Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: L0phtcrack 3.0 and W2K

From: "Don Weber" <Don () AirLink com>
Date: Thu, 13 Sep 2001 16:00:34 -0700
apparently the passwords fed to it are at least not easy, if you are using
the trial version it won't go through all the methods, especially brute
force, and make sure you copied/imported the created by the sniffer. LC3
will crack the passwords given time with the full version, you could create
a test account with a known password, make it an easy one, that is a regular
word, jsut so you can see that it can be cracked. I've used LC3 the same
method you are trying and successfully retreived about 25% of my network
passwords, using the trial version, I immediately had those passwords
expired and turned on Use Strong Passwords enforcement, the easy passwords
won't happen again, but if you get the full version, install it on an unused
system, and just let it run for a while, it will eventually crack the
passwords using brute force, then by knowing how long it takes can give you
an idea of how often you  want to force password changes, I seem to recall
seeing a faq about various lengths of time taken on dif systems, and some
were exceeding 2 weeks of crunching.

-----Original Message-----
From: st0ff st0ff [mailto:if0ff () yahoo com]
Sent: Thursday, September 13, 2001 1:22 AM
To: PEN-TEST () securityfocus com
Subject: L0phtcrack 3.0 and W2K


Hi all,
i've collected enrypted passwords and usernames with
the included sniffer feature in a W2K environment.
In two days no password was cracked by LC. I guess
there is is a problem to crack the new NTMLv2
encryption. Have anyone any idea how to crack these
encryption?

Regards

if0ff


__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: