FPipe is a TCP source port forwarder/redirector that can be used to force a TCP stream to always connect using a specific source port. This tool can be used to get around firewalls that only accept traffic originating from common source ports.
f9c86a366b0ceda5db685b75cbef40028ce0b3a845d63910cbbe40da1d0a0ec8
Inzider v1.2 shows which processes listen at which ports, and can be used to find Back Orfice 2000 when it is hidden in another process. This is like LSOF for Windows 95/98, Windows NT 4.0 and Windows 2000.
2e6466d6e3dddc4f8a9cbd550dc4bdf278548f173b6f6f055ed30ebfbff8d7b9
FakeGINA intercepts the communication between Winlogon and the normal GINA, and while doing this it captures all successful logins (domain, username, password) and writes them to a text file. FakeGINA shows at least one very important thing - one should never use the same password on more than one system. If one system is compromised, the attacker might use something like FakeGINA to capture all the passwords, and then use them against other systems.
5a9e498c2ef801c16119a90749139794ff69b96fbd1ef6e91651a427170d3b2f
Ginastub.dll v1.0 - A WinLogon password grabber which records every users password as they log in.
03d0a2bb3624c1ddc5346e5a71863061db2223f16de32adea0a2c10dec3b9706
Intact Open Use is a host integrity checking system for Windows 95/98. This is only a 30 day trial. Intact can detect change in the filesystem and registry.
4cf2810673f6b8e0ec16988e8a63d002e0d5952d90749361e6f2904a5ddf8cef
regback.asm is a backdoor for NT written in pure asm.
bd616e1d07cd327035e514a318277f4e261bebd2ecf13fd9c7c0b7b66b029a75
Strace for NT is a debugging/investigation utility for examining the NT system calls made by a process. It is meant to be used like the strace (or truss) on linux and other unix OSes. What make strace different is that is hooks every system call instead of just selected ones, giving you an excellent idea of what the process is really doing.
40e67fa58e752c0222baff1eb9831588364563d09d5175665f2f1348fa81250d
EvntSlog v3.2 takes NT system logs and sends them out in syslog format over the syslog UDP port so all the logs from your NT and unix boxes can be stored on the same unix box.
8b8d8459a63504945492f7b519ee570f89f6ebeb4985dbeee7f3aa0181d86033
NTOMax v1.0 - A scriptable, server stress testing tool.This tool takes a text file as input and runs a server through a series of tests based on the input. The purpose of this tool is to find buffer overflows and DOS points in a server.
67706ebf49993f04d67f291331b9d20efa84b717acc0cb97a856eec2bbf2198b
SPCheck is a command line utility that can be used to check the service pack and hot fixes on any NT Workstation or Server (assuming you have administrative privileges on the machine). SPCheck v.1.4 checks multiple machines and generates a web page or a comma-delimited text file that you can easily import in a spreadsheet or database program. SPCheck works by remotely connecting to the Registry of NT machines. It parses through the registry information looking at the key for the Service Pack and for the hot fix subkeys.
fefa92cd62fb08b9f2846d287a1f9e31880983f980b475ed37f7d999646c9c8e
Intact Open Use is a host integrity checking system for Windows NT available free for non-commercial use. Intact can detect change in the NT filesystem and NT registry. Other versions of Intact include Intact Intelligence and Intact Enterprise. Unlike Intact Open Use, these can monitor a system for change and build an optimal configuration file containing objects and object characteristics which do not normally change. To clarify, this is a lightweight free version.
3d0d7cfe5fed2cfb449d8b784b7ea4c0a4c27460bd673ff6953b27415e43f933
Simple perl scripts for generating a catalog of MD5 hashes of executable files under NT, and later comparing the catalog to new snapshots. Compares based on missing or additional files, differing MD5 hashes, modification dates, and file attributes.
6bab0ab22e817f7d4d6cbb0081fc29758f51d25453c01f6a99be598279b2c685
Windows NT rootkit project v0.31 alpha. This build is testing a new technique called EXE Redirection which can hide any trojan from the user. If you open, hash, CRC, or scan the file - you see the original file, but if you execute the file, you get the trojan. This is a very powerful stealth technique. Also, this build sports the ability to hide registry keys and values.
5c6ce632055c2b4e2bba28b0f6fef4b1631597d530612beacf8e86625d024ddf
DelGuest deletes the built-in Guest account in Windows NT. This account is supposed to be impossible to delete, and it is impossible to delete through the ordinary user interface, but with DelGuest you can do it.
e0828fcde478bd09c2faeac52cd28067f6a1545284e87d4cc32d4fa4b6faeeaf
NT_security.reg contains a lot of reg entries that NT users should 'exec' in order to secure their NT ws/servers.
eaa36b1f8256be0cbbfd8a424d22b478fd4f4b417ca6a5e0211f63797398c6f5
Caezar's Regwrite Injector.
18f265b0c7ffd9bd2c806086ff86d495d2898142655f0355ff5dee004831c1ce
NT OBJECTives, Inc. Presents - Seek and Destroy Network Tools. NTO Tools includes four new tools: Lservers[tm], NTOLog[tm] and NPList[tm] and NTODrv[tm]. NTOLog[tm] is a Powerful, network wide backup/clear utility for NT logs.i LServers[tm] is a NetBIOS name dumper. NPList[tm] is a NT network process dumper. NTODrv[tm] is a NT network driver/service dumper. Download NTO Seek/Destroy Tools[tm].
ed8828e22d4b2702b5da0a6830008e334e58b0e5d79651ef004727657c22c2e0
PacketX 1.0 is a native Windows NT firewall testing tool that allows for complete TCP/IP packet creation. It creates packets to be 'fired' at a firewall in validation tests so that firewall rules can be confirmed. PacketX[tm] contains complete TCP/IP packet spoofing technology in order to verify the approval/denial of internet domain address against firewall ACL's. Freeware version.
4c35e611d93dad2d380a1e9f3e54a132c151acf2d5fc5d0e14e626923b7725b3
3 NT tools - lservers is a NetBIOS name dumper that quickly lists names of PDC's, BDC's, NT boxes, etc. NTOLog backs up or copies NT log files. Can use stdin or input from lservers. NPList can dump all processes on the network. Example: lservers \\HOSTX XDOMAIN /nt | nplist | grep l0phtcrack.
22b2147a1dca1952b2dc95d5a17cf49b74ebb379f3069d8e27118b30fec529e3
Documentation for NTOtools2.
31041d0a2f491b5caa008e694bb0febefe2aef971f313bec7aed62ddc60702f2
FAQ for rasfix.exe
fbfce68bb8e5e746c33c205287d9f86baced70c53d667f8dcfbf312102d3dfa6
FAQ for gsd.exe
3c710b24132607d1316326072588cbbbafa6f8cf55b263847bf047962562da39
FAQ for strongpass.dll
df93ffe11f4f0ddb63722def399cb9f806a3b6cd35c76459afe67e090730f6d7
FAQ for downgrade.exe
e0d8f88986ab71b07974c540bb3c43278998b87917b87f7e45a8e11cd54edf20
FAQ for winfo.exe
df740c0c4b0a038956f3025557238c599d092273325f31256b6d38a9b8485b33