Paladin Posted February 10, 2007 Share Posted February 10, 2007 Well it does run the vbs scripts it just does not seem to autorun the vbe on the iso portion of the drive. So I was wondering where I could get access to the vbe source so that I could see why it won't run. Anyone know where I can get it? Quote Link to comment Share on other sites More sharing options...
majk Posted February 11, 2007 Share Posted February 11, 2007 Well it does run the vbs scripts it just does not seem to autorun the vbe on the iso portion of the drive. So I was wondering where I could get access to the vbe source so that I could see why it won't run. Anyone know where I can get it?Someone posted a converter in one of the threads in this section. Quote Link to comment Share on other sites More sharing options...
remkow Posted February 11, 2007 Author Share Posted February 11, 2007 I guess that was me :P This is the original source of the autorun file: Set objFSO = CreateObject("Scripting.FileSystemObject") Set colDrives = objFSO.Drives For Each objDrive in colDrives If objFSO.FileExists(objDrive.DriveLetter & ":wipcmdgo.cmd") Then strPath = objDrive.DriveLetter & ":wipcmd" strcmd = """" & strPath & "" & "go.cmd" & """" CreateObject("Wscript.Shell").CurrentDirectory = strPath CreateObject("Wscript.Shell").Run strcmd, 0, False End If Next Quote Link to comment Share on other sites More sharing options...
Paladin Posted February 13, 2007 Share Posted February 13, 2007 I just realized what it going on. The prefetch line in the whitehat payload is waiting for a user input Y/N. Is there anyway to bypass this or do I need to just comment out that line since there is no window to input the Y/N in. Secondly if I do comment ou the prefetch line then it fails creating a restore point. Any idea why this might be? Never tried to create a restore point before. Quote Link to comment Share on other sites More sharing options...
Paladin Posted February 13, 2007 Share Posted February 13, 2007 Another thought, Is there a reason you chose a-squared as opposed to AVG? Quote Link to comment Share on other sites More sharing options...
remkow Posted February 13, 2007 Author Share Posted February 13, 2007 You really could've done some research on your own man.. Replace the lines which delete temporary files with this: del C:WINDOWSTemp*.tmp /Q del C:Documents and Settings%username%Local SettingsTemp*.* /Q del C:Documents and Settings%username%Local SettingsTemporary Internet Files*.* /Q del C:Documents and Settings%username%Cookies*.txt /Q del C:WINDOWSPrefetch*.* /Q And I chose a-squared because I've used it before as a command line, and had it on my HDD already, and I have never seen a command line version of AVG. Quote Link to comment Share on other sites More sharing options...
Paladin Posted February 14, 2007 Share Posted February 14, 2007 Sorry about the n00b question. I actually knew about /Q but wasn't sure if this was the proper way to accomplish this. Guess I should have asked differently. But thanks for the response. avgscan is the command line version of avg and comes with avgfree. Just wasn't sure if there was a specific reason you chose it. I think I will see if I can get AVG a try since it is the free antivirus program that I choose. Quote Link to comment Share on other sites More sharing options...
HarshReality Posted December 23, 2007 Share Posted December 23, 2007 Hey, yea I know old thread... does anybody have this or can make it so it just installs on a u3 drive as a program... then it could be selectively ran rather than autoran. Quote Link to comment Share on other sites More sharing options...
trustme Posted December 23, 2007 Share Posted December 23, 2007 That's a good idea, might want to start a new thread, I would recommend a bat to exe program if you want to use a packer and it requires an exe. Quote Link to comment Share on other sites More sharing options...
HarshReality Posted December 23, 2007 Share Posted December 23, 2007 To Quote Wargames... the only logical way to win is not to play at all Quote Link to comment Share on other sites More sharing options...
trustme Posted December 23, 2007 Share Posted December 23, 2007 See my above comment... mod feel free to remove. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted December 24, 2007 Share Posted December 24, 2007 Very cool payload, running it now had about half of that already set but still way to think about things outside the box! Very cool, and props my good friend! Quote Link to comment Share on other sites More sharing options...
K1u Posted December 24, 2007 Share Posted December 24, 2007 Good job! Quote Link to comment Share on other sites More sharing options...
felony_destined Posted January 5, 2008 Share Posted January 5, 2008 I think I'm gonna use this a definite+ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.