L0phtCrack 2.0 FAQ 
                                                           Last updated 2/16/98 

                                 1a. Can I use a custom character set? 

                                 You can define your own character set for L0phtCrack to use for brute forcing. There
                                 is no user interface to do this however. You must first load the password password
                                 file into L0phtCrack and then do a file save to save it in .lc or L0phtCrack format.
                                 Open the .lc file in a text editor. You will see something like this: 

                                 LastBruteIteration=0
                                 CharacterSet=ABCDEFGHIJKLMNOPQRSTUVWXYZ
                                 Administrator:"":"":LANMANHASH:NTHASH
                                 .
                                 .
                                 .

                                 You can edit the CharacterSet to whatever you like. If you add the space character
                                 make sure it is not the last character. There is a small bug that will be soon fixed that
                                 requires you to set change LastBruteIteration=0 to something like
                                 LastBruteIteration=A unless you have 0 in your CharacterSet. 

                                 1b. Can I start L0phtCrack brute forcing at a certain password? 

                                 Yes. Maybe you know the first character of a certain password you are looking to
                                 crack. Just follow the instructions in question #1 and set LastBruteIteration to start
                                 with the first character you are looking for with the number of digits you want to start
                                 with. For example if you know the password starts with C and is 7 chars or longer
                                 you would use: LastBruteIteration=CAAAAAA 

                                 Don't put in any characters that are not in the CharacterSet, always use uppercase,
                                 and never put in more than 7 characters. One caveat is that if the password is
                                 longer than 7 characters you will miss some of the possibilities for the second half.
                                 You should run L0phtCrack starting from scratch to discover the second half once
                                 you know the first. Unles the password is 14 characters long finding the second have
                                 should be quick. 

                                 2. Cracking sniffer dumps seems to take a long time. Is this right? 

                                 Cracking the captured challenge/response hashes from a network capture takes a bit
                                 longer for one password than its counterpart gotten from a registry dump. The big
                                 slowdown with the network capture cracking is that each hash is encrypted with a
                                 unique challenge so that the work done cracking one password cannot be used
                                 again to crack another. This means that the time to completion scales linearly as you
                                 add password hashes to crack. 

                                 10 network challenge/response hashes will take 10 times longer to crack than just
                                 one. Ouch, that could take a long time. This type of cracking really needs to be
                                 targetted towards particular passwords to be effective. 

                                 3. I get "cannot open adapter" when I try to run the readsmb sniffer. What's
                                 wrong? 

                                 Make sure you have followed the instructions in the readme.txt file to install the
                                 network driver required to do promiscuous reading of the network. This usually
                                 requires power user or administrator group privileges on the machine. 

                                 If you have 2 NICs and the sniffer doesn't seem to work disable the binding of the
                                 'Nds 3.0 Packet Driver' to one of NICs. 

                                 If you also have the ISS packet driver or Asmodeus packet driver loaded there may
                                 be some conflict. You may need to remove those drivers to use the l0phtcrack driver.