Category: Password Attacks

spray Shadow Credentials

ShadowSpray: spray Shadow Credentials

ShadowSpray A tool to spray Shadow Credentials across an entire domain in hopes of abusing long-forgotten GenericWrite/GenericAll DACLs over other objects in the domain. Why this tool In a lot of engagements, I see (in...

Crack zip encryption

bkcrack: Crack legacy zip encryption

bkcrack Crack legacy zip encryption with Biham and Kocher’s known-plaintext attack. Overview A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a...

brutespray

brutespray v1.8.1 released: Brute-Forcing from Nmap output

BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. It can even find non-standard ports by using the -sV inside Nmap. Supported Services ssh ftp telnet vnc mssql mysql...

password generator

cook v2.1.3 releases: customizable wordlist and password generator

COOK A customizable wordlist and password generator. USAGE cook -start admin,root -sep _,- -end secret,critical start:sep:end cook admin,root:_,-:secret,critical   Predefined Extentions Sets Use archive for .rar, .7z, .zip, .tar, .tgz, … Use web for .html, .php, .aspx, .js,...

Oracle Database Attack Toolkit

wodat: Windows Oracle Database Attack Toolkit

Windows Oracle Database Attack Tool (wodat) Simple port of the popular Oracle Database Attack Tool (ODAT) to C# .Net Framework. Perform password-based attacks e.g. username as password, username list against given password, password list against...