Archived

This topic is now archived and is closed to further replies.

sablefoxx

The Attack Pre-Installed Environment

147 posts in this topic

A.P.E.
The Attack Pre-Installed Environment


About:

Basically it is a bootable USB drive that will let you copy SAM files from the local system, install backdoors, crack passwords, edit any file you want, etc. All without the user's password! Its based off BartPE, unlike Backtrack this is designed more to help you compromise the local system faster and easier. This also has network support so you can FTP, or SSH the SAM file anywhere in the world. Let me know if you have any ideas on what to add, or if you think it sucks. I also wrote almost all the scripts, and loaders so let me if you find any bugs. Also feel free to post your own payloads, mods, etc, have fun! ^_^

Features:

Password Attacks:
GetSAM - Copies Local SAM file to removable drive
CrackSAM - Cracks Local\Custom SAM file using OphCrack (non-gui)
JohnTheRipper - Use CLI, X:\ape\johntheripper\run\. You may need to manually unload/load the reg hives to use this program (rh_load.exe and rh_unload.exe)

Network Attacks:
Wireshark - Packet Sniffer (BartPE Plugin)
Cain & Able - ARP Cache Poison, among other things, note that not all functionality of this program can be used in P.E.

Payloads:
Cmdo - Installs a netcat backdoor to port 69 (Reverse Shell), use NConnect to connect to victim (fixed the bsod bug)
HackSaw - Installs the hacksaw payload from P.E.
RickR - Randomly Opens Up (in defualt browser) a Rick Roll
FTPme - Installs a FTP server, shares entire C:\ on port 21 with no user/pass
KeyB - Any keyboard input is converted to binary
KeyL - Installs Keylogger, log saved to C:\WINDOWS\keyl.txt, looks like "svchost" when running.
KeyR - All keyboard input is randomized, 1/10 Nums shuts computer off
KeySh - Picks random key, and turns computer off when pressed

Utilman Hacks:
Replaces Utilman.exe with different payloads, to run press WinKey + U or (in vista/win7) press the blue circle in the lower left hand corner at the logon screen. The included payloads are;

Root Account Maker - Creates an account on the local system Username: root Password: toor, remember if the 'Welcome Screen' is enabled you may need to reboot the system after running the payload for the new account to show up.
Shell Spawn - Opens a command prompt as NT Authority\System (Vista\Win7 Only)
SwitchBlade Exec - After reboot will execute Leapo's PocketKnife payload, the script goes from drive Z-->B looking for the file \SYSTEM\go.vbs Edit the sbexec.bat if you want it to run a different payload. If the payload isn't found it will ask you to run a custom file.
Note: On Vista and Win7 you must select 'Yes' to set file permissions if asked, or the payloads wont work

Resource Tools:
Notepad++ - Simple text editor
ResHacker - Resource editor
eXe Scopre - Resource editor

Network Tools:
Angry IP Scanner - Fast and simple IP Scanner
FireFox 1.5 - Web Browser (BartPE Plugin)
Filezilla - FTP Client
Putty - SSH Client
Ultra VNC Viewer - VNC (Remote Desktop) Client

Screen Shot
1zf1ixh.png

Downloads:
Current Release: Ver 0.8 Beta 5, 3/7/09
Download APE v0.8 - Beta 5
(Fixed Link 3-15-2010)
Ophcrack Rainbow Tables (Free):

Download XP Rainbow Tables
Download Vista Rainbow Tables


How to Install:

0. Download, Plug in USB Drive
1. Run Ape_USB.exe - (SFX RAR File)
2. (If doesn't autorun) Run "APE_USB_MAKE.bat"
3. (Optional) Configure Payload, or Patch in Rainbow Tables.
4. Go pull some pranks on your friends ;)

Notes:
Patching Rainbow Tables:
Use your favorite ISO editor to patch the tables into the attackpe.iso, should be in the root of the thumb drive after running "APE_USB_MAKE.bat" or "Ape_USB.exe" Tables go in \ape\ophcrack_pe\tables\ you have to patch the tables in after building the .iso or the CRC gets fucked up and it won't boot!
1

Share this post


Link to post
Share on other sites

Sick dude.

Nessus, and JohnTheRipper would be nice to see on there.

Great set of tools, looking forward to using this personally.

0

Share this post


Link to post
Share on other sites

thats sweet man. ive been playing with it in a VM for a few hours. i haven't had any problems with it. a few suggestions i could make would be to add cain & able (i know its a tool that is looked down upon but there is no denying that it dose have a lot of useful features) maybe wireshark. i like how the UI is real simple and not cluttered with things that you dont need. im really looking forward to the future releases! if i can help with anything pm me.

0

Share this post


Link to post
Share on other sites

Ha, you got to it first. Great job, works as described. The only thing is the legality of using windows PE. I am working on some other things at that my help clear that up and just automate the process. Shot me a PM and maybe we can work on it together.

0

Share this post


Link to post
Share on other sites

well done! I was hoping someone would do something like this,

I would only suggest that you make the USB payloads either built in. (IE, password dumper etc)

again, Good job!

0

Share this post


Link to post
Share on other sites

The box is done....

now let's put a lot of hack stuff inside!

;)

0

Share this post


Link to post
Share on other sites

You are like god in hak.5

nice work looking forward to trying it out

0

Share this post


Link to post
Share on other sites

looking forward to trying this out but it doesnt have the drivers to access my laptops hard drive,i could add my own to it if it would be ok with the author to extract the iso a bit?

0

Share this post


Link to post
Share on other sites

Hey um i am sorry for asking this but how do u boot this off with unetbootin i have boot previous version of distros off usb using unetbootin. After i make the usb and boot it the screen is grey where it just countdowns the boot then loops again any ideas or am i just doing it wrong.

0

Share this post


Link to post
Share on other sites
Hey um i am sorry for asking this but how do u boot this off with unetbootin i have boot previous version of distros off usb using unetbootin. After i make the usb and boot it the screen is grey where it just countdowns the boot then loops again any ideas or am i just doing it wrong.

lol, your right. the version posted doesn't work with unetbootin (i was using an earlier test version on my drive). Working on a fix, ill let you know what i find.

0

Share this post


Link to post
Share on other sites
lol, your right. the version posted doesn't work with unetbootin (i was using an earlier test version on my drive). Working on a fix, ill let you know what i find.

good that mean i was not not doing it wrong :P

Thanx for the fix!!!!

0

Share this post


Link to post
Share on other sites

Xp and Vista versions ready...

good work...indeed!

;)

0

Share this post


Link to post
Share on other sites

This is an awesome project. Props to you man. This has potential to be great. Will be testing through out the night, I will post back on my findings. :P

0

Share this post


Link to post
Share on other sites

Interesting project. I tried something similar for the USB Chainsaw that was never released. My goal was to boot a computer from the CDFS partition on a U3 drive (It actually shows up as a CDROM in the BIOS so many older computers that don't support USB Booting would still be viable targets).

The target PC would boot into a freedos shell, from which they would automatically mount the local drive (even if it was NTFS formatted, I had a freedos driver for NTFS read support). The Chainsaw would then copy the SAM to the USB partition. The next step was to pwdump it and run it against a set of rainbow tables on the drive.

Basically Ophcrack USB Live before it existed. I gave up soon into the project when I couldn't get rcrack to work. I should have just released it as is.

Anyway, there is something to be said about a USB device that you can boot off that will automatically (and hopefully invisibly) grab the sam.

Also remember if you're on the target PC's HDD in your own OS you can replace the accessibility program with your own. There was a hack last year floating around this forum where, if you could replace the file (in use when windows boots) you could simply press WIN+U at the XP Welcome screen to launch your own payload, no need to login.

0

Share this post


Link to post
Share on other sites
Also remember if you're on the target PC's HDD in your own OS you can replace the accessibility program with your own. There was a hack last year floating around this forum where, if you could replace the file (in use when windows boots) you could simply press WIN+U at the XP Welcome screen to launch your own payload, no need to login.

Hehe, i have already begun work on just such a payload...

34ql2er.png

0

Share this post


Link to post
Share on other sites

The project is growing...we stay tuned!!!

;)

0

Share this post


Link to post
Share on other sites

Released an update w/utilman hacks, let me know how they work :) (have only tested them in VMs so far)

Note, if you use your USB drive you can put A.P.E. and Leapo's Pocketknife on it for all-in-one pwnage.

0

Share this post


Link to post
Share on other sites

Is there a full tut for this and can we remote-connect to control the comp?

0

Share this post


Link to post
Share on other sites

v.0.8 has really a very straight installer!

0

Share this post


Link to post
Share on other sites

This requires us to boot from the usb to use the backdoors etc, right?

0

Share this post


Link to post
Share on other sites

Yes....except for Leapo's.............

0

Share this post


Link to post
Share on other sites
This requires us to boot from the usb to use the backdoors etc, right?

Only to install it, after that just run NConnect.bat (NetCat) from any computer in normal mode or PE. For the FTP payload use any FTP client you want, and its just a blank username/password. Still adding some stuff to this, remember its a work in progress.

0

Share this post


Link to post
Share on other sites

Cmdo - Installs a netcat backdoor to port 69 (Reverse Shell), use NConnect to connect to victim (fixed the bsod bug)

--> is it really that simple?? You just install that and than you are able to connect to your victim computer from let's say your home?? what about protection from the firewall of your router?? Just fire up Netcat en your of to go?ß

0

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.