Slashdot Mirror

← Back to Stories (view on slashdot.org)

L0phtCrack (v6) Rises Again

Posted by Soulskill on from the old-dogs-new-tricks dept.

FyreWyr writes "L0phtCrack — now 12 years old — used to be a security 'tool of choice' for black hats, pen-testers, and security auditors alike — that is, until it was sold by L0pht to @stake, then Symantec, to be released and subsequently dropped as LC 5. As an IT security consultant, I used this tool to regularly expose vulnerabilities or recover data when there were few other options available. Eventually, I let it go as tech evolved away. Now, after being returned to its original developers, version 6 was released this week with fresh features: support for 64-bit multiprocessors, (current) Unix and Windows operating systems, and a number of other features, including enhanced handling of NTLM password hashes and support for rainbow tables. Interested parties, especially consultants, will find this shiny new version sports a hefty price tag. It raises doubts in my mind whether it can effectively compete with open source alternatives that go by similar names, but as I found earlier versions so useful, its re-emergence seems worth the mention."

5 of 120 comments (clear)

  1. Open Source Competitors by fv · · Score: 5, Informative

    When the submitter referenced "open source alternatives that go by similar names", he was referring to ophcrack. Similar features are also available from Cain and Abel, and John the Ripper.

    I maintain a list of top password crackers and sniffers as part of my SecTools.Org site.

    While the submitter is correct that they have much more competition now, I still wish to congratulate the former L0pht guys on the new release!

  2. Re:Symantec has a knack of spoiling even the best by SchizoStatic · · Score: 3, Informative

    True to that. They slaughtered my favorite windows firewall sygate :(

    --
    https://www.speakservers.com/
  3. Re:Let me be the first to say: by Jurily · · Score: 4, Informative

    Attention Overseas Customers
    As required by law, L0phtcrack is subject to United States export controls. L0phtCrack may not be downloaded or otherwise exported or re-exported outside the United States. By downloading or using L0phtCrack, you are agreeing to the foregoing and all applicable export control laws. See disclaimer for more details.

    What kind of sorry-ass black-hat tool is this?

  4. Re:Am I missing something?? by Fulcrum+of+Evil · · Score: 3, Informative

    these types are also generally very weak and a modern cpu may be able to compute them faster than it can spool from disk.

    The way a rainbow table works is to generate a reverse mapping for your password, so if it's in the table, it's one index lookup away. Kind of hard to beat that, unless you're cracking WEP or something.

    --
    "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
  5. Re:Let me be the first to say: by Machtyn · · Score: 4, Informative

    But, somebody already has. Here is a list of 100 great Security tools. (It says "Network Security", but the tools are usually able to do more than just network processes.)