Appendix
Registered L0phtCrack 6 users receive free technical support by email. To receive technical
support, you must include the Serial Number and Unlock Code from L0phtCrack 6's
Help ... About dialog in your email's Subject line, separated by two colons.
For example, a valid subject line might be:
Subject: Using International Dictionaries? 1e15f863::13fc7b05
Registered users can send technical support questions to support@l0phtcrack.com.
Technical support is not provided for non-registered users.
- Windows 2008, Vista, 2003, XP, 2000
- 1 GHz CPU
- 50MB disk space (8.5GB for pre-computed password tables)
- DVD Drive
- Account with Administrator Privileges
Supported Password Environments
- Windows 2008, Vista, 2003, XP, 2000, NT
- UNIX (Check the L0phtCrack website for supported versions)
When installing L0phtCrack 6, you must be logged into an account that has administrator
privileges. L0phtCrack 6 runs on Microsoft Windows operating systems, and is
tested on Windows 2000, Windows XP, Windows Vista, and Windows 2008. System requirements are the same as
the minimum requirements for the operating system.
L0phtCrack 6 relies on WinPcap software for packet capture and network analysis.
This package has shown some incompatibilities with PCMCIA network cards,
but good compatibility with other cards. L0phtCrack 6 uses the currently installed version of WinPcap.
The latest version of WinPcap can be downloaded at http://www.winpcap.org/
Copyright (c) 1999 - 2004 NetGroup, Politecnico di Torino (Italy). All rights reserved.
WinPcap is further derived from LibPcap software, copyright (c) 1988,
1989, 1991, 1994, 1995, 1996, 1997 The Regents of the University of California.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that:
- Source code distributions retain the above copyright notice and this
paragraph in its entirety
- Distributions including binary code include the above copyright notice
and this paragraph in its entirety in the documentation or other materials
provided with the distribution
- All advertising materials mentioning features or use of this software display
the following acknowledgements: "This product includes software developed
by the Politecnico di Torino, and its contributors;" and "This product
includes software developed by the University of California, Lawrence Berkeley
Laboratory and its contributors."
You may use a word list of your own for dictionary cracks. To do so, your
word list must consist of a single word on each line of a simple text-based
file, as in the following example:
apple
dog
cat
peach
The word list is not case sensitive, and will recognize both NT and Unix
formatted text files.
Password Quality Category
Q. Where would I find the Risk Category (High, Medium, Low) definitions? Can these definitions be changed to reflect my company's policy?
A. These definitions cannot be changed to reflect your company’s policy. The definitions are defined in the FAQ that comes with L0phtCrack 6.
Q. Is there a setting for me to change the Minimum Password Length for reporting purposes?
A. No. One option would be to export the report and import it into Excel.
Q. Is there a way to segregate specific accounts for the utilization of Brute Force Attacks. The situation is when I want to target specific accounts or perform brute force on those accounts that did not crack using the dictionary or user information?
A. Yes. You can limit accounts by deleting those accounts you do not want to crack. Delete accounts by highlighting and hitting the Delete key.
Active Directory Support
How one may connect to Active Directory, various usage scenarios, and requirements
Q. Describe how to use L0phtCrack 6 to determine password complexity compliance with Active Directory? Is it as simple as running L0phtCrack 6 on a workstation and pointing to a domain controller as the "Remote System" or is there more to it than that? I understand that you would need Domain Administrator rights to perform the analysis.
A. It is as simple as importing from a remote machine and selecting Active Directory as the machine. You need Administrator privileges on the machine. Typically Domain Administrators have this privilege.
Q. What exactly do I need in order to obtain the password hashes from a remote Active Directory domain controller? I know that local admin privileges will suffice, but I need to know specifically what I need in order for L0phtCrack 6 to extract the hashes.
A. You need the debug privilege.
Q. I have been trying to use the L0phtCrack 6 product to decrypt passwords on my server, I am using the product with active directory and every time I use the wizard an error message comes back saying no encrypted passwords were imported. The L0phtCrack 6 wizard cannot continue please try another password retrieval method to continue. What do I need to do for the product to work?
A. You need Administrator privileges on the Active Directory machine. The machine also needs to be able to be remotely administered if you are running L0phtCrack 6 on another machines and importing the password hashes remotely.
Remote Scans
Q. When you use L0phtCrack 6 to retrieve password hashes from remote machines is the data encrypted whilst being transferred?
A. Yes the data is encrypted whilst being transferred.
Selected Account Audit
Q. Is there a method by which I can either restrict, or selective choose which accounts are audited?
A. Yes, LC will let you delete accounts that you do not want to audit.
Password Recovery
Q. What do the ‘???’ in the password field imply?
A. The question marks imply that LC has determined either the first half or the second half of the password. The question marks are used as a placeholder for the half of the password that is unknown.
Q. Why do I see a blank password field after the completion of the audit?
A. This means that the password was not cracked by L0phtCrack 6. This is typically a strong password depending on your cracking settings.
This section lists tools and information that may help in your password
auditing efforts. As always, exercise the appropriate diligence in evaluating
and using these resources.
Password security discussion areas
- The Microsoft focus area at SecurityFocus.com
- Usenet newsgroups on Windows NT administration:
- comp.os.ms-windows.nt.admin.security
- comp.os.ms-windows.nt.admin.networking
- comp.os.ms-windows.nt.admin.misc
fgdump
Fgdump
runs on top of pwdump6
to allow remote access to the password database on SYSKEY protected systems,
and is available for free from fizzgig. Its output is
a similar format to the .lc format used by L0phtCrack 2.5. L0phtCrack 6 can import
files that fgdump outputs.
Password Reset Utility
You must have access to at least one administrator
account on a Windows machine in order to obtain password hashes from
that machine, whether you use fgdump, or L0phtCrack 6's own Import From Local Machine feature.
The only other way to access the machine might be through a password
reset utility such as the following: http://home.eunet.no/~pnordahl/ntpasswd/.
Source Code
L0phtCrack 1.5 is available in an open
source version.
Note: L0phtCrack 6 is approximately four times faster than
the L0phtCrack 1.5, due to optimization. The source version is essentially
a researcher’s version, made available to share information about
how the password auditing works. It is not intended as an audit tool for
production environments.
L0phtCrack 6 incorporates the following third-party software:
-
PuTTY, copyright 1997-2004 Simon Tatham. Portions copyright
Robert de Bath, Joris van Rantwijk, Delian, Delchev, Andreas Schultz,
Jeroen Massar, Wez Furlong, Nicolas Barry, Justin Bradford, Ben Harris,
and CORE SDI S.A.
- Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
L0phtCrack 6 was developed by Christien Rioux, Chris Wysopal, and Peiter Mudge Zatko.
|