Thursday, June 26, 2008

Windows XP SP3 and Pass-The-Hash Toolkit: it Works!

Ok, so Windows XP SP3 is out.

With this new version:

whosthere-alt.exe still works without requiring any modifications.
whosthere.exe does not work because this is the more 'gentle' and 'stealth' :) version of the tool and requires precise memory addresses.

But that's why I released the passthehash.idc IDA script; so you can easily get these addresses yourself.

And that's also the reason why the new version of whosthere.exe has a new -a switch that allows you to use specify these addresses without having to recompile the tool.

This new version is going to be released soon, but if you want it right now, email me (please, try to email me if you REALLY need it :)).

I haven't tested iam/iam-alt but the same thing observed with whosthere/whosthere-alt should apply to these tools.

In case you were wondering, the new addresses you need for Windows XP SP3 English are:

whosthere -a 75753BA0:7573FDEC:757D0C98:757D0CA0:757CFC60:757CFE54

(remember that whosthere-alt.exe works as it is on Windows XP SP3)

Thursday, June 12, 2008

New features for pass-the-hash toolkit

Hi,

I'm in the process of adding new features to the "pass-the-hash toolkit". This means I've found time to do it :), so.. If you have any ideas for new features/bugs that need to be addressed, please let me know.

I'm currently adding:

-better support for Windows Vista
-feature to specifiy addresses (such as the ones obtained via passthehash.idc) to whosthere and iam without having to recompile the tools

If you have any comments, please leave them here as comments to this blog post or
here:

http://www.hexale.org/forums/topic.php?id=3

Thanks!,
Hernan

Wednesday, June 04, 2008

Hexale forums

Ok, so I finally set up a web site to put all my stuff on, checkout

www.hexale.org

well.. right now is empty :) but one thing I did installed is the forums
section, check out

www.hexale.org/forums/

There's a forum for each of the tools I have publicly released so far. Some
people have requested such a thing in the past, so here you go, I hope you
find it useful.

If there's another forum you'd like to see, please let me know.

-t switch added to whosthere and whosthere-alt

Just wanted to let you know that I've added a -t switch both to whosthere and whosthere-alt

the -t switch sets the time interval used by the -i option (the option that waits indefinitely trying to capture new hashes)
before, the time interval was 2 seconds, now this can be set at will using the new -t switch

for example:

whosthere.exe -i -t 20
will attempt to gather new hashes every 20 seconds

whosthere-alt.exe -i -t 0.5
will attempt to gather new hashes every 0.5 seconds


This feature will be available on the next release, but if you really need it, just send me an email and I'll send you the new version with this feature included.