The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
12647279df0a167a813e91d94627b92abe1cca879d0528921db39c1d55eb68d2A simple command-line converter written in C language that converts input as string or integer. ASCII to Binary/Decimal/Octal/Hexadecimal, Binary to Decimal/Octal/Hexadecimal, Decimal to Binary/Octal/Hexadecimal. ROT13 feature. Compiled .exe binary and .c source code included.
796b2b5468e36b70369a5b34c11207ff3752be9c113d8246e7c8f0ec4e0d5490Quick and dirty blanket fix for the Microsoft Windows ANI zero-day vulnerabilities. Prevents loading cursors from outside the Windows directory.
3b81a136644b11b0a7ff108dd16f0475eb209f61cc7f58f1aa3a32ab34040fd2Tcpip_lib is a library for Windows 2000 which allows constructing custom packets, IP spoofing, attacks, and more.
7b7d28e20ce44df14654770a6d3f6f32a8a6f339e181759cd463f36a347cc8dfNetBIOS Enumeration Utility (NBTEnum) is a utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. The enumerated information includes the network transports, NetBIOS name, account lockout threshold, logged on users, local groups and users, global groups and users, and shares. If run under the context of a valid user account additional information is enumerated including operating system information, services, installed programs, Auto Admin Logon information and encrypted WinVNC/RealVNC passwords. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP/2003. PERL source included.
b45e9b8f0dfd57e2ccef45caba51ab4a9a17ce8fc9154b6a7eaae3fb6e43d23cUSBDumper is a tool that silently copies content of an inserted USB device onto your PC.
b885d63e34380e079b1298f2bdf8035717e187d83fe46fbed2678afea4f95855This tool allows you to impersonate user credentials (with namedpipes) and execute a shell. One of the best features of this tool is that it includes some new attack vectors (payload generator with -t parameter) to force network users to connect to a remote host (desktop.ini, html code, lnk files, url files,pps,) so smbrelay can also be used.
9346dee563fb29b2b3df7d23637e8761553627b823a55102ab2f1771384d41cbThis tool is able to duplicate all Tokens stored in the system by calling NtQuerySystemInformation(). Duplicated Tokens allow users with local Administrator rights to execute code with credentials of every user that is logged on to the system locally or over network. Default mode only extracts tokens from the lsass process.
1a0435ffe70c05e1ac855b72e2791c48ef936b97e049469b6101088dd1cb7a06This tool enumerates all processes and threads running and shows their Token owner information. Users with SE_DEBUG_NAME privilege should be able to inject code on a local process and execute code with their privileges. This could be useful to obtain an interactive shell (at port 8080) when an user session is locked.
1ac149ac191a602c8eba43f12c04a137a7aacdf4f3d5eb3938a05335167236e8Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified. Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available. Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts
d10e18c9e1b0a1c6efdff4557cbcb55a342a8fca721bd7feff6117b515a49f92The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
c4c5521266fe2983724a4c92b2958cb6d08257a47ffcb13f06d3e5fa16107ad3The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
30d173c3ac0c5fdffc35b8ba8b0f94d4420dc0d38002684c850ab21c7af36253SMAC 2.0 is a MAC Address spoofer for Windows 2000, XP and 2003 systems. Users can generate random MAC Address and SMAC will validate MAC Address before spoofing. User can pre-define MAC addresses and load the MAC Address list. Spoofed MAC Address can sustain from reboots.
e5bf8406e7688144292d1bc4926eb70f7b4361675d40e88002e181fec233e2a3Metacab (meta.cab) is a single, inclusive Microsft CAB file of remote administration tools. The CAB file and everything within can be decompressed, installed and used with only cmd.exe. Includes: WinPcap needed for Nmap, DCOM RPC overflow exploit, Simple bat file to ping sweep a Class D, HOD's PnP exploit, Netcat CAB, Nmap CAB, VNC CAB.
a60e89fa97790be36ccc7b36ffd87b0d805831141fe3a210635d0d96ec3b1660Metacab (meta.cab) is a single, inclusive Microsft CAB file of remote administration tools. The CAB file and everything within can be decompressed, installed and used with only cmd.exe. Includes: WinPcap needed for Nmap, DCOM RPC overflow exploit, Simple bat file to ping sweep a Class D, HOD's PnP exploit, Netcat CAB, Nmap CAB, VNC CAB.
6df9395304d34d112ac357e0da78b215accb202c11a9b4c7dca9b8baf4a52189lbture is a local Windows account password brute forcer. It supports dictionary attacks and resume. Works on Windows NT/2K/XP/2K3.
2e23ce3907d604374fa8106db4486b2dc4796f5e95b4f5da2429c873316b47ddHookExplorer is a small GPL utility designed to scan a target process and identify any IAT or detours style hooks that may be installed by unknown code. Data is presented in an easy to digest format and allows for custom filters to help trim results.
a2974dd2576c60e648ff3dbe58452a21fcab10547eb4c36da4259c015fcd4ea1Security Cloak is designed to protect against TCP/IP stack fingerprinting and computer identification/information leakage via timestamp and window options by modifying relevant registry keys. The settings used are based on the results of SYN packet analysis by p0f. While the OS reported by other OS detection scanners were not identical to those of p0f, testing against Nmap, xprobe2, queso and cheops showed that they were unable to identify the correct operating system/version after Security Cloak settings had been applied.
66e4dab7b1c77acc36e113c187db43fce3b3e2841a33f0be05bdce710d59e95bSmall bindshell (908 bytes for binary) for Windows compacted to 804 bytes with a little Headers modification. Both binary and Source code (VC++) included.
c24879c1a910a3cda9f80e94fd66cb18d753862ab5efbb173718dbd4591c8a19Unofficial temporary fix for the critical Windows WMF vulnerability which Microsoft will patch on 1/10/06. Tested on Windows 2000, Windows XP, and Windows XP Professional 64 Bit. The author recommends switching to the official MS patch when it becomes available. Includes c++ source.
f039f0f7f62089f15c1b4bf49fa2d85fe6818e5786570d0b9566cd1d8f4db23bMAC changing utility that can be used on Windows from the command line.
90c5fbc6757814acbd1f1a07456780bb3a9a61b9ef64a246eb092af41bd2f1e8httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Windows release.
0269ed87702b8247197f1b02cc80cd8c4664eb533c6726c854917c0b1aec0d4bXPFiremon is a system tray application that will monitor the settings and services associated with the Windows firewall to ensure they are running. If they are disabled a warning is popped up onto the screen and the system tray icon will turn red. The program allows the user to configure, start, and stop the firewall.
1fc4fa43f4d412ab36f7e288d5f816dadbe5f5d46fd643f8ba0309d71ed93a3bThis is a GUI for the windows TCP portscanning tool ipEye. ipEye GUI comes with a copy of ipEye, and include visual basic 6 source code.
c69d3f4736a110468704dae8d908b9cf710651ad7daa097a86b90d9832a2de03Valhala Honeypot is a simple and easy-to-use honeypot for Windows. It provides servers like ftp, finger, telnet, smtp, etc.
75d30e8c33a80f66ae44b0f1f6d3fb8d70f9803ef7578c3d3e4827af2673b5ab
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed