L0phtCrack 2.0 FAQ
Last updated 2/16/98
1a. Can I use a custom character set?
You can define your own character set for L0phtCrack to use for brute forcing. There
is no user interface to do this however. You must first load the password password
file into L0phtCrack and then do a file save to save it in .lc or L0phtCrack format.
Open the .lc file in a text editor. You will see something like this:
LastBruteIteration=0
CharacterSet=ABCDEFGHIJKLMNOPQRSTUVWXYZ
Administrator:"":"":LANMANHASH:NTHASH
.
.
.
You can edit the CharacterSet to whatever you like. If you add the space character
make sure it is not the last character. There is a small bug that will be soon fixed that
requires you to set change LastBruteIteration=0 to something like
LastBruteIteration=A unless you have 0 in your CharacterSet.
1b. Can I start L0phtCrack brute forcing at a certain password?
Yes. Maybe you know the first character of a certain password you are looking to
crack. Just follow the instructions in question #1 and set LastBruteIteration to start
with the first character you are looking for with the number of digits you want to start
with. For example if you know the password starts with C and is 7 chars or longer
you would use: LastBruteIteration=CAAAAAA
Don't put in any characters that are not in the CharacterSet, always use uppercase,
and never put in more than 7 characters. One caveat is that if the password is
longer than 7 characters you will miss some of the possibilities for the second half.
You should run L0phtCrack starting from scratch to discover the second half once
you know the first. Unles the password is 14 characters long finding the second have
should be quick.
2. Cracking sniffer dumps seems to take a long time. Is this right?
Cracking the captured challenge/response hashes from a network capture takes a bit
longer for one password than its counterpart gotten from a registry dump. The big
slowdown with the network capture cracking is that each hash is encrypted with a
unique challenge so that the work done cracking one password cannot be used
again to crack another. This means that the time to completion scales linearly as you
add password hashes to crack.
10 network challenge/response hashes will take 10 times longer to crack than just
one. Ouch, that could take a long time. This type of cracking really needs to be
targetted towards particular passwords to be effective.
3. I get "cannot open adapter" when I try to run the readsmb sniffer. What's
wrong?
Make sure you have followed the instructions in the readme.txt file to install the
network driver required to do promiscuous reading of the network. This usually
requires power user or administrator group privileges on the machine.
If you have 2 NICs and the sniffer doesn't seem to work disable the binding of the
'Nds 3.0 Packet Driver' to one of NICs.
If you also have the ISS packet driver or Asmodeus packet driver loaded there may
be some conflict. You may need to remove those drivers to use the l0phtcrack driver.