Re: Windows Credentials Editor v1.0

[Ryan Sears <rdsears () mtu edu>]

Hey Guys,

So I'm not sure if anyone is really interested but I created something kind of in the same vein, but in reverse. I 
created a 6MB package that uses qemu and a custom made linux distro to actually edit your grub.conf from windows so you 
can remotely control what operating system a machine boots into. 

This came about because of the fact that we wanted most of our dual-boot windows clients to consistently boot into 
Windows, but occasionally I needed to do stuff on the linux side (I mainly do linux system administration for Michigan 
Tech). This will (as the video indicates) also pop you into a root shell on the linux side, so you can edit any files 
you want, I've even used it to change root passwords from windows ( using openssl passwd -1 -salt SaltS@ltSalt 
NewRootPW ). This can also be used as an attack vector, because this is a PoC that your computer is just as secure as 
your most insecure operating system, although we all know that physical access to any machine is pretty much game over. 

As of right now because of the way our home drives are set up this actually copies everything to a temp dir, and uses 
runas to run it as the local administrator, but that was because of some permission issues. 

I'm just curious if anyone is actually interested in this, because this is really v0.1. But if there's interest I'll 
develop it a bit further and come up with a menu system of some kind to do common tasks, as well as clean up some 
stupid hackery I used to get it working right (mainly in the batch files). 

Here's a link to the video:
http://www.youtube.com/v/bgCUJ7miSNY&fmt=22&autoplay=1 (Fullscreen)
http://www.youtube.com/watch?v=bgCUJ7miSNY&fmt=22      (Regular)

Hope you enjoy!

Regards,
Ryan Sears

----- Original Message -----
From: "xgermx" <xgermx () gmail com>
To: "PaulDotCom Security Weekly Mailing List" <pauldotcom () mail pauldotcom com>
Sent: Wednesday, October 13, 2010 10:19:34 AM GMT -05:00 US/Canada Eastern
Subject: Re: [Pauldotcom] Windows Credentials Editor v1.0

This is to be expected but, just FYI
http://www.virustotal.com/file-scan/report.html?id=7ae1ceb8db6c52ab7706b29e6b87177174bb16e2881d936b29b9c8eb91911b53-1286979501

On Wed, Oct 13, 2010 at 6:44 AM, Hernan Ochoa <hernan () ampliasecurity com> wrote:
> Windows Credentials Editor v1.0
>
> Supports Windows XP, 2003, Vista, 7 and 2008 (Vista was not actually
> tested yet, but it should work).
>
> Windows Credentials Editor (WCE) allows to list logon sessions and add,
> change, list and delete associated credentials (ex.: LM/NT hashes). This
> can be used, for example, to perform pass-the-hash on Windows and also
> obtain NT/LM hashes from memory (from interactive logons, services,
> remote desktop connections, etc.) which can be used in further attacks.
>
> You can find it here:
> http://www.ampliasecurity.com/research/wce_v1.0.tgz
>
> Thanks!,
> Hernan
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com