Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks.
Supported Platforms
Supports Windows XP, 2003, Vista, 7 and 2008 (Vista was not actually tested yet, but it should work).
Options
Windows Credentials Editor provides the following options:
-l List logon sessions and NTLM credentials (default).
-s Changes NTLM credentials of current logon session.
Parameters: :::.
-r Lists logon sessions and NTLM credentials indefinitely.
Refreshes every 5 seconds if new sessions are found.
Optional: -r.
-c Run in a new session with the specified NTLM credentials.
Parameters: .
-e Lists logon sessions NTLM credentials indefinitely.
Refreshes every time a logon event occurs.
-o saves all output to a file.
Parameters: .
-i Specify LUID instead of use current logon session.
Parameters: .
-d Delete NTLM credentials from logon session.
Parameters: .
-v verbose output.
0 comments:
Post a Comment