoft Windows and all of its higher versions. It can
also be operated over the networks by the use of the Windows XP, 2000, NT, Server 2008 R1/R2, Server 
2006 R1/R2, the operating system can work on both types of environments 320-bit or 64-bit. There is also
another version of this software available for the Linux variants and BSD with another SSH Daemon.

Scoring of the Password

The sixth version of the L0phtcrack (L0phtcrack 7) also provides you with the scoring metric which can be
used to appraise the password quality quickly. Passwords can be measured against any the current best
practices of the industry, and they are also further rated as the Fail, weak, medium or firm.

Support of Windows and Unix Password

The seventh version of the L0phtcrack (L0phtcrack 7) also can import and importing any the UNIX password
files. Due to which it can perform the network audits with the help of the single interface.
Support of Dictionary Attack and Lists
There are also some of the Pre-Computed password files which are the primary features in every
password cracking and auditing software. The L0phtcrack 7 also supports those files and as well as
the pre-commuted password hashes. Now, these types of password cracking and auditing only
require a few minutes to complete their specific tasks rather than taking days or hours.

Scheduled Scans in L0phtcrack

With the help of the newer version of the L0phtcrack, you are required to perform the various scans
at different times. There is another option of this software which is the scheduled scans. It conducts
the scan on the different types of the expected time which you decide according to your ease.

An option of Remediation
The newest version of the L0phtcrack which attempts the possibility of providing the remediation
assistance to required system administrators and it also assists about how to take severe action
against the poor passwords which can be applied on the several different accounts. These type of
reports passwords can expire from within the L0phtcrack interface, and they can also be disabled.
Updated Interface
The Graphical User Interface (GUI) of this particular software is very user-friendly and can easily be
understood by any new users. This updated version of the L0phtcrack has several options which are
displayed on the main window of the software, and they can be easily accessed and used by the user, it
does not require any special education to use this software.

Reporting level of L0phtCrack

The updated version of the L0phtcrack has been programmed to generate different types of the Reporting
which are displayed in a separate and in the form interface with tabs. The auditing results of this software
can also show the auditing methods of the password character and the risk severity.

The Password Risk Status in L0phtcrack

The newest updated version of the L0phtcrack also gives you risk status about the password. These types
of password risk status are categorized into four different types: Low risk, medium risk, high risk and
empty.

The Character Sets of Password

This feature of the L0phtcrack 7 will report you with the completion of the different characters which are
being Including Alphanumeric, Numeric, Symbols, and International.
Implementation:-
After selecting Password Audit you will be asked
to select your target system
Now select from where to retrieve your
encrypted passwords
Next select whether you want to use your specific
credentials or logged in credentials
Here you can select which method to be used
for auditing
Now select how you wish to report your
results
Select when you want to run this job
Then you will see the summary of all the
selections you have made
After clicking on finish button you will see
the following window
The row with red color indicates the
password which l0phtCrack has cracked
Following options you can see on the screen
If you click on import then it will ask from where you want to import
In Audit you can see the techniques using which auditing can be
performed
In Reports tab you can make the report in
specific format and save it.
This is the Settings tab
This is the report of audit saved in html
format