[HN Gopher] L0phtCrack Is Now Open Source
___________________________________________________________________
L0phtCrack Is Now Open Source
Author : rbanffy
Score : 413 points
Date : 2021-10-17 23:17 UTC (23 hours ago)
(HTM) web link (l0phtcrack.gitlab.io)
(TXT) w3m dump (l0phtcrack.gitlab.io)
| passwordreset wrote:
| I remember that the binary for L0phtCrack had some sort of
| software protection included with it, and it took a 1-bit change
| to be cracked, itself -- a 0x74 to 0x75, iirc (or 0x74 to 0xEB if
| you're a stickler for doing it right). I don't remember exactly
| what the protection was, maybe there was some sort of password
| count limit or time limit. It was a long time ago. I just
| remember being a little disappointed that it was that easy.
| atatatat wrote:
| Know your target market.
| someperson wrote:
| > L0phtCrack is a password auditing and recovery application
| originally produced by Mudge from L0pht Heavy Industries. It is
| used to test password strength and sometimes to recover lost
| Microsoft Windows passwords, by using dictionary, brute-force,
| hybrid attacks, and rainbow tables.
|
| - Wikipedia
| Ajedi32 wrote:
| So it's a hash cracking tool? How does it compare to Hashcat?
| Any notable distinguishing features?
| ukd1 wrote:
| It's a part of it, also open-source
| https://gitlab.com/l0phtcrack/hashcatdll
| bayesian_horse wrote:
| Thank you...
| [deleted]
| [deleted]
| sam345 wrote:
| Thanks. Wonder why they can't put a description on the GitHub
| page?
| mlang23 wrote:
| I envy you for your age... There was a time when _everyone_
| and _their dog_ knew what L0phtCrack was.
| sigg3 wrote:
| Obviously they should have.
|
| But it's like the Elvis Presley of password crackers.
| onionisafruit wrote:
| What's the Big Mama Thornton of password crackers?
| trevcanhuman wrote:
| Yeah, the repos don't even have a useful README, at least to
| understand whatever the software does...
| 300bps wrote:
| It's a widely known password auditing tool that's been
| around for 24 years.
| someperson wrote:
| I have been following programming and technology for
| decades and I had never heard of it.
|
| Every project should have a concise (one or two sentence)
| description in the GitHub README and the website's
| homepage. Even the most well-known tools.
| justshowpost wrote:
| They are not at github even, doh...
| kortilla wrote:
| Only if you care about onboarding people not familiar
| with the industry (security in this case). This is not a
| given for many devs.
| 10x-dev wrote:
| It's a cracking tool. If you never needed to crack NTLM
| passwords or bruteforce windows shared folder passwords
| over dialup, you might not have heard about it in the
| casual technology news.
| washadjeffmad wrote:
| Do you ever make it to DC or Blackhat? Not having to
| introduce/advertise who you are or what your tools do is
| part of the scene.
| jeppesen-io wrote:
| Ideally so, but if you've never of heard of this tool,
| you need to expand your news sources for many reasons.
| This is just a symptom
| selcuka wrote:
| This is assuming that everybody has an interest in
| cybersecurity. I can come up with equally well known (in
| specific circles) tools that you may not have heard of.
| mydeskistoosm wrote:
| Can you suggest some news sources?
| da_chicken wrote:
| I agree they should have a description in the readme, as
| a courtesy if nothing else.
|
| But L0phtCrack is a very well known tool. If you've never
| heard of it and have been following security stuff for
| decades, that's really on you.
| philh wrote:
| What do you mean by "that's really on you"? I'd normally
| interpret it as something like... "this is a state of
| affairs that would be different if you'd acted
| differently, and you knew or could have been able to know
| this in advance". Along those lines, anyway. But not
| having heard about a tool doesn't really seem to fit
| that.
| ziddoap wrote:
| > _What do you mean by "that's really on you"?_
|
| At some point, a tool is so ubiquitous that it's just
| _odd_ to not have encountered it. You don 't see many
| accountants that haven't heard of Excel, webdevs that
| haven't heard of Apache, construction workers that
| haven't heard of a hammer, or cybersec workers who
| haven't heard of L0phtCrack.
| da_chicken wrote:
| It means it's their fault because they clearly were not
| paying attention or their memory has failed them.
|
| L0phtCrack has been decreasingly relevant in the past 10
| years or so -- it wasn't available for awhile and some
| free tools are similar so you were basically buying the
| rainbow tables -- but if you were in security in the
| Windows 2000 or Windows XP era, you know of this tool.
| There was a lot of discussion for years around and about
| password crackers after rainbow tables became a thing.
|
| It's not like not knowing what Wireshark or nmap is, but
| it is like saying that you've never even heard of Kismet
| or John the Ripper. Or like being a DBA for decades that
| never heard of Informix. Or a programmer for "decades"
| that has never even _heard_ of Delphi. Like what were you
| doing in the early 2000s to have completely missed the
| death of Borland and Pascal and the popular variants?
| These are big enough events in the industry that if you
| 're in it you're going to be aware of it.
| Kikawala wrote:
| README.md should be renamed to BUILD.md; check under doc/
| for a useful description.
| beermonster wrote:
| A trip down memory lane!
| Haemm0r wrote:
| About the same time as the oxid.it (page is not the original
| anymore) tools..
| AdrianB1 wrote:
| I used it in ~ 1999-2000 to check password strength in the
| company I worked for; it was running for 1 minute, for any
| password that was recovered the owner got a notice to change it
| immediately. Initially 50% of the passwords were the username and
| more than 50% were up tp 5 characters long. At that time an 8
| char min length was "safe enough" for a company that had no
| sensitive data other than the payroll.
| vptr wrote:
| Dang this does bring back the memories. What was the other tool I
| used a lot for reversing. Something ice something... softice
| debugger. That was also a piece of art.
| [deleted]
| lostlogin wrote:
| Thought you were summoning the mod for a minute there.
| mindcrime wrote:
| Ia R'lyea! dang ftagn! Ia! Ia!
| sharmin123 wrote:
| Are There Top Signs of a Cheating Lover? What To do Then?:
| https://www.hackerslist.co/are-there-top-signs-of-a-cheating...
| Zenst wrote:
| I recall running this on a dual core Celron (BP6 dual socket
| motherboard) over-clocked back in the day to get 1Ghz `testing`
| power. Fun times.
| dagw wrote:
| Ah I remember that setup. The fact that 'normal' people could
| actually afford a 1Ghz computer was mind blowing.
| rbanffy wrote:
| I remember that motherboard :-). Cheapest dual socket setup
| you could get.
| throwaway984393 wrote:
| _ _ ((___))
| [ x x ] __________________________ \ /
| _ _/ Thanx DilDog!! \ (' ')
| \__________________________/ (U)
| loxias wrote:
| If yoU were a teenager at the right time, the L0pht, et al.
| were _crUcial_ in nUdging the next decades of yoUr life.
|
| I'm sUre I'm not alone in having fond memories seeing this. :)
|
| PS: (2 decades since Boston madness!)
| mydeskistoosm wrote:
| you're doing something neat with your Us but I,
| unfortunately, came of age after lots of the cool times were
| over. All the hackers got jobs in industry and it feels like
| if I poke anything that isn't hackthebox I'll either A. have
| the FBI up my ass immediately or worse, B. have created a
| record somewhere of having committed one felony or another
| that will appear at an appropriate time for someone else and
| inappropriate time for me.
| baremetal wrote:
| set up your own testing environments.
| arendtio wrote:
| As long as your country allows you to even own the
| tools...
| dpwm wrote:
| Which countries don't?
| arendtio wrote:
| I have no idea about the global situation, but in Germany
| there was a lot of discussion when they introduced SS202c
| StGb 15 years ago.
|
| - https://www.schneier.com/blog/archives/2007/08/new_germ
| an_ha...
|
| - https://www.gesetze-im-internet.de/stgb/__202c.html
|
| However, it seems it is not about owning the tools, but
| rather about creating them.
| DeathArrow wrote:
| You've surely heard about Tor, socks proxies, VPNs, SSH
| tunnels.
| Communitivity wrote:
| If I am online, I assume some entity somewhere can
| maliciously access what I am doing. My goal is to secure
| it enough so that entity has to be a state actor. Tor is
| not a silver bullet, even if used properly, because
| anyone (including state actors) can stand up a Tor node:
| https://nusenu.medium.com/tracking-one-year-of-malicious-
| tor...
| PeterisP wrote:
| This comes up at "have created a record somewhere of
| having committed one felony or another that will appear
| at an appropriate time for someone else and inappropriate
| time for me."
|
| I.e. you make one opsec mistake now, nobody's perfect -
| and then many years later when someone will finally care,
| this will be used to identify you, there's loads of
| examples like that of investigations/convictions where
| the people did know how to use "Tor, socks proxies, VPNs,
| SSH tunnels" and used them properly _almost_ always.
| JTbane wrote:
| Tor is very slow, and VPNs will rat you out immediately.
| lazide wrote:
| But which ones are really setup by the NSA to get said
| evidence that will be inconvenient for him at some point
| in the future? (I suspect Tor, and at least a few of the
| commercial VPN providers)
| DeathArrow wrote:
| It might be true. But what if you chain multiple
| defenses, each one in states that do not get well with
| each other? Every investigation will need collaboration.
| lazide wrote:
| True, but your last hop to you is usually the most
| important one. It's all about a risk analysis on how
| likely and cheap it would be to use it vs the cost to you
| if someone does. And keeping in mind that a lot of these
| agencies have to burn their budget or risk losing it.
| hungrigekatze wrote:
| Some recent news out of the commercial VPN universe...
| From a cryptographer professor at Johns Hopkins: https://
| twitter.com/matthew_d_green/status/14493567426896896...
| Kape, an Israeli 'adware' company that renamed itself to
| distance itself from its prior history as an adware
| company, recently bought up ExpressVPN and several other
| services and rebranded itself as a VPN services company.
| Kape also bought VPN ranking websites and juiced the
| rankings (into positions #1 and #2) for the VPN companies
| that it just bought: https://restoreprivacy.com/kape-
| technologies-owns-expressvpn... I suspect that Kape is
| probably a CryptoAG repeat -
| https://en.wikipedia.org/wiki/Crypto_AG - and is doing
| double duty for the US IC along with the Israelis, but it
| could be just a pure Israeli shop too.
| sizzle wrote:
| Oof, what VPN is the best for privacy nowadays?
| wiz21c wrote:
| The CryptoAG story is super interesting for seeing how
| super powers handle the issue, thx for the wikipedia.
| TedDoesntTalk wrote:
| It all changed after the Computer Fraud and Abuse Act (CFAA)
| passed in 1986. Before that, there were no federal crimes
| against hacking. I don't remember any state statutes, either,
| but there may have been some scattered around here and there.
| My state certainly did not have any or I'd have been in
| "juvi".
| arminiusreturns wrote:
| Thanks cDc for being an inspiration all my years of computing.
| hexman wrote:
| ... DilDog is this you?
| poopsmithe wrote:
| Ah yes, the trusty info site and code repository with no
| explanation of _what_ the software does.
| claytongulick wrote:
| For many HN readers l0phtCrack is iconic, and so needs no
| introduction.
|
| FYI though, it was a password brute force tool that many of us
| used for various (mostly innocent) myschevios purposes 15-20
| years ago.
| beermonster wrote:
| L0phtCrack is a password auditing and recovery application
| originally produced by Mudge.
| 0x0nyandesu wrote:
| I got expelled from high school because of this program.
|
| I'm a millionaire now though so _shrug_
| skhm wrote:
| I was a hair's breadth away from expulsion too - exfiltrated
| .sam files from a PC in the library on a 3.5" floppy. Seems to
| be quite common experience judging by this thread.
|
| Why did we all get caught? Smart enough to figure that out in
| your teens, dumb enough to think you can get away with it...
|
| In my case I was operating with a dumbass friend who left a
| "calling card" on one of the compromised machines.
| 0x0nyandesu wrote:
| To be honest I fessed up for no reason. All they knew was I
| logged in to some box. I could have made some stuff up about
| doing some legitimate work and I'd probably have gotten away
| with it. At the time I was extremely naive and dumb. My
| advice to kids is not to stop doing things but to simply
| downplay what you were doing. "No I wasn't hacking. I was
| securing the system." Etc. Come up with plausible reasons and
| the benefit of doubt will generally keep things from
| escalating beyond the IT staff. Once admins start talking
| about hacking you've lost the war of words.
|
| It's as much social engineering as anything else.
| nirv wrote:
| I didn't get caught.
|
| But as a result of my demonstrative flexing cyber-security
| activity -- I was granted with 'root' credentials on the
| school's SUSE Linux server... Which apparently at the same time
| was used as an ISP router for an entire city block.
|
| This granted responsibility, unsurprisingly, turned out to be
| an extremely effective step to cool my eagerness to hack into
| all things.
| hbn wrote:
| Congrats, how did you do it?
| 0x0nyandesu wrote:
| Combination of 401k growth, having a six figure income,
| cryptocurrency investments, and early investment in AMD and
| TSLA and a few side income streams.
| mike_d wrote:
| Sounds like you owe your success more to WallStreetBets
| than hacking.
| 0x0nyandesu wrote:
| Eh I mined a lot of it and it's thanks to my computer
| skills that I was able to do so. Most of it was from
| that.
|
| Also my stock positions predate wsb by like 7 years.
| kmos wrote:
| Thanks for sharing.
| girvo wrote:
| They tried to expel me for this (among other) reason(s) too,
| though the Vice Principal went to bat for me and instead I was
| banned from using any computers on school property for the last
| couple years of high school instead.
| skhm wrote:
| Very similar experience - in the end no police, and I just
| had to stay back and write a long essay on why hacking is
| wrong (pretty sure I was an edgelord about it and wrote
| something nuanced about white-hatting...)
| Svperstar wrote:
| Back in like 1998 or 1999 I used L0phtCrack to get the admin
| password to the PCs in the computer lab. Good times :)
| weq wrote:
| Combine this with a IIS3 exploit and a ip scanner you coded for
| fun and you make that labs all around the world :)
| short12 wrote:
| Or the big red button admin bypass. If I remember right ms
| patched that vuln but then it would just act like it was
| winnuked instead. Bravo Microsoft. They really are fun to
| make fun of looking back at their record for security
|
| Good times were had by non-sysadmins around the world
| oscribinn wrote:
| Calling yourself "dildog" is pretty fucking cool.
| boppo1 wrote:
| I don't get it. Dill pickle dog?
| quickthrowman wrote:
| Dildo G
| naltun wrote:
| The story of L0phtCrack, as well as other people / projects
| associated with cDc (Cult of the Dead Cow), is nicely recounted
| in the book Cult of the Dead Cow, by Joseph Menn.
| Havoc wrote:
| I loved their choice of names.
| Communitivity wrote:
| I haven't thought about Mudge in a long time. If you've ever
| worked cybersecurity for the government, or in general, you owe
| him, Brian Oblivion, Space Rogue and the other members of L0pht
| for opening the door. They were pioneers of responsible
| disclosure, and brought the problem to light when they testified
| to Congress in 98 that in 30 minutes they could shut down the
| Internet. He and the others had uncovered DoS, specifically a BGP
| DoS that would automatically cascade across the Internet.
|
| Mudge was a musical prodigy and an alum of BBN, one of the key
| players in creating ARPAnet. His bio is fascinating, and you can
| find a good treatment of it here:
| https://www.cybersecurityeducationguides.org/peiter-zatko/
| brainwipe wrote:
| I don't work in infosec or gov but after reading that bio, I
| think we all owe him. Thanks for the tip.
| short12 wrote:
| I wonder what the reasoning for open sourcing it now. And why not
| from the get go instead of decades later. Licence choices are
| obviously up to the authors. But at this point it is more a
| museum relic than anything practical
| mike_d wrote:
| The rights to L0phtCrack were purchased about a year ago by a
| company that made password cracking rigs for large companies to
| audit their employees passwords. They filed bankruptcy due to
| the GPU shortage changing their COGS overnight. When payments
| stopped being made the license reverted back to the author and
| he open sourced it.
| kortilla wrote:
| This is the reason:
|
| > at this point it is more a museum relic than anything
| practical
| mydeskistoosm wrote:
| Were the records of payment a method to keep track of who
| might be using it?
| short12 wrote:
| Lol people paid for it? That was in the era of WinRAR and
| WinZip. There must be dozens of people that paid for those
| pieces of software
| px43 wrote:
| Shame what happened to Terrahash (previous owner of L0phtCrack).
| As someone who has purchased several Brutalis cracking rigs,
| those things were the most badass machines on the market.
|
| Looks like they sold and committed to a bunch of cracking rigs
| before sourcing enough GPUs right before prices skyrocketed, and
| were suddenly on the hook for a lot more than they could
| realistically pay for. Hopefully Jeremi manages to pull through.
| It's a fantastic company that makes a fantastic product. I'd love
| to buy some new rigs when they get their supply chain issues
| figured out.
|
| https://terahash.com/letter-from-ceo
| Invictus0 wrote:
| Wow, that is an extraordinary letter. A real case study in
| communication with customers.
| _wldu wrote:
| That's disappointing. They have some great systems. I hope they
| come through it OK.
| teleforce wrote:
| L0phtCrack was featured in the Phrack Magazine (53) inside an
| article written by Aleph1 on attacking PPTP, one of the oldest
| VPN protocols [1]. Prior to that, Aleph1 has written arguably the
| most famous article in Phrack Magazine (49) to date [2].
|
| [1] The Crumbling Tunnel:
|
| http://phrack.org/issues/53/12.html
|
| [2] Smashing The Stack For Fun And Profit:
|
| http://phrack.org/issues/49/14.html
| dagw wrote:
| _Aleph1 has written arguably the most famous article in Phrack
| Magazine_
|
| Given the number of people, including myself, who consider
| reading that article a truly formative experiences, you might
| argue it's one of the most famous/influential articles in
| programming.
| wiseleo wrote:
| I remember the l0pht bbs :)
| lvs wrote:
| At last, some actual hacker news!
| hestefisk wrote:
| Ahhh yes, this is a classic tool. Together with John the Ripper
| this forms the basis of lost sleep in my teenage years.
| DeathArrow wrote:
| I went from John the Ripper to L0phtCrack to Hash Cat. Now I want
| a Quantum computer because for some type of passwords even
| running Hash Cat on a big GPU farm is too slow because of hashing
| algorithms.
| isitdopamine wrote:
| Bad news is: a quantum computer will not crack hashes faster.
| john_alan wrote:
| It would reduce the output space of a cryptographic hash by
| its square root. That would help speed up attacks would it
| not?
| DaiPlusPlus wrote:
| Needs waaaaaaay more qubits than exist in the world right
| now.
| mydeskistoosm wrote:
| Is it even really relevant anymore?
| rhexs wrote:
| No. They seem to have been doing a few puff PR pieces recently.
| Can't imagine anyone under 30 knows or cares about them.
|
| I guess their main claim to fame was being the first "hacker"
| group to do PR moderately well and transition into decent
| careers. Not really even an interesting footnote in history.
| bleachedsleet wrote:
| I'm under 30 and certainly wouldn't relegate L0pht to a mere
| footnote in history.
| devin wrote:
| Nice to hear this. I'm late 30s, and l0pht was a huge
| inspiration to me.
| joemazerino wrote:
| L0pht put hacking and infosec on the map for arguably
| hundreds of people. They were and still are incredibly
| talented.
| travoc wrote:
| I would say they were the first group that got many Windows
| sysadmins to start thinking about OS security.
| sokoloff wrote:
| Indeed. I had the good fortune to work with DilDog before
| he co-founded Veracode. I count him in the top ten of
| talented co-workers across a three decade career.
| bloblaw wrote:
| I work with him now at his current gig. Totally agree.
| Constantly learning new things from him.
| hn_go_brrrrr wrote:
| I was going to object to your "under 30" quip, then realized
| I haven't been under 30 for quite a while. Oops.
| freedomben wrote:
| I'm in the same boat, and it's really amazing how quickly
| things change. I was explaining to a coworker the other day
| how much more optimistic we were in the 90s, and when he
| casually mentioned that he was born in 2000, I suddenly
| felt really old.
| rbanffy wrote:
| > I'm in the same boat, and it's really amazing how
| quickly things change.
|
| The number of candles on my birthday cake seems to change
| the fastest. I ask for hexadecimal whenever possible.
| mherdeg wrote:
| It's been disappointing to see that Beto O'Rourke doesn't
| get asked more questions about his present-day commitment
| to the Cult of the Dead Cow's agenda.
| jcims wrote:
| > Not really even an interesting footnote in history.
|
| This just feels like you have an axe to grind.
| rnd0 wrote:
| Having a bias is not the same thing as being wrong
| SGML_ROCKSTAR wrote:
| They testified in front of the U.S. Senate in 1998. That's
| more than a footnote might do, in my opinion.
|
| https://www.youtube.com/watch?v=VVJldn_MmMY
| thricegr8 wrote:
| Human, I'm 28, been in InfoSec for ~10 years. Granted, I was
| lucky enough to be interested in and peruse this as a
| professional branch when I graduated college in 2016. I am
| also an adjunct professor at my local university, where I
| make it a salient point to remind my students of the history
| of hacking. We talk about this still.
|
| I also start every semester off with the opening scene of
| Hackers - the best hacking movie ever made :)
| loxias wrote:
| > I'm 28 ... adjunct professor ... We talk about this
| still.
|
| I'm a decade older, and am relieved to see this.
|
| > Hackers - the best hacking movie ever made :)
|
| Counterpoint: _Sneakers_: _the thinking person 's hacking
| movie._
| claytongulick wrote:
| I still vote for Wargames :-)
| amiga wrote:
| Ferris Bueller's Day Off has some inspiring hacks :^)
| loxias wrote:
| Hah. That it does! I like the parallel with "Die Hard is
| the best Christmas movie".
| mavhc wrote:
| Everyone knows Brazil is the best christmas movie
| randombits0 wrote:
| That's got data encrypting algorithms, you'll never get
| through that!
| rbanffy wrote:
| > Counterpoint: _Sneakers_: the thinking person's hacking
| movie.
|
| Lacks the soundtrack. I always work to music to help
| focus.
| cholmon wrote:
| Lacks? No way. Sneakers' score features Branford
| Marsalis, which is very different feel to Hackers (which
| is also great), but imo very evocative of the the
| playfulness, mystery, & intrigue of the crypto storyline.
| rbanffy wrote:
| Both have good soundtracks, but Hackers is still better.
| ;-)
| spitfire wrote:
| > I also start every semester off with the opening scene of
| Hackers - the best hacking movie ever made :)
|
| _Great_ soundtrack. Respect.
| k1rcher wrote:
| Under 30 here and have only ever seen Hashcat as the
| predominantly used software for cracking hashes
| dapids wrote:
| If you care about the history of the scene you'll know the
| name regardless of your age.
| mydeskistoosm wrote:
| Would you do a guy a favor and lay some links or at least
| breadcrumbs such that I might start learning my history?
| I'm picking up programming at a relatively advanced age
| (31) and don't have the time to do deep hunts for stuff
| like I did when I was in my 20s BUT I want to keep security
| right in mind as I write everything I make.
| thrashtitan wrote:
| ahh..this is i feel going to be a controversial take, but
| it isnt said with malice.
|
| the history of mudge and l0pht are more interesting than
| they are useful. if you want to get 202X security chops
| though, digging up the past isnt really the way. its more
| of a thing to do a deep dive into because youre
| interested, not because you expect anything out of it.
|
| there are other researchers like gruqg who chronicle the
| exploits of old teams like l0pht and ACIDBITCHEZ under
| the guise of teaching the new wave about LOL hacking
| (living off the land), but i personally think they are
| doing it more for the reasons one writes a history book;
| cause its interesting.
|
| if you want to learn LOL, read mandiant APT markers.
| thats how modern hacking is done, its really not at all
| like it used to be. i myself am happy to offer the
| following ocunterpoint though; the number one ranked
| hackerone bugbounty is dawgyg, an ex blackhat whose come
| in and dominated the bb scene in a huge way. i counter my
| counter point with the thousands of guys who make a solid
| living doing bug bounty who do not posess the old skills.
| they arent a requirement to make it in modern sec,
| because things are just different.
|
| they were a bunch of badass cowboys who became the first
| to "make it". big boy jobs, wide spread respect in the
| community, inspiring a generation like egypt etc who went
| on to do metasploit work.
|
| i am keen as a BEAN for grugqs book to come out, because
| to me, its fascinating, interesting and inspiring. mudge
| has been my personal hero since i found out about him
| when i was in highschool, but that was long after their
| reign was done and they were corporate.
|
| i think the following anology works well too; lopht are
| comparable to van halen; when they both burst onto their
| scenes, almost noone else was doing what they did, and
| noone else before had gotten as big.
|
| but time marches on, and other people do something new,
| and suddenly evh isnt as flashy as the new crop.
| GekkePrutser wrote:
| Yeah I thought hashcat pretty much superseded it, especially
| with its amazing GPU acceleration.
|
| Nevertheless, nice of them to open source it.
| zuminator wrote:
| I remember the app but never knew how to pronounce it -- it
| sounded like (record-scratch)-Crack, or maybe Bill the Cat, in my
| head. Light? Loft? Lowpft?
| derwiki wrote:
| "Loft" per the CDC book I recently read.
| zuminator wrote:
| Thank you!
| brandonarnold wrote:
| Nostalgia factor is kicking into high gear on this one, as I
| haven't thought of L0phtCrack since the early 2000s.
| senectus1 wrote:
| lol now i feel old. none of my co-workers know the name :-(
| Svperstar wrote:
| I used lophtcrack to get the windows admin password to the
| computer lab PCs in high school :)
| simonmales wrote:
| Yep, and the password was 'driver'.
| richarme wrote:
| In my school's case it was 'passwd'. No cracking needed
| to obtain that one though, the admin had it written on a
| post-it on his monitor.
| stordoff wrote:
| My school's domain admin password was 'school' (later
| changed to the school's name with O->0 substitution).
| It's marginally better than their VNC password though,
| which was 'vnc' (VNC Server was installed on every
| machine in the school).
| Svperstar wrote:
| Actually it was bhs-2020 still remember it after all
| these years
| jhpankow wrote:
| At my school the password was the person's username.
| Someone guessed it one day. Which in hindsight was
| inevitable when the login screen was exposed to hundreds
| of bored kids every day.
| shellum wrote:
| Right? I think it was introduced at DefCon ~5. As I remember
| the introduction speech, Mudge got sick over a weekend and
| implemented it. Good times!
| RNCTX wrote:
| Pretty sure I used it in the early 2000s to get at Win2k
| passwords that were lost/forgotten. Took about an hour on a
| K6-III 450 ;).
| angled wrote:
| It's making me nostalgic for all of the old tools - what was
| another one, ``john''? Although that seems to have been
| modernised. https://www.openwall.com/john/
| cbanek wrote:
| And of course, the CDC's hilarity toolbox: Back Orifice.
| Being able to eject all the CD-ROM drives in a computer lab
| together was really worth it.
| irthomasthomas wrote:
| God I miss those days. And now I feel old, like the father
| I thought I'd never be. Nostalgic for an age that I thought
| was forever. But really, never was.
| [deleted]
___________________________________________________________________
(page generated 2021-10-18 23:02 UTC)