Penetration Testing mailing list archives

Re: A L0phCrack Alternative

From: "Saif El Sherei" <SSherei () npcegypt com>
Date: Fri, 10 Dec 2010 11:30:07 +0200

Hello,

Well it depends on the method you're aiming to follow John the ripper tries to break the hash which can take allot of 
time depending on the password complexity settings. You can also use rainbow tables which I think lophtcrack  uses, 
which stores password hashed on the rainbow table file and then try to match the input hash to one in the rainbow 
table, which actually is allot less time consuming if you have a good hash table file. 

Regards,

Saif
OSCP

Sent from my iPhone. 

On Dec 10, 2010, at 9:38 AM, "Paul Halliday" <paul.halliday () gmail com> wrote:

On Tue, Dec 7, 2010 at 3:42 PM,  <olufemimogaji () gmail com> wrote:

Hello All,

I recently used a trial version of L0phtCrack to perform a password audit of the user accounts in my company's 
active directory. It worked great, revealing all the weak passwords that users had. The only problem is that it's a  
trial version, and the full versions are just so expensive

Does anyone know about an open source/free alternative that works ok, even if not as good as L0phtcrack. I'll truly 
appreciate any > > tips on this.


There was a good diary entry on SANS recently about this subject:

http://www.isc.sans.org/diary.html?date=2010-11-26

Might be some useful tidbits in there for you.

-- 
Paul Halliday
Ideation | Individualization | Learner | Achiever | Analytical
http://www.pintumbler.org

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

A L0phCrack Alternative olufemimogaji (Dec 07)
- RE: A L0phCrack Alternative Tom Steele (Dec 07)
  - Re: A L0phCrack Alternative Augusto Pereyra (Dec 07)
  - services.exe modifying synattackprotect? techlists (Dec 10)
    - Re: services.exe modifying synattackprotect? Christophe Vandeplas (Dec 10)
    - RE: services.exe modifying synattackprotect? Style War (Dec 11)
  - RE: A L0phCrack Alternative Paul Griggs (Dec 10)
    - RE: A L0phCrack Alternative Demetris Papapetrou (Dec 10)
- Re: A L0phCrack Alternative Paul Halliday (Dec 09)
  - Re: A L0phCrack Alternative Saif El Sherei (Dec 10)
- Re: A L0phCrack Alternative Syed Khaden (Dec 09)
- Re: A L0phCrack Alternative Alla Bezroutchko (Dec 09)