Section: .. / NT /
| /// File Name: |
_root_040.zip |
Description:
|
Windows NT Rootkit v0.04 alpha - Hides processes, files, directories, has k-mode shell using TCP/IP - you can telnet into rootkit from remote. Hides registry keys - (keyboard patch disabled in this build.) Includes execution redirection.
| | Homepage: | http://www.rootkit.com | | File Size: | 107713 | | Last Modified: | Jul 29 11:16:28 2001 |
| MD5 Checksum: | 12487fc88e78176f582cbbdbd45f2575 |
|
| /// File Name: |
ads_cat.zip |
Description:
|
ads_cat is a utility for writing to NTFS's Alternate File Streams, a sneaky way to hide data on a Windows NT system which makes it completely invisable to all users, administrators, and disk size commands. Includes ads_extract, ads_cp, and ads_rm, utilities to read, copy, and remove data from NTFS alternate file streams.
| | Homepage: | http://dropwire.dhs.org/~c0ncept | | File Size: | 50691 | | Last Modified: | Nov 5 02:08:41 2000 |
| MD5 Checksum: | 97f3db1b1cb15721319457c7f739ff61 |
|
| /// File Name: |
alpha_031.zip |
Description:
|
Windows NT rootkit project v0.31 alpha. This build is testing a new technique called EXE Redirection which can hide any trojan from the user. If you open, hash, CRC, or scan the file - you see the original file, but if you execute the file, you get the trojan. This is a very powerful stealth technique. Also, this build sports the ability to hide registry keys and values.
| | Homepage: | http://www.rootkit.com | | File Size: | 226730 | | Last Modified: | Dec 17 18:23:10 1999 |
| MD5 Checksum: | 7224a8c29d36421ba801c7fba8c83a90 |
|
| /// File Name: |
antexp.zip |
Description:
|
Advanced NT Security Explorer (ANTExp) is an application for Microsoft Windows NT, Windows 2000 and Windows XP system administrators for finding holes in system security. It analyses user password hashes, and tries to recover plain-text passwords. If it's possible to recover the password in a reasonable time, the password should be considered to be insecure. ANTExp is very fast - tries about 900,000 passwords per second on a Pentium-III/450 CPU. Tested on Windows 95, Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP.
| | Homepage: | http://www.elcomsoft.com/antexp.html | | File Size: | 1450746 | | Last Modified: | Jul 11 10:09:19 2001 |
| MD5 Checksum: | 28db94bc1ec684ea6fad4d54bf6f676d |
|
| /// Directory: |
/ audit / |
Description:
|
NT Auditing Tools
| | Total Files: | 76 | | Last Modified: | Apr 3 01:00:54 2007 |
|
| /// File Name: |
backlog.exe |
Description:
|
BackLog is a Windows NT service that facilitates the real time central collection and processing of Windows NT Event Log information. All three event logs (Application, System and Security) are monitored, and event information is converted to comma delimited text format, then delivered over UDP to a remote server. BackLog is currently configured to deliver audit information to a SYSLOG server running on a remote (or local) machine.
| | Homepage: | http://www.intersectalliance.com/projects/index.html | | File Size: | 280239 | | Last Modified: | Feb 6 02:08:39 2001 |
| MD5 Checksum: | 8d149a385c44dc43484a1899f51f8d66 |
|
| /// File Name: |
beatlm001.zip |
Description:
|
BeatLm searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows NT and 2000.
| | Author: | Urity | | Homepage: | http://www.securityfriday.com/tools.html | | File Size: | 295704 | | Last Modified: | Mar 3 08:45:32 2001 |
| MD5 Checksum: | b6146c20c777aa8b11b6fc5e616bc206 |
|
| /// File Name: |
beatlm002.zip |
Description:
|
BeatLm searches out the password from LM/NTLM authentication information (LanManager and Windows NT challenge/response). Tested on Windows NT and 2000.
| | Author: | Urity | | Homepage: | http://www.securityfriday.com/tools.html | | Changes: | This is version 2! | | File Size: | 296036 | | Last Modified: | Apr 17 03:08:22 2001 |
| MD5 Checksum: | b633ea5f46fd0d29c06b9d6cadbace1c |
|
| /// File Name: |
crucialADS.zip |
Description:
|
CrucialADS v1.0 is a GUI based Alternate Data Stream scanning tool. Crucial ADS is designed to quickly and easily detect the presence of Alternate Data Streams in NTFS files and directories. NTFS files contain one primary stream, and, optionally, one or more alternate data streams. The problem is that NT comes with no utilities that list any stream other than the primary stream in a file. When viewing a directory with explorer, or using the dir command in cmd.exe, the information reported pertains to the primary stream only.
| | Author: | Crucial Security, Inc. | | Homepage: | http://www.crucialsecurity.com | | File Size: | 112761 | | Last Modified: | Sep 8 18:16:53 2000 |
| MD5 Checksum: | 7a261421bfea24be64da32ae2ace303e |
|
| /// File Name: |
delguest.exe |
Description:
|
DelGuest deletes the built-in Guest account in Windows NT. This account is supposed to be impossible to delete, and it is impossible to delete through the ordinary user interface, but with DelGuest you can do it.
| | Author: | Arne Vidstrom | | Homepage: | http://www.ntsecurity.nu/toolbox/delguest/ | | File Size: | 32768 | | Last Modified: | Dec 1 00:48:06 1999 |
| MD5 Checksum: | 835c226ee7904c1b92b094dc9c004d00 |
|
| /// Directory: |
/ docs / |
Description:
|
NT Documentation
| | Total Files: | 15 | | Last Modified: | Sep 14 08:46:58 2004 |
|
| /// File Name: |
efilter.c |
Description:
|
Efilter is an automatic exception reporting utility. It is very useful and handy while doing vulnerability research on any software designed to work under Windows NT platforms. Due to that it hooks KiUserExceptionDispatcher function, it acts BEFORE any of program's active SEH frames take over the exception. In short words it reports programs exceptions even if they are handled by original program.
| | Author: | Piotr Bania | | Homepage: | http://pb.specialised.info/ | | File Size: | 7278 | | Last Modified: | Aug 17 07:08:33 2005 |
| MD5 Checksum: | 057d4656ce42a226d496129793e5afbb |
|
| /// File Name: |
Elwiz_en.zip |
Description:
|
This Shareware program is an user friendly alternative to the built in eventlog viewer of Windows NT. Besides it allows to conveniently watch the eventlogs of the machines of your network. As soon as an unfiltered event occurs on one of the watched machines, a popup window will inform you about it. You can even start programs of your choice in response to events of your choice. Last not least Elwiz shows some important information about the watched machines.
| | Homepage: | http://www.heysoft.de/nt/eventlog/ep-elwiz.htm | | File Size: | 468723 | | Last Modified: | Dec 19 02:37:23 2000 |
| MD5 Checksum: | a7e865016f6f4d5d07be75a7ac0999b1 |
|
| /// File Name: |
EZPass.zip |
Description:
|
EZPass.zip is an executable and a Perl script that uses the net command to automate password attempts on an NT Server. Allows easy Username=Password and other easily guessed combination attempts using a list of accounts such as those from Grinder.
| | Author: | B-Root | | File Size: | 261148 | | Last Modified: | Apr 25 02:00:04 2001 |
| MD5 Checksum: | c7d64d9457980d35cc6ad971022548bf |
|
| /// File Name: |
fakegina.zip |
Description:
|
FakeGINA intercepts the communication between Winlogon and the normal GINA, and while doing this it captures all successful logins (domain, username, password) and writes them to a text file. FakeGINA shows at least one very important thing - one should never use the same password on more than one system. If one system is compromised, the attacker might use something like FakeGINA to capture all the passwords, and then use them against other systems.
| | Author: | Arne Vidstrom | | Homepage: | http://www.ntsecurity.nu/toolbox/fakegina | | File Size: | 18592 | | Last Modified: | Aug 15 08:14:15 2000 |
| MD5 Checksum: | 9a55ee09bba39df20b06092fe138e7bd |
|
| /// File Name: |
filewatch.zip |
Description:
|
FileWatch v1.0 is a file change monitor. FileWatch (originally called ICEWatch 1.x) is a small utility that can monitor a given file for changes. Monitoring can detect file size changes or simply file writes, both with minimal impact on system resources (no polling is performed). The primary use of this utility is for monitoring changes in the log file of a personal firewall program and being able to spawn a separate application when changes are detected, but the tool can be applied to any number of other uses.
| | Author: | Robin Keir | | Homepage: | http://www.foundstone.com | | File Size: | 12307 | | Last Modified: | Dec 13 07:14:08 2000 |
| MD5 Checksum: | 9f7d541b29435c7f2a9f636d73a45c6f |
|
| /// File Name: |
FPipe_2.01 |
Description:
|
FPipe is a TCP source port forwarder/redirector that can be used to force a TCP stream to always connect using a specific source port. This tool can be used to get around firewalls that only accept traffic originating from common source ports.
| | Author: | Foundstone, Inc. | | Homepage: | http://www.foundstone.com | | File Size: | 5766 | | Last Modified: | Aug 22 23:25:24 2000 |
| MD5 Checksum: | b5c77897d256fcead84f898462dccf06 |
|
| /// File Name: |
FPipe_2.04.zip |
Description:
|
FPipe version 2.4 is a TCP source port forwarder/redirector that can be used to force a TCP stream to always connect using a specific source port. This tool can be used to get around firewalls that only accept traffic originating from common source ports.
| | Author: | Foundstone, Inc. | | Homepage: | http://www.foundstone.com | | File Size: | 9226 | | Last Modified: | Sep 11 20:02:00 2000 |
| MD5 Checksum: | 85f2777e8258ac18b0cd1ba5d24f14e7 |
|
| /// File Name: |
FPortNG.zip |
Description:
|
Unavailable.
| | File Size: | 66299 | | Last Modified: | Mar 8 00:37:36 2001 |
| MD5 Checksum: | 83da6a9386c78be5ab5008dc6ce431bb |
|
| /// File Name: |
getacct002.zip |
Description:
|
GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines.
| | Author: | Urity | | Homepage: | http://www.securityfriday.com/getacct_002.html | | Changes: | Adds the saving function. | | File Size: | 256475 | | Last Modified: | Mar 27 01:26:44 2001 |
| MD5 Checksum: | 7838aedbc2bc770b19a8aa4e62631f3d |
|
| /// File Name: |
getacct003.zip |
Description:
|
GetAcct sidesteps "RestrictAnonymous=1" and acquires account information on Windows NT/2000 machines.
| | Author: | Urity | | Homepage: | http://www.securityfriday.com/getacct_002.html | | Changes: | Bug fixes and enhancements. | | File Size: | 256534 | | Last Modified: | Jul 24 06:21:21 2001 |
| MD5 Checksum: | d75750d0afdf7c45585707f7aad9be7e |
|
| /// File Name: |
getsvrinfo.exe |
Description:
|
Getsvrinfo is a little program coded for Windows NT that gets the parameters of a remote Windows NT server, parameters include NetBIOS name, NetBIOS domain/workgroup, amount of users currently logged in, and remote operating system version.
| | Homepage: | http://tribune.intranova.net/archives/ | | File Size: | 80896 | | Last Modified: | Jan 11 22:30:29 2000 |
| MD5 Checksum: | 8d0c2ceb3d5086baac6b4dbd29ecfdb8 |
|
| /// File Name: |
Grinder.zip |
Description:
|
Grinder.zip is an executable and perl script which uses the SID tools to enumerate usernames from an NT Server.
| | Author: | B-Root | | File Size: | 312487 | | Last Modified: | Apr 25 01:57:17 2001 |
| MD5 Checksum: | d92d07a4c2f090b34692c87252c68d45 |
|
| /// Directory: |
/ hack / |
Description:
|
NT Hacking Utilities
| | Total Files: | 36 | | Last Modified: | Sep 14 08:47:00 2004 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
