L0phtCrack is known as best windows password auditing tool. It can be used by network/system administrator for auditing weak passwords and can also help a hacker to recover password from password hashes. Using L0phtCrack is not a rocket science but still I found there are many who always got stuck with a problem using this awesome tool.
This tutorial aims at those who are very new to password cracking using a tools. So lets begin with those who are using this tool for very first time.
This tutorial aims at those who are very new to password cracking using a tools. So lets begin with those who are using this tool for very first time.
When you'll open L0phtCrack for very first time you will be presented with first run wizard. For first time let wizard guide you through password cracking cycle.
If you don't wish to see wizard from next time select check box, “Don't show me this wizard on start up”, press next.
Now you'll be presented with four options to get encrypted password
1.Retrieve from local machine:
Means retrieve password from your own machine for auditing. As a beginner we will be having our look on this section for now.
2.Retrieve from remote machine:
If you are network administrator working with some specific domain of computers and you have a network which grants remote access to its users then and only then this option is helpful to you. Password retrieval and cracking will be same as other option the only extra thing you have to do here is provide administrator username and password along with domain name to which connection will be established.
3.Retrieve from NT 4.0 Emergency Disk:
You might be knowing when we talk about windows NT 4.0 today that only means windows 2000 server. When repaired it stores a copy of SAM file as SAM._ in C:\Windows\repair which can be used for auditing. You can use this option to retrieve passwords from this file.
4.Retrieve by sniffing network:
If you want to sniff password hashes from network use this option. L0phtCrack provides an inbuilt Wincap tool to sniff around network to grab password hashes.
In next window you'll be presented with type of password audit you want to apply on password hashes. That is what kinda password attack L0phtCrack should use against password hashes. Quick and Common password audit will check password against weak passwords where as strong password audit will check password with brute force and hybrid attack, click here to know more about types of password attack. You can also select custom attack type in which you can specify how many types of password attack you want apply on password hashes. If you are beginner then currently don't bother about custom settings, we will discus it later. Assuming you are using weak passwords for first audit we will select any one of first two options.
Next you'll be presented with screen which will ask you to select which options should appear with final audit report. No matter how much experienced you are or nerd I would recommend let all options checked. If you want to save this setting as default then save it and press finish.
Your final audit report will appear like this, look carefully on report and how it is displayed, it is self explanatory. Have any problem auditing using L0phtCrack for first time feel free to ask. Thanks for reading and keep visiting.
No comments:
Post a Comment