LMCrack works by searching for a password hash against a database of pre-computed hashes. The pre-computed hashes are derived from multiple dictionaries of real words rather than random character sequences. The pre-computed hashes are indexed to speed up the hash searching against the database.

The current version of LMCrack parses a SAM file extracted using PWDump (although future versions may crack LanMan hashes sniffed off the wire). Each 32-byte hash is split into two 16-byte halves and each half is searched for against the database of pre-computed hashes independently of the other half . As the hash is composed of two halves, cracking the password will often result in a partial password being found where one 16-byte hash exists in the database and the other 16-byte hash does not.

LMCrack is not intended to replace any existing password cracking tools and the output files are compatible as input for other cracking tools. LMCrack outputs 5 files at the completion of a cracking run:

* cracked.txt - a file containing the successfully cracked username and passwords delimited by a colon,
* cracked.dic - a file contaning all of the dictionary words found,
* partial.dic - a file containging the partial password fragments,
* newpwdump.txt - a rewritten PWDump file with the successfully cracked accounts removed,
* stats.txt - the cumalative statistics for all cracking runs.

The cracked.txt and cracked.dic files can be used as input for other password crackers, for example the cracked.txt file works nicely as input for Brutus for testing web based or telnet passwords. Partial.dic is useful as a dictionary file for L0pht to speed up the cracking of partially cracked passwords. Newpwdump.txt can be fed into other cracking programs such as rainbowcrack if a comprehensive password audit is required.

hash krackin rss feed Subscribe in a reader

Copyright 2011 | All software listed is freeware unless otherwise stated. All software listed is property of the publisher. The software on this website may be reported by antivirus as malicious, however this can be disregarded due to the nature of these tools. Hash Krackin can not be held responsible for any of your actions performed by the resources of this website. Please contact the webmaster of any broken links or password cracker resources you would like featured on this site.