[ Thanks to Michael
Hall for this link. ]
“Long, random and frequently changed passwords can help keep
your corporate resources secure. Short, guessable ones that never
change can not. That’s why it’s important for network
administrators to be able to audit the user passwords in use on
their networks to ensure that they are hard to crack, regularly
changed, and never re-used. One tool to help with that is
L0phtcrack.“You may well be familiar with tools such as Ophcrack and John
the Ripper, which allow administrators to see if a password on a
given machine is easily crackable, but few have been designed to
allow a network administrator to audit a large number of machines
on a network automatically. Fortunately, L0phtcrack–a very old
password auditing tool originally developed by a hacker collective
and eventually bought by Symantec–is back on the market and
addresses just that problem. Symantec withdrew the tool in 2005,
but recently the company sold L0phtcrack back to the original
developers, who have now released L0phtcrack 6 as a commercial
product.“L0phtcrack attempts to crack LM and NTLM password hashes from
Windows machines, MD5 and DES-encoded password files from
UNIX/Linux machines, and LM and NTLM challenge responses from SMB
authentication sessions.”