He guys,
I just checked the site on atstake and saw theres a new version out of this wonderfull md5 cracker. See this Press Release. For the lazy ones in here
Full Version: L0phtcrack.v5.00 Using Tables?
| CODE |
| Pre-Computed Password Tables - Audits in Minutes, Not Hours Traditional password auditing tools use one or more of three basic techniques for password auditing and recovery: dictionary, hybrid and brute force. Dictionary tools scan for words while hybrid tools scan combinations of both words and numbers. The brute force method, which can take days to run, scans an almost inconceivable number of letters, numbers and character combinations to root out passwords. "One of the unique differentiators of this release of LC 5 Administrator Edition is the inclusion of pre-computed passwords," said Charles Kolodgy, research director for security products at IDC. "Normally brute force audits to discover weak passwords can take days, with only a small portion of the total number of passwords being checked. Now with @stake providing an immense library of pre-computed passwords, it is possible to emulate brute force password audit techniques, but conduct them in a fraction of the time. LC 5 can conduct traditional brute force scans as well, and includes foreign language dictionaries and character sets, allowing companies to scan for password vulnerabilities across the global enterprise." |
I think this means there's a possibilty to generate tables first, or there are tables included. Who knows but this is a good development.
Any comments?
Btw Unix is now supported!
It sounds like a great release... I knew it was released but didnt get into the details or changes. 
to quickly say:
you can either use rainbowcrack tables
or generate your own using l0pht
the basic summary is that l0pht5 is a lot better and more powerful, far better than the cmdline rainbowcrack
you can either use rainbowcrack tables
or generate your own using l0pht
the basic summary is that l0pht5 is a lot better and more powerful, far better than the cmdline rainbowcrack
I 'm getting it atm, I will review it a bit later 
They'll require username/password (which you have to pay for) in order to run a query/crack. They'll enforce this policy through a similar method that Half-Life uses for HL key and WONids.
Basically, you're not going to get access to it. Unless it actually lets you generate the tables on your own. Which will take weeks to do. Months if done for some of the harder passwords.
Basically, you're not going to get access to it. Unless it actually lets you generate the tables on your own. Which will take weeks to do. Months if done for some of the harder passwords.
There is a crack (keygen) for LC5 already... 
LC5 uses good old RainbowTables (rtgen.exe and rtsort.exe) for Hash Generation, nothing new...
But there is a GUI, so its more Comfortable
And you can Crack UNIX-Passwords now...
LC5 uses good old RainbowTables (rtgen.exe and rtsort.exe) for Hash Generation, nothing new...
But there is a GUI, so its more Comfortable
And you can Crack UNIX-Passwords now...
Ok, less of a rush now, I'll write a bit more:
The trial version of l0pht comes with just dictionary and hybrid options allowed.
There are several different versions of l0pht now, from simple one (can crack passwords) to more complex ones which will allow you to act upon the passwords that are weak in your domain (disable them etc).
The new tables option is indeed just like rainbowcrack, but it does offer a nice GUI and the ease of use that Rainbow crack doesnt have perhaps.
If you think about it, with a good dictionary and Rainbow tables enabled your cracks can be performed much better. However, a small warning, large numbers of passwords its actually slower to use tables than brute force (This is mentioned on the @stake site). I discovered this myself trying to rainbow crack 20'000 passwords was VERY slow.
Overall its a very impressive improvement, adds what needs to be added.
As to whether its faster... well, it does appear to run slightly faster (removed about 16hours off a limited symbol/alphanumeric crack - from about 9.5days to just under 9 on my machine). I also noticed nice things that were new:
<> A result of the cracks, saying how weak passwords were, how they were cracked and so forth
<> The ability to delete accounts from the list you put in (Like I removed my admin account, its pointless checking that against each new hash it generates when I know it wont be broken by that crack, I'm sure others have similar problems, small things like this help it speed up/more convient)
<>Pretty? Newer GUI
<>Better options
Regarding cracks, who knows... buy it if you want to use it legally... however I don't believe it uses a Half-life like system. It has a unique ID for each machine, however it does not authenticiate with the l0pht homepage (no outbound network conenctions detected by my firewall) so I guess a simple keygen or stolen key would work.
Final note is that it supposedly has the ability to remotely run itself on other clients, I didn't get a chance to test this, interested to know if it works (It crashed on my machine when I tried to run it and I wasn't too bothered - I might not have the licence to be fair)
The trial version of l0pht comes with just dictionary and hybrid options allowed.
There are several different versions of l0pht now, from simple one (can crack passwords) to more complex ones which will allow you to act upon the passwords that are weak in your domain (disable them etc).
The new tables option is indeed just like rainbowcrack, but it does offer a nice GUI and the ease of use that Rainbow crack doesnt have perhaps.
If you think about it, with a good dictionary and Rainbow tables enabled your cracks can be performed much better. However, a small warning, large numbers of passwords its actually slower to use tables than brute force (This is mentioned on the @stake site). I discovered this myself trying to rainbow crack 20'000 passwords was VERY slow.
Overall its a very impressive improvement, adds what needs to be added.
As to whether its faster... well, it does appear to run slightly faster (removed about 16hours off a limited symbol/alphanumeric crack - from about 9.5days to just under 9 on my machine). I also noticed nice things that were new:
<> A result of the cracks, saying how weak passwords were, how they were cracked and so forth
<> The ability to delete accounts from the list you put in (Like I removed my admin account, its pointless checking that against each new hash it generates when I know it wont be broken by that crack, I'm sure others have similar problems, small things like this help it speed up/more convient)
<>Pretty? Newer GUI
<>Better options
Regarding cracks, who knows... buy it if you want to use it legally... however I don't believe it uses a Half-life like system. It has a unique ID for each machine, however it does not authenticiate with the l0pht homepage (no outbound network conenctions detected by my firewall) so I guess a simple keygen or stolen key would work.
Final note is that it supposedly has the ability to remotely run itself on other clients, I didn't get a chance to test this, interested to know if it works (It crashed on my machine when I tried to run it and I wasn't too bothered - I might not have the licence to be fair)
i suggest checking out rainbow tables, its pretty cool.. blows l0phtcrack away if you have the entire table
| QUOTE |
In short, the RainbowCrack tool is a hash cracker. While a traditional brute force cracker try all possible plaintexts one by one in cracking time, RainbowCrack works in another way. It precompute all possible plaintext - ciphertext pairs in advance and store them in the file so called "rainbow table". It may take a long time to precompute the tables, but once the one time precomputation is finished, you will always be able to crack the ciphertext covered by the rainbow tables in seconds. |
supposedly only one person has compiled the entire rainbow table[ie. they can crack windows passwords in seconds no matter HOW COMLPICATED it may be]...
Im also working with another company who is abut 90% completed with the rainbow table, the final result of the table is expected around 120gb, which is a big ass table, but it will be a great tool to bring into corporations during security audits..
http://www.antsight.com/zsl/rainbowcrack/
| QUOTE (kevin007 @ May 19 2004, 05:03 PM) |
| Final note is that it supposedly has the ability to remotely run itself on other clients, I didn't get a chance to test this, interested to know if it works (It crashed on my machine when I tried to run it and I wasn't too bothered - I might not have the licence to be fair) |
I think you mean the option to retrieve pwdumps of remote machines with this tool.
If you install it, it will deliver the md5 hash to the lopthcrack5 program, i think.
Good review thouh!
do u know where lc5 can be found?
You even read my post?
Just visit the website!
Just visit the website!
| QUOTE (twistedps @ May 19 2004, 05:13 PM) |
| i suggest checking out rainbow tables, its pretty cool.. blows l0phtcrack away if you have the entire table |
perhaps you don't understand - l0phtcrack uses the rainbow tables (Or can make its own) and so just adds a GUI to the rainbow tables you've already made (Or are about to make)
Then:
| QUOTE |
I think you mean the option to retrieve pwdumps of remote machines with this tool. If you install it, it will deliver the md5 hash to the lopthcrack5 program, i think. Good review thouh! |
There is an option in the file menu "Create remote agent", which, I am guessing will do a similar task to the distributed programming before, ie create a .exe file which can be run on a remote computer to crack tables. I'd have to RTFM more before I could say that for certain tho
seein as there are many ppl here wanting the rainbow tables.. it would be easy for us all to band to gether to make small parts each and then send them to one central server for the others to get.
If the hosting is a problem i can host on my web server (100mbit US) or on a few smaller servers in sweeden (10mbit BBB).
Buz
If the hosting is a problem i can host on my web server (100mbit US) or on a few smaller servers in sweeden (10mbit BBB).
Buz
| QUOTE (buzzons @ May 20 2004, 06:51 AM) |
| seein as there are many ppl here wanting the rainbow tables.. it would be easy for us all to band to gether to make small parts each and then send them to one central server for the others to get. |
I like the idea...maybe others can join us..
Everyone have LC5 crack files (crack 15-day trial) ?
====
LC 5 offers many new features, including:
Automated and Schedulable Password Scanning
Windows and Unix Support
Remote System Scans from multiple domains
Multiple Assessment Methods
Rapid Processing with Pre-computed Password Tables
Multiple Dictionaries and International Characters
Password Quality Scoring
Enhanced Reporting
Remediation Options
illwill posted a crack on his website. Check it out .. www.illmob.org
you guys are horrible, and should at least help out @stake by buying the damn software.
i know a couple of guys who are from there, and i could never cheat them out of cracking their software. its too good to do that.
show some appreciation to some of the originals from l0pht and buy the damn version, or if you want a free solution try rainbowcrack as i mentioned before.
i know a couple of guys who are from there, and i could never cheat them out of cracking their software. its too good to do that.
show some appreciation to some of the originals from l0pht and buy the damn version, or if you want a free solution try rainbowcrack as i mentioned before.
Ok I scanned the thread and have yet to see it so I will have to add Cain & Able to the list of Kick A$$ software. With Cain you can use your Rainbow tables and this has been around for a while I know I have posted this before. Go to www.oxid.it and get a copy of Cain. It works with Rainbow Crack so you don't have to remake the tables (if you already have them). Basically it does what L0phtcrack dose but its free and nice to use. Cain lets you ARP poison and Spoof your MAC & IP so you can scan with cover. It also has nice Password filters so if you're new to this stuff the GUI will help ya allot.
My 2 Cents
Slimjim100
My 2 Cents
Slimjim100
the LC5 rtgen rainbow tables are not 100 % same as the rainbow rtgen
no idea what's exact difference is, but LC5 rtgen's generated tables are smaller than the ones from the Rainbow rtgen.
Also rtsort from the one , won't sort the tables from the other and vice versa.
rtdump isn't able to dump any info out of the LC5 tables
Anyone knows the exact difference ?
no idea what's exact difference is, but LC5 rtgen's generated tables are smaller than the ones from the Rainbow rtgen.
Also rtsort from the one , won't sort the tables from the other and vice versa.
rtdump isn't able to dump any info out of the LC5 tables
Anyone knows the exact difference ?
well the tables i made with all chars didnt take that long
maybe they've cut down on somthing/left somthing out? not sure
maybe they've cut down on somthing/left somthing out? not sure
What's really annoying is that there isn't any 'progress bar' when generating the tables....I let it run a whole night on a 3+ghz comp, and it said -nothing-, still taking 100%UC....but it didn't crash at all.
Maybe I'm doing something wrong ?
Another thing ...I've been unable to sniff a single ntlm hash with the built-in sniffer, while it's working perfectly with Cain&Abel. Again, what wrong did I do ?: I just selected the correct ethernet adapter and let it run for a few hours.
Thanks a lot for helping if you know any answers
Maybe I'm doing something wrong ?
Another thing ...I've been unable to sniff a single ntlm hash with the built-in sniffer, while it's working perfectly with Cain&Abel. Again, what wrong did I do ?: I just selected the correct ethernet adapter and let it run for a few hours.
Thanks a lot for helping if you know any answers
lol im on a 1.2 ghz, and it does all the chars within an hour,
id better check the way im doing it, but from reading about it on another site
it seems it takes ages
id better check the way im doing it, but from reading about it on another site
it seems it takes ages
trust me the LC5 rainbow table making program is a real piece of crap. Its just a shitily made GUI for it, has tons of restrictions, and the origonal rainbow cracking files are in there in the directory with it.
take the 5min to learn the parameters for it and do it the better way, thru dos, instead of this shitware slapped together in 5min so @stake could brag.
take the 5min to learn the parameters for it and do it the better way, thru dos, instead of this shitware slapped together in 5min so @stake could brag.
All,
Someone had mentioned "banding together" to generate tables in a short period of time. We have already done this on the Knoppix-STD forum. Some problems encountered were space limitations and table distribution methods.
You're all welcome to join us in the discussion:
http://www.knoppix-std.org/forum/viewtopic...ghlight=rainbow
Nulladd created a RainbowCrack Parameter Configuration utility which is very impressive. http://www.nulladd.tk/
-Scott
--
Someone had mentioned "banding together" to generate tables in a short period of time. We have already done this on the Knoppix-STD forum. Some problems encountered were space limitations and table distribution methods.
You're all welcome to join us in the discussion:
http://www.knoppix-std.org/forum/viewtopic...ghlight=rainbow
Nulladd created a RainbowCrack Parameter Configuration utility which is very impressive. http://www.nulladd.tk/
-Scott
--
I would like to see a group make the tables on DVD for Shipping and cost of disks. If anyone is doing this then let me know. I am sharing my tables for the cost of shipping and the cost of the blank DVD. I have LM Alpha-Numeric & LM Alpha on DVD (3 Gig). It usually cost around $8 USD to send it world wide. Well e-mail me if you have LM Alpha-Numeric-Symbol on DVD and want to share for a reasonable price.
Slimjim100
Slimjim100(at)hotmail.com
Slimjim100
Slimjim100(at)hotmail.com
I found out the difference between the LC5 rtgen tables and the rainbow project rtgen tables.
The ones from lc5 are compressed with zlib (zlib1.dll is needed for the exe)
I tested speed and the LC5 rtgen is more than 2 X faster than the original rtgen.
Also the tables are the half of size. I don't know if the increased speed is because of the zlib only.
The ones from lc5 are compressed with zlib (zlib1.dll is needed for the exe)
I tested speed and the LC5 rtgen is more than 2 X faster than the original rtgen.
Also the tables are the half of size. I don't know if the increased speed is because of the zlib only.
btw there's new gui version of rainbowcrack at oxid.it since today
edit: kickass, it shows the percent done as well while generating
edit: kickass, it shows the percent done as well while generating
For all of you who mentioned cracks go and re read the rules and next time I will suspend you from the site for good.
Hey guyz if u appreciate the demo version of LC5 buy it or leave it
DAMN
DAMN
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
