Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Password Auditing Tool L0phtCrack Released as Open Source

The password auditing and recovery tool L0phtCrack is now open source and the project is looking for both maintainers and contributors.

First released in 1997, L0phtCrack can be used to test password strength and recover lost Windows passwords via dictionary, brute-force, and other types of attacks.

The password auditing and recovery tool L0phtCrack is now open source and the project is looking for both maintainers and contributors.

First released in 1997, L0phtCrack can be used to test password strength and recover lost Windows passwords via dictionary, brute-force, and other types of attacks.

L0phtCrack was originally developed by Peiter Zatko, also known as Mudge, of the L0pht hacker think tank. L0pth then merged with @stake, which was acquired by Symantec in 2004. It was owned by Symantec between 2004 and 2009, when it was acquired from the cybersecurity firm by Zatko and other original authors. By that time, Symantec had stopped selling the tool.

Terahash announced buying L0phtCrack in 2020, but it was repossessed in July 2021 after Terahash defaulted on its instalment sale loan.

When the announcement was made in July, its owners said L0phtCrack would no longer be sold or supported.

“The current owners are exploring open sourcing and other options for the L0phtCrack software. Open sourcing will take some time as there are commercially licensed libraries incorporated in the product which must be removed and/or replaced. License activation for the existing licenses has been re-enabled, and should function as expected until an open source version can be made available,” they said at the time.

And on Sunday, October 17, they officially announced the open source availability of L0phtCrack, specifically version 7.2.0. People interested in maintaining the project or contributing to it have been encouraged to contact developers.

The L0phtCrack source code is available on GitLab.

Related: Adobe Releases Open Source Anomaly Detection Tool “OSAS”

Related: Google Releases Open Source Tool for Verifying Containers

Related: Facebook Open-Sources ‘Mariana Trench’ Code Analysis Tool

Related: GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...