312-50V11 · Question #657
What tool can crack Windows SMB passwords simply by listening to network traffic? Select the best answer.
The correct answer is D. L0phtcrack. L0phtcrack is a password auditing tool capable of capturing Windows NTLM authentication hashes passively from SMB network traffic and cracking them offline.
Question
What tool can crack Windows SMB passwords simply by listening to network traffic? Select the best answer.
Options
- AThis is not possible
- BNetbus
- CNTFSDOS
- DL0phtcrack
How the community answered
(50 responses)- A6% (3)
- B4% (2)
- C2% (1)
- D88% (44)
Why each option
L0phtcrack is a password auditing tool capable of capturing Windows NTLM authentication hashes passively from SMB network traffic and cracking them offline.
Capturing and cracking Windows SMB passwords from network traffic is entirely possible because NTLM challenge-response hashes are transmitted in cleartext-equivalent form during authentication.
Netbus is a remote access trojan used to control compromised hosts, not a tool for capturing or cracking network authentication credentials.
NTFSDOS is a bootable DOS utility for accessing NTFS volumes, with no functionality related to network sniffing or password cracking.
L0phtcrack can sniff the network and capture NTLM challenge-response exchanges that occur during SMB authentication, then apply dictionary, hybrid, and brute-force attacks to crack the underlying password hashes without ever actively interacting with the target system. This passive capture-and-crack workflow makes it uniquely suited for cracking Windows SMB passwords simply by listening to traffic.
Concept tested: Passive NTLM hash capture and offline cracking via L0phtcrack
Topics
Community Discussion
No community discussion yet for this question.