Pass-The-Hash Toolkit v1.2 is out

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes

What’s new?:

  • Added support for more versions of windows, including different languages
  • WHOSTHERE.EXE does not have the -B switch anymore. It is not needed.
  • IAM.EXE still has the -B switch, will be removed soon.
  • WHOSTHERE.EXE now displays credentials using ’l0phtcrack’s format’, like these:

All the additional information that was displayed before has been removed, although it will be displayed if you specify the -D switch (debug).

  • IAM.EXE now takes credentials using the same format WHOSTHERE.EXE produces:


  • several bugfixes and stuff

Post scriptum


Related Articles

Data Sniffer