HSC Security Portal

Wavestumbler v1.2

WaveStumbler is console based 802.11 network mapper for Linux. It reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support for Hermes based cards (Compaq, Lucent/Agere, … ) It still in development but tends to be stable.

It consist of a patch against the kernel driver, orinoco.c which makes it possible to send the scan command to the driver viathe /proc/hermes/ethX/cmds file. The answer is then sent back via a netlink socket. WaveStumbler listens to this socket and displays the output data on the console.

The patch should be applied agains Linux-2.4.17. It patches the whole linux/drivers/wireless to version 2.4.18-pre7 + the apscan code in orinoco.c. This is a 100% experimental patch, but it seems to work quite good with my Orinoco Silver Card, so feel free to try it out.

If you patch other versions of the kernel, or create patches for them. Please send them to me so I can put them on the website.

If you successfully run this with any other hw please report this to me too.

Please report success or failure stories !
Thanks to h1kari for “revealing” the magic behind APScanning.

WMIDump v1.3

WMIDump dumps all instances of a given WMIClass and is to be used as an information collector. It can be used to collect information about e.g;

- OS, Accounts, Hotfixes, Scheduled Jobs, Services, Processes, Shares
- Hardware, Modems, Network Interfaces, Serial ports, Logical Disks

ZapWireless v1.0

A little small utility that checks/sets the hardware (switch) and software state of the Intel centrino wireless adapter. It does only work together with the Intel PROSet/Wireless software and has not gone through extensive testing (as always :D)

Wellenreiter v1.9 - Wireless discovery / auditing

Wellenreiter is a wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. It is the easiest to use Linux scanning tool. No card configuration has to be done anymore. The whole look and feel is pretty self-explaining. It can discover networks (BSS/IBSS), and detects ESSID broadcasting or non-broadcasting networks and their WEP capabilities and the manufacturer automatically. DHCP and ARP traffic are decoded and displayed to give you further information about the networks. An ethereal/tcpdump-compatible dumpfile and an Application savefile will be automaticly created. Using a supported GPS device and the gpsd you can track the location of the discovered networks. NO!, hosap drivers actualy don't work in the perl version.

The project has started to move from perl to C++. Currently there are two "flavours" of Wellenreiter available. One is the perl/gtk based Version, with all the described functionality. The second one is the Wellenreiter II C++ based flavour. This runs on Handhelds (Zaurus/Ipaq/etc.) within the Opie environment and on X11.

Hotspotter - Automatic wireless client penetration

Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate. Once associated, Hotspotter can be configured to run a command, possibly a script to kick off a DHCP daemon and other scanning against the new victim.

SIPcrack v0.2 - SIP login dumper/cracker

Session Initiation Protocol (SIP) is a protocol developed by the IETF MMUSIC Working Group and is a proposed standard for initiating, modifying, and terminating an interactive user session that involves multimedia elements such as video, voice, instant messaging, online games, and virtual reality.

In November 2000, SIP was accepted as a 3GPP signaling protocol and permanent element of the IMS architecture.
It is one of the leading signalling protocols for Voice over IP, along with H.323. In most VOIP solutions SIP is used to authenticate the SIPclient.
The protocol is documented inside the RFC at www.ietf.org/rfc/rfc3261.txt

Wyd v0.2 - The password profiler

In current IT security environments, files and services are often password protected. In certain situations it is required to get access to files and/or data even when they are protected and the password is unknown.
wyd.pl was born of those two of situations:

A penetration test should be performed and the default wordlist does not contain a valid password
During a forensic crime investigation a password protected file must be opened without knowing the the password.

The general idea is to personalize or profile the available data about a "target" person or system and generate a wordlist of possible passwords/passphrases out of the available information.
Instead of just using the command 'strings' to extract all the printable characters out of all type of files, we wanted to eliminate as much false-positives as possible.

The goal was to exlude as much "unusable" data as possible to get an effective list of possible passwords/passphrases.

Bluebugger v0.1- mobile phone bluebug exploitation

Bluebugger is an implementation of the bluebug technique which was discovered by Martin Herfurt.

Hedgehog

A simple proof-of-concept portscanner written in VBA for Excel.

FAQ
Q: Why would anyone need this piece of junk?!
A: Well, some say it could prove useful in a locked down Terminal
Service environment :)

Getsids (Win32)

Getsids tries to enumerate Oracle Sids by sending the services command to the Oracle TNS listener. Like doing ‘lsnrctl service’.