what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files from Hernan Ochoa

Email addresshernan at ampliasecurity.com
First Active2003-07-04
Last Active2015-01-29
OS X Gatekeeper Bypass
Posted Jan 29, 2015
Authored by Hernan Ochoa | Site ampliasecurity.com

A malicious Jar file can bypass all OS X Gatekeeper warnings and protections, allowing a remote attacker to execute arbitrary unsigned code downloaded by the user. Java must be installed on the victim's machine.

tags | exploit, java, remote, arbitrary
systems | apple, osx
advisories | CVE-2014-8826
SHA-256 | 12bedb80e935c14c525f7aca1139b70f471d66838a84cc908b3de4717f0877b1
Windows Credential Editor 1.4 Beta
Posted Jun 2, 2013
Authored by Hernan Ochoa | Site ampliasecurity.com

Windows Credentials Editor (WCE) allows you to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (credentials not stored locally including domain credentials from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks. This is the universal binary.

Changes: Several bug fixes.
tags | remote
systems | windows
SHA-256 | 285b752a5654ebc12d1cdde6a34f79438f321b1ba9e23e9ca345f7cd9739587b
Windows Credential Editor 1.2
Posted Apr 18, 2011
Authored by Hernan Ochoa | Site ampliasecurity.com

Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes and Kerberos tickets). This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems.

Changes: It now supports logon sessions and NTLM credentials just by reading memory without performing code injection.
tags | remote
systems | linux, windows
SHA-256 | 099e55d14489dafd73cfdfa5499d3104b38a4256c3df9a93abae54beaa077d30
Windows Credential Editor 1.1
Posted Mar 15, 2011
Authored by Hernan Ochoa | Site ampliasecurity.com

Windows Credentials Editor (WCE) allows you to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (credentials not stored locally including domain credentials from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks.

Changes: This new version fixes issues when running WCE via RDP/Terminal Services, reads NTLM credentials just by reading memory (no code injection needed, although the tool implements both methods), and includes a tool (getlsasrvaddr.exe) to automatically obtain the addresses needed.
tags | remote
systems | linux, windows
SHA-256 | d5947a1b05bc5936dec425b3b826c1e9cea6c3295335bf93a05f071088349b99
Windows SMB NTLM Authentication Weak Nonce
Posted Feb 10, 2010
Authored by Hernan Ochoa, Agustin Azubel | Site hexale.org

Flaws in Microsoft's implementation of the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges/nonces and an information leak allow an unauthenticated remote attacker without any kind of credentials to access the SMB service of the target system under the credentials of an authorized user. Depending on the privileges of the user, the attacker will be able to obtain and modify files on the target system and execute arbitrary code. Proof of concept exploit included.

tags | exploit, remote, arbitrary, protocol, proof of concept
advisories | CVE-2010-0231
SHA-256 | 6b3ebf2a7a39c7c5203cde6f4027d748b138e372cc4996244b973486d32706b4
pshtoolkit_v1.4-src.tgz
Posted Jul 10, 2008
Authored by Hernan Ochoa | Site oss.coresecurity.com

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Changes: Support for XP SP 3 for whosthere/iam. New switches.
tags | remote, local
systems | windows
SHA-256 | e7bde2f898cac6acd7178cbc1b56f32a0e4c5273632a401bcd79b11e77d91c0c
wifizoo_black_v1.3.tar.bz2
Posted Jul 10, 2008
Authored by Hernan Ochoa, Keith Vaughan

The Wifizoo wireless hacking tool enables you to sniff wireless networks for MSN, FTP, SMTP, POP3 data as well as cookie data. This is a customized version of 1.3 that has a redesigned front end using XHTML and CSS.

tags | tool, wireless
SHA-256 | 6258235bdac87cf025e6ccf2a1649e0504283c49b952a3cc27e3d3b887424101
pshtoolkit_v1.3-src.tgz
Posted Mar 3, 2008
Authored by Hernan Ochoa | Site oss.coresecurity.com

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Changes: Various updates.
tags | remote, local
systems | windows
SHA-256 | 13ef7b8410107d58975fc08d8936ecc0c604229ac2938a11198712cf2d2625ab
pshtoolkit_v1.2_src.tgz
Posted Jan 22, 2008
Authored by Hernan Ochoa | Site oss.coresecurity.com

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.

Changes: Various updates.
tags | remote, local
systems | windows
SHA-256 | ca44f24d0aee8b477db09c45fa6771b0c852c2cebf644dd4a756951e9808fddc
wifizoo_v1.3.tgz
Posted Jan 22, 2008
Authored by Hernan Ochoa

WifiZoo is a tool to passively gather wifi information. It works much along the lines of Ferret and Dsniff but is written in Python.

Changes: Some changes in the GUI. New parameters added.
tags | tool, python, wireless
SHA-256 | 23dd98b4c4d4fbd943fdb64c1cd923739212b95558384e65a6bbbf73c9fd96a7
wifizoo_v1.2.tgz
Posted Oct 3, 2007
Authored by Hernan Ochoa

WifiZoo is a tool to passively gather wifi information. It works much along the lines of Ferret and Dsniff but is written in Python.

Changes: Various bug fixes and a web GUI now spawns on localhost:8000.
tags | tool, python, wireless
SHA-256 | e99dbc67af7d8d03efa5905858b1461e5a7b116f2d99aa2b3674382bf305f37d
wifizoo_v1.1.tgz
Posted Sep 19, 2007
Authored by Hernan Ochoa

WifiZoo is a tool to passively gather wifi information. It works much along the lines of Ferret and Dsniff but is written in Python.

tags | tool, python, wireless
SHA-256 | 6d20942b58b0159c26031081ad1518b2af217fd3b4340e6fa98f5f1c91f5fbfb
pshtoolkit-1.1.tgz
Posted Sep 5, 2007
Authored by Hernan Ochoa | Site oss.coresecurity.com

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.

Changes: Improvements for the German and French versions of Microsoft Windows XPSP2, Windows 2003 SP1/SP2, and more.
tags | remote, local
systems | windows
SHA-256 | 6be2b9d8c80c3ce8623695fe34d59e1da13a69e745c495039e6e3840b294cafd
pshtoolkit-1.0.tgz
Posted Aug 16, 2007
Authored by Hernan Ochoa | Site oss.coresecurity.com

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.

tags | remote, local
systems | windows
SHA-256 | 12647279df0a167a813e91d94627b92abe1cca879d0528921db39c1d55eb68d2
core.netmeeting.txt
Posted Jul 4, 2003
Authored by Hernan Ochoa, Gustavo Ajzenman, Javier Garcia Di Palma, Pablo Rubinstein | Site coresecurity.com

Core Security Technologies Advisory ID: CORE-2003-0305-04 - Windows NetMeeting is vulnerable to a directory traversal attack that allows remote arbitrary code execution. Vulnerable version: NetMeeting 3.01 (4.4.3385), possibly others. Fixed in Service Pack 4.

tags | exploit, remote, arbitrary, code execution
systems | windows
SHA-256 | 37573598836434eb829a0bd11e8ad4eae7fa6d4cbf8c3647e8d0168be675a1ea
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close