Pass-The-Hash Toolkit v1.2 is out
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes
What’s new?:
- Added support for more versions of windows, including different languages
- WHOSTHERE.EXE does not have the -B switch anymore. It is not needed.
- IAM.EXE still has the -B switch, will be removed soon.
- WHOSTHERE.EXE now displays credentials using ’l0phtcrack’s format’, like these:
administrator:domain:00000000000000000000000000000000:00000000000000000000000000000000
All the additional information that was displayed before has been removed, although it will be displayed if you specify the -D switch (debug).
- IAM.EXE now takes credentials using the same format WHOSTHERE.EXE produces:
administrator:domain:00000000000000000000000000000000:00000000000000000000000000000000
- several bugfixes and stuff
Post scriptum
Related Articles
| Data Sniffer |
|
| Enumeration |
|
| Pass-The-Hash |
|
