WCE(windows-credentials-editor)說明


這是一套透過執行時 取自記憶體的NT/LM hashes 或Kerberos tickets,
這包括本機或你使用網路連線的過程產生 密碼 hash值
透過找到hash值 , 可以轉到另一台破解的軟體去找出密碼
=============
WCE v1.42beta (Windows Credentials Editor) - (c) 2010-2013 Amplia Security - by Hernan Ochoa (hernan@ampliasecurity.com)
Use -h for help.
Options:  
-l List logon sessions and NTLM credentials (default).
-s Changes NTLM credentials of current logon session.
Parameters: :::.
-r Lists logon sessions and NTLM credentials indefinitely.
Refreshes every 5 seconds if new sessions are found.
Optional: -r.
-c Run in a new session with the specified NTLM credentials.
Parameters: .
-e Lists logon sessions NTLM credentials indefinitely.
Refreshes every time a logon event occurs.
-o saves all output to a file.
Parameters: .
-i Specify LUID instead of use current logon session.
Parameters: .
-d Delete NTLM credentials from logon session.
Parameters: .
-a Use Addresses.
Parameters:
-f Force 'safe mode'.
-g Generate LM & NT Hash.
Parameters: .
-K Dump Kerberos tickets to file (unix & 'windows wce' format)
-k Read Kerberos tickets from file and insert into Windows cache
-w Dump cleartext passwords stored by the digest authentication package

-v verbose output.
=============
參考:
官方網站http://www.ampliasecurity.com/research/windows-credentials-editor/
NTLM參考:http://www.rfjh.ntpc.edu.tw/web/html/teacher/html/ntlm.htm
                       https://en.wikipedia.org/wiki/NT_LAN_Manager

這個網誌中的熱門文章

超級終端機(hyperterminal)

系統管理員已禁止您執行此app

提供的認證不足 無法存取這個印表機