lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Jul 2008 15:41:21 -0300 From: "Hernan Ochoa" <hernan@...il.com> To: bugtraq@...urityfocus.com Subject: Release of Pass-The-Hash Toolkit v1.4 Source Code: http://oss.coresecurity.com/pshtoolkit/release/1.4/pshtoolkit_v1.4-src.tgz Win32 Binaries: http://oss.coresecurity.com/pshtoolkit/release/1.4/pshtoolkit_v1.4.tgz Documentation/info: http://oss.coresecurity.com/projects/pshtoolkit.htm http://oss.coresecurity.com/pshtoolkit/doc/index.html http://hexale.blogspot.com http://www.hexale.org/forums What's new?: (http://oss.coresecurity.com/pshtoolkit/release/1.4/WHATSNEW) *Support for XP SP 3 for whosthere/iam (whosthere-alt/iam-alt work on xp sp3 without requiring any update) *New -t switch for whosthere/whosthere-alt: establishes interval used by the -i switch (by default 2 seconds). *New -a switch for whosthere/iam: specify addresses to use. Format: ADDCREDENTIAL_ADDR:ENCRYPTMEMORY_ADDR:FEEDBACK_ADDR:DESKEY_ADDR:LOGONSESSIONLIST_ADDR:LOGONSESSIONLIST_COUNT_ADDR (WARNING!: if you use the wrong values the system may crash) The idea is that, if you find yourself in a version of Windows where whosthere/iam don't work (and iam-alt/whosthere-alt don't work either); you can run LSASRV.DLL thru IDA, run the PASSTHEHASH.IDC script included in the Pass-The-Hash toolkit, and use the addresses found by the script with the -a switch. This basically allows you to specify addresses at runtime to whosthere whithout the need to recompile the tool. *New -r switch for iam/iam-alt: Create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe) *genhash now outputs hashes using the LM HASH:NT HASH format *several bugfixes and stuff
Powered by blists - more mailing lists