L0phtCrack FAQ

Where can I find documentation for LC7?
How do I move my LC7 license to a new machine?
Why does Hybrid mode appear to be super slow? The status bar only shows a new word being cracked against every few seconds
Doing a pentest you might end up with several thousand accounts, is there any way to weed out the accounts you do not want audited?
I launch LC7 and the splash screen appears but the program does not run.
I am getting ‘access denied’ issues dumping hashes from a remote Windows server, even though I am an administrator
Why do so many accounts say ‘missing’ or ’empty’ for the Lanman hash?
I just purchased your product. Why wasn’t I sent a license key?
Where should I get rainbow tables from?
When I try to run, I get a “key generation failed” error. What does that mean?
What operating systems does LC7 run on?
My error/issue isn’t addressed in this FAQ or the online documentation. Help?


Where can I find documentation for L0phtCrack 7

You can find our online documentation at L0phtCrack 7 Documentation.


How do I move my LC7 license to a new machine?

To move your license to a new machine you must first deactivate the license on the machine is is currently installed on. You do this by going to the Settings page by selecting Settings on the left panel. On the Settings page select the About L0phtCrack 7 tab. Next click on the Deactivate License button. You will be prompted to enter in your license password. If you have forgotten it you can select I forgot my password to have a password reminder sent to the email address you registered your license with.

Once you have deactivated your license you can then install L0phtCrack 7 on a new machine (download link: http://lc7.download/win64) and then activate the license on the new machine.


Why does Hybrid mode appear to be super slow? The status bar only shows a new word being cracked against every few seconds

Hybrid mode can “appear” to be so slow in environments where there are no LANMAN hashes. In reality the number of crypts/sec is remaining relatively constant in hybrid mode. The options in Hybrid mode very quickly and drastically increase the number of word variants that LC is comparing against.

Assuming the default of two (2) letters appended in hybrid mode this immediately creates the test per word by 1225 permutations (35^2).

Now let’s assume a very low-ball estimate on the number of substitutable letters (if you had that box checked in the session options) and assume
there were 4 substitutable characters. This produces 16 more variants.

Without LANMAN hashes L0phtCrack also needs to perform case sensitivity checks. Assuming a 7 character word being tested this is another 128 variants ( 2^7).

As you can see in this trivial example 1225 * 16 * 128 = 2,508,800 message digest attempts – and this would be for a “single” word in our progress display.

By comparison, if a LANMAN hash were present, this would only require 1225 * 16 = 19,600 to determine the case insensitive password and then an additional 2^strlen number of checks (strlen may be only up to 7 as LANMAN breaks the password into two 7 character chunks) to derive the case sensitive variant. Assuming a 7 character word, this would be 19,600 + 128 = 19,728. If a LANMAN hash is not present we’re back to having to run through > 2million.

Certain words have more substitutable characters than others and the length of the word also directly affects the case sensitivity checks ( 2^(strlen) number of checks ).

The numbers in this example aren’t “precisely” accurate and there are some subtle variations that are performed for optimizations, but in general this is how things work and why the hybrid mode may appear to be very slow if there are no LANMAN hashes available.


Doing a pentest you might end up with several thousand accounts, is there any way to weed out the accounts you do not want audited?

The best way is to delete the accounts you don’t want from the session. You can delete any account by selecting its row and then hitting delete. This will permanently remove it from your session, so if you want to change your selections later you’ll need to re-import all the hashes (or save a version of the session before you start making your selections). You can delete a single account at a time, or highlight many rows and delete them all at once.


I launch LC7 and the splash screen appears but the program does not run.

There are two things that seem to address this issue – reboot the
system. If that does not fix the problem you may also try
disabling UAC (User Access Control) in Vista / Windows 7 or later versions of Windows.


I am getting ‘access denied’ issues dumping hashes from a remote Windows server, even though I am an administrator

On a normally configured system with that OS LC’s remote hash retrieval is compatible, but if security or registry settings were customized or hardened it could interfere with the tool’s retrieval operations. In these cases, the easiest solution is to use a tool like fgdump to pull the hashes to a file on the Domain Controller, then read that file into LC on your local system.

Some common reasons for these issues include:

If you have a shared network drive on the system you’re trying to connect
to, the connection will fail.
Some firewalls, antivirus, or other security tools interfere with the connection. If possible,
you can try disabling them temporarily, or add an exception for LC.
The Windows EMET tool blocks LC from connecting.
If you’re connecting to a DC, you need to be a Domain Administrator.

For more information on this and some registry settings to check, click here


Why do so many accounts say ‘missing’ or ’empty’ for the Lanman hash?

Lanman (LM) is a less secure hash than NTLM, so Windows provides the option to
disable LM, for better security. Also, passwords greater than 14 characters in
length don’t have LM hashes. If it says *empty* or *missing* for the LM hash
that just means that that account’s password info is only stored in NTLM hash
format. (If NTLM said *empty*, then that would indicate an empty password.)
The NTLM hashes will be harder to crack (a good thing), but you’ll have to
add some NTLM options if you want to audit the other passwords.


I just purchased your product. Why wasn’t I sent a license key?

First, look at your sales notification email. If it says “Maintenance Contract”, then
you may have bought a 1 year renewal of Maintenance for an existing license. If this is
the case, then you can buy a license from our site (which comes with 1 year of Maintenance
included). If you don’t want to have pre-paid for your second year of Maintenance, then you
can contact our sales team at sales@l0phtcrack.com
to get a refund on the accidental maintenance purchase. Please include your order number
in the email.


If you don’t think this is what happened, then contact the support team at support@l0phtcrack.com,
and include your order number in the email.


Where should I get rainbow tables from?

We have dropped support of rainbow tables in LC7 as the increased performance of brute force had made it less popular, and the free rainbow table distributions we were pointing users to are no longer operational. (Including or distributing our own rainbow tables caused some issues for international sales, due to cryptography export restrictions.)


When I try to run, I get a “key generation failed” error. What does that mean?

That error usually occurs when LC is being run from a different account than
the one it was installed under. Try running from the installed account instead
and if you still have problems, contact support with your order number, OS,
LC version number, and a description of the problem. Include the exact error message
you are seeing, and as many details as possible about the error.


What operating systems does LC7 run on?

L0phtcrack runs Windows 7 and any later version of Windows. We can pull hashes from earlier
versions of Windows like XP and Vista, but the tool won’t run on those systems.


My error/issue isn’t addressed in this FAQ or the online documentation. Help?

You can contact the support team at support@l0phtcrack.com.
In your email, please include:

What version of Windows you’re running LC on
What version of LC7 you’re running (should look like 7.0.x)
Your order number, or failing that, the name your version is licensed to.
Have you always had this problem, or did LC work ok before and now it doesn’t?
As many details as possible about the error. Screenshots of error messages & your session settings,
the OS of the machine you’re trying to connect to, exactly when in your process the error or crash
occurs – whatever is relevant to your issue. The more we know about what’s going on, the easier it
will be to diagnose.