Ok, so Windows XP SP3 is out.
With this new version:
whosthere-alt.exe still works without requiring any modifications.
whosthere.exe does not work because this is the more 'gentle' and 'stealth' :) version of the tool and requires precise memory addresses.
But that's why I released the passthehash.idc IDA script; so you can easily get these addresses yourself.
And that's also the reason why the new version of whosthere.exe has a new -a switch that allows you to use specify these addresses without having to recompile the tool.
This new version is going to be released soon, but if you want it right now, email me (please, try to email me if you REALLY need it :)).
I haven't tested iam/iam-alt but the same thing observed with whosthere/whosthere-alt should apply to these tools.
In case you were wondering, the new addresses you need for Windows XP SP3 English are:
whosthere -a 75753BA0:7573FDEC:757D0C98:757D0CA0:757CFC60:757CFE54
(remember that whosthere-alt.exe works as it is on Windows XP SP3)
Thursday, June 26, 2008
Thursday, June 12, 2008
New features for pass-the-hash toolkit
Hi,
I'm in the process of adding new features to the "pass-the-hash toolkit". This means I've found time to do it :), so.. If you have any ideas for new features/bugs that need to be addressed, please let me know.
I'm currently adding:
-better support for Windows Vista
-feature to specifiy addresses (such as the ones obtained via passthehash.idc) to whosthere and iam without having to recompile the tools
If you have any comments, please leave them here as comments to this blog post or
here:
http://www.hexale.org/forums/topic.php?id=3
Thanks!,
Hernan
I'm in the process of adding new features to the "pass-the-hash toolkit". This means I've found time to do it :), so.. If you have any ideas for new features/bugs that need to be addressed, please let me know.
I'm currently adding:
-better support for Windows Vista
-feature to specifiy addresses (such as the ones obtained via passthehash.idc) to whosthere and iam without having to recompile the tools
If you have any comments, please leave them here as comments to this blog post or
here:
http://www.hexale.org/forums/topic.php?id=3
Thanks!,
Hernan
Wednesday, June 04, 2008
Hexale forums
Ok, so I finally set up a web site to put all my stuff on, checkout
www.hexale.org
well.. right now is empty :) but one thing I did installed is the forums
section, check out
www.hexale.org/forums/
There's a forum for each of the tools I have publicly released so far. Some
people have requested such a thing in the past, so here you go, I hope you
find it useful.
If there's another forum you'd like to see, please let me know.
www.hexale.org
well.. right now is empty :) but one thing I did installed is the forums
section, check out
www.hexale.org/forums/
There's a forum for each of the tools I have publicly released so far. Some
people have requested such a thing in the past, so here you go, I hope you
find it useful.
If there's another forum you'd like to see, please let me know.
-t switch added to whosthere and whosthere-alt
Just wanted to let you know that I've added a -t switch both to whosthere and whosthere-alt
the -t switch sets the time interval used by the -i option (the option that waits indefinitely trying to capture new hashes)
before, the time interval was 2 seconds, now this can be set at will using the new -t switch
for example:
whosthere.exe -i -t 20
will attempt to gather new hashes every 20 seconds
whosthere-alt.exe -i -t 0.5
will attempt to gather new hashes every 0.5 seconds
This feature will be available on the next release, but if you really need it, just send me an email and I'll send you the new version with this feature included.
the -t switch sets the time interval used by the -i option (the option that waits indefinitely trying to capture new hashes)
before, the time interval was 2 seconds, now this can be set at will using the new -t switch
for example:
whosthere.exe -i -t 20
will attempt to gather new hashes every 20 seconds
whosthere-alt.exe -i -t 0.5
will attempt to gather new hashes every 0.5 seconds
This feature will be available on the next release, but if you really need it, just send me an email and I'll send you the new version with this feature included.
Subscribe to:
Posts (Atom)