Pass the Hash Toolkit v1.1 released

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon
Sessions mantained by the LSA (Local Security Authority) component. These
tools allow you to list the current logon sessions with its corresponding
NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes

What’s new?:

  • Improved support for windows xpsp2 german/french, windows 2003 sp1/sp2, both for IAM.EXE and WHOSTHERE.EXE
  • Added to IAM.EXE and WHOSTHERE.EXE the -B switch. If IAM.EXE or WHOSTHERE.EXE is not working in your configuration, please run the tools again specifying -B at the end. The -B option will try to find, using ’heuristics’, the addresses the tools need to do what they do. If you are still having issues, please let me know, I expect people to have issues because the addresses vary from OS version to OS version.

Post scriptum


Related Articles

Data Sniffer