Exploit Tools

Chrome Password Grabber – This tool uses an existing connection to extract all passwords saved in the Chrome browser for the logged in user.

Get OS X 10.7 Hashes  – This tool attempts to retrieve all user names and their associated SHA512 password hashes. If successful, the hashes are dumped for offline cracking. This tool works on Mac OS X 10.7 and 10.7.1

Crack OS X 10.7 Hashes – This tool will open hashes dumped by the "Get OS X 10.7 Hashes" tool and crack them using a wordlist.  Successfully cracked accounts are saved.

Mac Camera Image Capture – This tool attempts to retrieve an image file captured by an iSight camera such as the one built into a MacBook. If it is successful, the picture is displayed.

Reverse Shell Applet – This tool runs an exploit server which delivers a signed java applet, embedded in an HTML page, to the target hosts. The user is presented with a signed digital certificate which, when accepted, establishes a reverse shell connection back to the exploit server.

ARP Spoof Exploit Tool – This tool sends a forged ARP reply which is stored in a target’s cache, allowing impersonation of that target’s gateway router or another key destination.  The tool proceeds to conduct a man-in-the-middle attack and capture packets being sent between the target and the destination.

Automatic Drive-by Download – This tool waits for client connections, and then gathers information about the operating system and installed software on the client. Next, it chooses the latest and most reliable client exploit for the client's operating system and installed software, and delivers that exploit to the client.

Phishing tool – This tool serves an HTML form which collects information from users. It allows you to specify a custom header graphic, a custom footer graphic, and an introductory text message. For best results, design the HTML form to look like a legitimate web site so users will be more inclined to enter the requested information.

Click logger – This tool runs an exploit server that simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message.

Flash drive/CD autoplay command execution – A trojan that can be downloaded on a USB drive or CD, and when connected to a computer, will provide a direct connection to the SAINTexploit server. This tool allows you to create a USB flash drive which, when inserted into a Windows computer, prompts a user to run a program which creates a command connection. The program is disguised as the "Open Folder" option in the AutoPlay dialog to entice the user to run it.

Keystroke Logger – This tool records all keystrokes which are typed at a computer's console. The keystrokes can be viewed in the exploit server's log.

Password Hash Grabber – This tool grabs the windows SAM file or password hashes of the target. The SAM file/password hashes can be viewed in the exploit tools previous results section. Results may be used with third party programs to obtain passwords in plain text.

Download connection – This tools allows you to download a file which, when executed, establishes a command connection. This tool requires a user to execute the downloaded file in order to succeed. The target field must be a licensed target but is unused.

Find e-mail addresses – E-mail addresses in a given domain can often be found using publicly available information such as Internet search engines, network registrars, and public key servers. This tool attempts to provide a list of e-mail addresses using these resources for automating client type exploits, and is integrated with the SAINT e-mail forgery emulator.

Read passwords stored in web browser – This tool attempts to retrieve web site passwords which have been stored by Internet Explorer. Due to the encryption algorithm used by Internet Explorer, this tool can only retrieve passwords that were entered by the same user that is running the tool. For Internet Explorer 7, due to the encryption algorithm, this tool can only retrieve passwords for web sites that are still present in the browser's history. For Internet Explorer 7, passwords can only be retrieved if AutoComplete is enabled and the user chose "yes" when prompted to save each one.

Disable Firewall – Disables the firewall on a target system for further penetration analysis. The connection requires root privileges on Unix and Linux targets.

E-mail attachment execution – This tool sends an e-mail attachment which, when executed, establishes a command connection. This tool requires a user to execute the e-mail attachment in order to succeed. This tool requires the IP address of a working mail server which allows relaying of mail to the recipients. The target field must be a licensed target but is unused. This tool accepts either a single recipient or a space-separated list of recipients. If the user's e-mail client blocks .exe attachments, then an attachment filename which doesn't end in .exe must be used, and the file must be renamed to end in .exe before it can be run.

DNS zone transfer – This is a process by which a secondary name server copies all DNS records for a domain from a primary name server.

Upload command to startup folder – Each user's Startup folder on Windows systems contains programs that run at start-up time. This tool uploads a command connection to a user's startup folder. Then the connection is established the next time the computer starts.

Find Metadata – This tool searches the Internet for PDF and Microsoft Office files in the given domain, and extracts the metadata from those files. This metadata often contains the names or aliases of the document's authors or contributors, which can be used to guess valid e-mail addresses for use in client exploits.

Read Address Book – This tool attempts to gather e-mail addresses from Outlook and Outlook Express address book files (.WAB, .PAB) on the target. Recent versions of Microsoft Outlook no longer store address books locally by default. Therefore this tool is primarily useful for targets using Outlook Express or old versions of Outlook.