L0phtCrack

Last updated
L0phtCrack
Developer(s) Peiter Zatko (Mudge), Chris Wysopal (Weld Pond), Christien Rioux (DilDog), Rob Cheyne, Ian Melven
Stable release
7.2.0 [1]
Repository
Operating system Microsoft Windows
Type Password Cracking, Operating System Audit
License A combination of multiple Open Source licenses [2]
Website l0phtcrack

L0phtCrack is a password auditing and recovery application originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables. [3]

The initial version was released in the Spring of 1997. [4]

The application was produced by @stake after the L0pht merged with @stake in 2000. @stake was then acquired by Symantec in 2004. [5] Symantec later stopped selling this tool to new customers, citing US Government export regulations, and discontinued support in December 2006. [3] [6]

In January 2009, L0phtCrack was acquired by the original authors Zatko, Wysopal, and Rioux from Symantec. L0phtCrack 6 was announced on 11 March 2009 at the SOURCE Boston Conference. [7] L0phtCrack 6 contains support for 64-bit Windows platforms as well as upgraded rainbow tables support. [8] L0phtCrack 7 was released on 30 August 2016, seven years after the previous release. [9] L0phtCrack 7 supports GPU cracking, increasing performance up to 500 times that of previous versions. [10]

On April 21, 2020, Terahash [11] announced it had acquired L0phtCrack. Details of the sale were not released.

On July 1, 2021 L0pht Holdings, LLC repossessed L0phtCrack after Terahash defaulted on its instalment sale loan. The current owners announced that they were exploring open source options for L0phtcrack. Due to commercial libraries existing within the software this may take some time. [12]

On October 17, 2021 L0phtCrack version 7.2.0 was released open-source, with different portions of the software being published under different licenses. [13] [14]

Related Research Articles

<span class="mw-page-title-main">L0pht</span> American hacker collective

L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. The L0pht was one of the first viable hackerspaces in the US, and a pioneer of responsible disclosure. The group famously testified in front of Congress in 1998 on the topic of ‘Weak Computer Security in Government’.

<span class="mw-page-title-main">Gen Digital</span> Multinational software company

Gen Digital Inc. is a multinational software company co-headquartered in Tempe, Arizona and Prague, Czech Republic. The company provides cybersecurity software and services. Gen is a Fortune 500 company and a member of the S&P 500 stock-market index. The company also has development centers in Pune, Chennai and Bangalore. Its portfolio includes Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner.

<span class="mw-page-title-main">TrueCrypt</span> Discontinued source-available disk encryption utility

TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device.

sudo Command on Unix systems to temporarily assume root privileges

sudo is a program for Unix-like computer operating systems that enables users to run programs with the security privileges of another user, by default the superuser. It originally stood for "superuser do", as that was all it did, and it is its most common usage; however, the official Sudo project page lists it as "su 'do'". The current Linux manual pages for su define it as "substitute user", making the correct meaning of sudo "substitute user, do", because sudo can run a command as other users as well.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

LAN Manager is a discontinued network operating system (NOS) available from multiple vendors and developed by Microsoft in cooperation with 3Com Corporation. It was designed to succeed 3Com's 3+Share network server software which ran atop a heavily modified version of MS-DOS.

<span class="mw-page-title-main">Norton Utilities</span> Computer utility software

Norton Utilities is a utility software suite designed to help analyze, configure, optimize and maintain a computer. The latest version of the original series of Norton Utilities is Norton Utilities 16 for Windows XP/Vista/7/8 was released 26 October 2012.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the Norton 360 security suite.

Christien Rioux, also known by his handle DilDog, is the co-founder and chief scientist for the Burlington, Massachusetts based company Veracode, for which he is the main patent holder.

<span class="mw-page-title-main">Peiter Zatko</span> American computer security expert

Peiter C. Zatko, better known as Mudge, is an American network security expert, open source programmer, writer, and hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the computer and culture hacking cooperative the Cult of the Dead Cow.

<span class="mw-page-title-main">Chris Wysopal</span> American computer security expert

Chris Wysopal is an entrepreneur, computer security expert and co-founder and CTO of Veracode. He was a member of the high-profile hacker think tank the L0pht where he was a vulnerability researcher.

ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures and Ted Julian. Its initial core team of technologists included Dan Geer and the east coast security team from Cambridge Technology Partners.

In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of packet capture, that is not the API's proper name. Unix-like systems implement pcap in the libpcap library; for Windows, there is a port of libpcap named WinPcap that is no longer supported or developed, and a port named Npcap for Windows 7 and later that is still supported.

SMBRelay and SMBRelay2 are computer programs that can be used to carry out SMB man-in-the-middle (mitm) attacks on Windows machines. They were written by Sir Dystic of Cult of the Dead Cow (cDc) and released March 21, 2001 at the @lantacon convention in Atlanta, Georgia. More than seven years after its release, Microsoft released a patch that fixed the hole exploited by SMBRelay. This fix only fixes the vulnerability when the SMB is reflected back to the client. If it is forwarded to another host, the vulnerability can be still exploited.

Sub7, or SubSeven or Sub7Server, is a Trojan horse program originally released in February 1999. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven". As of June 2021, the development of Sub7 is being continued.

Cain and Abel was a password recovery tool for Microsoft Windows. It could recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks. Cryptanalysis attacks were done via rainbow tables which could be generated with the winrtgen.exe program provided with Cain and Abel. Cain and Abel was maintained by Massimiliano Montoro and Sean Babcock.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, it provides SaaS application security that integrates application analysis into development pipelines.

<span class="mw-page-title-main">VeraCrypt</span> Free and open-source disk encryption utility

VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.

<span class="mw-page-title-main">Bitwarden</span> Open-source password manager

Bitwarden is a freemium open-source password management service that stores sensitive information, such as website credentials, in an encrypted vault. The platform offers a variety of client applications, including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface. Bitwarden offers a free US or European cloud-hosted service as well as the ability to self-host.

References

  1. Error: Unable to display the reference properly. See the documentation for details.
  2. "tools/releasetool/installer/license.txt". 2021-10-16. Retrieved 2024-05-11.
  3. 1 2 "L0phtCrack". sectools.org. Retrieved 2024-05-11.
  4. Lange, Larry (1997-04-15). "Hackers keep the heat on Windows NT security". eeTimes. Archived from the original on 1998-12-05. Retrieved 2024-05-11.
  5. Fisher, Dennis (2004-09-16). "Symantec Buys Security Consulting Pioneer @stake". eWeek. Retrieved 2024-05-11.
  6. Naraine, Ryan (2006-03-08). "Symantec Pulls Plug on L0phtCrack". eWeek. Retrieved 2024-05-11.
  7. "New version of L0phtcrack to be unveiled next week". Infosecurity Magazine. 2009-03-03. Retrieved 2024-05-11.
  8. Goodin, Dan (2009-05-27). "Seminal password tool rises from Symantec ashes". The Register . Retrieved 2024-05-11.
  9. Millman, Rene (2016-09-01). "New version of L0phtCrack makes cracking Windows passwords easier than ever". SC Magazine UK. Archived from the original on 2017-06-08.
  10. Fisher, Dennis (2016-08-30). "L0phtCrack 7 Shows Windows Passwords Easier to Crack Now Than 20 Years Ago". onthewire . Archived from the original on 2017-08-10. Retrieved 2024-05-11.
  11. "Terahash Acquires L0phtCrack". Archived from the original on 2020-04-21. Retrieved 2024-05-11.
  12. "Changes for L0phtCrack". 2021-07-26. Archived from the original on 2021-09-23.
  13. Rioux, Christien (2021-10-17). "update license and credits (25f681c0)" . Retrieved 2024-05-11.
  14. Kovacs, Eduard (2021-10-18). "Password Auditing Tool L0phtCrack Released as Open Source". SecurityWeek.com. Archived from the original on 2021-10-19. Retrieved 2024-05-11.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.