Forgot your password?
typodupeerror
Security Software

L0phtCrack (v6) Rises Again 120

Posted by Soulskill
from the old-dogs-new-tricks dept.
FyreWyr writes "L0phtCrack — now 12 years old — used to be a security 'tool of choice' for black hats, pen-testers, and security auditors alike — that is, until it was sold by L0pht to @stake, then Symantec, to be released and subsequently dropped as LC 5. As an IT security consultant, I used this tool to regularly expose vulnerabilities or recover data when there were few other options available. Eventually, I let it go as tech evolved away. Now, after being returned to its original developers, version 6 was released this week with fresh features: support for 64-bit multiprocessors, (current) Unix and Windows operating systems, and a number of other features, including enhanced handling of NTLM password hashes and support for rainbow tables. Interested parties, especially consultants, will find this shiny new version sports a hefty price tag. It raises doubts in my mind whether it can effectively compete with open source alternatives that go by similar names, but as I found earlier versions so useful, its re-emergence seems worth the mention."
This discussion has been archived. No new comments can be posted.

L0phtCrack (v6) Rises Again

Comments Filter:
  • This just seems like a cracker tool - to gain passwords. Or am I missing something (since Symantec owns it I probably am)?.
    • From what I read Symantec doesn't own it anymore. Looks like they bought it from someone who bought it from the original people and now it is back in the original people's hands.
    • by Bert64 (520050) <bertNO@SPAMslashdot.firenzee.com> on Saturday May 30, 2009 @02:09PM (#28150799) Homepage

      I doubt a cracker would use this, most of the features listed seem to appeal to non technical management types...
      Crackers (and for that matter more technical people other than crackers) are more likely to use john the ripper, which runs on more platforms, supports more cipher types, supports clustering etc.

      Incidentally, the talk about "pre computed dictionary files" is a ridiculous idea, you turn a small dictionary, say 100 words, into a huge file consisting of 100 * * , and you end up storing thousands of hashes for salts not being used in the passwords you're trying to crack..
      Yes sure, some password types are not salted, but these types are also generally very weak and a modern cpu may be able to compute them faster than it can spool from disk.

      • Re: (Score:3, Informative)

        by appleguru (1030562)

        Precomputed hashes are useless unless they are *sorted* then they become useful. If you have a sorted precomputed hash table for, say, all 10 character passwords and you have a hash then you can *instantly* locate the matching hash from your table and retrieve the password provided it is 10 or fewer characters. Brute forcing would take *much* longer, even on modern CPUS. With hard drive space as cheap as it is these days, huge presorted precomputed hash tables are very feasible.. this is largely the reason

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          26^10*hashsize bytes?

          The two extremes (all CPU or all disk) are pretty bad. Go read about rainbow tables, which sit somewhere in between and let you choose the cpu/disk tradeoff that you want.

      • by Fulcrum of Evil (560260) on Saturday May 30, 2009 @02:30PM (#28150937)

        these types are also generally very weak and a modern cpu may be able to compute them faster than it can spool from disk.

        The way a rainbow table works is to generate a reverse mapping for your password, so if it's in the table, it's one index lookup away. Kind of hard to beat that, unless you're cracking WEP or something.

        • by bendodge (998616)

          Ophcrack is an excellent example of this. It's very useful in helpdesk work when someone doesn't give you their password - you can gain it without having to reset anything (and possibly lose encrypted files or saved IE passwords etc.).

      • by this great guy (922511) on Saturday May 30, 2009 @03:44PM (#28151591)

        Incidentally, the talk about "pre computed dictionary files" is a ridiculous idea

        This is not what you think it is. What they mean by that term is they support rainbow tables [l0phtcrack.com]. This is a time-memory trade-off that is very useful to crack non-salted hashes like Windows's standard NTLM hashes.

      • by Zero__Kelvin (151819) on Saturday May 30, 2009 @08:53PM (#28154349) Homepage
        The original author, Mudge, is not only highly technical, he is much, much, much smarter than you. He is also world famous, and it isn't cause he has a way k3w1 hax0r name. He creates tools for security professionals, and he is one of the most elite in the industry. He thinks it is useful to highly technical types and you don't. Maybe you'd like to do some serious introspection before deciding if it is you or Mudge that is missing something here?
      • by nurb432 (527695)

        And why would anyone worth his salt rely on a commercial tool anyway?

        Sure, if you are in the security field, you will now have to run it against your 'sandbox' just in case some low threat kid tries it on your network, but that is as far as it would go as far as i'm concerned.

        Sounds like a good scam to me, release tool knowing full well it will end up on torrent sites for amateur kiddies to use, then sell copies to corporate so you can 'test' your network with to 'be thorough'. Sounds a lot like how they de

      • Re: (Score:1, Troll)

        by fulldecent (598482)

        Please read:

        Making a Faster Cryptanalytic Time-Memory Trade-Oï
        Philippe Oechslin
        http://lasecwww.epfl.ch/~oechslin/publications/crypto03.pdf [lasecwww.epfl.ch]

        or any other paper in its references

    • Re: (Score:1, Interesting)

      by Anonymous Coward
      That's more or less what it is but it was used to find password vulnerabilities back in the day created by various mixed Windows (LANMAN passwords on an old NT network were insta-cracked so it was nice to know who was connecting with win16 OSes so you could go stab then in the face and take their machines away) versions back in the day. Also used to be good to unlock your build server when the operator went to Russia for a month and locked everyone out of it. There were many legit uses of it but it is or
    • You are missing the fact that such a tool is useful. If your sysadmin can use it to figure out your password then so can a black hat (cracker.) You see, on a truly secure system the password is not discoverable even by the root user. (I'd say root/Administrator, but again, I am only talking about potentially secure operating systems here)
  • by freedom_india (780002) on Saturday May 30, 2009 @02:03PM (#28150753) Homepage Journal

    Let's face it: Anything that symantec touches turns into worthless and junk.
    Symantec is like the Anti-Midas of technology.
    They touched Norton and poof, a great tool was turned into the worst nightmare of all times.
    Now they are releasing the ultimate hackers' tool under their umbrella.
    If i was anything like ParMaster, i would run as fast as i could and as far as away from it.

    • Re: (Score:3, Informative)

      by SchizoStatic (1413201)
      True to that. They slaughtered my favorite windows firewall sygate :(
      • They did it to sygate too? Hmmm...I recall they bought the defunct AtGuard firewall and neutered it into their "Internet Security" program...I remember the first (and maybe the second) iteration still had the exact same statistical screen at AtGuard.

        AtGuard was the best.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Symantec is like the Anti-Midas of technology.

      To be fair, Midas' touch didn't really work out too well either...

    • Re: (Score:3, Informative)

      by Zero__Kelvin (151819)

      "Now they are releasing the ultimate hackers' tool under their umbrella."

      You might want to read TFA, so you have some idea what you are talking about. L0phtcrack is not owned by Symantec, and has been re-acquired by the original developers. It is in the article. Really. Don't let the clueless mods fool you. Your post was not only completely lacking in insight, it is just plain and flat wrong.

      • Oh, so now you are saying that symantec HAS the midas touch and that it produces Excellent Norton Utiilities and Anti-Virus...?

        • Oh, so now you are saying that the world is flat and the Earth revolves around the sun?

          See. I can make things up and put "Oh, so now you are saying ..." in front of them too!
    • They haven't killed that off, yet. We will see what happens now that they own Altiris and have pretty much merged it with that division, but so far it wasn't destroyed by the acquisition of norton.

  • by fv (95460) * <fyodor@insecure.org> on Saturday May 30, 2009 @02:04PM (#28150767) Homepage

    When the submitter referenced "open source alternatives that go by similar names", he was referring to ophcrack [sourceforge.net]. Similar features are also available from Cain and Abel [www.oxid.it], and John the Ripper [openwall.com].

    I maintain a list of top password crackers [sectools.org] and sniffers [sectools.org] as part of my SecTools.Org [sectools.org] site.

    While the submitter is correct that they have much more competition now, I still wish to congratulate the former L0pht guys on the new release!

  • Who remembers it? (Score:3, Interesting)

    by Ektanoor (9949) on Saturday May 30, 2009 @02:06PM (#28150781) Journal

    Loph who?...
    What cracks?
    12 years? That's pretty old stuff. Who needs it?
    Does it work on iPhone?
    Can I crack my XBox with it?

    Really people, I bet that 90% of slashdotters are still wondering what is L0phtCrack and how can you eat it.
    I waited for 10 minutes. No replies. Mute reaction.

    L0phtCrack, and their creators, the "L0pht Heavy Industries" group, were once shinning stars inside the Hacker community. Now who remembers them? There are not even scriptkiddies around, all society is a scripkiddy.

    L0pht people also created the "tool that never got its true name" - "netcat", which can only be found in most *nix systems as "nc". Pretty great tool, just two weeks ago I used it, once again, for more than 11 years.

    Hail to you guys, happy to see you around.

    And Hail to the Cow!

    • by wmbetts (1306001)
      I remember them and that program. I'm sure a lot of people remember who they are.
    • Re: (Score:3, Funny)

      I bet that 90% of slashdotters are still wondering what is L0phtCrack and how can you eat it.

      Actually I was wondering how I could smoke it...

    • by egr (932620)
      I remember, and I remember using it, however I think I remember it was gratis before.
      • by Ektanoor (9949)

        Sincerly, if I well remember it was time limited, almost since the very beginning. If you remember the gratis version, then you are older than me :)
        Anyway... Let me push my brains.... Eeeeee, pushing... There was a command line version that seemed to be wholly free. But as I was already a *nix master of Zen (ok, bash me), I didn't had such a need to use it. John the Ripper and others did much better on *nix and were much more stable, if my memory tells me correctly the story.

        Anyway this was a great tool but

        • by egr (932620)
          Ok, probably wasn't gratis, but it was really hard to tell since I was in Russia at that time. Although judging by your skillz of Zen and decimals in you UID I do assume that you are older then me.
    • Re: (Score:1, Funny)

      by Anonymous Coward
      Pretty great tool, just two weeks ago I used it, once again, for more than 11 years.

      Two weeks ago you used it for more than 11 years? Are you sure about that? Maybe you like to recast that sentence.
      • by Ektanoor (9949)

        Maybe I would recast it. Used for more than 11 years, last time two weeks ago...

    • by godIsaDJ (644331)
      I remember them and @stake. And at some point I even tried to get a job there (to be honest, luckily it did not work out!). Then Symantec bought them. I can't think of a more disappointing outcome...
    • I bet that 90% of slashdotters are still wondering what is L0phtCrack and how can you eat it.

      Hmmm no. I'm just wondering how I can smoke it.

    • by chord.wav (599850)

      Sure, I remember them, the hacker news network and the hairy palm for Palm Pilot!
      Good to see them back. I hated the shutdown of HNN, it was one of my favorite sites.

  • Missing everything (Score:5, Insightful)

    by Anonymous Coward on Saturday May 30, 2009 @02:16PM (#28150849)

    Sigh. Do you...do... IT? It seems like a "cracker tool" to you? What the hell are you, the FBI raiding Steve Jackson games 15 years ago because you're too inept to understand the difference between a concept and using it criminally?

    You understand that even tools put to ill use by criminals have legitimate purposes right? Or are you in the ban sporks because they can be used in spork crimes camp? </flame> You deserved that.

    L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
      * lack of backups and a need to recover an existing password
      * testing employee passwords for compliance with policy and strength requirements with authorization
      * being paid to pen-test a system
      * Just freakin' wanting to run it at home to see how fast such tools 'really work'
      * Discovering passwords used on a compromised system (it may help reveal passwords used in encrypted files with naive rootkits)
      * General Proof of concept against poor password implementations--early versions of l0phcrack hit some systems a lot faster than others as I recall

    Can we stop with this namby crap that the tool is somehow used and written by 'bad people' is 'bad' itself?

    • by causality (777677)

      Can we stop with this namby crap that the tool is somehow used and written by 'bad people' is 'bad' itself?

      And lose an excuse for manipulating and controlling other people?! No fucking way! Next thing ya know, you'll want us to stop justifying bad laws with "for the children" and "to fight terrorism". How the hell will we intrude into other peoples' lives then? Huh?! See, you haven't thought this through.

    • by kimvette (919543)

      L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
      * lack of backups and a need to recover an existing password

      Log in as Administrator (or root on *nix) and change the password. No recovery necessary.

      * testing employee passwords for compliance with policy and strength requirements with authorization

      Implement password policies which are supported through technical measures (group policies or any number of *nix equivalents) and require that everyo

      • by kimvette (919543)

        L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
        * lack of backups and a need to recover an existing password

        Log in as Administrator (or root on *nix) and change the password. No recovery necessary.

        I forgot one detail

        . . .using an offline registry editor if/when necessary.

        Sorry, my point is invalid without that detail. I forgot to add it in when I added my lamenting over the crapware vendor that Nor

      • by blincoln (592401)

        Log in as Administrator (or root on *nix) and change the password. No recovery necessary.

        Sometimes this isn't practical. For example, in a large enterprise it's easy to end up in a situation where if you can determine the password of a service account, you can get your work done non-intrusively and quickly, versus weeks or months of coordinating with other groups because you needed to change it. If you've inherited a bunch of legacy systems that depend on a single service account, you can pretty much guaran

        • by Allador (537449)

          Here here.

          Anyone who says that recovering passwords is never necessary, since you can just change them, obviously has never done much work in this field.

    • by AbRASiON (589899) *

      It also has uses allowing mid level techs to get the local admin they should have which tightass upper management restrict in draconian business's
      I've had to use it many times before, thank god I don't have to nowadays.

  • Any GPU Support? (Score:5, Interesting)

    by Anonymous Coward on Saturday May 30, 2009 @02:38PM (#28150973)

    What would make a real killer for cracking would be a combination of Cain and Abel + GPU Support. Imagine having a ten/hundred fold increase in hashes per second from utilizing a Nvidia / ATI card.

    You do have other programs for this kind of work, but the price tag I've seen so far would make my stomach turn.

  • I had a copy of l0phtcrack on my disk that I downloaded years ago from their site, and was left gathering dust on a forgotten corner of my hard drive. Recently a full drive scan by an antivirus (AVG?) identified it has having a trojan. It could be a false positive, but it seems more likely to really be a trojan that had been deliberately planted there. Consider yourselves warned.
    • Re: (Score:2, Interesting)

      by jesseck (942036)
      I've had a directory in my computer I used to organize network security tools, and I had to disable Symantec from scanning it. Every scan, Ophcrack and Cain & Able would pop as a threat. There were a other tools, too. I just expect this behavior out of an AV program. As for the trojan alert, we know that there is malicious software that can capture passwords. So, this was probably a hit from the heuristics of the program- a similar signature. Hell, if I was writing malicious software, and I needed
    • Re: (Score:2, Interesting)

      by deets101 (1290744)
      First, I hope you're kidding.
      Second, This raises an interesting question for me. When Symantec owned it did their AV product(s) detect this as malware? That would be a fun call to their tech support.
    • Yeah.... if you don't understand why you got that message then you probably shouldn't be playing with tools like l0phtcrack.

  • ... especially considering the recently announced cyber-security initiatives, not to mention all of the DOD stuff going on.

    We are building an entire ARMY of script kiddies who will need such tools. ;) And guess who's paying for them?

  • by Anonymous Coward
  • Is this still useful against modern implementations of active directory? I thought it used either kerberos or an improved version of NTLM these days.

    • Re: (Score:3, Informative)

      by Allador (537449)

      Ignore the idiot AC who responded to you. Password storage has nothing to do with Kerberos. The two things are related, but orthogonal.

      Windows still uses NTLM without a salt in the current versions.

      There is a way to encrypt the SAM with a symmetric cipher, which requires that a floppy or USB key must be physically present for the SAM to be accessed. It's not widely used.

  • by Master of Transhuman (597628) on Saturday May 30, 2009 @07:36PM (#28153725) Homepage

    whoever gets the first clean cracked version, email me.

    Should take about thirty seconds.

  • A windows-only binary?
    The world has changed since then...

    Also:
    > Attention Overseas Customers
    (etc)
    What do overseas customers have to do with USA law?
  • Ok, so where is the torrent of the real release, where your download isn't also tracked.

Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse

Working...