L0phtCrack helps the military, government,
corporations, and universities secure their NT/2000 computers
Several Internet RFCs relating to computer security recommend
password auditing or "cracking" to ensure adequate
password security. SANS
Top Ten Security Problems (June 19, 2000) listed user accounts
with no or weak passwords as the 8th highest critical internet
security problem. They also listed L0phtCrack as the tool for the
job. Windows 2000 Magazine lists "Use Password Crackers"
on their NT
Server Security Checklist. Guess which tool is listed as the
favorite. L0phtCrack of course! You can read more about what the
security experts are saying about L0phtCrack
in the news.
Password auditting is the only way to find user accounts with
no or weak passwords. As security professionals we ran an audit of
one of the largest high tech companies in the world. This is what
we found:
- L0phtCrack cracked 90% of the passwords in under 48 hours on
a Pentium II/300.
- 18% of the passwords were cracked in under 10 minutes.
- The Administrator and most of the Domain Admin passwords
were cracked.
- This company had a policy requiring passwords longer than 8
characters, with at least one upper case character plus a
numeric or symbol character.
- please register
your copy of the l0phtcrack!
L0pht Crack Ver
2.02 (executable)
L0pht Crack Ver 2.02 (source code)
PPTP (This will sniff PPTP
authentication and output the challenge and password hashes just
like our readsmb sniffer that comes with the l0phtcrack
distribution. This version works with any unix that has libpcap.
It also include an active attack which exploits a flaw in MS-CHAP
to get the password hashes without the overhead of cracking the
challenge/response. Written by Aleph One. )
PPTP Sniffer (This will
sniff PPTP authentication and output the challenge and password
hashes just like our readsmb sniffer that comes with the
l0phtcrack distribution. This only works with Solaris 2.4+. )
SAMDUMP (Use to extract pasword
hashes from SAM files)
PWDUMP (Use to extract pasword
hashes from registry)
l0pht Crack 2.0 Manual
l0pht Crack 2.0 FAQ
|