Executing WCE.exe in memory as demoed by Egypt here: https://community.rapid7.com/community/metasploit/blog/2012/05/08/eternal-sunshine-of-the-spotless-ram has two issues with it. 1, you leave a file on disk with your hashes and clear text passwords. That just won’t do. 2. There is this DLL called WCEAUX.dll that gets written for the briefest second to disk:
(yes I realize I’m running this on disk ‘wce32.exe’, but it exhibits the same DLL drop when doing in-memory)
Now, don’t get me wrong, I love WCE, and Hernan Ochoa does an amazing job with it, but when it comes down to it, it’s the best tool for the job.![]()
![]()
![]()
![]()
![]()
↧