tag:blogger.com,1999:blog-18555569.post5454893622564379574..comments2023-06-04T08:07:03.642-03:00Comments on HEXALE (security & reverse engineering): New version of Pass-The-Hash Toolkit about to be released!hernanhttp://www.blogger.com/profile/12754761735106237455noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-18555569.post-21322580240841821532008-02-07T04:40:00.000-02:002008-02-07T04:40:00.000-02:00thanks for your reply, same thing I thought.Too ba...thanks for your reply, same thing I thought.<BR/><BR/>Too bad :-)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-18555569.post-52443615587005329942008-02-04T13:53:00.000-02:002008-02-04T13:53:00.000-02:00According to this:http://www.securiteam.com/tools/...According to this:<BR/><BR/>http://www.securiteam.com/tools/5JP0I2KFPA.html<BR/><BR/>the 'password' you get from cachedump is actually this:<BR/><BR/>MSCASH = MD4( MD4(password ) || lowercase(username) )<BR/><BR/>is not an LM/NThash of the password that you can use directly to authenticate, you need to recover the password via a brute-force/dictionary attack. So, this cannot be used directly by the pass-the-hash toolkit.<BR/><BR/>I just tried to download different cache dumpers to try them out but none worked for some reason..<BR/><BR/>If you have any other information and/or you think what is said in the link I mentioned above is not accurate, please let me know!.hernanhttps://www.blogger.com/profile/12754761735106237455noreply@blogger.comtag:blogger.com,1999:blog-18555569.post-34420963826099895812008-01-28T13:01:00.000-02:002008-01-28T13:01:00.000-02:00tnx for your reply hernan, so the answer is NO.......tnx for your reply hernan, so the answer is NO.... directly... do you know if cachedump's output can be converted in some Pass The Hash Toolkit readable format? I suppose the answer is NO again but I'm asking just to make sure...<BR/><BR/>Thank you very much for your patience...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-18555569.post-44479072061660098722008-01-22T11:31:00.000-02:002008-01-22T11:31:00.000-02:00answering to one of the anonymous posts :):Ahh, I ...answering to one of the anonymous posts :):<BR/><BR/>Ahh, I know get your question regarding 'cachedump' and the answer is NO :), pass-the-hash will not work with the cachedump output directly, that was not what I meant, bad writing, sorry :).hernanhttps://www.blogger.com/profile/12754761735106237455noreply@blogger.comtag:blogger.com,1999:blog-18555569.post-89560329137326027072008-01-21T11:24:00.000-02:002008-01-21T11:24:00.000-02:00With regards to cachedump's output.The new version...With regards to cachedump's output.<BR/><BR/>The new version of whosthere.exe gives you the credentials info in 'l0phtcrack's format' and i'm updating iam.exe to accept the same format.<BR/><BR/>I think this format is similar/the same as the format used by cachedump. If it is not, please send me an email.hernanhttps://www.blogger.com/profile/12754761735106237455noreply@blogger.comtag:blogger.com,1999:blog-18555569.post-63001021072197209332008-01-21T11:22:00.000-02:002008-01-21T11:22:00.000-02:00Hi!,whosthere.exe and iam.exe have already being u...Hi!,<BR/><BR/>whosthere.exe and iam.exe have already being updated to work with KB943485. <BR/><BR/>If you need this updated version right now, please send me an email and I'll send it to you right away; otherwise I'll release the 'official' version soon.hernanhttps://www.blogger.com/profile/12754761735106237455noreply@blogger.comtag:blogger.com,1999:blog-18555569.post-40525039832699357652008-01-21T10:26:00.000-02:002008-01-21T10:26:00.000-02:00Hi,Whosthere doesn't work because a new version of...Hi,<BR/><BR/>Whosthere doesn't work because a new version of LSASRV.DLL is arrived this january 2008.<BR/>see KB943485<BR/><BR/>thank youAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-18555569.post-76603010577509751172008-01-19T17:56:00.000-02:002008-01-19T17:56:00.000-02:00I'm really looking forward to your new release!I'm really looking forward to your new release!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-18555569.post-70728568834165203872008-01-19T16:48:00.000-02:002008-01-19T16:48:00.000-02:00I have a question for you: in the old version's do...I have a question for you: in the old version's documentation you said that is possible to use your toolkit with cachedump password output... but I didn't find a way to do that.<BR/>Can you provide some further documentation do this with the new release?Anonymousnoreply@blogger.com