Appendix
Registered LC4 users get free technical support by email. To get technical
support, you must include the Serial Number and Unlock Code from LC4's
Help ... About dialog in your email's Subject line, separated by two colons.
For example, a valid subject line might be,
Subject: Using International Dictionaries? 1e15f863::13fc7b05
Registered users can send their technical support questions to lc4@atstake.com.
Technical support is not provided for non-registered users.
When you install LC4, you must be logged into an account that has administrator
privileges. LC4 runs on Microsoft Windows operating systems, and has been
tested on Windows NT, Windows 2000, and Windows XP. Its minimum system requirements are the same as
those for the operating system on which you run it.
LC4 includes WinPcap software for packet capture and network analysis.
This package has shown some incompatibilities with PCMCIA network cards,
but good compatibility with other cards.
WinPcap: Copyright (c) 1999, 2000, Politecnico di Torino. All rights reserved.
WinPcap is further derived from LibPcap software, copyright (c) 1988,
1989, 1991, 1994, 1995, 1996, 1997 The Regents of the University of California.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that:
- source code distributions retain the above copyright notice and this
paragraph in its entirety
- distributions including binary code include the above copyright notice
and this paragraph in its entirety in the documentation or other materials
provided with the distribution
- all advertising materials mentioning features or use of this software display
the following acknowledgements: "This product includes software developed
by the Politecnico di Torino, and its contributors;" and "This product
includes software developed by the University of California, Lawrence Berkeley
Laboratory and its contributors."
You may use a word list of your own for dictionary cracks. To do so, your
word list must consist of a single word on each line of a simple text-based
file, as in the following example:
apple
dog
cat
peach
The word list is not case sensitive, and will recognize both NT and Unix
formatted text files.
This section lists tools and information that may help in your password
auditing efforts. As always, exercise the appropriate diligence in evaluating
and using these resources.
Password security discussion areas
- NT bugtraq
- The Microsoft focus area at SecurityFocus.com
- Usenet newsgroups on Windows NT administration:
- comp.os.ms-windows.nt.admin.security
- comp.os.ms-windows.nt.admin.networking
- comp.os.ms-windows.nt.admin.misc
pwdump3
As mentioned above, pwdump3
updates pwdump2
to allow remote access to the password database on SYSKEY protected systems,
and is available for free from e-business technology, Inc. Its output is
a similar format to the .lc format which L0phtCrack 2.5 used. LC4 can import
files pwdump3 outputs.
Password Reset Utility
As mentioned above, you must have access to at least one administrator
account on a Windows 2000 machine in order to obtain password hashes from
it, whether you use pwdump3, or LC4's own 'Import From Local Machine' feature.
If you don't, your only way to access the machine may be through a password
reset utility such as the following: http://home.eunet.no/~pnordahl/ntpasswd/
Source Code
L0phtCrack 1.5 is available in an open
source version. Note, however that LC4 is about four times faster than
the L0phtCrack 1.5, due to optimization. The source version is essentially
a researcherÆs version, made available to share information about
how the password auditing works. ItÆs not intended as an audit tool for
production environments.
NTFSDOS
NTFSDOS
is useful free utility for booting your system from a floppy to gain read-only
access to your hard disk's files. This can be useful for accessing a SAM
file (although SYSKEY-protected SAMs will not be auditable in LC4).
LC4 was developed by Rob Cheyne. Previous L0phtCrack authors are
Peiter Mudge Zatko, Chris Wysopal, and Dildog.
|