nerdexam
Exams312-50V9Questions#559
EC-Council

312-50V9 · Question #559

312-50V9 Question #559: Real Exam Question with Answer & Explanation

The correct answer is D: L0phtcrack. L0phtCrack is a Windows password auditing tool that passively captures NTLM authentication hashes from SMB network traffic and cracks them offline.

Question

What tool can crack Windows SMB passwords simply by listening to network traffic? Select the best answer.

Options

  • AThis is not possible
  • BNetbus
  • CNTFSDOS
  • DL0phtcrack

Explanation

L0phtCrack is a Windows password auditing tool that passively captures NTLM authentication hashes from SMB network traffic and cracks them offline.

Common mistakes.

  • A. Capturing and cracking SMB NTLM hashes from network traffic is entirely feasible with tools like L0phtCrack, so the premise that it is impossible is factually incorrect.
  • B. Netbus is a remote-access trojan designed for unauthorized remote control of a compromised system and has no password sniffing or hash-cracking functionality.
  • C. NTFSDOS is a read-only utility for accessing NTFS volumes from a DOS boot environment and provides no network sniffing or credential cracking capability.

Concept tested. Windows NTLM hash capture and offline password cracking via SMB

Reference. https://learn.microsoft.com/en-us/windows-server/security/kerberos/ntlm-overview

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice