Brute Force Crack

Parent Previous Next


The most comprehensive cracking method is the brute force method, which recovers passwords of any length and any characters, even a completely random string if it isn't too long.


The brute force crack attempts every combination of characters it is configured to use. Your choice of character sets determines how long the brute force crack takes. Short, common passwords, based on letters and numbers can typically be recovered in about a day using the default character set A-Z and 0-9. Longer or more complex passwords, on the other hand, that use characters such as #_}* could take a very long time to crack on the same machine depending on the length of the password. Passwords for all systems except LANMAN on Windows are case-sensitive. L0phtCrack 7 tries both upper and lower case characters.


Password Length, Audit Duration and Character Set are specified in a Brute Force preset which is selected from the Preset list. When you select a preset you will see the configuration of the preset in the Preset Configuration to the right of the preset list. The configuration is grayed out unless you are editing the preset.


There are three included presets:



Below the Presets list is a set of buttons that are used to create a preset, remove a preset, edit a preset, and duplicate a preset.


To create a new preset press the + button and then add a name and description. In the Preset Configuration, specify a Password Length, an Audit Duration, and a Character Set. When you are satisfied with your settings press the checkmark button to save the preset. You may also duplicate the included presets and modify the duplicate. You cannot edit or remove the included presets. They are displayed in an italic font.


If you have already imported the password hashes to audit and you are satisfied with your audit technique and configuration, press the Run Audit Immediately button to begin your audit. You can optionally press the Add Audit to Queue if you are creating a queue.