Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks.
Supported Platforms
Supports Windows XP, 2003, Vista, 7 and 2008 (Vista was not actually tested yet, but it should work).
Options
Windows Credentials Editor provides the following options:
-l List logon sessions and NTLM credentials (default). -s Changes NTLM credentials of current logon session. Parameters: :::. -r Lists logon sessions and NTLM credentials indefinitely. Refreshes every 5 seconds if new sessions are found. Optional: -r. -c Run in a new session with the specified NTLM credentials. Parameters: . -e Lists logon sessions NTLM credentials indefinitely. Refreshes every time a logon event occurs. -o saves all output to a file. Parameters: . -i Specify LUID instead of use current logon session. Parameters: . -d Delete NTLM credentials from logon session. Parameters: . -v verbose output.
0 comments:
Post a Comment