what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

THC SSL Denial Of Service Tool 1.4 Windows Version
Posted Oct 24, 2011
Authored by thc | Site thc.org

THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection. Windows binary version.

tags | exploit, tool, denial of service, tcp
systems | windows
advisories | CVE-2009-3555
SHA-256 | ec82cd6af4177e4a8b85e8a626ee51b84eae5e08cf6958418b50d517c68148c9

Related Files

Hydra Network Logon Cracker 7.3
Posted Jul 5, 2012
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple enhancements and fixed to Hydra main, the SNMP module, the HTTP module, and more. Added IDN and PCRE support for Cygwin.
tags | tool, web, imap
systems | cisco, unix
SHA-256 | 14805ba70f3f22beb00344db161a1a84d61059655f2be37dd02a5c5cceae306d
THC-IPV6 Attack Tool 1.9
Posted Jul 5, 2012
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: Multiple new tools added included detect_sniffer6, fake_router26, and more. dnsdic6, thcping6, fuzz_ip6, and more have been updated with fixes and features. Various other updates.
tags | tool, protocol
systems | unix
SHA-256 | 6035a77afcb20c53013a682a4bfd04a4ae51b12b0a5fbd393aca2dd95faa2d34
SugarCRM 6.3.1 unserialize() PHP Code Execution
Posted Jun 27, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.

tags | exploit, web, arbitrary, root, php
advisories | CVE-2012-0694
SHA-256 | 1e73a4a4f9bf312d43feeea95213bce49f5dcf97660320b96cca53b8c0f4ba3d
THC-Hydra 2.1 Tutorial
Posted May 28, 2012
Authored by MDH3LL

This is a tutorial on using THC-Hydra version 2.1. Written in Portuguese.

tags | paper
SHA-256 | e71cb404f49d35223cd71a6c6a7b8232e04fe44cd4cb72204cfa8868296caaa7
Uncovering ZeroDays And Advanced Fuzzing
Posted May 24, 2012
Authored by Kingcope

This is a presentation called Uncovering ZeroDays and Advanced Fuzzing. It has one PDF of the presentation and one of the full script used during the presentation. This was presented at AthCon 2012.

tags | paper
systems | linux
SHA-256 | ed4e76db85a1968d96d0b168a230dcf62722f0fc8e23574007b3bcc95e50099c
Deathcore XP SQL Injection
Posted Mar 19, 2012
Authored by 3spi0n

Deathcore XP suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6c9a1fcfd3817388fb23ededdfce0e39336e6bf5c9d451903ab88a156326f9b5
Hydra Network Logon Cracker 7.2
Posted Feb 16, 2012
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple bug fixes.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | f15c6b833c6c34891aacefa1c6d1afb67d0d50350d26273a784e29114f69970e
AthCon 2012 Call For Papers
Posted Jan 13, 2012
Authored by Christian Papathanasiou | Site athcon.org

The AthCon 2012 Call For Papers has been announced. It will take place in Athens, Greece on May 3rd through the 4th, 2012.

tags | paper, conference
SHA-256 | 1a960546cd1d7de746e92fa35ed6430f329adeddc5baf55315890ea2282c4f75
THC SSL Denial Of Service Tool 1.4
Posted Oct 24, 2011
Authored by thc | Site thc.org

THC-SSL-DOS is tool to stress test the SSL handshake by triggering processor intensive RSA_encrypt() calls on the server side. Establishing a secure SSL connection requires 15x more processing power on the server than on the client. THC-SSL-DOS exploits this asymmetric property by overloading the server and knocking it off the Internet. This problem affects all SSL implementations today. The vendors are aware of this problem since 2003 and the topic has been widely discussed. This attack further exploits the SSL secure Renegotiation feature to trigger thousands of renegotiations via a single TCP connection.

tags | exploit, tool, denial of service, tcp
systems | unix
advisories | CVE-2009-3555
SHA-256 | ed7020c0275df347123a0b49a345aa44b2ec9b2ac9b1471870303b8b95c7ef87
Hydra Network Logon Cracker 7.1
Posted Oct 3, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added HTTP Proxy URL enumeration module, SOCKS4/SOCKS5 proxy support with authentication, IPv6 support for SOCKS5 module, and more. Various bug fixes and enhancements.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | 551ef1f72848dab19f6a1ff9fe31f08143c8cef26f638d93e7110b4bce49d0a4
Hydra Network Logon Cracker 7.0
Posted Sep 25, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: New main engine for hydra. Lots of bugfixes and additions.
tags | tool, web, cracker, imap
systems | cisco, unix
SHA-256 | a2457636b51f8a958bc092aafb7a59af57fa31e31d9b90211566247ac7cda33c
THC-IPV6 Attack Tool 1.8
Posted Aug 19, 2011
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: There are now a total of 40 tools. Various bug fixes and improvements have also been made.
tags | protocol
systems | unix
SHA-256 | 93c6730008ac45c918e2ef505c40e7cb93e4b7895b5c950d0465b326ac05e08f
Hydra Network Logon Cracker 6.5
Posted Jul 17, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added dpl4hydra script by Roland Kessler, Greatly improved HTTP form module, Added interface support for IPv6, Added -W waittime between connects option, and more.
tags | web, imap
systems | cisco, unix
SHA-256 | 1225b0f4bde4d80946c0cb2f24e39e7a14954c21d3e82fd7c83c683d32023da4
Vodafone Phone Hacking Scandal
Posted Jul 13, 2011
Authored by thc | Site thcorg.blogspot.com

THC (The Hacker's Choice) has been able to turn a Femto Cell into a full blown 3G/UMTC/WCDMA interception device.

tags | exploit
SHA-256 | fccf26cfbdfb7a0c7a4a53cb1830a954397fbfe35df7a68c3b787f2e9905f68a
AthCon 2011 Capture The Flag Reversing Solution
Posted Jun 21, 2011
Authored by Glafkos Charalambous, George Nicolaou

This is the Athcon 2011 Capture The Flag solution paper.

tags | paper, conference
SHA-256 | fd730b3a1e648f9ee412307c5e026b859f602446cf26a6eb56a9f8ae24c309f2
THC-IPV6 Attack Tool 1.6
Posted May 12, 2011
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: Various feature additions and bug fixes. Some tools added.
tags | protocol
systems | unix
SHA-256 | 2d4cb9c591f6ce6a632ad970b13a13972e5bf18edd489ae631363e9e4824980c
Hydra Network Logon Cracker 6.3
Posted Apr 30, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Multiple patches added. New Oracle and SMTP user enum modules. Multiple bug fixes.
tags | web, imap
systems | cisco, unix
SHA-256 | bd5bc70b70640984fb2f18a9742c10b9a0edf1ebaf0f8dd32da589d34defd424
Hydra Network Logon Cracker 6.2
Posted Apr 7, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Password bruteforcing mode, new XMPP and IRC modules, and more.
tags | web, imap
systems | cisco, unix
SHA-256 | 0b340632db9d429eb3c32a592a51f7333feda0fe682229c2027ae445a1e3f54e
Hydra Network Logon Cracker 6.1
Posted Feb 3, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: More license updates, a fix for the configure script, checks added for libssh 0.4 and sshv1 support, merged all the latest crypto code in sasl files, and fixed SVN compilation issue on openSUSE.
tags | tool, web, imap
systems | cisco, unix
SHA-256 | 85fbcf53bc7d8ae99a8bd31dd09810abd9cf9397679a94aea52cd1b1c8e06ac0
Hydra Network Logon Cracker 6.0
Posted Jan 26, 2011
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Added GPL exception clause to license to allow linking to OpenSSL, IPv6 support finally added, Bugfix for SIP module, Added LOGIN, PLAIN, CRAM-(MD5,SHA1,SHA256) and DIGEST-MD5 auth mechanisms to the imap and pop3 modules. Various other fixes, additions and improvements.
tags | web, imap
systems | cisco, unix
SHA-256 | c0d473c29d57fe44c5dd301b3161fdf853b3bbac57c099acf47cffb4d2707e64
Hydra Network Logon Cracker 5.9
Posted Dec 28, 2010
Authored by van Hauser, thc | Site thc.org

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Changes: Update for the subversion module for newer SNV versions. Mysql module now has two implementations and uses a library when found. Better FTP 530 error code detection and more.
tags | web, imap
systems | cisco, unix
SHA-256 | 66023f94460abe76e76c1c6b187d44e82bafafb4c517314261bbd34429f913a7
THC-IPV6 Attack Tool 1.4
Posted Dec 28, 2010
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: Added thcping6, fake_mld26, fake_mldrouter6, exploit6, and denial6. Various other changes and improvements.
tags | protocol
systems | unix
SHA-256 | 4e6e5e55c27373dccafb631f98662d47edc81720ae40e8017a40697a3fbf6a13
SonciWALL Aventail epi.dll AuthCredential Format String Exploit
Posted Aug 21, 2010
Authored by Nikolas Sotiriu, jduck | Site metasploit.com

This Metasploit module exploits a format string vulnerability within version 10.0.4.x and 10.5.1 of the SonicWALL Aventail SSL-VPN Endpoint Interrogator/Installer ActiveX control (epi.dll). By calling the 'AuthCredential' method with a specially crafted Unicode format string, an attacker can cause memory corruption and execute arbitrary code. Unfortunately, it does not appear to be possible to indirectly re-use existing stack data for more reliable exploitation. This is due to several particulars about this vulnerability. First, the format string must be a Unicode string, which uses two bytes per character. Second, the buffer is allocated on the stack using the 'alloca' function. As such, each additional format specifier (%x) will add four more bytes to the size allocated. This results in the inability to move the read pointer outside of the buffer. Further testing showed that using specifiers that pop more than four bytes does not help. Any number of format specifiers will result in accessing the same value within the buffer. NOTE: It may be possible to leverage the vulnerability to leak memory contents. However, that has not been fully investigated at this time.

tags | exploit, arbitrary, activex
SHA-256 | 44c91575bcf5cfcee3625ae9794e540cb1b6e65be40393ce904c9bd2a2d9d756
Puck GNU/Linux Distribution
Posted Jul 6, 2010
Authored by Nima Ghotbi | Site h.ackerz.com

Puck is a GNU/Linux distribution based on TinyCoreLinux. It contains top penetration testing tools like Wireshark, Nmap, NetCat, John the ripper, Yersinia, THC-Hydra, etc while still remaining tiny in size.

tags | tool
systems | linux, unix
SHA-256 | ab0baa97221c116b909eaa4e164f4779e65e48d3f9f364ecd35face950b5eb83
THC-IPV6 Attack Tool 1.2
Posted Jun 26, 2010
Authored by van Hauser, thc | Site thc.org

THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Changes: Test case added to implementation6.
tags | protocol
SHA-256 | 1feae3b40bec40fb79876c35a511b5cb596fdef9ebe443b049104963156dde91
Page 1 of 4
Back1234Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close