March 13, 2012

Windows Credentials Editor (WCE)

Windows Credentials Editor (WCE) is a tool that allows to list Windows logon sessions and add, change, list and delete associated credentials (e.g.: LM/NT hashes, Kerberos tickets and cleartext passwords).

The tool allows users to:

Perform Pass-the-Hash on Windows
'Steal' NTLM credentials from memory (with and without code injection)
'Steal' Kerberos Tickets from Windows machines
Use the 'stolen' kerberos Tickets on other Windows or Unix machines
Dump cleartext passwords stored by Windows authentication packages

http://www.ampliasecurity.com/research/wcefaq.html
http://www.ampliasecurity.com/research/wce_v1_3beta.tgz

No comments:

Post a Comment