Lepton's Crack
Lepton's Crack is a generic password cracker. It is easily-customizable with a simple plugin system and allows system administrators to review the quality of the passwords being used on their systems. It can perform a dictionary-based (wordlist) attack as well as a brute force (incremental) password scan, including the use of regular expressions. It supports standard MD4 hash, standard MD5 hash, NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash formats. LM (LAN Manager) plus appending and prepending of characters is available in the Development branch (strongly recommended).
| Tags | Security Cryptography Systems Administration Utilities |
|---|---|
| Licenses | GPL |
| Operating Systems | Windows Windows Windows POSIX Linux |
| Implementation | C |
Recent releases
- 17 Sep 2004 06:49
Changes: REGEX enumeration when len is greater than 1 now starts with len=1 and proceeds up to max_len. Charset and REGEXes can now be saved to a text file. -stdin allows feeding lcrack from an external password generator. The mktbl program is now included to generate pre-computed hash tables (rainbow tables). LM hsa been briefly deactivated until the next version to rework it.
- 06 Jan 2003 02:14
Changes: This version adds a SHA-1 module.
- 18 Dec 2002 06:24
Changes: Several bugfixes and optimizations were made, including a minor optimization (~2%) of the Lotus Domino hash calculation. If a password was repeated in the input file, only one of them was found. This has been fixed.
- 17 Dec 2002 14:44
No changes have been submitted for this release.
- All comments
Recent commentsMingw support
I've done a couple of changes in sha1.h, md5.c solving some compatibility problems.
Also, LCrack can now be compiled under the MINGW environment (gettimeofday() is now implemented for MingW, and %llu is replaced by %I64u -- don't worry, it's all #ifdef'd, so Unix/Linux/Cygwin works like always..)
Improvements and new features..
Hi all,
After a long time, I'm back with lcrack :)
The regex's are now enumerated in increasing-length order, and the speed penalty is very small (if you prefer the 'old' way of enumerating regex's, use the '-g#' switch instead of '-g')
I've also added a separate 'regex' program that enumerates the expression (with the 'usual' -s, -l and -g[#]) and dumps it to stdout..
I'm now also making a program called 'mktbl' that generates pre-computed tables for faster cracking. Input is stdin (one word per line), and output is a binary file suitable for use with '-xf+ -t' in lcrack. The program is already finished, but I'm testing it..
I still haven't integrated my version with Bruneti's improvements, but hopefully I'll take care of that soon..
I will shortly update the lycos site and the stuff here..
Lepton.
Re: Hi from Argentina!!!!!
Hi Umpy
Nice to "see" you here ;-)
Are you "still in the business"? email me privately please.
Cheers,
Nekromancer
Re: Can you make it faster?
Hi Erman,
I ALSO use John the Ripper when bruteforce cracking speed or password mangling is a must ;-)
I use Lepton's Crack for the features that make it unique:
a) REGEX support (see the link to the demo above)
b) Lotus Domino R4 support
c) SHA-1 support
Answering your question, the code is almost as fast as possible using pure C language (OK, someone can improve it, for sure ;-)
To make it faster, portions of it have to be coded in machine language, thus losing portability, and it's definitely not our intention to do that in the inmediate future.
Cheers,
Nekromancer
Hi from Argentina!!!!!
Hello Mike!
Wonderful to see that you are still active with the tool.
Greetings from one of your students @CIUA!
CU
Lord Cheseline
aka Umpy ;-)