L0phtCrack (v6) Rises Again

FyreWyr writes "L0phtCrack — now 12 years old — used to be a security 'tool of choice' for black hats, pen-testers, and security auditors alike — that is, until it was sold by L0pht to @stake, then Symantec, to be released and subsequently dropped as LC 5. As an IT security consultant, I used this tool to regularly expose vulnerabilities or recover data when there were few other options available. Eventually, I let it go as tech evolved away. Now, after being returned to its original developers, version 6 was released this week with fresh features: support for 64-bit multiprocessors, (current) Unix and Windows operating systems, and a number of other features, including enhanced handling of NTLM password hashes and support for rainbow tables. Interested parties, especially consultants, will find this shiny new version sports a hefty price tag. It raises doubts in my mind whether it can effectively compete with open source alternatives that go by similar names, but as I found earlier versions so useful, its re-emergence seems worth the mention."

interesting

interesting... the download site seems to be unavailable right now. =)

Frosty l0pht piss with fags

l0phtcrack is the worst, and I mean the worst piece of software ever made by anyone, ever. As a side note, this is possibly the best tasting piss I have ever frostied.

um

Password security seems pointless when password recovery systems are even less secure.

Let me be the first to say:

Hahahahahahaa!

L0phtCrack 6 Professional - $295.00
L0phtCrack 6 Administrator - $595.00
L0phtCrack 6 Consultant - $1195.00

I can build my own from scratch and existing resources for cheaper with the same feature set.
Thanks but not thanks.

Re:Let me be the first to say:

What a fucking Jew!

Re:Let me be the first to say:

[Jurily]

Attention Overseas Customers
As required by law, L0phtcrack is subject to United States export controls. L0phtCrack may not be downloaded or otherwise exported or re-exported outside the United States. By downloading or using L0phtCrack, you are agreeing to the foregoing and all applicable export control laws. See disclaimer for more details.

What kind of sorry-ass black-hat tool is this?

Re:Let me be the first to say:

[RudeIota]

Then do it.. and offer it for free.

Re:Let me be the first to say:

Time to break out the printing presses!

Re:Let me be the first to say:

[Machtyn]

But, somebody already has. Here is a list of 100 great Security tools. (It says "Network Security", but the tools are usually able to do more than just network processes.)

Re:Let me be the first to say:

[Zero__Kelvin]

It is like those inherently black-hat tools like DES, RSA, SHA-1, and their ilk. Why anyone would want to be the "first to say" such a ridiculous thing is beyond me, but the fact that your ridiculous post has been modded up would only surprise me if this was Slashdot about a decade ago, before it became so popular among the gleefully clueless.

Re:Let me be the first to say:

Grand parent here:

That's basically my point, I can use existing resources from all those tools and still achieve the same feature set. Call me troll if you like but if people are stupid/lazy enough to buy that software for that price instead of getting off their ass and using what's already available then perhaps they shouldn't be in the industry that would use these tools (Especially at that price, I doubt anyone but people working in IT Security would bother spending that much in the first place).

Re:Let me be the first to say:

What if I don't want 100 tools... what if I just want one that I know works? in all reality, 300 bucks (or 1200 for that matter) isn't that much money. Especially when you are talking about a corporation's IT department. If you are paying your IT guy 100K a year and he has to spend all day sifting through 100 mediocre programs to find the two or three good ones, you have just cost the company more than 300 bucks. I suppose you could make the argument that no IT guy making 100K+ a year should need to sift through 100 programs, since they would already know which ones they want to use... but that's a different argument I guess.

Re:Let me be the first to say:

[sopssa]

That's the thing here. Its made for IT security persons, and they probably will enjoy the convenience and other features it delivers. As a webmaster I could probably code all the scripts and code I would need, but sometimes its just more convenient to buy them in one package and dedicate your time on the more important stuff. You get more done that way aswell.

Re:Let me be the first to say:

[SlashWombat]

Exactly why are you paying this guy 100k a year? For 100k, He really should be looking at all the available "tools", as some will expose vulnerabilities that others will miss, etc. It might be different if you were only paying the guy 25K a year. At that rate, you might not expect the person to be too bright. (In fact, as is well known. If you pay peanuts, all you will get is monkeys!)

Re:Let me be the first to say:

And to think I was actually going to consider buying it.

Re:Let me be the first to say:

[nurb432]

They don't want to be sued because of what you do with it.. Pretty normal CYA these days when people are getting sued just for downloading a song.

Re:Let me be the first to say:

Shouldn't it be..... if you pay peanuts, all you will get is elephants?

Re:Let me be the first to say:

[Machtyn]

Did you bother to follow the link? You'll find out that the top 10 or so are multifunctional. I use about 3 or 4 of them.

The thing is, I would say L0phtCrack is the mediocre program compared to some of the specialized software on this list.

Re:Let me be the first to say:

Under US law, crypto is equiv. to munition and is subject to the same export laws per say

Am I missing something??

[Meshach]

This just seems like a cracker tool - to gain passwords. Or am I missing something (since Symantec owns it I probably am)?.

Re:Am I missing something??

[SchizoStatic]

From what I read Symantec doesn't own it anymore. Looks like they bought it from someone who bought it from the original people and now it is back in the original people's hands.

Re:Am I missing something??

[Bert64]

I doubt a cracker would use this, most of the features listed seem to appeal to non technical management types...
Crackers (and for that matter more technical people other than crackers) are more likely to use john the ripper, which runs on more platforms, supports more cipher types, supports clustering etc.

Incidentally, the talk about "pre computed dictionary files" is a ridiculous idea, you turn a small dictionary, say 100 words, into a huge file consisting of 100 * * , and you end up storing thousands of hashes for salts not being used in the passwords you're trying to crack..
Yes sure, some password types are not salted, but these types are also generally very weak and a modern cpu may be able to compute them faster than it can spool from disk.

Re:Am I missing something??

[Ektanoor]

I used it in on-the-fly tests. Sometimes it came with more than 80% of passwords being cracked in minutes. Yes, it is not optimal, it is a pure Windowzz program with some bloat inside, too much brute force and a pretty bad tendency to overload the system in certain occasions. For a fast check the tool was simply ideal.

Imagine that you have a major breakup inside a pretty critical place. Now people, as dumb as they usually are, claim everything but, it is not their fault. Don't go for John the Rippers & Co. They are for pretty serious stuff and less to check Windowzzz crappy systems. You have a job to do and it is not playing magick tricks on a circus. You pick up L0phtCrack and make some runs on the spot. And you come with a result that most passwords are "1234", others are not less smart and several people have no passwords at all. Particularly those same jerks where the break'in happened.

Half job done...

Re:Am I missing something??

[appleguru]

Precomputed hashes are useless unless they are *sorted* then they become useful. If you have a sorted precomputed hash table for, say, all 10 character passwords and you have a hash then you can *instantly* locate the matching hash from your table and retrieve the password provided it is 10 or fewer characters. Brute forcing would take *much* longer, even on modern CPUS. With hard drive space as cheap as it is these days, huge presorted precomputed hash tables are very feasible.. this is largely the reason why salts are used, as they effectively increase the password length to the point where using a table is infeasible.

Re:Am I missing something??

[Fulcrum+of+Evil]

these types are also generally very weak and a modern cpu may be able to compute them faster than it can spool from disk.

The way a rainbow table works is to generate a reverse mapping for your password, so if it's in the table, it's one index lookup away. Kind of hard to beat that, unless you're cracking WEP or something.

Re:Am I missing something??

26^10*hashsize bytes?

The two extremes (all CPU or all disk) are pretty bad. Go read about rainbow tables, which sit somewhere in between and let you choose the cpu/disk tradeoff that you want.

Re:Am I missing something??

That's more or less what it is but it was used to find password vulnerabilities back in the day created by various mixed Windows (LANMAN passwords on an old NT network were insta-cracked so it was nice to know who was connecting with win16 OSes so you could go stab then in the face and take their machines away) versions back in the day. Also used to be good to unlock your build server when the operator went to Russia for a month and locked everyone out of it. There were many legit uses of it but it is or at least was a password recovery tool.

These days I'm guessing there are better alternatives that haven't been on hiatus for 12 years and that are free and open source but in its day it was a wonderful tool.

Re:Am I missing something??

[this+great+guy]

Incidentally, the talk about "pre computed dictionary files" is a ridiculous idea

This is not what you think it is. What they mean by that term is they support rainbow tables. This is a time-memory trade-off that is very useful to crack non-salted hashes like Windows's standard NTLM hashes.

Re:Am I missing something??

[MR.Mic]

I am not exactly sure how this will help do that.

Re:Am I missing something??

[Zero__Kelvin]

You are missing the fact that such a tool is useful. If your sysadmin can use it to figure out your password then so can a black hat (cracker.) You see, on a truly secure system the password is not discoverable even by the root user. (I'd say root/Administrator, but again, I am only talking about potentially secure operating systems here)

Re:Am I missing something??

[Zero__Kelvin]

The original author, Mudge, is not only highly technical, he is much, much, much smarter than you. He is also world famous, and it isn't cause he has a way k3w1 hax0r name. He creates tools for security professionals, and he is one of the most elite in the industry. He thinks it is useful to highly technical types and you don't. Maybe you'd like to do some serious introspection before deciding if it is you or Mudge that is missing something here?

Re:Am I missing something??

[X0563511]

No, and the first Google result would have worked.

Not sure how you ended up at some random wordpress blog. Learn to search properly.

Re:Am I missing something??

[X0563511]

Better description of rainbow tables.

Re:Am I missing something??

[bendodge]

Ophcrack is an excellent example of this. It's very useful in helpdesk work when someone doesn't give you their password - you can gain it without having to reset anything (and possibly lose encrypted files or saved IE passwords etc.).

Re:Am I missing something??

[Pyrowolf]

Wow dude, seriously?

Re:Am I missing something??

I work in IT Security doing Digital Forensics.
I disagree with the parent and agree somewhat with grand parent.
Using your own argument's logic, I'm right and you're irrelevant.

Re:Am I missing something??

[nurb432]

And why would anyone worth his salt rely on a commercial tool anyway?

Sure, if you are in the security field, you will now have to run it against your 'sandbox' just in case some low threat kid tries it on your network, but that is as far as it would go as far as i'm concerned.

Sounds like a good scam to me, release tool knowing full well it will end up on torrent sites for amateur kiddies to use, then sell copies to corporate so you can 'test' your network with to 'be thorough'. Sounds a lot like how they deal with viruses :)

Re:Am I missing something??

Never mind. My argument was stupid. I just realized it is asinine, because everyone who is anyone knows that Mudge is an elite Security specialist and I am an unknown Digital Forensics specialist, mostly because I suck and everyone who ever listened to me had their system compromised the same day. I feel so foolish! :-(

Re:Am I missing something??

Learn to understand when someone is making a lame joke.

Re:Am I missing something??

[fulldecent]

Please read:

Making a Faster Cryptanalytic Time-Memory Trade-Oï
Philippe Oechslin
http://lasecwww.epfl.ch/~oechslin/publications/crypto03.pdf

or any other paper in its references

Re:Am I missing something??

Pwned

Good old Symantec

Putting the "no" in innovation, again.

Symantec has a knack of spoiling even the best of

[freedom_india]

Let's face it: Anything that symantec touches turns into worthless and junk.
Symantec is like the Anti-Midas of technology.
They touched Norton and poof, a great tool was turned into the worst nightmare of all times.
Now they are releasing the ultimate hackers' tool under their umbrella.
If i was anything like ParMaster, i would run as fast as i could and as far as away from it.

Open Source Competitors

[fv]

When the submitter referenced "open source alternatives that go by similar names", he was referring to ophcrack. Similar features are also available from Cain and Abel, and John the Ripper.

I maintain a list of top password crackers and sniffers as part of my SecTools.Org site.

While the submitter is correct that they have much more competition now, I still wish to congratulate the former L0pht guys on the new release!

Re:Open Source Competitors

[makinsky]

OMG... it's fyodor!
Praise the almighty creator of nmap !!!

Re:Symantec has a knack of spoiling even the best

[SchizoStatic]

True to that. They slaughtered my favorite windows firewall sygate :(

Who remembers it?

[Ektanoor]

Loph who?...
What cracks?
12 years? That's pretty old stuff. Who needs it?
Does it work on iPhone?
Can I crack my XBox with it?

Really people, I bet that 90% of slashdotters are still wondering what is L0phtCrack and how can you eat it.
I waited for 10 minutes. No replies. Mute reaction.

L0phtCrack, and their creators, the "L0pht Heavy Industries" group, were once shinning stars inside the Hacker community. Now who remembers them? There are not even scriptkiddies around, all society is a scripkiddy.

L0pht people also created the "tool that never got its true name" - "netcat", which can only be found in most *nix systems as "nc". Pretty great tool, just two weeks ago I used it, once again, for more than 11 years.

Hail to you guys, happy to see you around.

And Hail to the Cow!

Re:Who remembers it?

[Sir_Lewk]

Are you on drugs? Really.

Re:Who remembers it?

[wmbetts]

I remember them and that program. I'm sure a lot of people remember who they are.

Re:Who remembers it?

[Ethanol-fueled]

I bet that 90% of slashdotters are still wondering what is L0phtCrack and how can you eat it.

Actually I was wondering how I could smoke it...

Re:Who remembers it?

[egr]

I remember, and I remember using it, however I think I remember it was gratis before.

Re:Who remembers it?

[Ektanoor]

Why do you ask? For the Cow? Make some research. You are from an .edu...

Re:Who remembers it?

Pretty great tool, just two weeks ago I used it, once again, for more than 11 years.

Two weeks ago you used it for more than 11 years? Are you sure about that? Maybe you like to recast that sentence.

Re:Who remembers it?

I waited for 10 minutes. No replies. Mute reaction.

I always say this when I lose First Post as well!

Re:Who remembers it?

[Ektanoor]

Sincerly, if I well remember it was time limited, almost since the very beginning. If you remember the gratis version, then you are older than me :)
Anyway... Let me push my brains.... Eeeeee, pushing... There was a command line version that seemed to be wholly free. But as I was already a *nix master of Zen (ok, bash me), I didn't had such a need to use it. John the Ripper and others did much better on *nix and were much more stable, if my memory tells me correctly the story.

Anyway this was a great tool but a tool "on-the-fly". For me. I knew several people the used it systematically.

Re:Who remembers it?

[Ektanoor]

Maybe I would recast it. Used for more than 11 years, last time two weeks ago...

Re:Who remembers it?

Learn2Grammar

Re:Who remembers it?

The cDc was my mom, in lieu of a real one.

Re:Who remembers it?

[godIsaDJ]

I remember them and @stake. And at some point I even tried to get a job there (to be honest, luckily it did not work out!). Then Symantec bought them. I can't think of a more disappointing outcome...

Re:Who remembers it?

[Ektanoor]

On which of the languages I know?
Sorry, but sincerly, it is pretty hard to remember the grammar of some 9 languages I know. And I am not taking into account programming.

More. It is pain to take into account the grammar of each language, if you are reading almost simoultaneously three or four languages.

Yes, it's a handicap I cannot stick into a specific grammar. But I can read on several languages and write, in a possible comprehensible manner, on them.

Now I know several jerks who are too sticked to grammar, make a whole fuss out of it and are only able to create a complete nonsense out of a text. If I note that I had these cases on juridical documents, which decided will someone go to the gallows or not... I do prefer my horrible grammar.

ModDown offtopic but I get pretty mad when people try to teach grammar not by the error but by playing smarties.

Re:Who remembers it?

[egr]

Ok, probably wasn't gratis, but it was really hard to tell since I was in Russia at that time. Although judging by your skillz of Zen and decimals in you UID I do assume that you are older then me.

Re:Who remembers it?

[causality]

On which of the languages I know? Sorry, but sincerly, it is pretty hard to remember the grammar of some 9 languages I know. And I am not taking into account programming.

More. It is pain to take into account the grammar of each language, if you are reading almost simoultaneously three or four languages.

Yes, it's a handicap I cannot stick into a specific grammar. But I can read on several languages and write, in a possible comprehensible manner, on them.

Now I know several jerks who are too sticked to grammar, make a whole fuss out of it and are only able to create a complete nonsense out of a text. If I note that I had these cases on juridical documents, which decided will someone go to the gallows or not... I do prefer my horrible grammar.

ModDown offtopic but I get pretty mad when people try to teach grammar not by the error but by playing smarties.

Nine languages is quite a feat and I salute the effort it must have taken to pull that off. For that reason I felt bad that you are allowing an Anonymous Coward to upset you like this. Unfortunately he is probably a troll and your response is probably exactly what he wanted.

If it helps, I can explain where at least a little of the "grammar nazi" deal comes from. Some of the worst grammar and diction I have ever seen, on Slashdot or elsewhere, came from Americans who are native speakers of English and usually don't know any other languages. Many of them show signs of being rather well-educated. What I am saying is that lots of people who use poor grammar really have no excuse for it, they just don't care about excellence for its own sake and want to be lazy anytime they can get away with it (i.e. they're not at work and won't have to answer to their boss for it). That doesn't make the grammar-nazism right, of course, but it helps to understand where things may originate. It makes it much easier to appreciate it, even if you dislike it strongly, instead of getting upset at it.

What you describe there is quite an accomplishment. I hope you don't let a trolling grammar nazi tell you otherwise.

Re:Who remembers it?

But I can read on several languages and write, in a possible comprehensible manner, on them.

If you can't excel at a single language, why not perform poorly and lose credibility in them all?

Re:Who remembers it?

[olivier69]

I bet that 90% of slashdotters are still wondering what is L0phtCrack and how can you eat it.

Hmmm no. I'm just wondering how I can smoke it.

Re:Who remembers it?

[Ektanoor]

The worst will be to excel on one and not be able to say a word on the other eight.

And even worser is not to be able to understand anything else, but only the excellence of the grammar in the language you believe to understand. Usually those who excel are even uncapable to understand dialects. You know how pretty is Jamaican English? Several years ago I could easily understand it. But, many english speakers don't make an idea of what Jamaicans say. Quite sad.

You living on Earth, not in Nutziland.

Re:Who remembers it?

[cbiltcliffe]

You living on Earth, not in Nutziland.

Huh?

I thought the two terms were interchangeable....

Re:Who remembers it?

I totally remember them. Back in the day I and used it to hack spam servers in China. It was an awesome tool.

Re:Who remembers it?

[oldhack]

Shut the hell up you ignint SOB.

(subliminimal message: this here post is INSITEFUL!)

Re:Who remembers it?

[Allador]

Dude, seriously. Its nice and all that you like to brag about multiple languages. Good for you.

But do you really know a language if you cannot communicate effectively with it?

Case in point, your post that I'm responding to.

It's fairly badly broken English. I've read worse, but its not good.

For example, how do you get 'too sticked to grammer', and what the hell does that mean? Is it some kind of dom/sub foreplay?

What is a 'juridical' document? Sounds kinky.

And I dont even have a clue what this is supposed to mean:

... when people try to teach grammar not by the error but by playing smarties.

Now there are alot of people who arent native english speakers here on /. And generally they only get minor grief, and only from idiots. You should have ignored the idiots. But oh no, you had to go get arrogant about it, and blame it on how you're so smart you are reading /. simultaneously in six languages including binary.

Bottom line, if you want to be able to be understood, and engage in conversation with people, then slow down a bit and at least try to make your posts intelligible. The couple of your posts I've read on this story are nearly incomprehensible. Strangely enough, the most clear you've been was in your bragging about how many languages you know, so that tells me you can speak clearly in English when you want to.

Re:Who remembers it?

[chord.wav]

Sure, I remember them, the hacker news network and the hairy palm for Palm Pilot!
Good to see them back. I hated the shutdown of HNN, it was one of my favorite sites.

hefty price tag indeed...

L0phtCrack 6 Professional - $295.00

L0phtCrack 6 Administrator - $595.00

L0phtCrack 6 Consultant - $1195.00

Missing everything

Sigh. Do you...do... IT? It seems like a "cracker tool" to you? What the hell are you, the FBI raiding Steve Jackson games 15 years ago because you're too inept to understand the difference between a concept and using it criminally?

You understand that even tools put to ill use by criminals have legitimate purposes right? Or are you in the ban sporks because they can be used in spork crimes camp? </flame> You deserved that.

L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
  * lack of backups and a need to recover an existing password
  * testing employee passwords for compliance with policy and strength requirements with authorization
  * being paid to pen-test a system
  * Just freakin' wanting to run it at home to see how fast such tools 'really work'
  * Discovering passwords used on a compromised system (it may help reveal passwords used in encrypted files with naive rootkits)
  * General Proof of concept against poor password implementations--early versions of l0phcrack hit some systems a lot faster than others as I recall

Can we stop with this namby crap that the tool is somehow used and written by 'bad people' is 'bad' itself?

Re:Missing everything

You have strong words, but a good point. The black hats already have tools as powerful as L0phtCrack if not far better.

Pen testing tools have their place in all but the smallest IT shops. Even if all your users have strong passwords with LM hashes disabled (XP and earlier, has to be manually done in the Registry or by a GPO. Vista and Windows Server 2008 have LM hashes disabled by default. Either case, have a 16 character password, and Windows won't attempt storage of a LM hash), an application may be using a very weak password for a database account, or someone left a user with admin rights for testing reasons and then forgot about it.

Re:Missing everything

[causality]

Can we stop with this namby crap that the tool is somehow used and written by 'bad people' is 'bad' itself?

And lose an excuse for manipulating and controlling other people?! No fucking way! Next thing ya know, you'll want us to stop justifying bad laws with "for the children" and "to fight terrorism". How the hell will we intrude into other peoples' lives then? Huh?! See, you haven't thought this through.

Re:Missing everything

[kimvette]

L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
* lack of backups and a need to recover an existing password

Log in as Administrator (or root on *nix) and change the password. No recovery necessary.

* testing employee passwords for compliance with policy and strength requirements with authorization

Implement password policies which are supported through technical measures (group policies or any number of *nix equivalents) and require that everyone change passwords at next login.

Unfortunately I have only one client who will willingly accept strict password policies, but it's a finance company. Even for clients in the medical industry I have to practically shout HIPAA
to get them to even consider accepting requiring letters and numbers, let alone non-dictionary words and punctuation. People are LAZY, and they just don't care until an exploit is used to get in to the network. A person is smart but people are stupid.

* being paid to pen-test a system

So, do you need to purchase a per-site "license?" In that case use an open source alternative because so many people are cheap they won't want a proprietary tool unless they can "pirate" it.

* Just freakin' wanting to run it at home to see how fast such tools 'really work'

Oh, for the same reason that people will download "pirated" copies of Photoshop, Illustrator, AutoCAD, Maya, and so forth. Just for bragging rights. Gotcha. Open source is not a solution in those cases.

* Discovering passwords used on a compromised system (it may help reveal passwords used in encrypted files with naive rootkits)

Now, THERE is an interesting use, but even in that case won't the superior open source solutions work? L0phtcrack was a steaming pile even back in the day, only way-back-when there was no open source solution unless you rolled your own. Now there is a plethora of open source solutions that are more capable and since you have the source on hand, you can tailor them yourself using bash, vbscript, C++, and so forth.

* General Proof of concept against poor password implementations--early versions of l0phcrack hit some systems a lot faster than others as I recall

An ounce of prevention is worth more than a pound of cure. It may result in fewer billable hours in the short term but it's nice to not get calls at 6:00am or 12:00am from clients. Implement password policies for clients who will accept it, and work HARD at educated the ones who won't until they at _least_ accept mixing letters and numbers in passwords.

Now, as far as [written by 'bad people' is 'bad'] is concerned, Symantec does have a long history of turning gold into poop. In L0phtcrack's case, it would be a matter of turning copper or maybe silver into poop, and then charging platinum pricing for it. If there is any company where I'd agree that software has become bloated, it is the antivirus companies - especially symantec and mcafee. Their released products are so loaded with subtle advertising for other products that it's disgusting, and the drain on system performance is inexcusable. It's a sad state of affairs when an alpha OSS product like Moon Secure that hasn't seen an update in over a year is superior, or when a Computer Associates product works better than yours.

Symantec was once one of the best, if not THE best software utilities producer out there. Remember the original Norton(Symantec) Antivirus which barely impacted performance even on a lowly 386? Remember the original Norton Utilities which you used to repair countless FATs and MBRs that were eaten by the Smartdrive cache or Win3x, but since the move to the NT family (WinNT, Win2K, WinXP, Win2K3, Vista, etc.) became nothing more than a gimmick application with little real uti

Re:Missing everything

[kimvette]

L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
                * lack of backups and a need to recover an existing password

Log in as Administrator (or root on *nix) and change the password. No recovery necessary.

I forgot one detail

. . .using an offline registry editor if/when necessary.

Sorry, my point is invalid without that detail. I forgot to add it in when I added my lamenting over the crapware vendor that Norton/Symantec has become in recent years.

Re:Missing everything

[causality]

You have strong words, but a good point. The black hats already have tools as powerful as L0phtCrack if not far better.

The parallels to gun control are also strong. You have a group of "bad guys" who are already well-armed; in this case, that's the black hats with their cracking tools. In the real world, it's thugs who aren't concerned about committing violent crimes like robbery or murder so they sure as hell aren't worried about a weapons charge. The only (valid) question is whether you want the law-abiding people to be equally well-armed or if your desire for the state to have a monopoly on the use of all force is greater than your concern for how helpless the law-abiding people will be if they are unarmed (don't have their own security tools). What you'll never hear the gun control advocates discuss for very long is the fact that every state which has enacted conceal-carry permits has seen significant reductions in violent crime, which is easy to understand once you take the leap of faith of assuming that criminals prefer helpless victims.

What I wonder is whether there are any numbers or studies that would compare the security of networks where the administrator uses cracking tools and performs other penetration tests, versus networks where the administrators have no such tools either because they don't want them or because they live in a country like Germany which has made those tools illegal. If there is such information, and if it clearly indicates that the former group is more secure than the latter (in terms of successful attacks), then maybe those who want "hacking tools" to be illegal will be just as silent about that as the gun-control advocates are about conceal-carry permits. That is, they will continue to pretend like their position is perfectly valid and equal to the other position even though the facts don't indicate this at all, which would make it more of a religious issue.

Re:Missing everything

[blincoln]

Log in as Administrator (or root on *nix) and change the password. No recovery necessary.

Sometimes this isn't practical. For example, in a large enterprise it's easy to end up in a situation where if you can determine the password of a service account, you can get your work done non-intrusively and quickly, versus weeks or months of coordinating with other groups because you needed to change it. If you've inherited a bunch of legacy systems that depend on a single service account, you can pretty much guarantee that if you change the password, you will break *something* you didn't know about. Is this a best practice? No. But if your work is basically a triage situation, which is the most efficient solution?

Implement password policies which are supported through technical measures (group policies or any number of *nix equivalents) and require that everyone change passwords at next login.

The point of using a password cracking utility in that type of environment is to see how well your "technical measures" stand up to password-cracking tools in the real world. It's the difference between calculating how much stress a wing design should withstand, versus testing it to destruction to determine the real-world values.

Re:Missing everything

[AbRASiON]

It also has uses allowing mid level techs to get the local admin they should have which tightass upper management restrict in draconian business's
I've had to use it many times before, thank god I don't have to nowadays.

Re:Missing everything

[Allador]

Here here.

Anyone who says that recovering passwords is never necessary, since you can just change them, obviously has never done much work in this field.

It's funny for two reasons

>As our way of thanking you for your positive contributions to Slashdot, you are eligible to disable advertising.

It's funny because:
- The vast majority of my "contributions" are anonymous troll posts.
- I had ads disabled to begin with. Eat it, capitalists!

Re:It's funny for two reasons

I got the option too, but in a faithless attempt to get my option pages fixed and to use again html tags I let the Ads show. I don't want to close my actual profile, which always means a troll/alterego is born (inside my tender user expectations) for that site. Wonder if anyone is behind the admin account in this site

Any GPU Support?

What would make a real killer for cracking would be a combination of Cain and Abel + GPU Support. Imagine having a ten/hundred fold increase in hashes per second from utilizing a Nvidia / ATI card.

You do have other programs for this kind of work, but the price tag I've seen so far would make my stomach turn.

Re:Any GPU Support?

check out pyrit on google code

are you retarded, or just ignorant?

Precomputed hashes are useless unless they are *sorted* then they become useful.

Right, because if there's one thing that computers are horrible at, it's searching for things really, really quickly. Thanks for the useful post!

Re:Symantec has a knack of spoiling even the best

Symantec is like the Anti-Midas of technology.

To be fair, Midas' touch didn't really work out too well either...

Re:Missing everything - Especially the point

There needs to be a -1 Missed the Point mod. He was saying there are various legit reasons to do password recovery and you respond with a mixed list of how you think security consulting should work and why you wouldn't run L0pht and why there are better tools than L0pht. The funny thing is I don't really disagree with any of your rants but his list was valid as well and you simply took a weird side path to argue some points that apparently have been irritating you lately

Perhaps the reason your clients don't listen is because despite technical competence your communication skills needs some work. Try listening to their complaints and problem and trying to respond to them and convincing them rather than just preaching loudly and sounding like Chicken Little. Every company I've worked at in the past 20 years has adopted strong (or at least medium) password policies at some point. The reason IT gets a bad name (other than the fact we fail to deliver ALOT) is that we have bad attitudes about the skills of others and we don't listen to those that are actually paying for our services we just preach and get upset when they don't immediately take our advice. Being right and knowledgeable is important but being convincing and influential is even more important if you actually want to get something done.

Don't mod that funny, mod it INSIGHTFUL

Let's face it: Anything that symantec touches turns into worthless and junk.
Symantec is like the Anti-Midas of technology.
They touched Norton and poof, a great tool was turned into the worst nightmare of all times.
Now they are releasing the ultimate hackers' tool under their umbrella.
If i was anything like ParMaster, i would run as fast as i could and as far as away from it.

Don't mod this as "funny." Mod it as "insightful." It's not a joke -- Symantec makes some of the worst products in the industry, and turns otherwise good products into terrible products.

I'd be careful

[16384]

I had a copy of l0phtcrack on my disk that I downloaded years ago from their site, and was left gathering dust on a forgotten corner of my hard drive. Recently a full drive scan by an antivirus (AVG?) identified it has having a trojan. It could be a false positive, but it seems more likely to really be a trojan that had been deliberately planted there. Consider yourselves warned.

Re:I'd be careful

[jesseck]

I've had a directory in my computer I used to organize network security tools, and I had to disable Symantec from scanning it. Every scan, Ophcrack and Cain & Able would pop as a threat. There were a other tools, too. I just expect this behavior out of an AV program. As for the trojan alert, we know that there is malicious software that can capture passwords. So, this was probably a hit from the heuristics of the program- a similar signature. Hell, if I was writing malicious software, and I needed a way to crack weak passwords, would I worry about "licensing" or using open source software?

Re:I'd be careful

That's the entire point.

Your in murky waters here. AV's normally scan and using heuristics or signatures flag files and usually say HackTool/Keygen. Or if it's a bit more advanced you might get a completely unrelated Trojan for detection.

Same for games. If you have something that injects itself into another app like a speedhack or something it sets of a red flag somewhere due to the way it interfaces with the system.

It might be planted there, it might be just another false warning. But you can't really do much without a source code or something, unless your really up to Reverse Engineering

Re:I'd be careful

Pretty much every antivirus vendor does this. Some, like AVG, will at least honestly identify them as "hacker tools" or similar, and let you whitelist them.

Re:I'd be careful

[deets101]

First, I hope you're kidding.
Second, This raises an interesting question for me. When Symantec owned it did their AV product(s) detect this as malware? That would be a fun call to their tech support.

Re:I'd be careful

Yeah, false positives on EXE packers is getting f*cking annoying. I'm finding that a lot of packed win32 executables are being blanket-flagged as virus/trojan by major anti-virus vendors, just due to the fact that the exe is packed via a certain method.

I downloaded a package that had tools and code to help write Win2k/XP drivers in Delphi, and the binaries were packed -- AntiVir freaked out. I looked at the binaries in a hex editor and googled the header bytes I found. Turned out it was a well-know packing method, so I downloaded a util that could unpack the compressed PEXE files. Whaddya know, the uncompressed programs, which functioned 100%, were NOT flagged by AntiVir at all. So it appears antivirus vendors are just taking the lazy route and flagging ALL files using certain packers as malware based on the packing algorithm. LAME.

Re:I'd be careful

[hitnrunrambler]

Yeah.... if you don't understand why you got that message then you probably shouldn't be playing with tools like l0phtcrack.

Re:Missing everything - Especially the point

[causality]

I don't disagree with what you are saying, though I'm about to sound a lot like I do.

The reason IT gets a bad name (other than the fact we fail to deliver ALOT) is that we have bad attitudes about the skills of others and we don't listen to those that are actually paying for our services we just preach and get upset when they don't immediately take our advice. Being right and knowledgeable is important but being convincing and influential is even more important if you actually want to get something done.

If my doctor ever told me "you really need to do X", I would do it. If I thought I knew more about medicine than he does, then I wouldn't pay him to practice medicine on me. So it doesn't make any sense to pay good money for his help if I am not going to comply with his recommendations. Yeah, I could get a second opinion and all of that, but I wouldn't do that without a good reason and I'm trying to keep this analogy simple.

When somebody goes to a doctor and says "doc, it hurts when I do this" and the doctor examines you and says "well, you have Y disease", people generally would not look that doctor in the eye and say "no I don't," at least not without providing some very good reasons why they disagree. That's because doctors, lawyers, and other traditional professionals are generally recognized and respected as the trained experts that they are. This is not the case with IT. IT often has to deal with uncooperative users who don't recognize when they are out of their element. I can't really prove this, but I think I can safely say that IT deals with uncooperative clients far more than any other highly trained professional. Whether anyone likes this or not, that will definitely sour relations.

I see the practicality of it, but I disagree in principle with your comment about the importance of being convincing and influential. That's because I don't subscribe to this idea that you should have to have an uphill battle with someone in order to help them. They should either want and appreciate your help or they should deal with their own problems. I shouldn't need movie-star charisma and a silver tongue to convince people to do something that is clearly in their best interests. All I should need to do is point out how much better it would be if they took a few steps and their own desire for a better or more problem-free experience should take care of the rest.

It's hard because those users are (typically) also your customers. In business, that means you often cannot be completely up-front and honest with them if it is going to offend them. That still doesn't make it right that they hire you for your expertise and then routinely ignore that expertise when you try to use it to improve their experience. It really doesn't make it right when they scream at you because they have problems that would have been completely avoided had they followed your advice. Sure, as a professional dealing with customers you are expected to handle that gracefully, but it's a burden that most other professions don't have to shoulder to such a degree and I think that's often not recognized or appreciated.

Smart of them...

[Simulant]

... especially considering the recently announced cyber-security initiatives, not to mention all of the DOD stuff going on.

We are building an entire ARMY of script kiddies who will need such tools. ;) And guess who's paying for them?

who needs to crack windows passwords anymore???

http://oss.coresecurity.com/projects/pshtoolkit.htm

'nuff said

Re:Missing everything - Especially the point

[kimvette]

There is a difference between posting about what is wrong in a dicsussion with tech folks on a site such as /. or zdnet (which are both made up of technology workers and professional and/or amateur journalists) and communicating with customers. The approach and tone for each is and should be different as the education level, expectations, and requirements of each audience is different. Here I do not need to sugar-coat my comments or opinions of given product choices.

With customers sometimes the medicine needs to be dosed with a spoonful of sugar. I'm sorry you cannot grasp that distinction, however in this case I do not feel any need to apologise if this particular post offends you, since having nothing worthwhile to say you went directly for an ad-hominem attack. Therefore, I will assume you are a Symantec shill - either an employee, distributor, or associated with an advertising firm for them.

Re:Symantec has a knack of spoiling even the best

[inject_hotmail.com]

They did it to sygate too? Hmmm...I recall they bought the defunct AtGuard firewall and neutered it into their "Internet Security" program...I remember the first (and maybe the second) iteration still had the exact same statistical screen at AtGuard.

AtGuard was the best.

still?

[Lord+Ender]

Is this still useful against modern implementations of active directory? I thought it used either kerberos or an improved version of NTLM these days.

Re:still?

"I thought it used either kerberos..."
No, it uses a deliberately broken (by MS) version for incompatibility with real Kerberos... just like the LDAP implementation.
Sadly it seems that it is now evolving to a de facto standard... just like everything MS "improves".

Re:still?

[Allador]

Ignore the idiot AC who responded to you. Password storage has nothing to do with Kerberos. The two things are related, but orthogonal.

Windows still uses NTLM without a salt in the current versions.

There is a way to encrypt the SAM with a symmetric cipher, which requires that a floppy or USB key must be physically present for the SAM to be accessed. It's not widely used.

L0phtCrack 6 Consultant - $1195.00

[Master+of+Transhuman]

Yeah, I'll pay that just as soon as my hack of Bank of America puts another $100 million in my Swiss bank account.

Fucking morons. The only way anyone's going to pay that kind of money is if he's literally hacking Bank of America.

Talk about people with an exaggerated sense of their importance in the world.

Re:L0phtCrack 6 Consultant - $1195.00

[TooMuchToDo]

Seriously? If you're a security consultant, you're charging between $125-$250/hr. Tool pays for itself within 4-6 hours of work. Fucking moron.

Re:L0phtCrack 6 Consultant - $1195.00

[Master+of+Transhuman]

And in four to six hours of work with another tool that costs nothing?

While I'm aware this tool is supposed to be good, the cost in comparison to some other tools is ridiculous. That's the point. It's never about how long it will take to pay for it.

Moron.

And by the way

[Master+of+Transhuman]

whoever gets the first clean cracked version, email me.

Should take about thirty seconds.

Re:Symantec has a knack of spoiling even the best

...and to Axent.

Re:Missing everything - Especially the point

there is not a professional accreditation for IT....

Re:Symantec has a knack of spoiling even the best

[Zero__Kelvin]

"Now they are releasing the ultimate hackers' tool under their umbrella."

You might want to read TFA, so you have some idea what you are talking about. L0phtcrack is not owned by Symantec, and has been re-acquired by the original developers. It is in the article. Really. Don't let the clueless mods fool you. Your post was not only completely lacking in insight, it is just plain and flat wrong.

Re:Missing everything - Especially the point

Haha, that's the exact problem right there. IT thinks they are computer "doctors", when in fact they are the computer "janitors".

Seriously, anyone who's worked in IT longer than a year or so should know that at least 50% of their colleagues are incompetent bullshitters, and IT as a whole is the tail who thinks they wag the dog.

Re:Symantec has a knack of spoiling even the best

[freedom_india]

Oh, so now you are saying that symantec HAS the midas touch and that it produces Excellent Norton Utiilities and Anti-Virus...?

EXE

[anonieuweling]

A windows-only binary?
The world has changed since then...

Also:
> Attention Overseas Customers
(etc)
What do overseas customers have to do with USA law?

15 day trial?

[nurb432]

Ok, so where is the torrent of the real release, where your download isn't also tracked.

Ghost Anyone?

[nurb432]

They haven't killed that off, yet. We will see what happens now that they own Altiris and have pretty much merged it with that division, but so far it wasn't destroyed by the acquisition of norton.

Re:Symantec has a knack of spoiling even the best

[Zero__Kelvin]

Oh, so now you are saying that the world is flat and the Earth revolves around the sun?

See. I can make things up and put "Oh, so now you are saying ..." in front of them too!

Re:Symantec has a knack of spoiling even the best

For Windows my personal favorite was PGP Firewall - it was one of the most powerful firewall solutions I've ever come across for Windows. It was later aquired by McAfee and much like Norton they completely butchered it. Another good firewall was NeoWatch combined with NeoTrace, pretty entertaining and very capable (although it didn't firewall applications).

Re:Symantec has a knack of spoiling even the best

[freedom_india]

Touche, my friend.
I was trying out the old, well-worn Republican way of attacking opponents.

Re:Symantec has a knack of spoiling even the best

May I remind you Veritas is now (since 2005) part of Symantec.
Symantec is much more than just consumer anti virus and personal firewalls.

Re:Symantec has a knack of spoiling even the best

[inject_hotmail.com]

NeoTrace! Yeah, that was a wicked program. It doesn't work anymore, does it?

You say "was" your favorite...does that mean it's not available anymore?