Fuzzy Fingerprinting is a new technique to attack cryptographic key authentication protocols that rely on human verification of key fingerprints. This document covers the theoretical background and the generation of fuzzy fingerprints and also details on the implementation ffp [FFP] and its usage. Includes practical part with details on the implementation and the provided sample session using SSHarp.
6e6d6a7063166a28c87b3797b06e03137cb09dd75b012ca7653ebff027aed6b5THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
e940abebb2be51a4c2c2180af26ce063e000fae436604ccf11f70df841fe083dYaotp (Yet Another One-Time Pad) implements the one-time pad cipher for en- and decryption of messages. It features real random number generation by audio sampling and hashing, key management that enforces one-time usage and irreproducible key destruction. It is the right choice for the totally paranoid geek and high-security issues beyond any imagination.
f5d101e25e349399b37f97a876bfd29e59800c8dace4c42493f33574cd763767THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
74bb4d2e7a6dd6cc3d47ef3112f18d66021dcbbb8411a5bb7b5e5e8121445feaManipulate_Data version 1.3 - Search data on a harddisk/partition/file, extract the part you are interested in, and write it back after you (maybe) modified it.
12e88c8cdb102daca79c783fd147b8c94413b17e76d8675374dec07de2fc3c0fApplication Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
85cc4c2281d795a7b27631f775a592828561823a3d15c1fe7e7cc969a0414e31THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
8b59d0d841cc4678b31bce621bd10bf3cb81be9f314edbc697911c8026447c4eTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
9970185af51e16c9801f755a5b8516a7c8fca1ae5ec372cee96f42fca2aa2424THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
f499f533b3049fa5dc11ca68ecca9bed993cb6ce9d9fb59bd12fa40f65f3a98fTHCIISSLame version 0.2 IIS 5 SSL remote root exploit. Uses a connect back shell.
5ad43a71b7b21cf163e484398cd12888807b5ff949adbd1a23b2639a8c2f060fTHC SSH Cracker is a simple utility that attempts to crack SSH private keys via brute force.
a0ff99a6a4f85e878a138316507d66933b2b5769f4579fa1576aa605bf13d1e2Quick and dirty hack to grab the versions from ISC bind 8 and 9 nameservers.
d1a49379069a489d6405a914d21fcb59edfd323ab4351efa3f15397dc1398ba1A small, but very useful SMB OS-detection tool which gets workgroup, smbserver and operating system. It works for all tested samba versions on different platforms like Mac OSX, AIX, Solaris, Linux, BSD, and all Microsoft Windows platforms.
15e66dd0f9ffc8a4ba1ade94a6b6fa5ed858378503b48dd688db6c38623db32aTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
913be04024b19d6c629e70b277350275d61d85481ff36af6ec37cf13454a998bTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
47d15c2b336a796a3d5af5bbe31e65b6f185711aefe832cbdf160912af59d05eTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
11d4e84acd9ba0ff47bcce3af0d8ab452e0703a39f1785ddb9b55525f5549b95Application Mapper is a next-generation scanning tool that allows you to identify the applications that are running on a specific port. It does this by connecting to the port(s) and sending trigger packets. These trigger packets will typically be an application protocol handshake (i.e. SSL). Amap then looks up the response in a list and prints out any match it finds. Adding new response identifications can be done just by adding them to an easy-to-read text file. With amap, you will be able to identify that SSL server running on port 3445 and some oracle listener on port 233!
4923561c01a4c32b8a2d4f42772f5d3002c1c22b849d7cbf665111013dba4682THC-Secure Deletion v3.1 for UNIX is the latest release of van Hauser's suite of secure deletion and overwriting utilities. Included are 'srm' - secure deletion of files
84723b3bc93dbba5d4c86c232ca6c84566ef1cbf281823588a7b902a539b70acIMAP password brute force tool. Can go up to 500 passwords / second on a remote host with 1000 connections in parallel if you like. It's fast and efficient.
d6b4d292152253c3334afdd2a23e77394ed57ce9bd1ec0da568b01e3292c0d50CUPASS uses techniques to guess the password of ANY user on a WindowsNT/W2K server or domain. CUPASS uses a flaw in the implementation of Microsofts NetUserChangePassword API to guess/change the users password. This release is the proof of concept code for the THC paper "CUPASS and the NetUserChangePassword Problem"
32d02d7418f4b853a4a32ea1b03f44daf08ae3e5dd3ef0452f45e0e5bcaa4f17IPF is the first command line tool for configuring the packet filter of Windows NT4 and Window 2000 systems. It replaces the annoying GUI alternatives and can be used as an elegant entry for writing advanced firewall scripts under the Windows system.
c46f4f02954aa5e7db1c4c29cdde1a7774c2112b79cd65edb7097fa134fe9cd1THC-Secure Deletion v3.0 for UNIX is the latest release of van Hauser's suite of secure deletion and overwriting utilities. Included are 'srm' - secure deletion of files
b218d13f203672b1361f8387242d89fdf58135875e60dd7def28e581a5ac1d23THC-RUT (aRe yoU There) is a local network discovery tool developed to brute force its way into wvlan access points. It offers arp-request on ip-ranges and identifies the vendor of the NIC, spoofed DHCP, BOOTP and RARP requests, icmp-address mask request and router discovery techniques. This tool should be 'your first knife' on a foreign network.
b32f3d71ac540248b7643baa39d8ecfb75af493228caaeb64608e49f2f092473THC-Hydra is a high quality parallized login hacker for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus.
693645829a78ed3b1dcdc74f3741819dbe8eaf67b14b72b0ec6a4223ceeaa0b1THC-FuzzyFingerprint is a tool that generates fuzzy fingerprints as described in the corresponding paper, available here.. It generates very similar-looking fingerprints, an ideal extension to man-in-the-middle attacks against the SSH service. The current version supports RSA and DSA key generation and MD5 and SHA1 fingerprints. Due to the fact that fuzzy fingerprinting doesn't try to collide the fingerprints, good results can be achieved in reasonable time.
007e83348f95c354a45ebeda85f22b266151643fc53f80ccaa3bc7585009ce4a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed