Section: .. / Win /
|
Windows tools - This directory contains hundreds of assorted Windows security tools. Try them out first on a test machine first unless you are sure you know what you are doing.
|
| /// File Name: |
pshtoolkit_v1.3-src.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Various updates. | | File Size: | 38281 | | Last Modified: | Mar 3 14:35:45 2008 |
| MD5 Checksum: | 548e936b9b17ab10fa8032b0ecb61283 |
|
| /// File Name: |
pshtoolkit_v1.2_src.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Various updates. | | File Size: | 17212 | | Last Modified: | Jan 21 21:42:32 2008 |
| MD5 Checksum: | 9ed448f068a585eee10146a1cffb428f |
|
| /// Directory: |
/ winfingerprint / |
Description:
|
Winfingerprint 2 is a console based Win32 discovery tool.
| | Total Files: | 24 | | Last Modified: | Jan 3 20:22:53 2008 |
|
| /// File Name: |
uhooker_v1.3.tgz |
Description:
|
The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
| | Homepage: | http://oss.coresecurity.com/projects/uhooker.htm | | Changes: | Several bug fixes. | | File Size: | 74047 | | Last Modified: | Dec 17 21:10:18 2007 |
| MD5 Checksum: | 677ed30fea6cdd16a26416b1b89bf16c |
|
| /// Directory: |
/ genius / |
Description:
|
Genius - Enhancements for Windows 95/98/NT
| | Total Files: | 6 | | Last Modified: | Oct 15 22:31:40 2007 |
|
| /// Directory: |
/ patches / |
Description:
|
Unavailable.
| | Total Files: | 3 | | Last Modified: | Sep 5 21:26:30 2007 |
|
| /// Directory: |
/ misc / |
Description:
|
Miscellaneous Windows Files (e.g. OCX/VB/Winsock) to run certain applications.
| | Total Files: | 32 | | Last Modified: | Sep 5 21:26:27 2007 |
|
| /// Directory: |
/ cgi-scanners / |
Description:
|
Windows CGI / Web Vulnerability Scanners
| | Total Files: | 3 | | Last Modified: | Sep 5 21:26:22 2007 |
|
| /// File Name: |
pshtoolkit-1.1.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Improvements for the German and French versions of Microsoft Windows XPSP2, Windows 2003 SP1/SP2, and more. | | File Size: | 134356 | | Last Modified: | Sep 5 01:08:20 2007 |
| MD5 Checksum: | c3c250b9475fbfe42cf275475d05bd3c |
|
| /// File Name: |
pshtoolkit-1.0.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | File Size: | 122577 | | Last Modified: | Aug 16 04:51:32 2007 |
| MD5 Checksum: | 93512dd3912e0cbc8c16551c50592991 |
|
| /// File Name: |
CoolCon0.01.rar |
Description:
|
A simple command-line converter written in C language that converts input as string or integer. ASCII to Binary/Decimal/Octal/Hexadecimal, Binary to Decimal/Octal/Hexadecimal, Decimal to Binary/Octal/Hexadecimal. ROT13 feature. Compiled .exe binary and .c source code included.
| | Author: | LiquidWorm | | Homepage: | http://www.itsec.com.mk/ | | File Size: | 10362 | | Last Modified: | Jul 26 00:31:42 2007 |
| MD5 Checksum: | c02ed83c71b286f70df477d9f643609b |
|
| /// File Name: |
tcpip_lib5.zip |
Description:
|
Tcpip_lib is a library for Windows 2000 which allows constructing custom packets, IP spoofing, attacks, and more.
| | Author: | Barak Weichselbaum | | Homepage: | http://www.komodia.com | | Changes: | Various bug fixes and it has been stripped of all raw socket support. | | File Size: | 717301 | | Last Modified: | Dec 21 18:00:58 2006 |
| MD5 Checksum: | c6504e82cc56a394faf2b7541157c764 |
|
| /// File Name: |
NBTEnum33.zip |
Description:
|
NetBIOS Enumeration Utility (NBTEnum) is a utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. The enumerated information includes the network transports, NetBIOS name, account lockout threshold, logged on users, local groups and users, global groups and users, and shares. If run under the context of a valid user account additional information is enumerated including operating system information, services, installed programs, Auto Admin Logon information and encrypted WinVNC/RealVNC passwords. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP/2003. PERL source included.
| | Author: | Reed Arvin | | Homepage: | http://reedarvin.thearvins.com/tools.html | | Changes: | Bug fixes. Completely rewritten RestrictAnonymous bypass routine. Included source code for educational purposes. | | File Size: | 1104464 | | Last Modified: | Nov 28 21:41:50 2006 |
| MD5 Checksum: | 807fcb02ec2c5f28c6c5f3380dd063f3 |
|
| /// File Name: |
IRCRv2.3.zip |
Description:
|
The Incident Response Collection Report is a script to call a collection of tools that gathers and/or analyzes data on a Microsoft Windows system. You can think of this as a snapshot of the system in the past. Most of the tools are oriented towards data collection rather than analysis.
| | Author: | John McLeod | | Homepage: | http://tools.phantombyte.com/ | | Changes: | Fixed all path and command locations to meet Helix version 1.8 areas. | | File Size: | 35580 | | Last Modified: | Nov 20 11:56:52 2006 |
| MD5 Checksum: | 98d72034d5d39c40a39cc6fb8b2c53ea |
|
| /// File Name: |
NamedPipes.zip |
Description:
|
This tool allows you to impersonate user credentials (with namedpipes) and execute a shell. One of the best features of this tool is that it includes some new attack vectors (payload generator with -t parameter) to force network users to connect to a remote host (desktop.ini, html code, lnk files, url files,pps,) so smbrelay can also be used.
| | Author: | Andres Tarasco | | Homepage: | http://www.514.es/ | | File Size: | 13322 | | Last Modified: | Oct 9 00:50:07 2006 |
| MD5 Checksum: | 390e81394206a7f20af432fe95663554 |
|
| /// File Name: |
TokenExecution.zip |
Description:
|
This tool is able to duplicate all Tokens stored in the system by calling NtQuerySystemInformation(). Duplicated Tokens allow users with local Administrator rights to execute code with credentials of every user that is logged on to the system locally or over network. Default mode only extracts tokens from the lsass process.
| | Author: | Andres Tarasco | | Homepage: | http://www.514.es/ | | File Size: | 9336 | | Last Modified: | Oct 9 00:47:44 2006 |
| MD5 Checksum: | b43f47d0201d27b9e9030a786b74014b |
|
| /// File Name: |
ProcessInjector.zip |
Description:
|
This tool enumerates all processes and threads running and shows their Token owner information. Users with SE_DEBUG_NAME privilege should be able to inject code on a local process and execute code with their privileges. This could be useful to obtain an interactive shell (at port 8080) when an user session is locked.
| | Author: | Andres Tarasco | | Homepage: | http://www.514.es/ | | File Size: | 9225 | | Last Modified: | Oct 9 00:45:51 2006 |
| MD5 Checksum: | e796f7eec43b81ff4b2e9868c808c48d |
|
| /// File Name: |
EchoMirage-1-1.zip |
Description:
|
Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified. Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available. Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts
| | Author: | Dave | | Homepage: | http://www.bindshell.net/tools/echomirage/ | | File Size: | 651660 | | Last Modified: | Oct 3 19:04:26 2006 |
| MD5 Checksum: | 44055140ab5472d8e65d685ca86ee0c6 |
|
| /// File Name: |
uhooker_v1.2.tgz |
Description:
|
The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
| | Homepage: | http://oss.coresecurity.com/projects/uhooker.htm | | Changes: | Multiple bug fixes, enhancements, and features have been added. | | File Size: | 61894 | | Last Modified: | Sep 7 05:14:40 2006 |
| MD5 Checksum: | 694b79a4fda0e478e560620f0f1e445f |
|
| /// File Name: |
uhooker_v1.0.tgz |
Description:
|
The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
| | Homepage: | http://oss.coresecurity.com/projects/uhooker.htm | | File Size: | 113511 | | Last Modified: | Jun 28 23:07:25 2006 |
| MD5 Checksum: | 3ce6915a59ff45b32055d496e4f67760 |
|
| /// File Name: |
smac20_setup.exe |
Description:
|
SMAC 2.0 is a MAC Address spoofer for Windows 2000, XP and 2003 systems. Users can generate random MAC Address and SMAC will validate MAC Address before spoofing. User can pre-define MAC addresses and load the MAC Address list. Spoofed MAC Address can sustain from reboots.
| | Author: | KLC Consulting Security Team | | Homepage: | http://www.klcconsulting.net/smac | | File Size: | 5168831 | | Last Modified: | May 21 15:23:18 2006 |
| MD5 Checksum: | f97d67f4a512b747d736151a11cacde4 |
|
| /// File Name: |
metacab-2006-04-R5.zip |
Description:
|
Metacab (meta.cab) is a single, inclusive Microsft CAB file of remote administration tools. The CAB file and everything within can be decompressed, installed and used with only cmd.exe. Includes: WinPcap needed for Nmap, DCOM RPC overflow exploit, Simple bat file to ping sweep a Class D, HOD's PnP exploit, Netcat CAB, Nmap CAB, VNC CAB.
| | Author: | Phoenix 2600 | | Changes: | Now includes TCPDUMP, install.bat hides Metacab install, map.bat timeout cut in half, Naming is cleaner, Updated README, including links to sources. Homepage http://www.phx2600.org. | | File Size: | 1398661 | | Last Modified: | Apr 27 18:04:45 2006 |
| MD5 Checksum: | c6ee4155396f5027ab2b60cb3d79f2fd |
|
| /// File Name: |
metacab-2006-04-R3.zip |
Description:
|
Metacab (meta.cab) is a single, inclusive Microsft CAB file of remote administration tools. The CAB file and everything within can be decompressed, installed and used with only cmd.exe. Includes: WinPcap needed for Nmap, DCOM RPC overflow exploit, Simple bat file to ping sweep a Class D, HOD's PnP exploit, Netcat CAB, Nmap CAB, VNC CAB.
| | Author: | Phoenix 2600 | | Homepage: | http://www.phx2600.org | | File Size: | 1116569 | | Last Modified: | Apr 17 14:45:28 2006 |
| MD5 Checksum: | 6e4ae30da5c8fe91318f6252447e5cf1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
