PaulDotCom mailing list archives
Re: Windows Credentials Editor v1.0
From: Ryan Sears <rdsears () mtu edu>
Date: Wed, 13 Oct 2010 15:40:56 -0400 (EDT)
Hey Guys, So I'm not sure if anyone is really interested but I created something kind of in the same vein, but in reverse. I created a 6MB package that uses qemu and a custom made linux distro to actually edit your grub.conf from windows so you can remotely control what operating system a machine boots into. This came about because of the fact that we wanted most of our dual-boot windows clients to consistently boot into Windows, but occasionally I needed to do stuff on the linux side (I mainly do linux system administration for Michigan Tech). This will (as the video indicates) also pop you into a root shell on the linux side, so you can edit any files you want, I've even used it to change root passwords from windows ( using openssl passwd -1 -salt SaltS@ltSalt NewRootPW ). This can also be used as an attack vector, because this is a PoC that your computer is just as secure as your most insecure operating system, although we all know that physical access to any machine is pretty much game over. As of right now because of the way our home drives are set up this actually copies everything to a temp dir, and uses runas to run it as the local administrator, but that was because of some permission issues. I'm just curious if anyone is actually interested in this, because this is really v0.1. But if there's interest I'll develop it a bit further and come up with a menu system of some kind to do common tasks, as well as clean up some stupid hackery I used to get it working right (mainly in the batch files). Here's a link to the video: http://www.youtube.com/v/bgCUJ7miSNY&fmt=22&autoplay=1 (Fullscreen) http://www.youtube.com/watch?v=bgCUJ7miSNY&fmt=22 (Regular) Hope you enjoy! Regards, Ryan Sears ----- Original Message ----- From: "xgermx" <xgermx () gmail com> To: "PaulDotCom Security Weekly Mailing List" <pauldotcom () mail pauldotcom com> Sent: Wednesday, October 13, 2010 10:19:34 AM GMT -05:00 US/Canada Eastern Subject: Re: [Pauldotcom] Windows Credentials Editor v1.0 This is to be expected but, just FYI http://www.virustotal.com/file-scan/report.html?id=7ae1ceb8db6c52ab7706b29e6b87177174bb16e2881d936b29b9c8eb91911b53-1286979501 On Wed, Oct 13, 2010 at 6:44 AM, Hernan Ochoa <hernan () ampliasecurity com> wrote:
Windows Credentials Editor v1.0 Supports Windows XP, 2003, Vista, 7 and 2008 (Vista was not actually tested yet, but it should work). Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks. You can find it here: http://www.ampliasecurity.com/research/wce_v1.0.tgz Thanks!, Hernan _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Windows Credentials Editor v1.0 Hernan Ochoa (Oct 13)
- Re: Windows Credentials Editor v1.0 xgermx (Oct 13)
- <Possible follow-ups>
- Re: Windows Credentials Editor v1.0 Ryan Sears (Oct 13)