lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <c5aec8570709041030o657a1a23jd15c4475f1b6bf7f@mail.gmail.com>
Date: Tue, 4 Sep 2007 14:30:46 -0300
From: "Hernan Ochoa" <hernan@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: New version of Pass-The-Hash Toolkit v1.1

Hi!,

Pass-The-Hash Toolkit v1.1 is available here:

Source:
http://oss.coresecurity.com/pshtoolkit/release/1.1/pshtoolkit_src_v1.1.tgz

Binaries:
http://oss.coresecurity.com/pshtoolkit/release/1.1/pshtoolkit_v1.1.tgz


This version basically works best with German/French versions of WinXPSP2, and
also with Windows Server 2003. If  you had problems with any of these
with the previous
version, please try this one. Now, there's basically a -B switch that
tries to find the necessary addresses in runtime, and a bigger
database of possible addresses.

If you have issues, PLEASE let me know!. and thanks to all the people
that sent emails and gave me the necessary feedback to come up with a
solution to their pshtoolkit-related problems :).

WHATSNEW.What's new?:

-Improved support for windows xpsp2 german/french, windows 2003
sp1/sp2, both for
IAM.EXE and WHOSTHERE.EXE
-Added to IAM.EXE and WHOSTHERE.EXE the -B switch. If IAM.EXE or
WHOSTHERE.EXE is
not working in your configuration, please run the tools again
specifying -B at the end.
The -B option will try to find, using 'heuristics', the addresses the tools need
to do what they do. If you are still having issues, please let me
know, I expect people
to have issues because the addresses vary from OS version to OS version.


Note for Windows Server 2003 users:

-if you run IAM.EXE and it ends as expected, as If it had worked, but
then you run
WHOSTHERE.EXE and the credentials did not change, do the following:


-start a cmd.exe using runas, for example:

            runas /user:administrator cmd.exe

-and in the new console run IAM.EXE, and then WHOSTHERE.EXE to verify. And now
it should work.


It seems that sometimes you need a new session different than the interactive
session for LSASS.EXE to accept the modifications to the credentials
in memory. If
you are logging to the machine remotely using psexec/Remote Desktop
etc this does
not to occur (at least, this is what I observed), I had troubles like this when
logging interactively to the server. Also after you run 'runas', running IAM.EXE
in a regular CMD.EXE shell will start working. Don't take any of this as
a precise explanation of what's going on, this is just what I observed and a way
to work around it. I'll analyze what's really going on in the future..



Thanks!,
Hernan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ