L0phtCrack (v6) Rises Again

FyreWyr writes "L0phtCrack — now 12 years old — used to be a security 'tool of choice' for black hats, pen-testers, and security auditors alike — that is, until it was sold by L0pht to @stake, then Symantec, to be released and subsequently dropped as LC 5. As an IT security consultant, I used this tool to regularly expose vulnerabilities or recover data when there were few other options available. Eventually, I let it go as tech evolved away. Now, after being returned to its original developers, version 6 was released this week with fresh features: support for 64-bit multiprocessors, (current) Unix and Windows operating systems, and a number of other features, including enhanced handling of NTLM password hashes and support for rainbow tables. Interested parties, especially consultants, will find this shiny new version sports a hefty price tag. It raises doubts in my mind whether it can effectively compete with open source alternatives that go by similar names, but as I found earlier versions so useful, its re-emergence seems worth the mention."

Am I missing something??

[Meshach]

This just seems like a cracker tool - to gain passwords. Or am I missing something (since Symantec owns it I probably am)?.

Re:

[SchizoStatic]

From what I read Symantec doesn't own it anymore. Looks like they bought it from someone who bought it from the original people and now it is back in the original people's hands.

Re:Am I missing something??

[Bert64]

I doubt a cracker would use this, most of the features listed seem to appeal to non technical management types...
Crackers (and for that matter more technical people other than crackers) are more likely to use john the ripper, which runs on more platforms, supports more cipher types, supports clustering etc.

Incidentally, the talk about "pre computed dictionary files" is a ridiculous idea, you turn a small dictionary, say 100 words, into a huge file consisting of 100 * * , and you end up storing thousands of hashes for salts not being used in the passwords you're trying to crack..
Yes sure, some password types are not salted, but these types are also generally very weak and a modern cpu may be able to compute them faster than it can spool from disk.

Re:

[appleguru]

Precomputed hashes are useless unless they are *sorted* then they become useful. If you have a sorted precomputed hash table for, say, all 10 character passwords and you have a hash then you can *instantly* locate the matching hash from your table and retrieve the password provided it is 10 or fewer characters. Brute forcing would take *much* longer, even on modern CPUS. With hard drive space as cheap as it is these days, huge presorted precomputed hash tables are very feasible.. this is largely the reason

Re:

[Anonymous Coward]

26^10*hashsize bytes?

The two extremes (all CPU or all disk) are pretty bad. Go read about rainbow tables, which sit somewhere in between and let you choose the cpu/disk tradeoff that you want.

Re:

[MR.Mic]

I am not exactly sure how this [wordpress.com] will help do that.

Re:

[X0563511]

No, and the first Google result [wikipedia.org] would have worked.

Not sure how you ended up at some random wordpress blog. Learn to search properly.

Re:

[Pyrowolf]

<whoooosh>

Wow dude, seriously?

Re:Am I missing something??

[Fulcrum of Evil]

these types are also generally very weak and a modern cpu may be able to compute them faster than it can spool from disk.

The way a rainbow table works is to generate a reverse mapping for your password, so if it's in the table, it's one index lookup away. Kind of hard to beat that, unless you're cracking WEP or something.

Re:

[bendodge]

Ophcrack is an excellent example of this. It's very useful in helpdesk work when someone doesn't give you their password - you can gain it without having to reset anything (and possibly lose encrypted files or saved IE passwords etc.).

Re:Am I missing something??

[this great guy]

Incidentally, the talk about "pre computed dictionary files" is a ridiculous idea

This is not what you think it is. What they mean by that term is they support rainbow tables [l0phtcrack.com]. This is a time-memory trade-off that is very useful to crack non-salted hashes like Windows's standard NTLM hashes.

Re:

[X0563511]

Better description of rainbow tables. [wikipedia.org]

Re:Am I missing something??

[Zero__Kelvin]

The original author, Mudge, is not only highly technical, he is much, much, much smarter than you. He is also world famous, and it isn't cause he has a way k3w1 hax0r name. He creates tools for security professionals, and he is one of the most elite in the industry. He thinks it is useful to highly technical types and you don't. Maybe you'd like to do some serious introspection before deciding if it is you or Mudge that is missing something here?

Re:

[nurb432]

And why would anyone worth his salt rely on a commercial tool anyway?

Sure, if you are in the security field, you will now have to run it against your 'sandbox' just in case some low threat kid tries it on your network, but that is as far as it would go as far as i'm concerned.

Sounds like a good scam to me, release tool knowing full well it will end up on torrent sites for amateur kiddies to use, then sell copies to corporate so you can 'test' your network with to 'be thorough'. Sounds a lot like how they de

Re:

[fulldecent]

Please read:

Making a Faster Cryptanalytic Time-Memory Trade-Oï
Philippe Oechslin
http://lasecwww.epfl.ch/~oechslin/publications/crypto03.pdf [lasecwww.epfl.ch]

or any other paper in its references

Re:

[Anonymous Coward]

That's more or less what it is but it was used to find password vulnerabilities back in the day created by various mixed Windows (LANMAN passwords on an old NT network were insta-cracked so it was nice to know who was connecting with win16 OSes so you could go stab then in the face and take their machines away) versions back in the day. Also used to be good to unlock your build server when the operator went to Russia for a month and locked everyone out of it. There were many legit uses of it but it is or

Re:

[Zero__Kelvin]

You are missing the fact that such a tool is useful. If your sysadmin can use it to figure out your password then so can a black hat (cracker.) You see, on a truly secure system the password is not discoverable even by the root user. (I'd say root/Administrator, but again, I am only talking about potentially secure operating systems here)

Symantec has a knack of spoiling even the best of

[freedom_india]

Let's face it: Anything that symantec touches turns into worthless and junk.
Symantec is like the Anti-Midas of technology.
They touched Norton and poof, a great tool was turned into the worst nightmare of all times.
Now they are releasing the ultimate hackers' tool under their umbrella.
If i was anything like ParMaster, i would run as fast as i could and as far as away from it.

Re:

[SchizoStatic]

True to that. They slaughtered my favorite windows firewall sygate :(

Re:

[inject_hotmail.com]

They did it to sygate too? Hmmm...I recall they bought the defunct AtGuard firewall and neutered it into their "Internet Security" program...I remember the first (and maybe the second) iteration still had the exact same statistical screen at AtGuard.

AtGuard was the best.

Re:

[inject_hotmail.com]

NeoTrace! Yeah, that was a wicked program. It doesn't work anymore, does it?

You say "was" your favorite...does that mean it's not available anymore?

Re:

[Anonymous Coward]

Symantec is like the Anti-Midas of technology.

To be fair, Midas' touch didn't really work out too well either...

Re:

[Zero__Kelvin]

"Now they are releasing the ultimate hackers' tool under their umbrella."

You might want to read TFA, so you have some idea what you are talking about. L0phtcrack is not owned by Symantec, and has been re-acquired by the original developers. It is in the article. Really. Don't let the clueless mods fool you. Your post was not only completely lacking in insight, it is just plain and flat wrong.

Re:

[freedom_india]

Oh, so now you are saying that symantec HAS the midas touch and that it produces Excellent Norton Utiilities and Anti-Virus...?

Re:

[Zero__Kelvin]

Oh, so now you are saying that the world is flat and the Earth revolves around the sun?

See. I can make things up and put "Oh, so now you are saying ..." in front of them too!

Re:

[freedom_india]

Touche, my friend.
I was trying out the old, well-worn Republican way of attacking opponents.

Ghost Anyone?

[nurb432]

They haven't killed that off, yet. We will see what happens now that they own Altiris and have pretty much merged it with that division, but so far it wasn't destroyed by the acquisition of norton.

Open Source Competitors

[fv]

When the submitter referenced "open source alternatives that go by similar names", he was referring to ophcrack [sourceforge.net]. Similar features are also available from Cain and Abel [www.oxid.it], and John the Ripper [openwall.com].

I maintain a list of top password crackers [sectools.org] and sniffers [sectools.org] as part of my SecTools.Org [sectools.org] site.

While the submitter is correct that they have much more competition now, I still wish to congratulate the former L0pht guys on the new release!

Re:

[makinsky]

OMG... it's fyodor!
Praise the almighty creator of nmap [insecure.org] !!!

Who remembers it?

[Ektanoor]

Loph who?...
What cracks?
12 years? That's pretty old stuff. Who needs it?
Does it work on iPhone?
Can I crack my XBox with it?

Really people, I bet that 90% of slashdotters are still wondering what is L0phtCrack and how can you eat it.
I waited for 10 minutes. No replies. Mute reaction.

L0phtCrack, and their creators, the "L0pht Heavy Industries" group, were once shinning stars inside the Hacker community. Now who remembers them? There are not even scriptkiddies around, all society is a scripkiddy.

L0pht people also created the "tool that never got its true name" - "netcat", which can only be found in most *nix systems as "nc". Pretty great tool, just two weeks ago I used it, once again, for more than 11 years.

Hail to you guys, happy to see you around.

And Hail to the Cow!

Re:

[wmbetts]

I remember them and that program. I'm sure a lot of people remember who they are.

Re:

[Ethanol-fueled]

I bet that 90% of slashdotters are still wondering what is L0phtCrack and how can you eat it.

Actually I was wondering how I could smoke it...

Re:

[egr]

I remember, and I remember using it, however I think I remember it was gratis before.

Re:

[Ektanoor]

Sincerly, if I well remember it was time limited, almost since the very beginning. If you remember the gratis version, then you are older than me :)
Anyway... Let me push my brains.... Eeeeee, pushing... There was a command line version that seemed to be wholly free. But as I was already a *nix master of Zen (ok, bash me), I didn't had such a need to use it. John the Ripper and others did much better on *nix and were much more stable, if my memory tells me correctly the story.

Anyway this was a great tool but

Re:

[egr]

Ok, probably wasn't gratis, but it was really hard to tell since I was in Russia at that time. Although judging by your skillz of Zen and decimals in you UID I do assume that you are older then me.

Re:

[Anonymous Coward]

Pretty great tool, just two weeks ago I used it, once again, for more than 11 years.

Two weeks ago you used it for more than 11 years? Are you sure about that? Maybe you like to recast that sentence.

Re:

[Ektanoor]

Maybe I would recast it. Used for more than 11 years, last time two weeks ago...

Re:

[godIsaDJ]

I remember them and @stake. And at some point I even tried to get a job there (to be honest, luckily it did not work out!). Then Symantec bought them. I can't think of a more disappointing outcome...

Re:

[olivier69]

I bet that 90% of slashdotters are still wondering what is L0phtCrack and how can you eat it.

Hmmm no. I'm just wondering how I can smoke it.

Re:

[chord.wav]

Sure, I remember them, the hacker news network and the hairy palm for Palm Pilot!
Good to see them back. I hated the shutdown of HNN, it was one of my favorite sites.

Re:

[Ektanoor]

On which of the languages I know?
Sorry, but sincerly, it is pretty hard to remember the grammar of some 9 languages I know. And I am not taking into account programming.

More. It is pain to take into account the grammar of each language, if you are reading almost simoultaneously three or four languages.

Yes, it's a handicap I cannot stick into a specific grammar. But I can read on several languages and write, in a possible comprehensible manner, on them.

Now I know several jerks who are too sticked to grammar,

Re:

[causality]

On which of the languages I know? Sorry, but sincerly, it is pretty hard to remember the grammar of some 9 languages I know. And I am not taking into account programming.

More. It is pain to take into account the grammar of each language, if you are reading almost simoultaneously three or four languages.

Yes, it's a handicap I cannot stick into a specific grammar. But I can read on several languages and write, in a possible comprehensible manner, on them.

Now I know several jerks who are too sticked to grammar, make a whole fuss out of it and are only able to create a complete nonsense out of a text. If I note that I had these cases on juridical documents, which decided will someone go to the gallows or not... I do prefer my horrible grammar.

ModDown offtopic but I get pretty mad when people try to teach grammar not by the error but by playing smarties.

Nine languages is quite a feat and I salute the effort it must have taken to pull that off. For that reason I felt bad that you are allowing an Anonymous Coward to upset you like this. Unfortunately he is probably a troll and your response is probably exactly what he wanted.

If it helps, I can explain where at least a little of the "grammar nazi" deal comes from. Some of the worst grammar and diction I have ever seen, on Slashdot or elsewhere, came from Americans who are native speakers of English and

Re:

[oldhack]

Shut the hell up you ignint SOB.

(subliminimal message: this here post is INSITEFUL!)

Re:Who remembers it?

[Allador]

Dude, seriously. Its nice and all that you like to brag about multiple languages. Good for you.

But do you really know a language if you cannot communicate effectively with it?

Case in point, your post that I'm responding to.

It's fairly badly broken English. I've read worse, but its not good.

For example, how do you get 'too sticked to grammer', and what the hell does that mean? Is it some kind of dom/sub foreplay?

What is a 'juridical' document? Sounds kinky.

And I dont even have a clue what this is supposed to mean:

... when people try to teach grammar not by the error but by playing smarties.

Now there are alot of people who arent native english speakers here on /. And generally they only get minor grief, and only from idiots. You should have ignored the idiots. But oh no, you had to go get arrogant about it, and blame it on how you're so smart you are reading /. simultaneously in six languages including binary.

Bottom line, if you want to be able to be understood, and engage in conversation with people, then slow down a bit and at least try to make your posts intelligible. The couple of your posts I've read on this story are nearly incomprehensible. Strangely enough, the most clear you've been was in your bragging about how many languages you know, so that tells me you can speak clearly in English when you want to.

Re:

[Ektanoor]

The worst will be to excel on one and not be able to say a word on the other eight.

And even worser is not to be able to understand anything else, but only the excellence of the grammar in the language you believe to understand. Usually those who excel are even uncapable to understand dialects. You know how pretty is Jamaican English? Several years ago I could easily understand it. But, many english speakers don't make an idea of what Jamaicans say. Quite sad.

You living on Earth, not in Nutziland.

Re:

[cbiltcliffe]

You living on Earth, not in Nutziland.

Huh?

I thought the two terms were interchangeable....

Missing everything

[Anonymous Coward]

Sigh. Do you...do... IT? It seems like a "cracker tool" to you? What the hell are you, the FBI raiding Steve Jackson games 15 years ago because you're too inept to understand the difference between a concept and using it criminally?

You understand that even tools put to ill use by criminals have legitimate purposes right? Or are you in the ban sporks because they can be used in spork crimes camp? </flame> You deserved that.

L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
  * lack of backups and a need to recover an existing password
  * testing employee passwords for compliance with policy and strength requirements with authorization
  * being paid to pen-test a system
  * Just freakin' wanting to run it at home to see how fast such tools 'really work'
  * Discovering passwords used on a compromised system (it may help reveal passwords used in encrypted files with naive rootkits)
  * General Proof of concept against poor password implementations--early versions of l0phcrack hit some systems a lot faster than others as I recall

Can we stop with this namby crap that the tool is somehow used and written by 'bad people' is 'bad' itself?

Re:

[causality]

You have strong words, but a good point. The black hats already have tools as powerful as L0phtCrack if not far better.

The parallels to gun control are also strong. You have a group of "bad guys" who are already well-armed; in this case, that's the black hats with their cracking tools. In the real world, it's thugs who aren't concerned about committing violent crimes like robbery or murder so they sure as hell aren't worried about a weapons charge. The only (valid) question is whether you want the law-a

Re:

[causality]

Can we stop with this namby crap that the tool is somehow used and written by 'bad people' is 'bad' itself?

And lose an excuse for manipulating and controlling other people?! No fucking way! Next thing ya know, you'll want us to stop justifying bad laws with "for the children" and "to fight terrorism". How the hell will we intrude into other peoples' lives then? Huh?! See, you haven't thought this through.

Re:

[kimvette]

L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
* lack of backups and a need to recover an existing password

Log in as Administrator (or root on *nix) and change the password. No recovery necessary.

* testing employee passwords for compliance with policy and strength requirements with authorization

Implement password policies which are supported through technical measures (group policies or any number of *nix equivalents) and require that everyo

Re:

[kimvette]

L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
* lack of backups and a need to recover an existing password

Log in as Administrator (or root on *nix) and change the password. No recovery necessary.

I forgot one detail

. . .using an offline registry editor if/when necessary.

Sorry, my point is invalid without that detail. I forgot to add it in when I added my lamenting over the crapware vendor that Nor

Re:

[causality]

I don't disagree with what you are saying, though I'm about to sound a lot like I do.

The reason IT gets a bad name (other than the fact we fail to deliver ALOT) is that we have bad attitudes about the skills of others and we don't listen to those that are actually paying for our services we just preach and get upset when they don't immediately take our advice. Being right and knowledgeable is important but being convincing and influential is even more important if you actually want to get something done.

If

Re:

[kimvette]

There is a difference between posting about what is wrong in a dicsussion with tech folks on a site such as /. or zdnet (which are both made up of technology workers and professional and/or amateur journalists) and communicating with customers. The approach and tone for each is and should be different as the education level, expectations, and requirements of each audience is different. Here I do not need to sugar-coat my comments or opinions of given product choices.

With customers sometimes the medicine ne

Re:

[blincoln]

Log in as Administrator (or root on *nix) and change the password. No recovery necessary.

Sometimes this isn't practical. For example, in a large enterprise it's easy to end up in a situation where if you can determine the password of a service account, you can get your work done non-intrusively and quickly, versus weeks or months of coordinating with other groups because you needed to change it. If you've inherited a bunch of legacy systems that depend on a single service account, you can pretty much guaran

Re:

[Allador]

Here here.

Anyone who says that recovering passwords is never necessary, since you can just change them, obviously has never done much work in this field.

Re:

[AbRASiON]

It also has uses allowing mid level techs to get the local admin they should have which tightass upper management restrict in draconian business's
I've had to use it many times before, thank god I don't have to nowadays.

Any GPU Support?

[Anonymous Coward]

What would make a real killer for cracking would be a combination of Cain and Abel + GPU Support. Imagine having a ten/hundred fold increase in hashes per second from utilizing a Nvidia / ATI card.

You do have other programs for this kind of work, but the price tag I've seen so far would make my stomach turn.

I'd be careful

[16384]

I had a copy of l0phtcrack on my disk that I downloaded years ago from their site, and was left gathering dust on a forgotten corner of my hard drive. Recently a full drive scan by an antivirus (AVG?) identified it has having a trojan. It could be a false positive, but it seems more likely to really be a trojan that had been deliberately planted there. Consider yourselves warned.

Re:

[jesseck]

I've had a directory in my computer I used to organize network security tools, and I had to disable Symantec from scanning it. Every scan, Ophcrack and Cain & Able would pop as a threat. There were a other tools, too. I just expect this behavior out of an AV program. As for the trojan alert, we know that there is malicious software that can capture passwords. So, this was probably a hit from the heuristics of the program- a similar signature. Hell, if I was writing malicious software, and I needed

Re:

[deets101]

First, I hope you're kidding.
Second, This raises an interesting question for me. When Symantec owned it did their AV product(s) detect this as malware? That would be a fun call to their tech support.

Re:

[hitnrunrambler]

Yeah.... if you don't understand why you got that message then you probably shouldn't be playing with tools like l0phtcrack.

Smart of them...

[Simulant]

... especially considering the recently announced cyber-security initiatives, not to mention all of the DOD stuff going on.

We are building an entire ARMY of script kiddies who will need such tools. ;) And guess who's paying for them?

who needs to crack windows passwords anymore???

[Anonymous Coward]

http://oss.coresecurity.com/projects/pshtoolkit.htm [coresecurity.com]

'nuff said

still?

[Lord Ender]

Is this still useful against modern implementations of active directory? I thought it used either kerberos or an improved version of NTLM these days.

Re:

[Allador]

Ignore the idiot AC who responded to you. Password storage has nothing to do with Kerberos. The two things are related, but orthogonal.

Windows still uses NTLM without a salt in the current versions.

There is a way to encrypt the SAM with a symmetric cipher, which requires that a floppy or USB key must be physically present for the SAM to be accessed. It's not widely used.

And by the way

[Master of Transhuman]

whoever gets the first clean cracked version, email me.

Should take about thirty seconds.

EXE

[anonieuweling]

A windows-only binary?
The world has changed since then...

Also:
> Attention Overseas Customers
(etc)
What do overseas customers have to do with USA law?

15 day trial?

[nurb432]

Ok, so where is the torrent of the real release, where your download isn't also tracked.

Re:Let me be the first to say:

[Jurily]

Attention Overseas Customers
As required by law, L0phtcrack is subject to United States export controls. L0phtCrack may not be downloaded or otherwise exported or re-exported outside the United States. By downloading or using L0phtCrack, you are agreeing to the foregoing and all applicable export control laws. See disclaimer for more details.

What kind of sorry-ass black-hat tool is this?

Re:

[Zero__Kelvin]

It is like those inherently black-hat tools like DES, RSA, SHA-1, and their ilk. Why anyone would want to be the "first to say" such a ridiculous thing is beyond me, but the fact that your ridiculous post has been modded up would only surprise me if this was Slashdot about a decade ago, before it became so popular among the gleefully clueless.

Re:

[nurb432]

They don't want to be sued because of what you do with it.. Pretty normal CYA these days when people are getting sued just for downloading a song.

Re:Let me be the first to say:

[RudeIota]

Then do it.. and offer it for free.

Re:Let me be the first to say:

[Machtyn]

But, somebody already has. Here is a list [sectools.org] of 100 great Security tools. (It says "Network Security", but the tools are usually able to do more than just network processes.)

Re:

[sopssa]

That's the thing here. Its made for IT security persons, and they probably will enjoy the convenience and other features it delivers. As a webmaster I could probably code all the scripts and code I would need, but sometimes its just more convenient to buy them in one package and dedicate your time on the more important stuff. You get more done that way aswell.

Re:

[SlashWombat]

Exactly why are you paying this guy 100k a year? For 100k, He really should be looking at all the available "tools", as some will expose vulnerabilities that others will miss, etc. It might be different if you were only paying the guy 25K a year. At that rate, you might not expect the person to be too bright. (In fact, as is well known. If you pay peanuts, all you will get is monkeys!)

Re:

[Machtyn]

Did you bother to follow the link? You'll find out that the top 10 or so are multifunctional. I use about 3 or 4 of them.

The thing is, I would say L0phtCrack is the mediocre program compared to some of the specialized software on this list.

Re:

[TooMuchToDo]

Seriously? If you're a security consultant, you're charging between $125-$250/hr. Tool pays for itself within 4-6 hours of work. Fucking moron.

Re:

[Master of Transhuman]

And in four to six hours of work with another tool that costs nothing?

While I'm aware this tool is supposed to be good, the cost in comparison to some other tools is ridiculous. That's the point. It's never about how long it will take to pay for it.

Moron.