Crack / L0phtCrack

• Software that attempts to guess passwords for an account for Unix and NT (directory entries, brute force, User Id variations)

• Requires /etc/passwd (can be stolen using “phf” in cgi-bin) and somebodyelses account

• attacker runs Crack against the stolen ‘passwd’ file on his own computer

• Defense: use hard to guess passwords; implement security polices, hide passwords (shadow passwd)

Previous slide

Next slide

Back to first slide

View graphic version