Slashdot Mirror
L0phtCrack (v6) Rises Again
FyreWyr writes "L0phtCrack — now 12 years old — used to be a security 'tool of choice' for black hats, pen-testers, and security auditors alike — that is, until it was sold by L0pht to @stake, then Symantec, to be released and subsequently dropped as LC 5. As an IT security consultant, I used this tool to regularly expose vulnerabilities or recover data when there were few other options available. Eventually, I let it go as tech evolved away. Now, after being returned to its original developers, version 6 was released this week with fresh features: support for 64-bit multiprocessors, (current) Unix and Windows operating systems, and a number of other features, including enhanced handling of NTLM password hashes and support for rainbow tables. Interested parties, especially consultants, will find this shiny new version sports a hefty price tag. It raises doubts in my mind whether it can effectively compete with open source alternatives that go by similar names, but as I found earlier versions so useful, its re-emergence seems worth the mention."
Let's face it: Anything that symantec touches turns into worthless and junk.
Symantec is like the Anti-Midas of technology.
They touched Norton and poof, a great tool was turned into the worst nightmare of all times.
Now they are releasing the ultimate hackers' tool under their umbrella.
If i was anything like ParMaster, i would run as fast as i could and as far as away from it.
"Doing what i can, with what i have." ~ Burt Gummer
When the submitter referenced "open source alternatives that go by similar names", he was referring to ophcrack. Similar features are also available from Cain and Abel, and John the Ripper.
I maintain a list of top password crackers and sniffers as part of my SecTools.Org site.
While the submitter is correct that they have much more competition now, I still wish to congratulate the former L0pht guys on the new release!
Sigh. Do you...do... IT? It seems like a "cracker tool" to you? What the hell are you, the FBI raiding Steve Jackson games 15 years ago because you're too inept to understand the difference between a concept and using it criminally?
You understand that even tools put to ill use by criminals have legitimate purposes right? Or are you in the ban sporks because they can be used in spork crimes camp? </flame> You deserved that.
L0phtcrack--cracks--passwords. There's nothing inherently wrong with that. Valid reasons include:
* lack of backups and a need to recover an existing password
* testing employee passwords for compliance with policy and strength requirements with authorization
* being paid to pen-test a system
* Just freakin' wanting to run it at home to see how fast such tools 'really work'
* Discovering passwords used on a compromised system (it may help reveal passwords used in encrypted files with naive rootkits)
* General Proof of concept against poor password implementations--early versions of l0phcrack hit some systems a lot faster than others as I recall
Can we stop with this namby crap that the tool is somehow used and written by 'bad people' is 'bad' itself?
Attention Overseas Customers
As required by law, L0phtcrack is subject to United States export controls. L0phtCrack may not be downloaded or otherwise exported or re-exported outside the United States. By downloading or using L0phtCrack, you are agreeing to the foregoing and all applicable export control laws. See disclaimer for more details.
What kind of sorry-ass black-hat tool is this?
What would make a real killer for cracking would be a combination of Cain and Abel + GPU Support. Imagine having a ten/hundred fold increase in hashes per second from utilizing a Nvidia / ATI card.
You do have other programs for this kind of work, but the price tag I've seen so far would make my stomach turn.
But, somebody already has. Here is a list of 100 great Security tools. (It says "Network Security", but the tools are usually able to do more than just network processes.)