Here in this post we will see how we can use L0phtCrack to crack password hashes from Windows and UNIX systems. We will see how to use L0phtCrack for dumping passwords and also how it can be used to crack already dumped files. To begin with press “import” from main menu, following window will pop out in front of you.
Now as you can see there are several import options lets have our look on them one by one.
Import From Local Machine:
If you have selected this option then you don’t have to do anything than pressing “OK” button and L0phtCrack will automatically dump passwords from your system.
Import From Remote Machine:
Press add button then select type of system you want to dump password hashes and type IP address of target system. Then type user name and password of admin account, if you don’t know domain you can leave it blank.
Please note that L0phtCrack can only crack Windows 2K, 2003 and NT 4.0 remotely if your victim is using any other version of windows L0phtCrack will give you unknown type of authentication error. If your victim is running UNIX or Linux then it must be SSH enabled else L0phtCrack will not work.
Import from SAM file:
If you have copied SAM file from c:\windows\system32\config folder of any system you can import it to L0phtCrack for dumping and then cracking password. L0phtCrack will give you error if the SAM file is copied from a system in which “syskey” was enabled because at present L0phtCrack can’t dump syskey enabled SAM files. A solution to this is using pwdump for dumping passwords from syskey enabled system.
Import From LC4 File:
LC4 file is nothing but file that can be generated using L0phtCrack 4, so if you have any old dumped password file from L0phtCrack you can import it for cracking.
Import From pwdump File:
Pwdump is one of the most used password dumping tool for windows. It can practically dump password hashes from all versions of windows in L0phtCrack compatible format. You can dump passwords in following manner using pwdump.
E:\Tools>pwdump localhost > password.txt
E:\Tools>pwdump IP_address -u username -p password > password.txt
The user you are using must be of admin group with correct password.
Import From UNIX Shadow File:
Shadow file contains encrypted UNIX and Linux password. It gets created in “/etc” directory when you run “pwconv” command. It is done to protect password file. L0phtCrack is capable of running password attacks against UNIX and Linux passwords too and hence if you have a copy of shadow file you can import it to get cracked. To copy shadow file from UNIX and Linux you can type any of these following commands
[root@localhost~]#cp /etc/shadow .
[root@localhost~]#cp /etc/shadow “destination folder”
[root@localhost~]#cat etc/shadow > shadow.txt
Once importing is done, press begin button to start password cracking process. Next part to this will be last part of L0phtCrack tutorial and will focus on session management for password cracking. Till then if you have any difficulty using tool, you can ask. Thanks for reading, keep visiting.