Projects / Lepton's Crack

Lepton's Crack

Lepton's Crack is a generic password cracker. It is easily-customizable with a simple plugin system and allows system administrators to review the quality of the passwords being used on their systems. It can perform a dictionary-based (wordlist) attack as well as a brute force (incremental) password scan, including the use of regular expressions. It supports standard MD4 hash, standard MD5 hash, NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash formats. LM (LAN Manager) plus appending and prepending of characters is available in the Development branch (strongly recommended).

Operating Systems

Recent releases

  •  17 Sep 2004 13:49

    Release Notes: REGEX enumeration when len is greater than 1 now starts with len=1 and proceeds up to max_len. Charset and REGEXes can now be saved to a text file. -stdin allows feeding lcrack from an external password generator. The mktbl program is now included to generate pre-computed hash tables (rainbow tables). LM hsa been briefly deactivated until the next version to rework it.

    •  06 Jan 2003 10:14

      Release Notes: This version adds a SHA-1 module.

      •  18 Dec 2002 14:24

        Release Notes: Several bugfixes and optimizations were made, including a minor optimization (~2%) of the Lotus Domino hash calculation. If a password was repeated in the input file, only one of them was found. This has been fixed.

        •  17 Dec 2002 22:44

          No changes have been submitted for this release.

          Recent comments

          02 Sep 2004 16:10 lepton

          Mingw support

          I've done a couple of changes in sha1.h, md5.c solving some compatibility problems.

          Also, LCrack can now be compiled under the MINGW environment (gettimeofday() is now implemented for MingW, and %llu is replaced by %I64u -- don't worry, it's all #ifdef'd, so Unix/Linux/Cygwin works like always..)

          02 Sep 2004 12:55 lepton

          Improvements and new features..

          Hi all,

          After a long time, I'm back with lcrack :)

          The regex's are now enumerated in increasing-length order, and the speed penalty is very small (if you prefer the 'old' way of enumerating regex's, use the '-g#' switch instead of '-g')

          I've also added a separate 'regex' program that enumerates the expression (with the 'usual' -s, -l and -g[#]) and dumps it to stdout..

          I'm now also making a program called 'mktbl' that generates pre-computed tables for faster cracking. Input is stdin (one word per line), and output is a binary file suitable for use with '-xf+ -t' in lcrack. The program is already finished, but I'm testing it..

          I still haven't integrated my version with Bruneti's improvements, but hopefully I'll take care of that soon..

          I will shortly update the lycos site and the stuff here..


          11 Aug 2004 02:36 nekromancer

          Re: Hi from Argentina!!!!!
          Hi Umpy

          Nice to "see" you here ;-)
          Are you "still in the business"? email me privately please.


          11 Aug 2004 02:35 nekromancer

          Re: Can you make it faster?
          Hi Erman,

          I ALSO use John the Ripper when bruteforce cracking speed or password mangling is a must ;-)
          I use Lepton's Crack for the features that make it unique:

          a) REGEX support (see the link to the demo above)
          b) Lotus Domino R4 support
          c) SHA-1 support

          Answering your question, the code is almost as fast as possible using pure C language (OK, someone can improve it, for sure ;-)
          To make it faster, portions of it have to be coded in machine language, thus losing portability, and it's definitely not our intention to do that in the inmediate future.


          11 Aug 2004 01:55 lcheseline

          Hi from Argentina!!!!!
          Hello Mike!

          Wonderful to see that you are still active with the tool.

          Greetings from one of your students @CIUA!


          Lord Cheseline

          aka Umpy ;-)


          Project Spotlight


          A Fluent OpenStack client API for Java.


          Project Spotlight

          TurnKey TWiki Appliance

          A TWiki appliance that is easy to use and lightweight.