THC Releases

THC-Hydra - the best parallized login hacker: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Visit the project web site to download Win32, Palm and ARM binaries. Changes in 5.4: Several speed improvements, bug fixes and a few enhancements! NOTE: We need people to rewrite modules - please contact vh(at)thc(dot)org

World´s best Credit Card Generator, checks and generates over hundreds of different card types including newest bank ids and standards. For all you horny guys who always wanted an account at Amateurs or Dirtybird, NOW supporting magnetic card reader and writer for MASTER/VISA/EC/etc cards.

For the 10th anniversary of THC here is a special update for THC-Scan: Recompiled to run on modern computers without problems. A new version of world´s best free wardialer/scanner. THC-Scan v2.01 is working under DOS, Win95/98/NT/2K/XP and all DOS emulators (UNiX) on all 80x86 processors. ODBC databank support, completely automated tone, carrier, vmb scanning, large palette of analysing tools included. Comes with full source code.

THC is proud to be the first who are releasing an comprehensive attack toolkit for the IPv6 protocol suite. It comprises of state-of-the-art tools for alive scanning, man-in-the-middle attacks, denial-of-service etc. which exploits inherent vulnerabilities in IPv6. Included is a fast and easy to use packet crafting library to create your own attack tools.

*THC 10th anniversary special release* Amap is a next-generation scanning tool, which identifies applications and services even if they are not listening on the default port by creating a bogus-communication and analyzing the responses. Changes: many more fingerprints, fix for SSL. Voted into the top-50 security tool list!

THC-WarDrive is a tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. It is effective and flexible, a "must-download" for all wavelan nerds.

This is the best secure data deletion toolkit! If you overwrite a file for 10+ times, it can still be recovered. Read why and use the programs included (w/src!). These tools can wipe files, free disk space, swap and memory! Changes: Linux LKM for secure file deletion included, small bufixes.

THC-PassID is a small application that will generate serial numbers for german passports (identity cards). Also included is a small article how to calculate such serial numbers. This tool and article proves that xxx-site shouldn't rely on serial numbers for age verification.

THC-vlogger, an advanced linux kernel based keylogger, enables the capability to log keystrokes of all administrator/user's sessions via console, serial and remote sessions (telnet, ssh), switching logging mode by using magic password, stealthily sending logged data to centralized remote server. Its smart mode can automatically detect password prompts to log only sensitive user and password information.

The THC LEAP Cracker Tool suite contains tools to break the NTChallengeResponse encryption technique e.g. used by Cisco Wireless LEAP Authentication. Also tools for spoofing challenge-packets from Access Points are included, so you are able to perform dictionary attacks against all users.

THC-RUT (aRe yoU There, pronouced as root) is your first knife on foreign network. It gathers informations from local and remote networks. It offers a wide range of network discovery tools: arp lookup on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP address mask request, OS fingerprintings, high-speed host discovery, ... The tool is capable of discovering a Class B network within 10 minutes.

THC-Parasite v1.2 allows you to sniff on switched networks by performing ARP man-in-the-middle spoofing. Selective targets, DOS and various other features present. Changes: Now running on Solaris and OpenBSD as well! :-)

CUPASS uses techniques to guess the password of ANY user on a WindowsNT/W2K server or domain. CUPASS uses a flaw in the implementation of Microsofts NetUserChangePassword API to guess/change the users password. This release is the proof of concept code for the THC paper "CUPASS and the NetUserChangePassword Problem"

HappyBrowser can be used by every person who wants to check an NT-Server/Webserver for known vulnerabilities, without the need of having deep security knowhow. "Securing while surfing" is the motto.

Powerfull script language to hack terminal logins via dictionary- or bruteforce-hacking. Configurable for telnet and dialup hacking, extreme large command base.

Brute force program against pptp vpn endpoints (tcp port 1723). Fully standalone. Supports latest MSChapV2 authentication. Tested against Windows and Cisco gateways. Exploits a weakness in Microsoft's anti-brute force implementation which makes it possible to try 300 passwords the second.