WCE(windows-credentials-editor)說明
這是一套透過執行時 取自記憶體的NT/LM hashes 或Kerberos tickets,
這包括本機或你使用網路連線的過程產生 密碼 hash值
透過找到hash值 , 可以轉到另一台破解的軟體去找出密碼
=============
WCE v1.42beta (Windows Credentials Editor) - (c) 2010-2013 Amplia Security - by Hernan Ochoa (hernan@ampliasecurity.com)
Use -h for help.
Options:
-l List logon sessions and NTLM credentials (default).
-s Changes NTLM credentials of current logon session.
Parameters:
-r Lists logon sessions and NTLM credentials indefinitely.
Refreshes every 5 seconds if new sessions are found.
Optional: -r
-c Run
Parameters:
-e Lists logon sessions NTLM credentials indefinitely.
Refreshes every time a logon event occurs.
-o saves all output to a file.
Parameters:
-i Specify LUID instead of use current logon session.
Parameters:
-d Delete NTLM credentials from logon session.
Parameters:
-a Use Addresses.
Parameters:
-f Force 'safe mode'.
-g Generate LM & NT Hash.
Parameters:
-K Dump Kerberos tickets to file (unix & 'windows wce' format)
-k Read Kerberos tickets from file and insert into Windows cache
-w Dump cleartext passwords stored by the digest authentication package
-v verbose output.
=============
參考:官方網站http://www.ampliasecurity.com/research/windows-credentials-editor/
NTLM參考:http://www.rfjh.ntpc.edu.tw/web/html/teacher/html/ntlm.htm
https://en.wikipedia.org/wiki/NT_LAN_Manager