[THC-Hydra v7.6] Fast Parallel Network Logon Cracker

 Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast.

Features

• IPv6 Support
• Graphic User Interface
• Internationalized support (RFC 4013)
• HTTP proxy support
• SOCKS proxy support

The tool supports the following protocols:

Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more.

Release 7.6
* Added a wizard script for hydra based on a script by Shivang Desai <shivang.ice.2010@gmail.com>
* Added module for Siemens S7-300 (submitted by Alexander Timorin and Sergey Gordeychik, thanks!)
* HTTP HEAD/GET: MD5 digest auth was not working, fixed (thanks to Paul Kenyon)
* SMTP Enum: HELO is now always sent, better 500 error detection
* hydra main:
   - fixed a bug in the IPv6 address parsing when a port was supplied
   - added info message for pop3, imap and smtp protocol usage
* hydra GTK: missed some services, added
* dpl4hydra.sh:
   - added Siemens S7-300 common passwords to default password list
   - more broad searching in the list
* Performed code indention on all C files :-)
* Makefile patch to ensure .../etc directory is there (thanks to vonnyfly)

Download THC-Hydra v7.6

[Router Password Kracker] Router Password Recovery Software

Router Password Kracker is a free software to recover the lost password of your Router. It can also be used to recover password from your internet Modem or Web sites which are protected by HTTP BASIC Authentication.

Generally Routers or Modems control their access by using HTTP BASIC authentication mechanism. In simple words, when you connect to your Modem/Router from the browser (typically http://192.168.1.1) you will be asked to enter username & password. If you ever forget this password then you will not be able to access your Router/Modem configuration. Even some websites use this BASIC Authentication to allow only certain users to access their site. 

In these cases 'Router Password Kracker' can help you in quickly recovering your lost password. Also Penetration Testers and Forensic Investigators can find this tool very useful in cracking the Router/Modem/Website password.

Download Router Password Kracker

[DirBuster] Brute Force Directories and Files Names on Web/Application Servers

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.

However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide! If you have the time ;)

Download DirBuster

[Hashcat v0.47] The world’s fastest CPU-based password recovery tool

Hashcat is the world’s fastest CPU-based password recovery tool.

While it’s not as fast as its GPU counterparts oclHashcat-plus and oclHashcat-lite, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Changelog v0.47

• added -m 123 = EPi
• added -m 1430 = sha256(unicode($pass).$salt)
• added -m 1440 = sha256($salt.unicode($pass))
• added -m 1441 = EPiServer 6.x >= v4
• added -m 1711 = SSHA-512(Base64), LDAP {SSHA512}
• added -m 1730 = sha512(unicode($pass).$salt)
• added -m 1740 = sha512($salt.unicode($pass))
• added -m 7400 = SHA-256(Unix)
• added -m 7600 = Redmine SHA1
• debug mode can now be used also together with -g, generate rule
• support added for using external salts together with mode 160 = HMAC-SHA1 (key = $salt)
• allow empty salt/key for HMAC algos
• allow variable rounds for hash modes 500, 1600, 1800, 3300, 7400 using rounds= specifier
• added –generate-rules-seed, sets seed used for randomization so rulesets can be reproduced
• added output-format type 8 (position:hash:plain)
• updated/added some hcchr charset files in /charsets, some new files: Bulgarian, Polish, Hungarian
• format output when using –show according to the –outfile-format option
• show mask length in status screen
• –disable-potfile in combination with –show or –left resulted in a crash, combination was disallowed

Features

• Multi-Threaded
• Free
• Multi-Hash (up to 24 million hashes)
• Multi-OS (Linux, Windows and OSX native binaries)
• Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
• SSE2, AVX and XOP accelerated
• All Attack-Modes except Brute-Force and Permutation can be extended by rules
• Very fast Rule-engine
• Rules compatible with JTR and PasswordsPro
• Possible to resume or limit session
• Automatically recognizes recovered hashes from outfile at startup
• Can automatically generate random rules
• Load saltlist from external file and then use them in a Brute-Force Attack variant
• Able to work in an distributed environment
• Specify multiple wordlists or multiple directories of wordlists
• Number of threads can be configured
• Threads run on lowest priority
• Supports hex-charset
• Supports hex-salt
• 90+ Algorithms implemented with performance in mind
• …and much more

Download hashcat v0.47

[BTCrack v1.1] The worlds first Bluetooth Pass phrase (PIN) Bruteforce Tool

BTCrack is the worlds first Bluetooth Pass phrase (PIN) bruteforce tool, BTCrack will bruteforce the Passkey and the Link key from captured pairing* exchanges.

BTcrack was demoed and realeased at Hack.lu 2007 and 23C3 in Berlin, the video of the presentation is available on Google Video .

To capture the pairing data it is necessary to have a Professional Bluetooth Analyzer : FTE (BPA 100, BPA 105, others), Merlin OR flash a CSR based consumer USB dongle with special firmware.

Speed Comparison :

· P4 2Ghz - Dual Core 200.000 keys/sec

· FPGA E12 @ 50Mhz 7.600.000 keys/sec

· FPGA E12 @ 75Mhz 10.000.000 keys/sec

· FPGA E14 30.000.000 keys/sec

Changes :· 1.0 First release · 1.1 Intermediate Release    E12 + E14 FPGA Support ( http://www.picocomputing.com)   Splash Screen    Process Priority    Speed increase (+15%)

Download BTCrack v1.1

[THC-Hydra 7.5] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast.

Features

• IPv6 Support
• Graphic User Interface
• Internationalized support (RFC 4013)
• HTTP proxy support
• SOCKS proxy support

The tool supports the following protocols

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Changelog for 7.5

• Added module for Asterisk Call Manager
• Added support for Android where some functions are not available
• hydra main:
• – reduced the screen output if run without -h, full screen with -h
• – fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS
• – fixed -o output (thanks to www417)
• – warning if HYDRA_PROXY is defined but the module does not use it
• – fixed an issue with large input files and long entries
• hydra library:
• – SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems
• – removed support for old OPENSSL libraries
• HTTP Form module:
• – login and password values are now encoded if special characters are present
• – ^USER^ and ^PASS^ are now also supported in H= header values
• – if you the colon as a value in your option string, you can now escape it with \: – but do not encode a \ with \\
• Mysql module: protocol 10 is now supported
• SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be defined as an option “TLS” if required. This increases performance.
• Cisco module: fixed a small bug (thanks to Vitaly McLain)
• Postgres module: libraries on Cygwin are buggy at the moment, module is therefore disabled on Cygwin

Download THC-Hydra 7.5

[MKBRUTUS] Password bruteforcer for MikroTik devices or boxes running RouterOS

Mikrotik brand devices (www.mikrotik.com), which runs the RouterOS operative system, are worldwide known and popular with a high networking market penetration. Many companies choose them as they are a great combination of low-cost and good performance. RouterOS can be also installed on other devices such as PC.

This system can be managed by the following ways:

• Telnet
• SSH
• Winbox (proprietary GUI of Mikrotik)
• HTTP
• API

Many network sysadmins choose to close Telnet, SSH and HTTP ports, leaving the Winbox port open for graphical management or to another client (developed by third parties) which uses the RouterOS API port, such as applications for Android (managing routers and Hotspots) or web front-ends. At this point, MKBRUTUS comes into play ;)

Both, Winbox and API ports uses a RouterOS proprietary protocol to "talk" with management clients.

It is possible that in the midst of a pentesting project, you can find the ports 8291/TCP (Winbox) and 8728/TCP (API) open and here we have a new attack vector.

Because the port 8291/TCP is only possible to authenticate using the Winbox tool (at least by now ;), we realized the need of develop a tool to perform dictionary-based attacks over the API port (8728/TCP), in order to allow the pentester to have another option to try to gain access.

DICTIONARY-BASED ATTACK

MKBRUTUS is a tool developed in Python 3 that performs bruteforce attacks (dictionary-based) systems against RouterOS (ver. 3.x or newer) which have the 8728/TCP port open. Currently has all the basic features of a tool to make dictionary-based attacks, but in the future we plan to incorporate other options. There are many sites from where you can download wordlists, here are some:

http://wiki.skullsecurity.org/Passwords

http://wordlist.sourceforge.net/

Download MKBRUTUS

[WFacebook] Facebook Password Cracker

Facebook Password Cracker.

Video:

Download WFacebook

[Patator v0.5] Multi-purpose brute-forcer, with a modular design and a flexible usage

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Currently it supports the following modules:

* ftp_login : Brute-force FTP

* ssh_login : Brute-force SSH

* telnet_login : Brute-force Telnet

* smtp_login : Brute-force SMTP

* smtp_vrfy : Enumerate valid users using the SMTP VRFY command

* smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command

* finger_lookup : Enumerate valid users using Finger

* http_fuzz : Brute-force HTTP/HTTPS

* pop_login : Brute-force POP

* pop_passd : Brute-force poppassd (not POP3)

* imap_login : Brute-force IMAP

* ldap_login : Brute-force LDAP

* smb_login : Brute-force SMB

* smb_lookupsid : Brute-force SMB SID-lookup

* vmauthd_login : Brute-force VMware Authentication Daemon

* mssql_login : Brute-force MSSQL

* oracle_login : Brute-force Oracle

* mysql_login : Brute-force MySQL

* mysql_query : Brute-force MySQL queries

* pgsql_login : Brute-force PostgreSQL

* vnc_login : Brute-force VNC

* dns_forward : Brute-force DNS

* dns_reverse : Brute-force DNS (reverse lookup subnets)

* snmp_login : Brute-force SNMPv1/2 and SNMPv3

* unzip_pass : Brute-force the password of encrypted ZIP files

* keystore_pass : Brute-force the password of Java keystore files

Download Patator v0.5