Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks.
Supports Windows XP, 2003, Vista, 7 and 2008 (Vista was not actually tested yet, but it should work).
Windows Credentials Editor provides the following options:
-l List logon sessions and NTLM credentials (default).
-s Changes NTLM credentials of current logon session.
-r Lists logon sessions and NTLM credentials indefinitely.
Refreshes every 5 seconds if new sessions are found.
Optional: -r<refresh interval>.
-c Run <cmd> in a new session with the specified NTLM credentials.
-e Lists logon sessions NTLM credentials indefinitely.
Refreshes every time a logon event occurs.
-o saves all output to a file.
-i Specify LUID instead of use current logon session.
-d Delete NTLM credentials from logon session.
-v verbose output.
You can download Windows Credentials Editor v1.0 here: