apparently the passwords fed to it are at least not easy, if you are using the trial version it won't go through all the methods, especially brute force, and make sure you copied/imported the created by the sniffer. LC3 will crack the passwords given time with the full version, you could create a test account with a known password, make it an easy one, that is a regular word, jsut so you can see that it can be cracked. I've used LC3 the same method you are trying and successfully retreived about 25% of my network passwords, using the trial version, I immediately had those passwords expired and turned on Use Strong Passwords enforcement, the easy passwords won't happen again, but if you get the full version, install it on an unused system, and just let it run for a while, it will eventually crack the passwords using brute force, then by knowing how long it takes can give you an idea of how often you want to force password changes, I seem to recall seeing a faq about various lengths of time taken on dif systems, and some were exceeding 2 weeks of crunching. -----Original Message----- From: st0ff st0ff [mailto:if0ffat_private] Sent: Thursday, September 13, 2001 1:22 AM To: PEN-TESTat_private Subject: L0phtcrack 3.0 and W2K Hi all, i've collected enrypted passwords and usernames with the included sniffer feature in a W2K environment. In two days no password was cracked by LC. I guess there is is a problem to crack the new NTMLv2 encryption. Have anyone any idea how to crack these encryption? Regards if0ff __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 12:12:12 PDT