Date: Tue, 14 Jan 2014 07:25:32 -0500 From: "Richard B. Tilley" <brad@....us> To: john-users@...ts.openwall.com Subject: Re: Cracking MSChap v2 On Tue, Jan 14, 2014 at 12:13:27AM -0500, Rich Rumble wrote: > WCE and Mimikatz are more game changing I think. > http://www.ampliasecurity.com/research/wcefaq.html > http://blog.gentilkiwi.com/mimikatz https://github.com/thomhastings/mimikatz-en > Mimikatz is now able to read memory dumps of the lsass.exe process > (you can right-click the process in task manager to make one) and mimi > can read that without having to be on the box, all you need is the > mem-dump and you get all windows passwords on the machine for most > accounts. WCE has to be local at this time, I believe there are others > too that can now do this. <snip> Rich, I agree with your assessment and have seen these tools in use by bad guys on networks. Mimikatz can dump domain credentials, too, if a user has authenticated to the machine (where Mimikatz is running) using domain credentials. If a domain or enterprise admin authenticates, the rest is history. That's all I had. Hope this is not too off-topic for john-users. My apologies if it is. Brad
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.