LMCrack works by searching for a password hash against a database of pre-computed hashes. The pre-computed hashes are derived from multiple dictionaries of real words rather than random character sequences. The pre-computed hashes are indexed to speed up the hash searching against the database.
Each 32-byte hash is split into two 16-byte halves and each half is searched for against the database of pre-computed hashes independently of the other half . As the hash is composed of two halves, cracking the password will often result in a partial password being found where one 16-byte hash exists in the database and the other 16-byte hash does not.
LMCrack outputs 5 files at the completion of a cracking run:
* cracked.txt - a file containing the successfully cracked username and passwords delimited by a colon,
* cracked.dic - a file contaning all of the dictionary words found,
* partial.dic - a file containging the partial password fragments,
* newpwdump.txt - a rewritten PWDump file with the successfully cracked accounts removed,
* stats.txt - the cumalative statistics for all cracking runs.
The cracked.txt and cracked.dic files can be used as input for other password crackers, for example the cracked.txt file works nicely as input for Brutus for testing web based or telnet passwords. Partial.dic is useful as a dictionary file for L0pht to speed up the cracking of partially cracked passwords. Newpwdump.txt can be fed into other cracking programs such as rainbowcrack if a comprehensive password audit is required.