what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 195 RSS Feed

Files

GrokEVT Scripts 0.5.0
Posted Jun 20, 2011
Authored by Tim Morgan | Site sentinelchicken.org

GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

Changes: This is a major code refresh release to catch up with the times. grokevt-builddb has been redesigned to use RegLookup's pyregfi library instead of executing the command line tools. A work-around has been added for the fact that many Linux distributions no longer make case-insensitive filesystem mounts easy. Support jas been added for Python 3. The license has been changed to the GPLv3. There are various Unicode fixes and other bugfixes.
tags | registry
systems | windows, unix
SHA-256 | a9e74aee34e5e451e2940487fc84fcd51ac0c986e96b1681ec9218bf74a94829
grokevt-0.4.1.tar.gz
Posted Mar 21, 2008
Authored by Tim Morgan | Site sentinelchicken.org

GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

tags | registry
systems | windows, unix
SHA-256 | 01a6114fa008aabd4c84b5eb4af2b43ecb2816c9a7e5408de54d5507d0bf83ab
grokevt-0.4.0.tar.gz
Posted Apr 2, 2007
Authored by Tim Morgan | Site sentinelchicken.org

GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

tags | registry
systems | windows, unix
SHA-256 | 2b80f4b4574016d6e7913c59ba5ebc26337eb4b6e89847d6b3c7915ee37caac7
efilter.c
Posted Aug 17, 2005
Authored by Piotr Bania | Site pb.specialised.info

Efilter is an automatic exception reporting utility. It is very useful and handy while doing vulnerability research on any software designed to work under Windows NT platforms. Due to that it hooks KiUserExceptionDispatcher function, it acts BEFORE any of program's active SEH frames take over the exception. In short words it reports programs exceptions even if they are handled by original program.

systems | windows
SHA-256 | 605f260d1552a4c13237e4e651ab9ba12c73cdd4477da51b4718699a8ac52b93
grokevt-0.1.1.tar.gz
Posted Jul 9, 2005
Authored by Tim Morgan | Site sentinelchicken.org

GrokEVT is a collection of scripts for reading Windows event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

tags | registry
systems | windows
SHA-256 | 6f902dae367346418a9ecfa464c85aebf13a360f7c2aa511fe033c2d9a2749f9
grokevt-0.1.tar.gz
Posted Jul 7, 2005
Authored by Tim Morgan | Site sentinelchicken.org

GrokEVT is a collection of scripts for reading Windows event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format.

tags | registry
systems | windows
SHA-256 | 57e49ae767a0e0e8ed567f09d3e5bf0234bf97dbe8e2e04e099887408bb57895
XP_fake_loginscreen.zip
Posted Apr 18, 2005
Authored by ProgramOS32

Fake login screen emulating the normal Windows login screen. Logs username / password to a file. Requires the capability to install binaries on the affected system in the first place, and messages are apparently based on those in the Australian edition of Windows XP (so it would need to be modified if you plan on running this elsewhere without immediate detection).

systems | windows
SHA-256 | d0e6171f9bc96f7e44e1752c58db80c238324b71b62fb1c4a65d507f4df203af
flister.txt
Posted Feb 24, 2005
Authored by joanna | Site invisiblethings.org

This is a textfile explaining what flister is and does. FLISTER is proof-of-concept code for detecting files hidden by both usermode and kernelmode Windows rootkits. It exploits the bugs in handling ZwQueryDirectoryFile() calls with ReturnSingleEntry set to TRUE. Flister works on Windows 2000, XP and 2003.

systems | windows
SHA-256 | 5b6b637cd51329f95822be40d03bfadd2f6be2edba391415b001239b956c157e
Scan6.zip
Posted Nov 12, 2004
Authored by Marco Del Percio

Port scanner for Windows 2k/XP that is functional for both IPv4 and IPv6 networks. Binary, source code, and more information included in the archive.

systems | windows
SHA-256 | a5bb3c8af652db7efbafd7ed702fd2112f87069ce86f720b9a5ce564f052c16d
strace-0.3.zip
Posted Oct 21, 2003
Authored by Bindview Security Research | Site razor.bindview.com

Strace for NT is a debugging/investigation utility for examining the NT system calls made by a process. It is meant to be used like the strace (or truss) on linux and other unix OSes. What make strace different is that is hooks every system call instead of just selected ones, giving you an excellent idea of what the process is really doing.

systems | linux, unix
SHA-256 | 5b2735e8141907cec5bb50ae17592fdf8c75adb0f42aca5d7b807a20a63e6166
sqlscan12eval.zip
Posted Jul 29, 2003
Authored by Lazy Sysadmin

SQLScan v1.2 is intended to run against Microsoft SQL Server and attempts to connect directly to port 1433. It features the ability to scan one host or an IP list from an input file, the ability to scan for one SQL account password or multiple passwords from a dictionary file, and the ability to create an administrative NT backdoor account on vulnerable hosts, which will fail if xp_cmdshell is disabled on the server.

Changes: Bugs fixed. Added ability to specify backdoor account name and password.
SHA-256 | eca82aed20abb912a9c17c7069bad04790fdd937165e74d8b842e04d3204d1e5
PTwebdav.zip
Posted Mar 19, 2003
Authored by Alexander Antipov | Site securitylab.ru

PTwebdav is a utility for Windows which checks for IIS 5.0 servers which are vulnerable to the Webdav Vulnerability using a malformed search method.

systems | windows
SHA-256 | c652dfb7340124f0b105b9dd61418eddaf74e988443a0e886ee1c8338f1c4058
NetworkActivScannerV4.0.exe
Posted Nov 24, 2002
Authored by Mike J. Kowalski | Site networkactiv.com

NetworkActiv Scanner is a Fast, Easy to use, Advanced network scanner with many useful features. You can perform DNS dig, whois, and more. Main features are: TCP connect() scanning (standard TCP port scan), TCP SYN scanning (fast and "quiet" TCP port scan), Fast UDP port scanning with auto-speed control and reliable results, UDP sub-net scanning, High speed ping scanning of sub-nets (UDP or ICMP), TCP sub-net scanning, Integrated fast trace-route, Remote OS detection via advanced TCP/IP stack fingerprinting, Wizard Mode: Walks you through step-by-step to perform network scanning, trace-route, and much more. Whois Client: Ability to perform whois with ease, you can either specify a whois server, or have it attempt to determine a whois server automatically. DNS Dig system: Performs DNS dig quickly with ease, choose between TCP and UDP, specify a DNS server or have it attempt to determine the authoritative server automatically. Also, support for many RR's (Resource Records), Simple Port Scan Mode for easy and quick port scans, Nice looking interface, with multi-skin support, Tells you if remote computer being scanned is stealth, User set-able max speed (ranging from 2 PPS to non-limited), Tells you the host responses for TCP connect() port scan and sub-net scan, Tells you the port use from huge lists of ports as found, Random order, reverse order, and "Only Scan Known Ports" scan capable, and much more.

tags | remote, udp, tcp
SHA-256 | c6da0a0b39a79bf14c487fa9845238ea26fca9570d5d81d346b1f12a28e2476b
FireWaterToolkit-v97beta.zip
Posted Nov 15, 2002
Site ntobjectives.com

Fire and Water Toolkit is a powerful and comprehensive toolkit for network assessment and defense. It scans and maps networks, checks for web vulnerabilities, and includes a powerful, scriptable ISAPI filter (integrates with Snort) for IIS defense. XML based with multiple output options including XSLT reports.

tags | web, vulnerability
SHA-256 | fc6d95d7249e96c3a96f4b67fb95c260226bfbad5012c2bebe90770d6299cdc9
rcf11.zip
Posted Nov 26, 2001
Authored by Serge Birj

RemoteCompFind (previously known as RemoteHit) searches for a computer on a remote network, in a given IP Range, using NetBIOS protocol. The program is fully multi-threaded. RemoteHit has MS "Find: Computer" like interface.

Changes: The program doesn't use WinNT network libraries anymore. All NetBIOS related code is now part of the project. This significantly improves performance and adds compatibility with Win9x/Me.
tags | remote, protocol
SHA-256 | f7f1091033a3b2f63fc387cdfb759af2a4e498e63db235ad30a684d4a43192af
rh10_nt.zip
Posted Nov 22, 2001
Authored by Serge Birj

RemoteHit searches for a computer on a remote network, in a given IP Range, using NetBIOS protocol. The program is fully multi-threaded. RemoteHit has MS "Find: Computer" like interface.

tags | remote, protocol
SHA-256 | db0de589bc6f540188e5838ce03d6e87817cab5274689fdee8c1f91cb44f7ca0
_root_040.zip
Posted Jul 29, 2001
Site rootkit.com

Windows NT Rootkit v0.04 alpha - Hides processes, files, directories, has k-mode shell using TCP/IP - you can telnet into rootkit from remote. Hides registry keys - (keyboard patch disabled in this build.) Includes execution redirection.

tags | remote, shell, registry, tcp
systems | windows
SHA-256 | 383977e8f03d50438f27eb405e673676a70a76c7ce2b9be0aa18be86fa14f306
getacct003.zip
Posted Jul 24, 2001
Authored by Urity | Site securityfriday.com

GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines.

Changes: Bug fixes and enhancements.
systems | windows
SHA-256 | 5b6bbd73cb22a89f3ab034094eb23b9a4bd57627c373c87d1de7aa635ae60e38
logs2intrusions.zip
Posted Jul 11, 2001
Site trsecurity.net

Logs2Intrusions v1.0 parses IIS or Apache web server logfiles then create possible intrusions report.

tags | web
SHA-256 | 3f40f66b2115df1396b1b9a360d57330fab28da0db21fcf67fe7e9a5375dd39d
antexp.zip
Posted Jul 11, 2001
Site elcomsoft.com

Advanced NT Security Explorer (ANTExp) is an application for Microsoft Windows NT, Windows 2000 and Windows XP system administrators for finding holes in system security. It analyses user password hashes, and tries to recover plain-text passwords. If it's possible to recover the password in a reasonable time, the password should be considered to be insecure. ANTExp is very fast - tries about 900,000 passwords per second on a Pentium-III/450 CPU. Tested on Windows 95, Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP.

systems | windows
SHA-256 | cda4559e128daee59d7f154bb5d74f9cedc7a06826e88dd0bdfda3843e65f6ee
EZPass.zip
Posted Apr 25, 2001
Authored by B-root

EZPass.zip is an executable and a Perl script that uses the net command to automate password attempts on an NT Server. Allows easy Username=Password and other easily guessed combination attempts using a list of accounts such as those from Grinder.

tags | perl
SHA-256 | 55760f5c05dd1af06f75ca07de2777f78f2eb784344d0267b8fa5d32c900d083
Grinder.zip
Posted Apr 24, 2001
Authored by B-root

Grinder.zip is an executable and perl script which uses the SID tools to enumerate usernames from an NT Server.

tags | perl
SHA-256 | a1d083693d92738e60e67d14da41cd78e510101d290b18792f28617f1b128eae
beatlm002.zip
Posted Apr 17, 2001
Authored by Urity | Site securityfriday.com

BeatLm searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows NT and 2000.

Changes: This is version 2!
systems | windows
SHA-256 | 4c535bd8c432c5bb6d185fb0bbf6605c72ba3347e9ad5c80023369270e750c90
lc3setup.exe
Posted Apr 12, 2001
Site securitysoftwaretech.com

L0phtCrack 3 15 day trial - L0phtCrack is an NT password auditing tool. It will compute NT user passwords from the cryptographic hashes that are stored by the NT operation system. L0phtCrack computes the password from a variety of sources using a variety of methods. Uses include recovering a forgotten password, ensuring that users use strong passwords, retrieving the password of a user in order to impersonate them, or migrating NT users to another platform such as Unix. Tested on Windows 98SE, Windows ME, Windows NT, and Windows 2000.

Changes: Windows 2000 support, international character set support, distributed cracking, an option to hide cracked passwords, and more.
systems | windows, unix
SHA-256 | 2913c481900deaa11310798637e71bc777fe181190943731ae188a6ed5d3bd54
snarp.zip
Posted Mar 26, 2001
Authored by Frank Knobbe

Snarp is a tool for NT 4.0 which uses an ARP poison attack to relay traffic between two hosts, allowing sniffing of the data on switched networks.

SHA-256 | 79f23554cd87659274086998a5ac1bae4b178e1d3aa64808b6062d0c5551f81c
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close