GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines.
e28715b7900a0c169755d613bf268120ee74a6c16478ea83ae369e8e80b2162a
GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines.
33b73fed9d9f9f0e99248e6187ba729f172e51d6ae3b14693008faf287653d6b
NBpyder, or NetBios Spyder is a suite of NT batch files that take advantage of Windoze netbios connections to glean information about a corporation's network. NBSpyder works by first enumerating domains that the computer can see over a LAN. It then proceeds to get a comprehensive list of machines for that domain, their domain controllers, local administrators and domain admins, and a comprehensive list of IP addresses for that domain. It then attempts to gain administrative access on the domain controllers by semi-intelligent brute force password guessing , and, if successful, goes ahead and downloads the domain user and policy list.
f63eb52728feae6bc1a31c5f1b67d614d3f5bf5a5d684f040e00c47e08413e87
BeatLm searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows NT and 2000.
f7ec0a6a65b7324009c133597b0ed26cd038cf4d2608ebef027b8633530afdbb
BackLog is a Windows NT service that facilitates the real time central collection and processing of Windows NT Event Log information. All three event logs (Application, System and Security) are monitored, and event information is converted to comma delimited text format, then delivered over UDP to a remote server. BackLog is currently configured to deliver audit information to a SYSLOG server running on a remote (or local) machine.
2a7e60ba1adf27e0116c79bce183db5f3823d8c50de29fce265044f753654e8e
SecureStack 1.0 s capable of protecting Windows NT/2000 systems from buffer overflow attacks.
544598b8597a183f6f5f68b0e409bc76c4532fbdc5d78d9440ebea6ae18d775a
NT_security2.reg is a registry file which helps admins secure their Windows NT 4.0(ws/server) and some Win2k machines quickly and efficiently. Just to be sure that everything applies to your machine go and check all the entries. If you want to remove one entry just add ';' in front of it.
33e07cf94bbf1636acf4144b044c46f65e2cf72bdaa5e787e6a6c9bd17a3c2ee
This Shareware program is an user friendly alternative to the built in eventlog viewer of Windows NT. Besides it allows to conveniently watch the eventlogs of the machines of your network. As soon as an unfiltered event occurs on one of the watched machines, a popup window will inform you about it. You can even start programs of your choice in response to events of your choice. Last not least Elwiz shows some important information about the watched machines.
7ad33242268057a6ff10e53683b25c4b8a5f24fcd639c460c40699edeb1b7fdf
NTOMax v2.0 - A scriptable, server stress testing tool.This tool takes a text file as input and runs a server through a series of tests based on the input. The purpose of this tool is to find buffer overflows and DOS points in a server.
ef34377a85529f26bafd7fc023eda8fc64b8470ac6e53c53e19d8e7325857bf9
SuperScan v3.0 - SuperScan is a powerful connect-based TCP port scanner, pinger and hostname resolver. Multithreaded and asynchronous techniques make this program extremely fast and versatile.
a4df0e59a28d75e143117051a04d52f4a61a9ea7b23c41ad51a3a829cad62b58
FileWatch v1.0 is a file change monitor. FileWatch (originally called ICEWatch 1.x) is a small utility that can monitor a given file for changes. Monitoring can detect file size changes or simply file writes, both with minimal impact on system resources (no polling is performed). The primary use of this utility is for monitoring changes in the log file of a personal firewall program and being able to spawn a separate application when changes are detected, but the tool can be applied to any number of other uses.
36d4ecbff2288777330ce9694cc1b2c2eaeb922eab01c891f24c721eb3376c29
Forensic Toolkit v2.0 is a file properties analyzer designed to examine the files on a disk drive for unauthorized activity. Lists files by their last access time, search for access times between certain time frames, and scan the disk for hidden files and data streams.
4d29428f9ff309f7b8d1dae8cf523a7dcbcace17b6b2fa9a7708117299dc0fa4
NTLast v3.0 is a security audit tool for Windows NT. It can help identify and track who has gained access to your system, and document the details. Includes raw time output for Excel analysis and additional features for Webmasters.
8ec05251c3081e25c2859714a5a176605e31ea2408b766257b565cc544361ff6
A small batch file which helps with installing NT hotfixes.
d35d9d0de243c2940054dc12e5902155639c02eba08d825df6c6909b80fa3595
ads_cat is a utility for writing to NTFS's Alternate File Streams, a sneaky way to hide data on a Windows NT system which makes it completely invisable to all users, administrators, and disk size commands. Includes ads_extract, ads_cp, and ads_rm, utilities to read, copy, and remove data from NTFS alternate file streams.
6b489c89a96dd11616d143d7453263ff9ff369ebec6878d0007b44ec9ccb5576
The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. PsLogList is a clone of elogdump except that PsLogList lets you login to remote systems in situations your current set of security credentials would not permit access to the Event Log, and PsLogList retrieves message strings from the computer on which the event log you view resides. PsLogList works on NT 3.51, NT 4.0, and Win2K.
19038fc488435edfb7aaed758d88d0a3a9eccadd6a2f05393f901ca9dffe31bd
Batchfile for Windows NT with Internet Information Server. This script automates jobs. If there is an attack on your server, starting this script manually enables you to see if something has happened.
f4e162bc9abb6263212ba4527e010ded527477b033e511a6fd7cd498ee5064cf
Sqlpoke is a NT based tool that locates MSSQL servers and tries to connect with the default sa account. A list of SQL commands is executed if the connection is successful. Win32 source included.
0e32d5348e71edf6b856f7663bf1789acfc15a29486062760aba27989754798c
This regedit registry patch will tighten down security on a Microsoft NT v4.0 (sp3 and sp6 or 6a) machine. Changes about 55 registry entries.
17ecace1825394820a936146cb0eebe1dd734581c3df84d03e1c809bf5376982
HardenNT (Beta 0917) is a tool created to automate the task of securing one or more Microsoft Windows based computers. It is specifically aimed at securing Windows NT 4.0 machines, although some of the functionality could also be used on Windows 9x or even Windows 2000 networks. HardenNT is not a tool that is to be installed or even run on a computer that one wants to secure. It merely creates a number of batch files that run standard NT (and NT resource kit) tools. This means that the batch files created by HardenNT are to be copied and run on the host you want to secure. Updates frequently, newest version available here.
e09153373619655c9b68e3a686e86477e1edddfdcf54c5a3091b59e0612c11aa
WDumpEvt is a tool that makes it easy to manage all the information from Windows NT / 2000 logs. The eventlog tree can be browsed, sorted, erased, filtered, or catagorized. The data can also be dumped into an ASCII-delimited format for importation or HTML for display.
eaf06992361807781762a06be9d593d389e8835393ca184296fbb75b1282e195
Enhanced NT PortMapper is an NT port scanner which is low on CPU usage. Needs ActiveX Suite and the uptodate Main OCX's.
0744162548098212aa21bdaddc4433733af72d6f801e354965c1f651fd6626e6
FPipe version 2.4 is a TCP source port forwarder/redirector that can be used to force a TCP stream to always connect using a specific source port. This tool can be used to get around firewalls that only accept traffic originating from common source ports.
d0eff452959037ffd1b6d1745db0de980ab8d88b67cb2476d7e142788ad15cb4
CrucialADS v1.0 is a GUI based Alternate Data Stream scanning tool. Crucial ADS is designed to quickly and easily detect the presence of Alternate Data Streams in NTFS files and directories. NTFS files contain one primary stream, and, optionally, one or more alternate data streams. The problem is that NT comes with no utilities that list any stream other than the primary stream in a file. When viewing a directory with explorer, or using the dir command in cmd.exe, the information reported pertains to the primary stream only.
fcb5d7578d65029d6c0752c560951947acc45e678f0c390ee0e80a008283f550
Windows NT allows remote users to find out the SID remotely if certain conditions are met. The logs need to be viewable remotely, auditing must be enabled, and policies must block the account after a certain failure count.
058acc074b6dceaa3311a7b9d02f577660e67364ccb5a3bab68adece51f67ee0