Results 1 to 7 of 7

Thread: L0phtcrack 5

  1. #1
    Senior Member
    Join Date
    May 2002

    Lightbulb L0phtcrack 5

    Hey guys n gals, does anyone know of a program that is similar to LC5 that will allow someone to scan there internal network for weak passwords with being able to create some sort of ruleset to define "weak".

    Essentially, this user I have wants to:

    1. Have a min and max length password
    2. Have no special characters in the 1st and last character
    3. Contains no dictionary words in the password

    They are trying to do a system audit on their machines to determine who needs to change their passwords. Its a govt. client, so that probably explains the weird rules.
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    For what OS? I know MS has a GINA plugin that will allow you to add some restrictions to what passwords are allowed (atleast 4 letters and 3 digits, no dictionary words, part of the username in the password i.e.).

    If you're looking for something to crack hashes I think JohnTheRipper (unix passwd cracker) can also crack LM hashes. Another option is to go for Rainbow crack. Read the exellent tutorial by 3rr0r here
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Apr 2004
    although you can use a program such as John the Ripper (with extensions)

    I dont advise to do that.
    You need a password quality program, not a password cracker program. A program that will show you a report with users and the text like "guessed" or "cracked" but NOT the password in clear text. Im, as client, really dislike a test that really show the password. It is not necessary to prove if the password is weak

    Or you can suggest to your customer to use a product like this:
    http://www.littlecatz.com/defender_info.html (never tested this although)
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    Senior Member
    Join Date
    May 2002
    Kudos to cacosapo, thanks for that info. I have suggested the client to use this program. I will let you know what turns up.
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  5. #5
    Senior Member
    Join Date
    Sep 2003
    From 3rrors report
    You shall no longer take things at second or third hand,
    nor look through the eyes of the dead...You shall listen to all
    sides and filter them for your self.
    -Walt Whitman-

  6. #6
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Boston, MA
    Cain and Abel is a pretty good one too...except that it might be picked up as a Trojan.

  7. #7
    Senior since the 3 dot era
    Join Date
    Nov 2001
    Like SirDice said, making restrictions on what kind of passwords that could be used is also a good step into more secure passwords.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts