HEXALE (security & reverse engineering): Pass-The-Hash Toolkit v1.2 released.

Monday, January 21, 2008

Pass-The-Hash Toolkit v1.2 released.

Pass-The-Hash Toolkit v1.2 is available.

What is Pass-The-Hash Toolkit?

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Direct download links:
source code:
http://oss.coresecurity.com/pshtoolkit/release/1.2/pshtoolkit_v1.2_src.tgz
binaries:
http://oss.coresecurity.com/pshtoolkit/release/1.2/pshtoolkit_v1.2.tgz

More info:
http://oss.coresecurity.com/projects/pshtoolkit.htm
http://oss.coresecurity.com/pshtoolkit/doc/index.html

what's new:
http://oss.coresecurity.com/pshtoolkit/release/1.2/WHATSNEW

10 comments:

Anonymous said...: The hardcoded addresses still have not been updated for 2003sp2?

LSASRV.DLL Location: C:\WINDOWS\system32\lsasrv.dll
LSASRV.DLL version: 00050002h. ECE0BE1h
Checking LSASRV.DLL....skipped. (-B was specified).
Trying to obtain addresses...Failed! (AC = 00000000, EM = 00000000); 6:15 AM
hernan said...: probably not.
Send me an email to hernan[at]gmail.com, and I'll add them.

Thanks!,
Hernan; 1:54 PM
Anonymous said...: I don't have the addresses, was hoping you did. Is there a way to get them under ADA or whatever?; 9:20 PM
hernan said...: Yes, I DO have them.

Just drop me an email :).

by ADA you mean IDA?; 4:49 PM
Anonymous said...: whoops, yeah IDA. email coming up. why are they not in the latest release?; 5:48 PM
hernan said...: hey anonymous, I lost your email address, I have what you need, can you send me an email again? I'll send you the version of the toolkit you need.; 12:41 PM
Anonymous said...: why do you not just post an updated version with more addresses?; 4:38 AM
hernan said...: I did! v1.3 is out! and I also did a lot more things! check it out!

I was just asking you to send me an email so I could give you a pre-release version of the tools to solve your issues, that's all!

please let me know if the new version solves your issues, and if not, just send me an email, i'm not from the CIA! :) it just easier to send you pre-release versions than to release new versions everytime someone finds a problem with the tool. I give people special versions all the time, don't be afraid, send me an email :).; 1:19 PM
Anonymous said...: I have the same problem with the new version 1.3...

Trying to obtain addresses...Failed! (AC = 00000000, EM = 00000000)

Is there everyone who can help me ?; 3:14 PM
hernan said...: email me! hernan(at)gmail.com!; 9:23 PM