כלי לחשיפת ססמאות וכן ל PASS THE HASH העובד גם על WIN7 ו SERVER 2008
היחוד שלו הוא שהקריאה מתבצעת ישירות מהזיכרון ולא דרך קבצים ( SAM REG וכו)
לא לשכוח לנסות wcf -w
-)
taken from their site:
What is WCE?
Windows Credentials Editor (WCE) is a security tool that allows to list Windows logon sessions and add, change, list and delete associated credentials (e.g.: LM/NT hashes, Kerberos tickets and cleartext passwords).
The tool allows users to:
The tool allows users to:
- Perform Pass-the-Hash on Windows
- 'Steal' NTLM credentials from memory (with and without code injection)
- 'Steal' Kerberos Tickets from Windows machines
- Use the 'stolen' kerberos Tickets on other Windows or Unix machines to gain access to systems and services
- Dump cleartext passwords stored by Windows authentication packages
WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing.
What is the current version?
The current version of WCE 32bit is v1.3beta; you can download it here and the current version of WCE 64bit is v1.3beta; you can download it here.
