ARTICLE

Pass-The-Hash Toolkit v1.2 is out

Tuesday 22 January 2008

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes

What’s new?:

- Added support for more versions of windows, including different languages
- WHOSTHERE.EXE does not have the -B switch anymore. It is not needed.
- IAM.EXE still has the -B switch, will be removed soon.
- WHOSTHERE.EXE now displays credentials using ’l0phtcrack’s format’, like these: administrator:domain:00000000000000000000000000000000:00000000000000000000000000000000

All the additional information that was displayed before has been removed, although it will be displayed if you specify the -D switch (debug).

- IAM.EXE now takes credentials using the same format WHOSTHERE.EXE produces:

administrator:domain:00000000000000000000000000000000:00000000000000000000000000000000

- several bugfixes and stuff


POSTSCRIPTUM

Download and doc


RELATED ARTICLES

Data Sniffer, Enumeration, Pass-The-Hash,

2 July 2008 : Pass-The-Hash Toolkit v.1.4 released
29 February 2008 : Pass-The-Hash Toolkit v1.3 released
22 January 2008 : Pass-The-Hash Toolkit v1.2 is out
4 November 2007 : Pass the Hash Toolkit v1.1 released