Image

- [ www.swateam.org.uk ] -
Anarchy is Order

Est. 1998

Here are the collection of files from the old site, we're keeping them on here as they proved quite popular, the files are magnet links so you will need a torrent client to download them, show your support and seed. If you don't wish to do that we have added some cryptomining short links to some of the files to force you leeches to give something back. Just a note to you all, don't think that downloading and running these files will make you some ubercracker, to be fair it might make you a skid at best. In truth we've acquired these files from either official sources (in the case of the freeware port scanners for example) or some dodgy source (in the case of the exploit packs or malware source code). Don't waste our time saying that the files have virus' in them as not only will you prove your total worthiness of the Skid of the Year Award, but because you are on some dodgy underground hackers website, downloading files that are flagged as having virus in them by every anti virus company on earth. Of course the files have virus in them, what the fuck do you think you are downloading? lob them onto a couple of virtual machines, fire up wireshark or whatnot and see what they do and how they work. That is why they are here, if you are wanting the files for any other reason, i hope you fuck up whatever you are doing and lose all your data.

Crypter Sources
Descriptions
Source code for 19 crypters, coded in VB6, .NET, C++ C# etc, not reviewed them all but they seem to be a good starting place for anyone wishing to learn more about how crypters work.
Exploit Packs
Descriptions
exploit pack to pwn your browser when you visit dodgy websites
another exploit pack
awesome exploit pack, might need decrypting and cracking
modded version of the eleonore exploit pack v.1.4.4
Sava exploit pack
The Phoenix Exploit Pack v2.5
Sakura Exploit Pack v1.2
Fragus Black Exploit pack.
PHP/Web Shells
Descriptions - some from net some from audited hosts
100 shells list of them here
bypass.txt webshell
c99.txt "famous" c99 shell
c99ud.txt same as above more or less
cgitelnet.pl perl cgi telnet
cps.php.txt found on compromised host
echo.gif.php.txt found on compromised host
echo.jpg.php.txt found on compromised host, same as above i think
islamshell.php.txt found on compromised host
my.php.txt another php webshell
r57.php.txt "famous" r57 shell
safe0ver.txt another webshell, think this ones php
DDoS php scripts
Descriptions
Slowlaris.pl consume all the connections on a web server
UDP Flooder batters servers offline with k-rad uber UDP random data!!
Shell Booter Frontends
Descriptions
ATT Booter ATT Booter source- excellent source - modifed from prodigy
Advanced PHP Booter Another booter.
DDoS Shell Booter
Another good shell booter
BotNets
Descriptions
Zeus 2.0.8.9 Source Source code for the infamous banking trojan
v0lk source VB6 source and PHP panel of the v0lk botnet - nothing special but worth a look.
Citadel 1.3.4.5 Citadel Botnet, panel and builder no source sadly.
Carberp Source Code - Magnet Link Epic source code of the Carberp botnet, massive download, this archive isnt passworded like the main leak as it has been removed, nothing else has been touched. there are other files in there that still have passwords, if anyone can get them for us then we will be in your debt. Enjoy this treasure trove of research material. Do us a favour and seed this if you download it. Note there are exe files in here that will trip your av, possibly because they are part of the malware, so research with caution. 1.74gb
MAB Botnet Collection Several IRC Botnet sources including - urxbot, Spybot, sdbot, rxbot, rbot, phatbot, litmus, gtbot, forbot, evilbot, darkirc, agobot, acebot and others (jbot, microbot, blueeyebot, icebot, q8bot, happybot, ...)
Bots-2 More Botnet sources, several variations of the above bots along with some virii source as well, worth a look.
Bots-3 Second part of the above file, contains botnet sources, virii sources and basic ransomware sources.
Bots-1 After some google-fu i finally found part one of the Bots- series of files.
Dirt Jumper 5 Dirt Jumper DDoS botnet. no source included except the web panel
Spy Eye 1.0 I believe this is a varient of zeus, but i might be wrong, no source included sadly.
Windows password dumpers
Descriptions
This handy utility dumps the password database of an NT machine that is held in the NT registry (under HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users) into a valid smbpasswd format file (which is understood by practically all Windows password security auditing tools). (Windows NT )
This is an application which dumps the password hashes from NT's SAM database, whether or not SYSKEY is enabled on the system. NT Administrators can now enjoy the additional protection of SYSKEY, while still being able to check for weak users' passwords. The output follows the same format as the original pwdump (by Jeremy Allison) and can be used as input to password crackers. You need the SeDebugPrivilege for it to work. By default, only Administrators have this right, so this program does not compromise NT security. (Windows NT / 2000)
pwdump3 enhances the existing pwdump and pwdump2 programs developed by Jeremy Allison and Todd Sabin, respectively. pwdump3 works across the network and whether or not SYSKEY is enabled. Like the previous pwdump utilities, pwdump3 does not represent a new exploit since administrative privileges are still required on the remote system. One of the largest improvements with pwdump3 over pwdump2 is that it allows network administrators to retrieve hashes from a remote NT system. (Windows NT / 2000)
pwdump3e provides enhanced protection of the password hash information by encrypting the data before it is passed across the network. It uses Diffie-Hellman key agreement to generate a shared key that is not passed across the network, and employs the Windows Crypto API to protect the hashes. (Windows NT / 2000)
pwdump4 is an attempt to improve upon pwdump3. It might work in cases when pwdump3 fails (and vice versa). (Windows NT / 2000)
pwdump5 is an application that dumps password hashes from the SAM database even if SYSKEY is enabled on the system. If SYSKEY is enabled, the program retrieves the 128-bit encryption key, which is used to encrypt/decrypt the password hashes. (Windows NT/2000/XP/2003)
pwdump6 is a significantly modified version of pwdump3e. This program is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether SYSKEY is enabled. It is also capable of displaying password histories if they are available. Currently, data transfer between the client and target is NOT encrypted, so use this at your own risk if you feel eavesdropping may be a problem. (Windows 2000/XP/2003/Vista)
pwdump7 works with its own filesytem driver (from rkdetector.com technology) so users with administrative privileges are able to dump directly from disk both SYSTEM and SAM registry hives. Once dumped, the SYSKEY key will be retrieved from the SYSTEM hive and then used to decrypt both LanMan and NTLM hashes and dump them in pwdump like format. (Windows 2000/XP/2003/Vista)
A Tool For Mass Password Auditing of Windows Systems - inc source
Windows port scanners
Descriptions
superscan4.zip SuperScan 4 is an update of the highly popular Windows port scanning tool, SuperScan. Windows NT/XP - maybe vista and beyond - official site here
nmap-6.25-win32.zip The hackers choice in port scanners - command line version for Windows official site here
nmap-6.25-setup.exe The hackers choice in port scanners - Windows with GUI official site here
Windows network sniffers
Descriptions
ettercap-NG-0.7.3-win32.exe Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. Offical site here
setup_kismet_2008-05-R1.exe Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic. Offical site here
Wireshark-win32-1.8.4.exe
Wireshark-win64-1.8.4.exe
Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. official site here
Wordlists
Descriptions
theargonlistver1.zip Definative wordlist from the argon.com - local copy - approx 250mb uncompressed
Misc Wordlists Rip of the argon wordlist directory. 50 Wordlists.
5 Million Wordlist The Lightspeed 5 million wordlist.
15 Million Wordlist Epic wordlist for your brute forcing pleasure.
USB Switchblades
Descriptions
Gonzors Switchblade v1.2 By abusing the CD-ROM image on a U3 drive these awesome bits of kit steal data, scan networks and pretty much autopwn a windows machine when plugged into one. an excellent project on there own.
Switchblade Siliv 1-3-0-1 Another switchblade, excellent tools well worth examining and playing about with.