Codes & Tools
Most of our developments are also available on the BackTrack CD.
For questions regarding the projects, just send an e-mail to the relative developer(s).
evade_disablecmd_vba_macro.zip - Word Macro to evade disableCMD policy setting
The zip file contains a .doc example file with the macro and a .reg file to set/delete the policy setting. The macro copies the cmd.exe and patches one byte to overcome the disablecmd policy setting. Nothing fancy but working.
Click here ot get evade_disablecmd_vba_macro.zip
VBA Macro to remove DisableCMD CMD.EXE restriction from Max Moser on Vimeo.
Short video showing my VBA byte patcher written to overcome DisableCMD policy setting.
Exe2vba_max - Word Macro to Include & Extract exe Within Word
I needed to include an executable into a word macro. Unfortunately the metasploit tool exe2vba is built to integrate the exe into the macro code. That does not work on larger files because of limitation within word. My code is now extracting the exe from the word document itself. I randomized every variable and function name as well as the magic itself. The exe can be attached to existing documents as well. I will remove the code as soon as the metasploit team merges it into their codebase.
Click here ot get exe2vba_msf_patch.tar.gz
exe2vba_max howto from Max Moser on Vimeo.
The video demonstrates how to automatically build a macro and hex representation of a binary, that can be included within word.
Psnuffle - Credential Sniffer for Metasploit
Psnuffle is a credentials sniffer module for the metasploit framework. It has been removed from our website because it is integrated into the metasploit svn now. You can get it using the command
svn co http://metasploit.com/svn/framework3/trunk/
Go to trac.metasploit.org for further information.
Psnuffle credentials sniffing module demo from Max Moser on Vimeo.
With psnuffle metasploit got a credential sniffer in place. Its easy to use and extens. Writing a new module just takes some minutes.
CUPP - Common User Passwords Profiler
CUPP is a common user passwords profiler.
Click here for more...
5NMP - SNMP scanner/bruteforcer
5NMP is a SNMP scanner and brute-forcer for MS Windows.
Click here for more...
saltymd5 - brute-force salted MD5 hashes
saltymd5 is a small and simple tool that
automates bruteforce / wordlist attacks against salted MD5
hashes.
Click here for more...
Bluebugger - mobile phone bluebug exploitation
bluebugger is an implementation of the bluebug technique
which was discovered by Martin Herfurt from the
Trifinite Group.
Click here for more...
Wyd - The password profiler
Wyd is a password profiling tool that is able to parse
different types of files and generate a wordlist out of them
which can be used for a wordlist attack on passwords.
Click here for more...
SIPcrack - SIP login sniffer/cracker
SIPcrack is a toolsuite for sniffing and bruteforcing the
digest authenticiation password that is sent by SIP clients
registering at a SIP server.
Click here for more...
Hotspotter - Automatic wireless client penetration
Hotspotter passively monitors the network for probe request
frames to identify the preferred networks of Windows XP clients,
and will compare it to a supplied list of common hotspot network
names. If the probed network name matches a common hotspot name,
Hotspotter will act as an access point to allow the client to
authenticate and associate.
Click here for more...
Wellenreiter - Wireless discovery / auditing
Wellenreiter is a wireless network discovery and auditing tool.
Prism2, Lucent, and Cisco based cards are supported. It is one of the
easiest to use linux wireless scanning tools available.
No card configuration has to be done anymore. The whole look and
feel is pretty self-explainatory.
It can discover networks (BSS/IBSS), and detect ESSID broadcasting
or non-broadcasting networks as well as their WEP capabilities and the
manufacturer information automatically.
Click here for more...