Using L0phtCrack 7

Previous Next


Passwords are sensitive information that can be used to impersonate users, including the operating system administrator.


For security reasons, operating systems do not store passwords in their original clear-text format. The original password cannot be derived directly from a hashed password. L0phtCrack 7 operates similar to a hacker to discover the password by automated guessing. Audits will start by guessing simple passwords that are based on simple variations on dictionary words, and progress to systematically trying all combinations of a set of characters. The amount of time it will take to crack a password varies with the password strength. Even with modern GPUs it can take a very long time to crack complex passwords.


L0phtCrack 7 obtains password hashes from the operating system, and then begins hashing possible password values. The password is discovered when there is a match between a target hash and a computed hash. L0phtCrack 7 must first import password hashes from the target system, and then uses various cracking methods to compute trial hashes. If there is a hash match we have retrieved the password.


Next:


Importing Password Hashes
How to get passwords hashes from your Windows and Unix systems into L0phtCrack 7 for auditing.


Configuring Audits
How to audit password hashes using Dictionary and Brute Force attacks.


Audit Progress And Status
Status and monitoring the progress of an auditing job.


Using Queues
How to use L0phtCrack's powerful batch queuing system to automate your regular auditing activities.


Scheduling Password Audits
Running a job in the future, or on a recurring basis.


Remediating Poor Passwords
Options to fix poor passwords right from the L0phtCrack user interface.


Reporting
Exporting information about your L0phtCrack 7 audits.


Settings
System settings and configuration options