Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets).
This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.), obtain Kerberos tickets and reuse them in other Windows or Unix systems and dump cleartext passwords entered by users at logon.
WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing. It supports Windows XP, 2003, Vista, 7, 2008 and Windows 8.
Features
- Perform Pass-the-Hash on Windows
- ‘Steal’ NTLM credentials from memory (with and without code injection)
- ‘Steal’ Kerberos Tickets from Windows machines
- Use the ‘stolen’ kerberos Tickets on other Windows or Unix machines to gain access to systems and services
- Dump cleartext passwords stored by Windows authentication packages
WCE is aimed at security professionals and penetration testers. It is basically a post-exploitation tool to ‘steal’ and reuse NTLM hashes, Kerberos tickets and plaintext passwords which can then be used to compromise other machines. Under certain circumstances, WCE can allow you to compromise the whole Windows domain after compromising only one server or workstation.
You can download WCE here:
WCE v1.42beta (32-bit)
WCE v1.42beta (64-bit)
Or read more here.
Does it work if encryption software is installed?
Usually this encryption software hides the partitions and the Windows installation
Regards,
iñaki