Slashdot Mirror

← Back to Stories (view on slashdot.org)

L0phtCrack (v6) Rises Again

Posted by Soulskill on from the old-dogs-new-tricks dept.

FyreWyr writes "L0phtCrack — now 12 years old — used to be a security 'tool of choice' for black hats, pen-testers, and security auditors alike — that is, until it was sold by L0pht to @stake, then Symantec, to be released and subsequently dropped as LC 5. As an IT security consultant, I used this tool to regularly expose vulnerabilities or recover data when there were few other options available. Eventually, I let it go as tech evolved away. Now, after being returned to its original developers, version 6 was released this week with fresh features: support for 64-bit multiprocessors, (current) Unix and Windows operating systems, and a number of other features, including enhanced handling of NTLM password hashes and support for rainbow tables. Interested parties, especially consultants, will find this shiny new version sports a hefty price tag. It raises doubts in my mind whether it can effectively compete with open source alternatives that go by similar names, but as I found earlier versions so useful, its re-emergence seems worth the mention."

3 of 120 comments (clear)

  1. Who remembers it? by Ektanoor · · Score: 3, Interesting

    Loph who?...
    What cracks?
    12 years? That's pretty old stuff. Who needs it?
    Does it work on iPhone?
    Can I crack my XBox with it?

    Really people, I bet that 90% of slashdotters are still wondering what is L0phtCrack and how can you eat it.
    I waited for 10 minutes. No replies. Mute reaction.

    L0phtCrack, and their creators, the "L0pht Heavy Industries" group, were once shinning stars inside the Hacker community. Now who remembers them? There are not even scriptkiddies around, all society is a scripkiddy.

    L0pht people also created the "tool that never got its true name" - "netcat", which can only be found in most *nix systems as "nc". Pretty great tool, just two weeks ago I used it, once again, for more than 11 years.

    Hail to you guys, happy to see you around.

    And Hail to the Cow!

  2. Re:Am I missing something?? by Bert64 · · Score: 3, Interesting

    I doubt a cracker would use this, most of the features listed seem to appeal to non technical management types...
    Crackers (and for that matter more technical people other than crackers) are more likely to use john the ripper, which runs on more platforms, supports more cipher types, supports clustering etc.

    Incidentally, the talk about "pre computed dictionary files" is a ridiculous idea, you turn a small dictionary, say 100 words, into a huge file consisting of 100 * * , and you end up storing thousands of hashes for salts not being used in the passwords you're trying to crack..
    Yes sure, some password types are not salted, but these types are also generally very weak and a modern cpu may be able to compute them faster than it can spool from disk.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  3. Any GPU Support? by Anonymous Coward · · Score: 5, Interesting

    What would make a real killer for cracking would be a combination of Cain and Abel + GPU Support. Imagine having a ten/hundred fold increase in hashes per second from utilizing a Nvidia / ATI card.

    You do have other programs for this kind of work, but the price tag I've seen so far would make my stomach turn.