New version of Pass-The-Hash Toolkit v1.1



Hi!,

Pass-The-Hash Toolkit v1.1 is available here:

Source:
http://oss.coresecurity.com/pshtoolkit/release/1.1/pshtoolkit_src_v1.1.tgz

Binaries:
http://oss.coresecurity.com/pshtoolkit/release/1.1/pshtoolkit_v1.1.tgz


This version basically works best with German/French versions of WinXPSP2, and
also with Windows Server 2003. If you had problems with any of these
with the previous
version, please try this one. Now, there's basically a -B switch that
tries to find the necessary addresses in runtime, and a bigger
database of possible addresses.

If you have issues, PLEASE let me know!. and thanks to all the people
that sent emails and gave me the necessary feedback to come up with a
solution to their pshtoolkit-related problems :).


WHATSNEW.What's new?:

-Improved support for windows xpsp2 german/french, windows 2003
sp1/sp2, both for
IAM.EXE and WHOSTHERE.EXE
-Added to IAM.EXE and WHOSTHERE.EXE the -B switch. If IAM.EXE or
WHOSTHERE.EXE is
not working in your configuration, please run the tools again
specifying -B at the end.
The -B option will try to find, using 'heuristics', the addresses the tools need
to do what they do. If you are still having issues, please let me
know, I expect people
to have issues because the addresses vary from OS version to OS version.


Note for Windows Server 2003 users:

-if you run IAM.EXE and it ends as expected, as If it had worked, but
then you run
WHOSTHERE.EXE and the credentials did not change, do the following:


-start a cmd.exe using runas, for example:

runas /user:administrator cmd.exe

-and in the new console run IAM.EXE, and then WHOSTHERE.EXE to verify. And now
it should work.


It seems that sometimes you need a new session different than the interactive
session for LSASS.EXE to accept the modifications to the credentials
in memory. If
you are logging to the machine remotely using psexec/Remote Desktop
etc this does
not to occur (at least, this is what I observed), I had troubles like this when
logging interactively to the server. Also after you run 'runas', running IAM.EXE
in a regular CMD.EXE shell will start working. Don't take any of this as
a precise explanation of what's going on, this is just what I observed and a way
to work around it. I'll analyze what's really going on in the future..



Relevant Pages

  • New version of Pass-The-Hash Toolkit v1.1
    ... -Improved support for windows xpsp2 german/french, ... Note for Windows Server 2003 users: ... -start a cmd.exe using runas, ... It seems that sometimes you need a new session different than the interactive ...
    (Pen-Test)
  • [Full-disclosure] New version of Pass-The-Hash Toolkit v1.1
    ... -Improved support for windows xpsp2 german/french, ... Note for Windows Server 2003 users: ... -start a cmd.exe using runas, ... It seems that sometimes you need a new session different than the interactive ...
    (Full-Disclosure)
  • November Webcasts for Windows Server
    ... Windows Server 2008, Terminal Services ... This session is an overview of all the new technologies in Windows Server ... Virtualization requires a new way of looking at technology and how it can ...
    (microsoft.public.windows.server.general)
  • Script for sharing/mapping printers under TS to LPT1
    ... This is the one I wrote back in 2005 that works for Windows Server 2003. ... The script automatically shares and them maps the autocreated printer to the LPT1 port so DOS apps can print seamlessly under TS. ... HP LaserJet 4Si (from CLAUDIOXP) in Session ...
    (microsoft.public.windows.terminal_services)
  • Re: Controlliing audio at the source via TS
    ... Vera, thanks for your replies. ... You ask me if I'm sure that I need a console ... and doesn't have to be a Windows Server 2003 machine for this to work. ... > Since you can only have a single console session, ...
    (microsoft.public.windows.terminal_services)