Modern Password Cracking
Before you learn how to use L0phtCrack with Win2K, it helps to understand how password cracking works in NT, and then extend that process to Win2K. (If you are already an expert NT password cracker, feel free to skip ahead.) NT stores a hash, but not the clear text password, of each user's password in the domain controller’s SAM database. If you're not familiar with the SAM, it is a Registry hive file found in %systemroot%\system32\config. Using your administrator authority, L0phtCrack pulls the hashes from the SAM and cracks the hashes by exploiting weaknesses in NT’s hashing algorithm.
To crack a password hash, L0phtCrack first performs a dictionary attack by iterating through a list of common words. L0phtCrack hashes each word in the list and compares that hash to the hash from the SAM. If the hashes match, L0phtCrack has the password. Once L0phtCrack exhausts the dictionary, it iterates through the word list again using a hybrid attack that adds combinations of a few characters to the beginning and end of each word prior to hashing. This attempt gleans any passwords that a user has created by simply appending random characters to a common word. Finally, L0phtcrack resorts to brute force to crack any remaining hashes, trying every possible combination of characters.
More information about : windows 2000 password crackers
Comments
Post a Comment