My whitehat U3 payload

[Paladin]

Well it does run the vbs scripts it just does not seem to autorun the vbe on the iso portion of the drive. So I was wondering where I could get access to the vbe source so that I could see why it won't run. Anyone know where I can get it?

[majk]

Well it does run the vbs scripts it just does not seem to autorun the vbe on the iso portion of the drive. So I was wondering where I could get access to the vbe source so that I could see why it won't run. Anyone know where I can get it?

Someone posted a converter in one of the threads in this section.

[remkow]

I guess that was me :P

This is the original source of the autorun file:

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set colDrives = objFSO.Drives

For Each objDrive in colDrives

If objFSO.FileExists(objDrive.DriveLetter & ":wipcmdgo.cmd") Then

strPath = objDrive.DriveLetter & ":wipcmd"

strcmd = """" & strPath & "" & "go.cmd" & """"

CreateObject("Wscript.Shell").CurrentDirectory = strPath

CreateObject("Wscript.Shell").Run strcmd, 0, False

End If

Next

[Paladin]

I just realized what it going on.

The prefetch line in the whitehat payload is waiting for a user input Y/N. Is there anyway to bypass this or do I need to just comment out that line since there is no window to input the Y/N in.

Secondly if I do comment ou the prefetch line then it fails creating a restore point. Any idea why this might be? Never tried to create a restore point before.

[Paladin]

Another thought, Is there a reason you chose a-squared as opposed to AVG?

[remkow]

You really could've done some research on your own man.. Replace the lines which delete temporary files with this:

del C:WINDOWSTemp*.tmp /Q

del C:Documents and Settings%username%Local SettingsTemp*.* /Q

del C:Documents and Settings%username%Local SettingsTemporary Internet Files*.* /Q

del C:Documents and Settings%username%Cookies*.txt /Q

del C:WINDOWSPrefetch*.* /Q

And I chose a-squared because I've used it before as a command line, and had it on my HDD already, and I have never seen a command line version of AVG.

[Paladin]

Sorry about the n00b question. I actually knew about /Q but wasn't sure if this was the proper way to accomplish this. Guess I should have asked differently. But thanks for the response.

avgscan is the command line version of avg and comes with avgfree. Just wasn't sure if there was a specific reason you chose it. I think I will see if I can get AVG a try since it is the free antivirus program that I choose.

[HarshReality]

Hey, yea I know old thread... does anybody have this or can make it so it just installs on a u3 drive as a program... then it could be selectively ran rather than autoran.

[trustme]

That's a good idea, might want to start a new thread, I would recommend a bat to exe program if you want to use a packer and it requires an exe.

[HarshReality]

To Quote Wargames... the only logical way to win is not to play at all

[trustme]

See my above comment... mod feel free to remove.

[sablefoxx]

Very cool payload, running it now had about half of that already set but still way to think about things outside the box!  Very cool, and props my good friend!

[K1u]

Good job!

[felony_destined]

I think I'm gonna use this a definite+