goback add

Windows Credentials Editor (WCE) v1.3获取系统明文密码

11124 点击·0 回帖
灯火互联
灯火互联
楼主
个人觉得WCE跟mimikatz一样都好用
直接在CMD下执行执行wce.exe -w就可以了,屡试不爽。32和64通杀,小弟64位测试通过。
WCE v1.3beta (X64) (Windows Credentials Editor) - (c) 2010,2011,2012 Amplia Secu
rity - by Hernan Ochoa (hernan@ampliasecurity.com)
Use -h for help.
Options:
        -l              List logon sessions and NTLM credentials (default).
        -s              Changes NTLM credentials of current logon session.
                        Parameters: <UserName>:<DomainName>:<LMHash>:<NTHash>.
        -r              Lists logon sessions and NTLM credentials indefinitely.
                        Refreshes every 5 seconds if new sessions are found.
                        Optional: -r<refresh interval>.
        -c              Run <cmd> in a new session with the specified NTLM crede
ntials.
                        Parameters: <cmd>.
        -e              Lists logon sessions NTLM credentials indefinitely.
                        Refreshes every time a logon event occurs.
        -o              saves all output to a file.
                        Parameters: <filename>.
        -i              Specify LUID instead of use current logon session.
                        Parameters: <luid>.
        -d              Delete NTLM credentials from logon session.
                        Parameters: <luid>.
        -a              Use Addresses.
                        Parameters: <addresses>
        -f              Force 'safe mode'.
        -g              Generate LM ; NT Hash.
                        Parameters: <password>.
        -K              Dump Kerberos tickets to file (unix ; 'windows wce' form
at)
        -k              Read Kerberos tickets from file and insert into Windows
cache
        -w              Dump cleartext passwords stored by the digest authentica
tion package
        -v              verbose output.


点击下载

喜欢0 评分0
回复

切换至电脑版

Powered by phpwind.me ©2003-2014