This is a short post about WordSteal, an open source Python script that steals Microsoft NTLM hashes for you. It does so by leveraging the Metasploit toolkit to steal Microsoft NTLM hashes containing a malicious image payload.It has been known for quiet some time that Microsoft Word versions upwards of Office 95 allow us to embed image files. This functionality has also been used by the CIA "Scribbles" project, which is a document-watermarking pre-processing system to embed "Web Read more about WordSteal: Steal NTLM Hashes from a Remote Computer!
What do you do after you have successfully gained access to a system and you want to improve your foothold or try to move laterally in the network? You run RedSnarf, that helps you start by retrieving hashes and credentials from Windows workstations, servers and domain controllers! Read more about RedSnarf: Retrieve Hashes & Credentials from Windows!