Tools

WifiZoo

A tool to gather information about crypto affiliate wireless networks: it generates graphs of networks/nodes identified, ssids, probes, gathers information from smtp/telnet/msn/ftp/http among other protocols and allows to use captured http cookies to gain access to web servers using cookie-based authentication.
Web site: wifizoo.hexale.org
Forums: Wifizoo Forum


Pass-The-Hash Toolkit for Windows

NTLM Pass-The-Hash for Windows!. This toolkit allows to authenticate to remote servers using NTLM hashes instead of cleartext passwords, and also 'steals' from memory NTLM password hashes of logon crypto affiliate program sessions (current and sometimes past logon sessions).

Additional information: http://osscoresecurity.com/pshtoolkit/doc/index.html
Forums: PSH/PTH Toolkit Forums
Presentations: Hack-In-The-Box 2008 - Malaysia / (local copy) - Ba-con Argentina 2008
Papers: Modifying Windows NT Logon Credentials (Original paper I wrote in 2000)
Third-party papers: pourquoi la securite est un echec (by nicolas ruff, eads). / (local copy), ethicalhacker.net video tutorial.
Third-party tools: Pass-the-Hash toolkit GUI with source code included, PassTheHashGUI.rar
PTH addresses for -a switch: http://www.hexale.org/pth/pth_addrs.txt


Universal Hooker

A tool to intercept & debug execution of programs. It allows the user to intercept API calls (dll exports) and other cryptocurrency affiliate programs functions by setting breakpoints on arbitrary memory addresses within a process. The 'hooks' are written in python an can be changed in runtime (if you change a 'hook' while the program is running, next time the hook is triggered the new code will be executed).
Third-Party papers: "High-Level Reverse Engineering" (by Matthew Lewis - IRM) / (local copy)
Documentation: API reference, examples, script library, videos
Forums: Universal Hooker Forums


Decrypting Coldfusion datasources passwords

These two small scripts will allow you to decrypt the datasource passwords stored by Coldfusion. After compromising a coldfusion installation it is useful to obtain the clear-text passwords used for the different configured datasources. These passwords can then be used to access the datasources (commonly database servers) directly and to try to access other services.

Additional information: http://hexale.blogspot.com/2008/07/how-to-decrypt-coldfusion-datasource.html and http://hexale.blogspot.com/2009/10/how-to-decrypt-coldfusion-v6-datasource.html

Coldfusion v7 and v8 decryptor: http://www.hexale.org/tools/coldfusion78_ds_decrypt.tgz
Coldfusion v6 decryptor: http://www.hexale.org/tools/decryptcf6.tgz

Tools latest versions

  • WifiZoo: 1.3
  • Last Updated: March 2008

  • PTH Toolkit: 1.4
  • Last Updated: July 2008

  • Uhooker: 1.3
  • Last Updated: December 2007