Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:16:31 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1263863474&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2FNT%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1263863474.1338189391.1338189391.1338189391.1%3B%2B__utmz%3D32867617.1338189391.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/102455/grokevt-0.5.0.tar.gz http://packetstormsecurity.org/files/102455/grokevt-0.5.0.tar.gz http://packetstormsecurity.org/files/102455/GrokEVT-Scripts-0.5.0.html Mon, 20 Jun 2011 22:12:39 GMT GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format. http://packetstormsecurity.org/files/64804/grokevt-0.4.1.tar.gz http://packetstormsecurity.org/files/64804/grokevt-0.4.1.tar.gz http://packetstormsecurity.org/files/64804/grokevt-0.4.1.tar.gz.html Fri, 21 Mar 2008 22:48:54 GMT GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format. http://packetstormsecurity.org/files/55520/grokevt-0.4.0.tar.gz http://packetstormsecurity.org/files/55520/grokevt-0.4.0.tar.gz http://packetstormsecurity.org/files/55520/grokevt-0.4.0.tar.gz.html Mon, 02 Apr 2007 23:00:49 GMT GrokEVT is a collection of scripts for reading Windows event log files on Unix. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format. http://packetstormsecurity.org/files/39409/efilter.c http://packetstormsecurity.org/files/39409/efilter.c http://packetstormsecurity.org/files/39409/efilter.c.html Wed, 17 Aug 2005 05:08:33 GMT Efilter is an automatic exception reporting utility. It is very useful and handy while doing vulnerability research on any software designed to work under Windows NT platforms. Due to that it hooks KiUserExceptionDispatcher function, it acts BEFORE any of program's active SEH frames take over the exception. In short words it reports programs exceptions even if they are handled by original program. http://packetstormsecurity.org/files/38570/grokevt-0.1.1.tar.gz http://packetstormsecurity.org/files/38570/grokevt-0.1.1.tar.gz http://packetstormsecurity.org/files/38570/grokevt-0.1.1.tar.gz.html Sat, 09 Jul 2005 07:41:28 GMT GrokEVT is a collection of scripts for reading Windows event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format. http://packetstormsecurity.org/files/38469/grokevt-0.1.tar.gz http://packetstormsecurity.org/files/38469/grokevt-0.1.tar.gz http://packetstormsecurity.org/files/38469/grokevt-0.1.tar.gz.html Thu, 07 Jul 2005 06:20:49 GMT GrokEVT is a collection of scripts for reading Windows event log files. The scripts work together on one or more mounted Windows partitions to extract all information needed (registry entries, message templates, and log files) to convert the logs to a human-readable format. http://packetstormsecurity.org/files/37180/XP_fake_loginscreen.zip http://packetstormsecurity.org/files/37180/XP_fake_loginscreen.zip http://packetstormsecurity.org/files/37180/XP_fake_loginscreen.zip.html Mon, 18 Apr 2005 20:20:49 GMT Fake login screen emulating the normal Windows login screen. Logs username / password to a file. Requires the capability to install binaries on the affected system in the first place, and messages are apparently based on those in the Australian edition of Windows XP (so it would need to be modified if you plan on running this elsewhere without immediate detection). http://packetstormsecurity.org/files/36161/flister.txt http://packetstormsecurity.org/files/36161/flister.txt http://packetstormsecurity.org/files/36161/flister.txt.html Thu, 24 Feb 2005 11:18:55 GMT This is a textfile explaining what flister is and does. FLISTER is proof-of-concept code for detecting files hidden by both usermode and kernelmode Windows rootkits. It exploits the bugs in handling ZwQueryDirectoryFile() calls with ReturnSingleEntry set to TRUE. Flister works on Windows 2000, XP and 2003. http://packetstormsecurity.org/files/35015/Scan6.zip http://packetstormsecurity.org/files/35015/Scan6.zip http://packetstormsecurity.org/files/35015/Scan6.zip.html Fri, 12 Nov 2004 20:33:50 GMT Port scanner for Windows 2k/XP that is functional for both IPv4 and IPv6 networks. Binary, source code, and more information included in the archive. http://packetstormsecurity.org/files/31877/strace-0.3.zip http://packetstormsecurity.org/files/31877/strace-0.3.zip http://packetstormsecurity.org/files/31877/strace-0.3.zip.html Tue, 21 Oct 2003 02:58:10 GMT Strace for NT is a debugging/investigation utility for examining the NT system calls made by a process. It is meant to be used like the strace (or truss) on linux and other unix OSes. What make strace different is that is hooks every system call instead of just selected ones, giving you an excellent idea of what the process is really doing. http://packetstormsecurity.org/files/31460/sqlscan12eval.zip http://packetstormsecurity.org/files/31460/sqlscan12eval.zip http://packetstormsecurity.org/files/31460/sqlscan12eval.zip.html Tue, 29 Jul 2003 16:53:27 GMT SQLScan v1.2 is intended to run against Microsoft SQL Server and attempts to connect directly to port 1433. It features the ability to scan one host or an IP list from an input file, the ability to scan for one SQL account password or multiple passwords from a dictionary file, and the ability to create an administrative NT backdoor account on vulnerable hosts, which will fail if xp_cmdshell is disabled on the server. http://packetstormsecurity.org/files/30926/PTwebdav.zip http://packetstormsecurity.org/files/30926/PTwebdav.zip http://packetstormsecurity.org/files/30926/PTwebdav.zip.html Wed, 19 Mar 2003 10:26:38 GMT PTwebdav is a utility for Windows which checks for IIS 5.0 servers which are vulnerable to the Webdav Vulnerability using a malformed search method. http://packetstormsecurity.org/files/30511/NetworkActivScannerV4.0.exe http://packetstormsecurity.org/files/30511/NetworkActivScannerV4.0.exe http://packetstormsecurity.org/files/30511/NetworkActivScannerV4.0.exe.html Sun, 24 Nov 2002 01:02:32 GMT NetworkActiv Scanner is a Fast, Easy to use, Advanced network scanner with many useful features. You can perform DNS dig, whois, and more. Main features are: TCP connect() scanning (standard TCP port scan), TCP SYN scanning (fast and "quiet" TCP port scan), Fast UDP port scanning with auto-speed control and reliable results, UDP sub-net scanning, High speed ping scanning of sub-nets (UDP or ICMP), TCP sub-net scanning, Integrated fast trace-route, Remote OS detection via advanced TCP/IP stack fingerprinting, Wizard Mode: Walks you through step-by-step to perform network scanning, trace-route, and much more. Whois Client: Ability to perform whois with ease, you can either specify a whois server, or have it attempt to determine a whois server automatically. DNS Dig system: Performs DNS dig quickly with ease, choose between TCP and UDP, specify a DNS server or have it attempt to determine the authoritative server automatically. Also, support for many RR's (Resource Records), Simple Port Scan Mode for easy and quick port scans, Nice looking interface, with multi-skin support, Tells you if remote computer being scanned is stealth, User set-able max speed (ranging from 2 PPS to non-limited), Tells you the host responses for TCP connect() port scan and sub-net scan, Tells you the port use from huge lists of ports as found, Random order, reverse order, and "Only Scan Known Ports" scan capable, and much more. http://packetstormsecurity.org/files/30016/FireWaterToolkit-v97beta.zip http://packetstormsecurity.org/files/30016/FireWaterToolkit-v97beta.zip http://packetstormsecurity.org/files/30016/FireWaterToolkit-v97beta.zip.html Fri, 15 Nov 2002 08:11:38 GMT Fire and Water Toolkit is a powerful and comprehensive toolkit for network assessment and defense. It scans and maps networks, checks for web vulnerabilities, and includes a powerful, scriptable ISAPI filter (integrates with Snort) for IIS defense. XML based with multiple output options including XSLT reports. http://packetstormsecurity.org/files/25492/rcf11.zip http://packetstormsecurity.org/files/25492/rcf11.zip http://packetstormsecurity.org/files/25492/rcf11.zip.html Mon, 26 Nov 2001 23:02:28 GMT RemoteCompFind (previously known as RemoteHit) searches for a computer on a remote network, in a given IP Range, using NetBIOS protocol. The program is fully multi-threaded. RemoteHit has MS "Find: Computer" like interface. http://packetstormsecurity.org/files/25480/rh10_nt.zip http://packetstormsecurity.org/files/25480/rh10_nt.zip http://packetstormsecurity.org/files/25480/rh10_nt.zip.html Thu, 22 Nov 2001 08:59:21 GMT RemoteHit searches for a computer on a remote network, in a given IP Range, using NetBIOS protocol. The program is fully multi-threaded. RemoteHit has MS "Find: Computer" like interface. http://packetstormsecurity.org/files/25071/_root_040.zip http://packetstormsecurity.org/files/25071/_root_040.zip http://packetstormsecurity.org/files/25071/_root_040.zip.html Sun, 29 Jul 2001 09:16:28 GMT Windows NT Rootkit v0.04 alpha - Hides processes, files, directories, has k-mode shell using TCP/IP - you can telnet into rootkit from remote. Hides registry keys - (keyboard patch disabled in this build.) Includes execution redirection. http://packetstormsecurity.org/files/25056/getacct003.zip http://packetstormsecurity.org/files/25056/getacct003.zip http://packetstormsecurity.org/files/25056/getacct003.zip.html Tue, 24 Jul 2001 04:21:21 GMT GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines. http://packetstormsecurity.org/files/24963/logs2intrusions.zip http://packetstormsecurity.org/files/24963/logs2intrusions.zip http://packetstormsecurity.org/files/24963/logs2intrusions.zip.html Wed, 11 Jul 2001 08:31:42 GMT Logs2Intrusions v1.0 parses IIS or Apache web server logfiles then create possible intrusions report. http://packetstormsecurity.org/files/24961/antexp.zip http://packetstormsecurity.org/files/24961/antexp.zip http://packetstormsecurity.org/files/24961/antexp.zip.html Wed, 11 Jul 2001 08:09:19 GMT Advanced NT Security Explorer (ANTExp) is an application for Microsoft Windows NT, Windows 2000 and Windows XP system administrators for finding holes in system security. It analyses user password hashes, and tries to recover plain-text passwords. If it's possible to recover the password in a reasonable time, the password should be considered to be insecure. ANTExp is very fast - tries about 900,000 passwords per second on a Pentium-III/450 CPU. Tested on Windows 95, Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP. http://packetstormsecurity.org/files/24725/EZPass.zip http://packetstormsecurity.org/files/24725/EZPass.zip http://packetstormsecurity.org/files/24725/EZPass.zip.html Wed, 25 Apr 2001 00:00:04 GMT EZPass.zip is an executable and a Perl script that uses the net command to automate password attempts on an NT Server. Allows easy Username=Password and other easily guessed combination attempts using a list of accounts such as those from Grinder. http://packetstormsecurity.org/files/24724/Grinder.zip http://packetstormsecurity.org/files/24724/Grinder.zip http://packetstormsecurity.org/files/24724/Grinder.zip.html Tue, 24 Apr 2001 23:57:17 GMT Grinder.zip is an executable and perl script which uses the SID tools to enumerate usernames from an NT Server. http://packetstormsecurity.org/files/24660/beatlm002.zip http://packetstormsecurity.org/files/24660/beatlm002.zip http://packetstormsecurity.org/files/24660/beatlm002.zip.html Tue, 17 Apr 2001 01:08:22 GMT BeatLm searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows NT and 2000. http://packetstormsecurity.org/files/24624/lc3setup.exe http://packetstormsecurity.org/files/24624/lc3setup.exe http://packetstormsecurity.org/files/24624/lc3setup.exe.html Thu, 12 Apr 2001 20:47:26 GMT L0phtCrack 3 15 day trial - L0phtCrack is an NT password auditing tool. It will compute NT user passwords from the cryptographic hashes that are stored by the NT operation system. L0phtCrack computes the password from a variety of sources using a variety of methods. Uses include recovering a forgotten password, ensuring that users use strong passwords, retrieving the password of a user in order to impersonate them, or migrating NT users to another platform such as Unix. Tested on Windows 98SE, Windows ME, Windows NT, and Windows 2000. http://packetstormsecurity.org/files/24236/snarp.zip http://packetstormsecurity.org/files/24236/snarp.zip http://packetstormsecurity.org/files/24236/snarp.zip.html Mon, 26 Mar 2001 23:32:03 GMT Snarp is a tool for NT 4.0 which uses an ARP poison attack to relay traffic between two hosts, allowing sniffing of the data on switched networks.