Quick Start with the L0phtCrack 7 Wizard

Previous Next

Wizard Overview


The L0phtCrack 7 Wizard helps you quickly configure the settings needed to retrieve and audit passwords by the most common means and provides a quick overview of the password auditing process.


 

 

When L0phtCrack first starts, the startup dialog gives you the option of selecting Password Auditing Wizard, Start A New Session, or Open An Existing Session, with a quick selection of recent sessions. The startup dialog opens by default the first time you run L0phtCrack 7. To use L0phtCrack without the startup dialog, uncheck the Show This Dialog On Startup checkbox. The Wizard can be launched at a later time from the L0phtCrack 7 menu.

If you select Password Auditing Wizard you will start the wizard and see the Introduction dialog. Select Next to continue.

 


Choose The System Type To Audit

 

 

The Wizard's Choose Target System Type dialog selects the type of system you want to audit. There are two options options. Select Windows or Unix-like then press Next.


Select Windows Import Type

 

 

If you chose a Windows system type the next dialog selects the source of encrypted Windows passwords to audit. There are four options.


Windows Local Machine

 

 

To retrieve password hashes from the local machine you need local admin privileges.


If you are logged in with admin privileges you can select Use Logged-In User Credentials.

If you previously saved credentials for the local machine you can select Use Saved Credentials.

If you are not logged in to the local machine with admin privileges you can enter admin credentials by selecting Use Specific User Credentials and entering Username, Password, and Domain.

If you are entering in credentials you have the option to select Save These Credentials to save them in the Windows Protected Store for later usage with the Use Saved Credentials option.


Press Next to continue on to select audit type



Windows Remote Machine Via SMB


 

 

To extract password hashes from a remote machine via SMB you need admin privileges on the remote machine.


The SMB 'File and Print Sharing' service must be running on the remote machine.


If you are logged in with admin privileges for the remote machine you can select Use Logged-In User Credentials.

If you previously saved credentials for the remote machine you can select Use Saved Credentials.

If you are not logged in with remote machine privileges you can enter admin credentials by selecting Use Specific User Credentials and entering Username, Password, and Domain.

If you are entering in credentials you have the option to select Save These Credentials to save them in the Windows Protected Store for later usage with the Use Saved Credentials option.


Press Next to continue on to select audit type.


Windows Import From PWDump File

 

 

Click the Browse button and select the pwdump file you wish to import.


If you are uncertain of what tool to use to create a pwdump file, you can follow the provided link to a site about the Pwdump format, which will provide a list of compatible tools.

Once you have selected the correct file you can click Next to continue on to select audit type.


Choose Auditing Method 


 

The L0phtCrack 7 wizard offers four different audit options. The more rigorous and involved the audit, the longer the audit requires.



Pick Reporting Style 



L0phtCrack 7 displays reports on what was found in the password audit. Choose the reporting style options to customize your report.


Begin Auditing




Once the Reporting options are selected, L0phtCrack 7 is ready to audit. Your settings are summarized before you finish. Click Finish to begin the password retrieval and audit process.