Section: .. / Win /
|
Windows tools - This directory contains hundreds of assorted Windows security tools. Try them out first on a test machine first unless you are sure you know what you are doing.
|
| /// File Name: |
collabreate-defcon.tgz |
Description:
|
CollabREate is an IDA Pro plugin with a server backend that allows multiple people to collaborate on a single RE (reverse engineering) project. This is the Defcon demo bundle.
| | Author: | Chris Eagle, Tim Vidas | | Homepage: | http://www.idabook.com/defcon/ | | File Size: | 233811 | | Last Modified: | Aug 20 03:34:31 2008 |
| MD5 Checksum: | d205984bf3188797c6e56f224938cda7 |
|
| /// File Name: |
ProcL.zip |
Description:
|
ProcL is a utility that detects hidden processes. The methods of detecting hidden processes examines each kernel object - EPROCESS, ETHREADS, HANDLES, JOBS.
| | Homepage: | http://www.scanit.net/rd/tools/03 | | File Size: | 161304 | | Last Modified: | Aug 1 16:21:19 2008 |
| MD5 Checksum: | 3d4bbfec18ed54c58e14f984c8a11a88 |
|
| /// File Name: |
SDTCleaner-v1.0.zip |
Description:
|
SDT Cleaner is a small laboratory tool that attempts to restore the pointers installed by Anti-Virus and Firewalls in the SSDT (System Service Descriptor Table).
| | Author: | Nahuel Riva | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 243769 | | Last Modified: | Jul 23 19:57:13 2008 |
| MD5 Checksum: | 9123411f2b13fc9ec9a831f7e8a6514d |
|
| /// File Name: |
pshtoolkit_v1.4-src.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Support for XP SP 3 for whosthere/iam. New switches. | | File Size: | 42406 | | Last Modified: | Jul 9 21:22:55 2008 |
| MD5 Checksum: | e8ad895ec745e26b339aafa9a4ad1822 |
|
| /// File Name: |
pshtoolkit_v1.3-src.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Various updates. | | File Size: | 38281 | | Last Modified: | Mar 3 14:35:45 2008 |
| MD5 Checksum: | 548e936b9b17ab10fa8032b0ecb61283 |
|
| /// File Name: |
pshtoolkit_v1.2_src.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Various updates. | | File Size: | 17212 | | Last Modified: | Jan 21 21:42:32 2008 |
| MD5 Checksum: | 9ed448f068a585eee10146a1cffb428f |
|
| /// Directory: |
/ winfingerprint / |
Description:
|
Winfingerprint 2 is a console based Win32 discovery tool.
| | Total Files: | 24 | | Last Modified: | Jan 3 20:22:53 2008 |
|
| /// File Name: |
uhooker_v1.3.tgz |
Description:
|
The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
| | Homepage: | http://oss.coresecurity.com/projects/uhooker.htm | | Changes: | Several bug fixes. | | File Size: | 74047 | | Last Modified: | Dec 17 21:10:18 2007 |
| MD5 Checksum: | 677ed30fea6cdd16a26416b1b89bf16c |
|
| /// Directory: |
/ genius / |
Description:
|
Genius - Enhancements for Windows 95/98/NT
| | Total Files: | 6 | | Last Modified: | Oct 15 22:31:40 2007 |
|
| /// Directory: |
/ patches / |
Description:
|
Unavailable.
| | Total Files: | 3 | | Last Modified: | Sep 5 21:26:30 2007 |
|
| /// Directory: |
/ misc / |
Description:
|
Miscellaneous Windows Files (e.g. OCX/VB/Winsock) to run certain applications.
| | Total Files: | 32 | | Last Modified: | Sep 5 21:26:27 2007 |
|
| /// Directory: |
/ cgi-scanners / |
Description:
|
Windows CGI / Web Vulnerability Scanners
| | Total Files: | 3 | | Last Modified: | Sep 5 21:26:22 2007 |
|
| /// File Name: |
pshtoolkit-1.1.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Improvements for the German and French versions of Microsoft Windows XPSP2, Windows 2003 SP1/SP2, and more. | | File Size: | 134356 | | Last Modified: | Sep 5 01:08:20 2007 |
| MD5 Checksum: | c3c250b9475fbfe42cf275475d05bd3c |
|
| /// File Name: |
pshtoolkit-1.0.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | File Size: | 122577 | | Last Modified: | Aug 16 04:51:32 2007 |
| MD5 Checksum: | 93512dd3912e0cbc8c16551c50592991 |
|
| /// File Name: |
CoolCon0.01.rar |
Description:
|
A simple command-line converter written in C language that converts input as string or integer. ASCII to Binary/Decimal/Octal/Hexadecimal, Binary to Decimal/Octal/Hexadecimal, Decimal to Binary/Octal/Hexadecimal. ROT13 feature. Compiled .exe binary and .c source code included.
| | Author: | LiquidWorm | | Homepage: | http://www.itsec.com.mk/ | | File Size: | 10362 | | Last Modified: | Jul 26 00:31:42 2007 |
| MD5 Checksum: | c02ed83c71b286f70df477d9f643609b |
|
| /// File Name: |
KomodiaLSP.zip |
Description:
|
A repacked version of the Microsoft free LSP sample and Komodia's LSP guide. LSP is a technology that allows to intercepts all commands between an application and winsock (ws2_32.dll) thus allowing to log all network data, modify network commands and even change inbound/outbound data.
| | Author: | Barak Weichselbaum | | Homepage: | http://www.komodia.com/ | | File Size: | 347055 | | Last Modified: | Dec 21 18:03:58 2006 |
| MD5 Checksum: | 081cca7fedf92a49ec20deae011b2235 |
|
| /// File Name: |
tcpip_lib5.zip |
Description:
|
Tcpip_lib is a library for Windows 2000 which allows constructing custom packets, IP spoofing, attacks, and more.
| | Author: | Barak Weichselbaum | | Homepage: | http://www.komodia.com | | Changes: | Various bug fixes and it has been stripped of all raw socket support. | | File Size: | 717301 | | Last Modified: | Dec 21 18:00:58 2006 |
| MD5 Checksum: | c6504e82cc56a394faf2b7541157c764 |
|
| /// File Name: |
NBTEnum33.zip |
Description:
|
NetBIOS Enumeration Utility (NBTEnum) is a utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. The enumerated information includes the network transports, NetBIOS name, account lockout threshold, logged on users, local groups and users, global groups and users, and shares. If run under the context of a valid user account additional information is enumerated including operating system information, services, installed programs, Auto Admin Logon information and encrypted WinVNC/RealVNC passwords. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP/2003. PERL source included.
| | Author: | Reed Arvin | | Homepage: | http://reedarvin.thearvins.com/tools.html | | Changes: | Bug fixes. Completely rewritten RestrictAnonymous bypass routine. Included source code for educational purposes. | | File Size: | 1104464 | | Last Modified: | Nov 28 21:41:50 2006 |
| MD5 Checksum: | 807fcb02ec2c5f28c6c5f3380dd063f3 |
|
| /// File Name: |
IRCRv2.3.zip |
Description:
|
The Incident Response Collection Report is a script to call a collection of tools that gathers and/or analyzes data on a Microsoft Windows system. You can think of this as a snapshot of the system in the past. Most of the tools are oriented towards data collection rather than analysis.
| | Author: | John McLeod | | Homepage: | http://tools.phantombyte.com/ | | Changes: | Fixed all path and command locations to meet Helix version 1.8 areas. | | File Size: | 35580 | | Last Modified: | Nov 20 11:56:52 2006 |
| MD5 Checksum: | 98d72034d5d39c40a39cc6fb8b2c53ea |
|
| /// File Name: |
NamedPipes.zip |
Description:
|
This tool allows you to impersonate user credentials (with namedpipes) and execute a shell. One of the best features of this tool is that it includes some new attack vectors (payload generator with -t parameter) to force network users to connect to a remote host (desktop.ini, html code, lnk files, url files,pps,) so smbrelay can also be used.
| | Author: | Andres Tarasco Acuna | | Homepage: | http://www.514.es/ | | File Size: | 13322 | | Last Modified: | Oct 9 00:50:07 2006 |
| MD5 Checksum: | 390e81394206a7f20af432fe95663554 |
|
| /// File Name: |
TokenExecution.zip |
Description:
|
This tool is able to duplicate all Tokens stored in the system by calling NtQuerySystemInformation(). Duplicated Tokens allow users with local Administrator rights to execute code with credentials of every user that is logged on to the system locally or over network. Default mode only extracts tokens from the lsass process.
| | Author: | Andres Tarasco Acuna | | Homepage: | http://www.514.es/ | | File Size: | 9336 | | Last Modified: | Oct 9 00:47:44 2006 |
| MD5 Checksum: | b43f47d0201d27b9e9030a786b74014b |
|
| /// File Name: |
ProcessInjector.zip |
Description:
|
This tool enumerates all processes and threads running and shows their Token owner information. Users with SE_DEBUG_NAME privilege should be able to inject code on a local process and execute code with their privileges. This could be useful to obtain an interactive shell (at port 8080) when an user session is locked.
| | Author: | Andres Tarasco Acuna | | Homepage: | http://www.514.es/ | | File Size: | 9225 | | Last Modified: | Oct 9 00:45:51 2006 |
| MD5 Checksum: | e796f7eec43b81ff4b2e9868c808c48d |
|
| /// File Name: |
EchoMirage-1-1.zip |
Description:
|
Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified. Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available. Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts
| | Author: | Dave | | Homepage: | http://www.bindshell.net/tools/echomirage/ | | File Size: | 651660 | | Last Modified: | Oct 3 19:04:26 2006 |
| MD5 Checksum: | 44055140ab5472d8e65d685ca86ee0c6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
