What is a “dictionary” password cracker?
All three of the password crackers listed in section 03-2 can do dictionary attacks. A dictionary attack is simply takes a list of dictionary words, and one at a time encrypts them using the same encryption algorithm NT uses to check and see if they encrypt to the same one way hash. If the hashes are equal, the password is considered cracked. The best of these dictionary crackers is the Crack 5.0 NT port, namely because of the strength of the mutation filters. These filters allow you to change “idiot” to “1d10t” and other advanced variations to get the most from a word list. Although L0phtcrack doesn’t do the permutations like Crack, there are several ways you can “pre-treat” a word list, in particular you can use the DOS-based TPU. This utility does a number of filter operations, so with the right amount of creativity you can create a pretty substantial list.
A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password. Some of these dictionary crackers can “manipulate” each word in the wordlist by using filters. These rules/filters allow you to change “idiot” to “1d10t” and other advanced variations to get the most from a word list. The best known of these mutation filters are the rules that come with Crack (for Unix). These filtering rules are so popular they have been ported over to cracking software for NT. If your dictionary cracker does not have manipulation rules, you can “pre-treat” the wordlist. There are plenty of wordlist manipulation tools that allow all kinds of ways to filter, expand, and alter wordlists. With a little careful planning, you can turn a small collection of wordlists into a very large and thoro
