FPipe is a TCP source port forwarder/redirector that can be used to force a TCP stream to always connect using a specific source port. This tool can be used to get around firewalls that only accept traffic originating from common source ports.
f9c86a366b0ceda5db685b75cbef40028ce0b3a845d63910cbbe40da1d0a0ec8Inzider v1.2 shows which processes listen at which ports, and can be used to find Back Orfice 2000 when it is hidden in another process. This is like LSOF for Windows 95/98, Windows NT 4.0 and Windows 2000.
2e6466d6e3dddc4f8a9cbd550dc4bdf278548f173b6f6f055ed30ebfbff8d7b9FakeGINA intercepts the communication between Winlogon and the normal GINA, and while doing this it captures all successful logins (domain, username, password) and writes them to a text file. FakeGINA shows at least one very important thing - one should never use the same password on more than one system. If one system is compromised, the attacker might use something like FakeGINA to capture all the passwords, and then use them against other systems.
5a9e498c2ef801c16119a90749139794ff69b96fbd1ef6e91651a427170d3b2fGinastub.dll v1.0 - A WinLogon password grabber which records every users password as they log in.
03d0a2bb3624c1ddc5346e5a71863061db2223f16de32adea0a2c10dec3b9706Intact Open Use is a host integrity checking system for Windows 95/98. This is only a 30 day trial. Intact can detect change in the filesystem and registry.
4cf2810673f6b8e0ec16988e8a63d002e0d5952d90749361e6f2904a5ddf8cefregback.asm is a backdoor for NT written in pure asm.
bd616e1d07cd327035e514a318277f4e261bebd2ecf13fd9c7c0b7b66b029a75Strace for NT is a debugging/investigation utility for examining the NT system calls made by a process. It is meant to be used like the strace (or truss) on linux and other unix OSes. What make strace different is that is hooks every system call instead of just selected ones, giving you an excellent idea of what the process is really doing.
40e67fa58e752c0222baff1eb9831588364563d09d5175665f2f1348fa81250dEvntSlog v3.2 takes NT system logs and sends them out in syslog format over the syslog UDP port so all the logs from your NT and unix boxes can be stored on the same unix box.
8b8d8459a63504945492f7b519ee570f89f6ebeb4985dbeee7f3aa0181d86033NTOMax v1.0 - A scriptable, server stress testing tool.This tool takes a text file as input and runs a server through a series of tests based on the input. The purpose of this tool is to find buffer overflows and DOS points in a server.
67706ebf49993f04d67f291331b9d20efa84b717acc0cb97a856eec2bbf2198bSPCheck is a command line utility that can be used to check the service pack and hot fixes on any NT Workstation or Server (assuming you have administrative privileges on the machine). SPCheck v.1.4 checks multiple machines and generates a web page or a comma-delimited text file that you can easily import in a spreadsheet or database program. SPCheck works by remotely connecting to the Registry of NT machines. It parses through the registry information looking at the key for the Service Pack and for the hot fix subkeys.
fefa92cd62fb08b9f2846d287a1f9e31880983f980b475ed37f7d999646c9c8eIntact Open Use is a host integrity checking system for Windows NT available free for non-commercial use. Intact can detect change in the NT filesystem and NT registry. Other versions of Intact include Intact Intelligence and Intact Enterprise. Unlike Intact Open Use, these can monitor a system for change and build an optimal configuration file containing objects and object characteristics which do not normally change. To clarify, this is a lightweight free version.
3d0d7cfe5fed2cfb449d8b784b7ea4c0a4c27460bd673ff6953b27415e43f933Simple perl scripts for generating a catalog of MD5 hashes of executable files under NT, and later comparing the catalog to new snapshots. Compares based on missing or additional files, differing MD5 hashes, modification dates, and file attributes.
6bab0ab22e817f7d4d6cbb0081fc29758f51d25453c01f6a99be598279b2c685Windows NT rootkit project v0.31 alpha. This build is testing a new technique called EXE Redirection which can hide any trojan from the user. If you open, hash, CRC, or scan the file - you see the original file, but if you execute the file, you get the trojan. This is a very powerful stealth technique. Also, this build sports the ability to hide registry keys and values.
5c6ce632055c2b4e2bba28b0f6fef4b1631597d530612beacf8e86625d024ddfDelGuest deletes the built-in Guest account in Windows NT. This account is supposed to be impossible to delete, and it is impossible to delete through the ordinary user interface, but with DelGuest you can do it.
e0828fcde478bd09c2faeac52cd28067f6a1545284e87d4cc32d4fa4b6faeeafNT_security.reg contains a lot of reg entries that NT users should 'exec' in order to secure their NT ws/servers.
eaa36b1f8256be0cbbfd8a424d22b478fd4f4b417ca6a5e0211f63797398c6f5Caezar's Regwrite Injector.
18f265b0c7ffd9bd2c806086ff86d495d2898142655f0355ff5dee004831c1ceNT OBJECTives, Inc. Presents - Seek and Destroy Network Tools. NTO Tools includes four new tools: Lservers[tm], NTOLog[tm] and NPList[tm] and NTODrv[tm]. NTOLog[tm] is a Powerful, network wide backup/clear utility for NT logs.i LServers[tm] is a NetBIOS name dumper. NPList[tm] is a NT network process dumper. NTODrv[tm] is a NT network driver/service dumper. Download NTO Seek/Destroy Tools[tm].
ed8828e22d4b2702b5da0a6830008e334e58b0e5d79651ef004727657c22c2e0PacketX 1.0 is a native Windows NT firewall testing tool that allows for complete TCP/IP packet creation. It creates packets to be 'fired' at a firewall in validation tests so that firewall rules can be confirmed. PacketX[tm] contains complete TCP/IP packet spoofing technology in order to verify the approval/denial of internet domain address against firewall ACL's. Freeware version.
4c35e611d93dad2d380a1e9f3e54a132c151acf2d5fc5d0e14e626923b7725b33 NT tools - lservers is a NetBIOS name dumper that quickly lists names of PDC's, BDC's, NT boxes, etc. NTOLog backs up or copies NT log files. Can use stdin or input from lservers. NPList can dump all processes on the network. Example: lservers \\HOSTX XDOMAIN /nt | nplist | grep l0phtcrack.
22b2147a1dca1952b2dc95d5a17cf49b74ebb379f3069d8e27118b30fec529e3Documentation for NTOtools2.
31041d0a2f491b5caa008e694bb0febefe2aef971f313bec7aed62ddc60702f2FAQ for rasfix.exe
fbfce68bb8e5e746c33c205287d9f86baced70c53d667f8dcfbf312102d3dfa6FAQ for gsd.exe
3c710b24132607d1316326072588cbbbafa6f8cf55b263847bf047962562da39FAQ for strongpass.dll
df93ffe11f4f0ddb63722def399cb9f806a3b6cd35c76459afe67e090730f6d7FAQ for downgrade.exe
e0d8f88986ab71b07974c540bb3c43278998b87917b87f7e45a8e11cd54edf20FAQ for winfo.exe
df740c0c4b0a038956f3025557238c599d092273325f31256b6d38a9b8485b33
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed