THC Releases

THC-smartbrute is a smart card instruction bruteforcing tool

THC-Hydra - the best parallized login hacker: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. Visit the project web site to download Win32, Palm and ARM binaries. Changes in 5.4: Several speed improvements, bug fixes and a few enhancements! NOTE: We need people to rewrite modules - please contact vh(at)thc(dot)org

THC is proud to be the first who are releasing an comprehensive attack toolkit for the IPv6 protocol suite. It comprises of state-of-the-art tools for alive scanning, man-in-the-middle attacks, denial-of-service etc. which exploits inherent vulnerabilities in IPv6. Included is a fast and easy to use packet crafting library to create your own attack tools.

*THC 10th anniversary special release* Amap is a next-generation scanning tool, which identifies applications and services even if they are not listening on the default port by creating a bogus-communication and analyzing the responses. Changes: many more fingerprints, fix for SSL. Voted into the top-50 security tool list!

The first publicly available full blown cracker for Oracle 11g. This tool can crack passwords which are stored using the latest SHA1 based password hashing algorithm. To speed up cracking, the tool exploits a weakness in the Oracle password storage strategy. Therfore, cracking - for most passwords - is still just as fast as it was before the introduction of Oralce 11g.

THC-Orakel is a tool suite for analysis of the database authentication mechanism used in Oracle products. Provided are utilities for sniffing and breaking authentication password on the wire within seconds.

Removes the PHONE LOCK from Nokia mobile phones (6630, 6680, ...). A design flaw and an undocumented feature is exploited to trigger a hard reset even if the phone is locked.

For the 10th anniversary of THC here is a special update for THC-Scan: Recompiled to run on modern computers without problems. A new version of world´s best free wardialer/scanner. THC-Scan v2.01 is working under DOS, Win95/98/NT/2K/XP and all DOS emulators (UNiX) on all 80x86 processors. ODBC databank support, completely automated tone, carrier, vmb scanning, large palette of analysing tools included. Comes with full source code.

Snooze is the next-generation sniffing tool, supporting modularized protocol dissectors and remote log file retrieval. Modules are written in the high-level language LUA and are easy to develop and extend, even during runtime. Supported protocols: POP3, IMAP, FTP, RLOGIN, TELNET and others.

Keyfinder analyses files for public/private keys, encrypted or compressed data. It identified such areas by measuring the entropy, arithemtical mean and counter checking, and dumps appropriate file sections.

Brute force program against pptp vpn endpoints (tcp port 1723). Fully standalone. Supports latest MSChapV2 authentication. Tested against Windows and Cisco gateways. Exploits a weakness in Microsoft's anti-brute force implementation which makes it possible to try 300 passwords the second.

Yaotp (Yet Another One-Time Pad) is a small tool that implements the one-time pad cipher for en- and decryption of messages. It features real random number generation by audio sampling and hashing, key management that enforces one-time usage and irreproducible key destruction. It is the right choice for the totally paranoid geek and high-security issues beyond any imagination.

Search data on a harddisk/partition/file, extract the part you are interested in, and write it back after you modified it. Useful to find and modify really all unencrypted Logfiles on a system. Does everything in RAW mode, and hence does not tamper a/m/ctimes.

The THC LEAP Cracker Tool suite contains tools to break the NTChallengeResponse encryption technique e.g. used by Cisco Wireless LEAP Authentication. Also tools for spoofing challenge-packets from Access Points are included, so you are able to perform dictionary attacks against all users.

THC-vlogger, an advanced linux kernel based keylogger, enables the capability to log keystrokes of all administrator/user's sessions via console, serial and remote sessions (telnet, ssh), switching logging mode by using magic password, stealthily sending logged data to centralized remote server. Its smart mode can automatically detect password prompts to log only sensitive user and password information.

This is the best secure data deletion toolkit! If you overwrite a file for 10+ times, it can still be recovered. Read why and use the programs included (w/src!). These tools can wipe files, free disk space, swap and memory! Changes: Linux LKM for secure file deletion included, small bufixes.