nerdexam
EC-Council

312-50V11 · Question #657

What tool can crack Windows SMB passwords simply by listening to network traffic? Select the best answer.

The correct answer is D. L0phtcrack. L0phtcrack is a password auditing tool capable of capturing Windows NTLM authentication hashes passively from SMB network traffic and cracking them offline.

System Hacking

Question

What tool can crack Windows SMB passwords simply by listening to network traffic? Select the best answer.

Options

  • AThis is not possible
  • BNetbus
  • CNTFSDOS
  • DL0phtcrack

How the community answered

(50 responses)
  • A
    6% (3)
  • B
    4% (2)
  • C
    2% (1)
  • D
    88% (44)

Why each option

L0phtcrack is a password auditing tool capable of capturing Windows NTLM authentication hashes passively from SMB network traffic and cracking them offline.

AThis is not possible

Capturing and cracking Windows SMB passwords from network traffic is entirely possible because NTLM challenge-response hashes are transmitted in cleartext-equivalent form during authentication.

BNetbus

Netbus is a remote access trojan used to control compromised hosts, not a tool for capturing or cracking network authentication credentials.

CNTFSDOS

NTFSDOS is a bootable DOS utility for accessing NTFS volumes, with no functionality related to network sniffing or password cracking.

DL0phtcrackCorrect

L0phtcrack can sniff the network and capture NTLM challenge-response exchanges that occur during SMB authentication, then apply dictionary, hybrid, and brute-force attacks to crack the underlying password hashes without ever actively interacting with the target system. This passive capture-and-crack workflow makes it uniquely suited for cracking Windows SMB passwords simply by listening to traffic.

Concept tested: Passive NTLM hash capture and offline cracking via L0phtcrack

Topics

#L0phtcrack#SMB password cracking#Windows passwords#network sniffing

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice