144 Managing Network Vulnerability Assessment
Password Cracking Tools
Password cracking tools uncover passwords to check for policy compliance.
The process of cracking the passwords will be very processor intensive so it
is best to try to run the password cracking utility on your laptop. However,
some organizations may not permit this, so the next best step is to run the
password cracking after hours when fewer people are on the system. As a
rule-of-thumb, to get a good sample of network password compliance, run
the dictionary attack through to completion and then run the brute-force crack
for about an hour before stopping the process. This will get all passwords
that are dictionary words, and most passwords that are dictionary words with
a special character stuck on to the beginning or the end.
LC4
URL: http://www.atstake.com/research/lc/index.html
Price: $
OS: NT
Vendor’s comments: LC4 (Exhibit 53) is the latest version of the award-
winning password auditing and recovery application, L0phtCrack. It
provides two critical capabilities to Windows network administrators:
LC4 helps administrators secure Windows-authenticated networks
through comprehensive auditing of Windows NT and Windows 2000
Exhibit 52. Cerberus Internet Scanner