THC IPv6 Attack Toolkit v2.0 Released

The Hacker's Choice (THC) has release version 2.0 of THC IPv6 Attack Toolkit. New tool added for scanning ipv6 networks. New tools for local network denial of service against Windows and BSD based systems. Made feature 6to4, VLAN-Q/801.1q and PPPoE injection features public. Various updates and fixes.

The THC IPV6 ATTACK TOOLKIT (THC-IPV6) is a complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library.

THC's IPv6 tools are made available under the GPLv3 and can be downloaded as a compressed source tarball for self compilation.

Download THC IPv6 Attack Toolkit v2.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

THC-IPV6 1.9 Released – Attacking the IPV6 Protocol

A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches, tools and feedback to the thc-ipv6 project.

Change Log 1.9

• added new tool: detect_sniffer6 (Windows, Linux, *BSD, OS X, ...)
• added new tool: fake_router26 which gives more control on options
• added new tool: dnsrevenum6 which reverse enumerates the DNS
• added new tool: inverse_lookup6 which gets the IPv6 addresses of a mac address
• added new tool: fake_solicitate6 which lets you fake neighbor solicate packets
• added new tool: address6 converts between ipv6 <=> ipv4 and mac addresses
• added new tool: passive_discovery6 which detects all sending systems and includes DAD detection
•  dnsdic6:
• added full SRV service scan support (-S option)
• fix for x64 systems, thanks to alphacc(at)altern(dot)org
• some more minor fixes
• thcping6:
• added -U udp option
• return code -1 no reply, 0 reply, 1 error reply
• fuzz_ip6:
• added TCP (-0 port) to the fuzzer with tstamp, mss + wscale options
• return code 0 on tests done and target alive, 1 on target crashed
• detect-new-ip6: now the interface is passed as 2nd cmdline option to the script
• implementation6:
• added more tests (AH + ESP ping tests, 8k exthdr, 2k exthdr size)
• fixes for some tests
• returns -1 on errors, 0 if at least one reply, 1 if no or only error replies
• parasite6:
• fixed a crash when -F and -R were used together
• parasite6 now terminates as it should, also ending childrens when using -l
•  fixed the mac command line parameter that was not working
• trace6:
• fixed a crash
• made it a bit faster
• fix for targets further away than 18 hops
• enhanced error messages
• kill_router6: fixed '*' target option
• dos-new-ip6: also DOSes non-link-local addresses now
• toobig6: fixed crash when mtu size specified was < 47
• send errors dont result in program exits for flood_*, fuzz_ip6 and ndpexhaust6 tools anymore
• thc-ipv6-lib:
• changed the thc_pcap_function to
• have a an addition parameter, promisc (before it was not promiscous)
• reduce CPU load, which affects detect-new-ip6, dos-new-ip6 and parasite6
• changed some function defines from/to signed/unsigned
• cleaned up the code

DOWNLOAD THC-IPV6 1.9

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Zemra Botnet Download

Zemra first appeared on underground forums in May 2012. This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server.

Zemra uses a simple panel with an overview of all statistics is needed.With the help of two graphs can be seen operating machinery and the region location.In addition, statistics on online and for more information. You have a chance to see everything online Socks5 and export them to the list.Traffic is encrypted and protected using the algorithm AES, each client communicates with a unique generated key.

A brief functional:
• Intuitive control panel
• DDos (HTTP / SYN Flood / UDP)
• Loader (Load and run).
• Cheat visits (visits to the page views).
• USB Spread (spread through flash drives)
• Socks5 (picks up socks proxy on the infected machine)
• Update (Updates the bot)
• [color = red] The process can not be completed because the He is critical.
• 256 Bit AES encryption of traffic from the bot to the server
• Anti-Debugger
• There is a choice of a particular country bots perform the job

Two types of DDoS attacks that have been implemented into this bot: HTTP flood and SYN flood.

Download ZEMRA BOTNET

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

BoNeSi - The DDoS Botnet Simulator

BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.

BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly configurable and rates, data volume, source IP addresses, URLs and other parameters can be configured.

What makes it different from other tools?

There are plenty of other tools out there to spoof IP addresses with UDP and ICMP, but for TCP spoofing, there is no solution. BoNeSi is the first tool to simulate HTTP-GET floods from large-scale bot networks. BoNeSi also tries to avoid to generate packets with easy identifiable patterns (which can be filtered out easily).

How does TCP Spoofing work?

BoNeSi sniffs for TCP packets on the network interface and responds to all packets in order to establish TCP connections. For this feature, it is necessary, that all traffic from the target webserver is routed back to the host running BoNeSi. 

On an AMD Opteron with 2Ghz we were able to generate up to 150,000 packets per second. BoNeSi  tested against state-of-the-art commercial DDoS mitigation systems and where able to either crash them or hiding the attack from being detected.

Download BoNeSi

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

HULK - The Web Server DoS Tool

HULK is a Python script, that generates randomly crafted, unique HTTP requests, generating a fair load on a web server, eventually exhausting it of resources. It uses various techniques to make the requests dynamic and thus more difficult to detect, such as randomising both User-Agent and Referer fields.

Anti-detection techniques used by HULK:

• Obfuscation of Source Client – this is done by using a list of known User Agents, and for every request that is constructed, the User Agent is a random value out of the known list
• Reference Forgery – the referrer that points at the request is obfuscated and points into either the host itself or some major pre-listed websites.
• Stickiness – using some standard HTTP command to try and ask the server to maintain open connections by using Keep-Alive with variable time window
• no-cache – this is a given, but by asking the HTTP server for no-cache , a server that is not behind a dedicated caching service will present a unique page.
• Unique Transformation of URL – to eliminate caching and other optimization tools, I crafted custom parameter names and values and they are randomized and attached to each request, rendering it to be Unique, causing the server to process the response on each event.

Download HULK version 1.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email