The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
What’s new?
- Support for XP SP 3 for whosthere/iam (whosthere-alt/iam-alt work on xp sp3 without requiring any update)
- New -t switch for whosthere/whosthere-alt: establishes interval used by the -i switch (by default 2 seconds).
- New -a switch for whosthere/iam: specify addresses to use.
- New -r switch for iam/iam-alt: Create a new logon session and run a command with the specified credentials (e.g.: -r cmd.exe)
- genhash now outputs hashes using the LM HASH:NT HASH format
You can download Pass-The-Hash Toolkit v.14 here:
Source
pshtoolkit_v1.4-src.tgz
Windows Binaries
pshtoolkit_v1.4.tgz
Read what’s new?
Or read more here.
Technorati Tags: Hacking Tools, hacking-windows, hash toolkit, LSA, NTLM, ntlm hashes, pass the hash, pass the hash toolkit, Password Cracking, psh, Windows Hacking, windows password hash
We did mention nUbuntu long ago in our famous 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) article.
The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.
Many people ask, “What makes it better than X?”, or “Why should I use this over Y”. Our answer to this question is, we do not think about whether people are using it or not. We are more concerned about the learning process. If you want to try something with a clean interface, fast, and an excellent range of programs please don’t hesitate to download nUbuntu.
You can download nUbuntu 8.04 here:
nUbuntu - 8.04 (x86) (Torrent)
nUbuntu - 8.04 (x86) (Direct)
Or read more here.
Technorati Tags: hacking-livecd, livecd, network ubunutu, nubuntu, nubuntu livecd, security-livecd, security-tools, ubuntu
MoocherHunter™ is a mobile tracking software tool for the real-time on-the-fly geo-location of wireless moochers and hackers.
I wanted to mention this tool separately as I think it’s very cool!
MoocherHunter™ identifies the location of an 802.11-based wireless moocher or hacker by the traffic they send across the network. If they want to mooch from you or use your wireless network for illegal purposes (e.g. warez downloading or illegal filesharing), then they have no choice but to reveal themselves by sending traffic across in order to accomplish their objectives. MoocherHunter™ enables the owner of the wireless network to detect traffic from this unauthorized wireless client (using either MoocherHunter™’s Passive or Active mode) and enables the owner, armed with a laptop and directional antenna, to isolate and track down the source.
Because it is not based on fixed or statically-positioned hardware, MoocherHunter™ allows the user to move freely and walk towards the actual geographical location of the moocher/hacker. In residential and commercial multi-tenant building field trials held in Singapore in March 2008, MoocherHunter™ allowed a single trained operator to geo-locate a wireless moocher with a geographical positional accuracy of as little as 2 meters within an average of 30 minutes.
You can download OSWA Assistant here to get MoocherHunter:
oswa-assistant.iso
Or read more here.
Technorati Tags: livecd, moocherhunter, oswa, oswa assistant, rogue wifi users, rogue wireless users, security-tools, thinksecure, wifi audit, wifi-security, wireless-security
This is a tool that has been around quite some time too, it’s still very useful though and it’s a very niche tool specifically for brute forcing Windows Terminal Server.
TSGrinder is the first production Terminal Server brute force tool, and is now in release 2. The main idea here is that the Administrator account, since it cannot be locked out for local logons, can be brute forced. And having an encrypted channel to the TS logon process sure helps to keep IDS from catching the attempts.
TSGringer is a “dictionary” based attack tool, but it does have some interesting features like “l337″ conversion, and supports multiple attack windows from a single dictionary file. It supports multiple password attempts in the same connection, and allows you to specify how many times to try a
username/password combination within a particular connection.
You can download TSGrinder 2.0.3 here:
tsgrinder-2.03.zip
Note that the tool requires the Microsoft Simulated Terminal Server Client tool, “roboclient,” which may be found here:
roboclient.zip
Or read more here.
Technorati Tags: brute-force, hacking terminal server, hacking terminal services, Hacking Tools, hacking-windows, Password Cracking, terminal server, terminal services, tsgrinder
Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or packet filtering.
Features
- sniffing on all kinds of configured devices (Ethernet, PPP, …)
- capturing and decoding nearly all types of DNS packets, including packet decompression
- ncurses driven text based frontend with interactive commandline and multiple windows
- threaded design allow more flexibility when adding your own features
- clean code, commented and tested just fine, ready for you to extend
- internal DNS packet filtering allows installation of pseudo DNS filters you can “select()” on a large set of DNS packet construction primitives
- DNS name server versioning using BIND version requests
- DNS local spoofing, answering DNS queries on your LAN before the remote NS
- DNS jizz spoofing, exploiting a weakness within old BIND versions
- DNS ID spoofing, exploiting a weakness within the DNS protocol itself
You can download Zodiac 0.4.9 here:
zodiac-0.4.9.tar.gz
Or read more here.
Technorati Tags: dns monitoring, dns sniffing, dns spoofing, dns-hacking, hacking bind, hacking dns, hacking-networks, Network Hacking, packet-factory, zodiac