Cyber SecuritypentestingTech

Post Exploitation With Windows Credentials Editor (WCE)

Post Exploitation With Windows Credentials Editor (WCE)

What is WCE?

A tool that allows you to harvest hashes from Windows.

 

Functionality

WCE can be used for a variety of functions:

  • It can perform pass-the-hash on Windows.
  • It can obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.)
  • Dump cleartext passwords entered by users at login.

 

WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing. It supports Windows XP, 2003, Vista, 7, 2008 and Windows 8.

It comes prepackaged with Kali.

Directory

usr/share/wce/

 

How it is used

  • As mentioned earlier, it is used in penetration tests and in CTF’s that utilize Windows.
  • It works extremely well in post-exploitation when harvesting credentials.
  • All you need to do is upload the wce.exe executable to the target system and run it.

 

Demonstration

Target OS: Windows 7 VM

We have already exploited the target and have spawned a meterpreter reverse shell. We can now begin our credential harvesting.

  • We can use the Meterpreter upload functionality to upload the wce32.exe executable to our target system. Ideally, we want it in the system32 folder with admin privileges.

 

Upload /usr/share/wce32.exe

 

Depending on the target system architecture, you can specify the appropriate wce executable (32 or 64).

 

Using WCE

 

  • Viewing the help menu

Wce32.exe -h

  • To list all the hashes of all users

Wce32.exe

 

 

Retrieving user passwords in cleartext

Wce32.exe -w

 

Note: WCE will only display active user credentials and hashes.

 

Retrieving the NTLM hash

Wce32.exe -g <password>

Did you like this?
Tip Ankush Gaikwad with Cryptocurrency

Donate Bitcoin to Ankush Gaikwad

Scan to Donate Bitcoin to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to Ankush Gaikwad

Scan to Donate Bitcoin Cash to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to Ankush Gaikwad

Scan to Donate Ethereum to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to Ankush Gaikwad

Scan to Donate Litecoin to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to Ankush Gaikwad

Scan to Donate Monero to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to Ankush Gaikwad

Scan to Donate ZCash to Ankush Gaikwad
Scan the QR code or copy the address below into your wallet to send some ZCash:

User Rating: 4.55 ( 1 votes)

Ankush Gaikwad

Software/web/App Developer and Cyber Security Investigator

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close
Close
Open chat
1
Hello
Welcome to CYBRAIN INFOSEC
...you are chatting direct to Mr.Ancush Gaikwad (CTO).Feel free to share your query with him.
REGARDS
CYBRAIN INFOSEC
Loading

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

CYBRAIN INFOSEC will use the information you provide on this form to be in touch with you and to provide updates and marketing.