L0phtCrack output displaying a table of users, NTLM hashes, NTLM passwords, and NTLM state (set to cracked for all but one account)
While performing a password audit on a Windows machine in your organization with L0phtCrack, you receive the following results.

Based on what you see below, which two accounts should worry you the most? (Select two.

I don’t see the L0phtCrack output you mentioned — can you paste the table or upload a screenshot? I need the actual usernames and cracked passwords to pick the two accounts.

In the meantime, here’s how to decide which two to pick so you can check quickly:

- Always prioritize accounts with administrative or privileged rights (local Administrator, Domain Admins, any account in an “Administrators” or “Domain Admins” group). If any of those are cracked, they’re the top concern.
- Next, check service or application accounts (svc_*, backup, sqlsvc, etc.). Those often run services, have wide access, and are frequently reused — a cracked service account can be very dangerous.
- Also flag accounts where the cracked password is:
- blank or very weak/common (12345, password, qwerty),
- identical or very similar to the username,
- reused across multiple accounts (same plaintext appears for different users).
- Lower priority: standard user accounts with unique but weak passwords — still bad, but less immediate than privileged or service accounts.

Remediation steps if you find worrying accounts:
- Immediately change/reset passwords for compromised privileged/service accounts and rotate credentials for any services that use them.
- Force password change, enable complexity and length policies, disable or remove unnecessary admin/service accounts, and enable MFA for privileged logons.
- Investigate logs for suspicious activity tied to those accounts.

If you paste the output I’ll point out the exact two accounts to worry about.