Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks.
Supports Windows XP, 2003, Vista, 7 and 2008 (Vista was not actually tested yet, but it should work).
Windows Credentials Editor provides the following options:
-l List logon sessions and NTLM credentials (default).
-s Changes NTLM credentials of current logon session.
-r Lists logon sessions and NTLM credentials indefinitely.
Refreshes every 5 seconds if new sessions are found.
Optional: -r<refresh interval>.
-c Run <cmd> in a new session with the specified NTLM credentials.
-e Lists logon sessions NTLM credentials indefinitely.
Refreshes every time a logon event occurs.
-o saves all output to a file.
-i Specify LUID instead of use current logon session.
-d Delete NTLM credentials from logon session.
-v verbose output.
You can download Windows Credentials Editor v1.0 here:
- Blackhash – Audit Passwords Without Hashes
- EyeWitness – A Rapid Web Application Triage Tool
- wig – WebApp Information Gatherer – Identify CMS
- Pass-The-Hash Toolkit v1.1 Available for Download
- Pass-The-Hash Toolkit v1.3 is Available for Download
- Pass-The-Hash Toolkit v1.4 Released for Download
Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,845,777 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,031,033 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 613,625 views