Windows Credentials Editor

Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets).

This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.), obtain Kerberos tickets and reuse them in other Windows or Unix systems and dump cleartext passwords entered by users at logon.

WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing. It supports Windows XP, 2003, Vista, 7, 2008 and Windows 8.

Current version

WCE v1.42beta (32-bit) (download)
WCE v1.42beta (64-bit) (download)
WCE v1.41beta (Universal Binary) (download)

Previous versions

WCE v1.41beta (32-bit) (download)
WCE v1.41beta (64-bit) (download)
WCE v1.4beta (32-bit) (download)
WCE v1.4beta (64-bit) (download)
WCE v1.4beta (Universal Binary) (download)
WCE v1.3beta (32-bit) (download)
WCE v1.3beta (64-bit) (download)
WCE v1.21 (64-bit) (download)
WCE v1.2 (32-bit) (download)
WCE v1.2 (64-bit) (download)
WCE v1.1 (32-bit) (download)
WCE v1.0 (32-bit) (download)


Frequently Asked Questions (FAQ) available here.


Please send your questions, suggestions and bug reports to


WCE Internals
Presentation explaining the inner workings of WCE v1.1 including how Windows XP,2003,7,Vista and 2008 store credentials in memory, describing undocumented structures found via reverse engineering, encryption algorithms used to encrypt credentials and how to recover encryption keys and IVs to decrypt NTLM credentials.

RootedCon 2011 (download)

Post-Exploitation with WCE
This presentation describes the techniques WCE brings to penetration testers and how these can be used in different scenarios. Although originally targeted to college students studying information security, you might find useful information you didn't know about even if you are an experienced user of WCE or penetration tester.

UBA 2011 - Spanish (download) - English (download)