Usb Lethal Injection?

[teknicalissue]

hello, im new to this forum but it looks really kick @$$

EDIT: this may seem skidish but hey?, a contribution is a contribution right?

now while watching you vids i was actually thinking. .  what if i want to take passwords from the target computer AND "Disable" it to its knees where the only way to bring it back is to reformat.  now how is this done? well i used fgdump for the passwords (if anyone can provide a link for IE passwords and stuff like that i would HIGHY appreciate it) and once that has been opened, it proceeds to open up the "Injection" what the injection does relies on two things.

is the user running enough privlages to edit protected system files?

if yes then edit the system32 files AND the sytem32 back up files, also edit the

files that allows the system to be accessed through safe mode.

if the user is not running with enough privlages then place a specific file

into the all users start up (ONLY IN XP)

and launch a message saying ("The system has been infiltrated, please log in as an administrator and edit security settings")<---- or something along those lines.

maybe a basic fork attack to convince the IT in the target work place to log in as an administrator.

once the IT logs in as administrator, the whole system files editing comes in to place, thus bringing down the system to its knees AND you have a few password hashes as your reward. 

i hope this helps =) btw I love this forum/Hack. 5 haha its pretty awsome

[natural_orange]

And that is what we call a virus...

Would you really want someone to do that to you? probably not...

[SomeoneE1se]

I'll help you figure it out if you can name one white hat use for this

[manuel]

oh that kind of lethal injection... I thought you meant you'd swallow the drive and hope it lethally inject you.  Here's to hoping.

[teknicalissue]

actually ive already made it lol, im just posting it so people would know =) a white hat use? im not gonna lie i don't really see a white hat use... and yes natural, i agree lol i would hate this to be unleashed on me (even though i unleashed it on myself by accident 2 times lol) but yea those are my 2 cents

[SomeoneE1se]

wow, you're like that DEA angent "I am the only in this room who can handle this glock9" *bang* he shoots himself in the foot.... only you

did it twice...

[teknicalissue]

hahaha thats basicly how it went, first incident was when i first finished the first batch.. lol haha i was like "lets try it =)" lol so i unleashed it on me and the second time was when i had the flash drive ready haha i accidently pluged it in thinking it had my essay and guess what? haha my comp's O/S was done and gone lol

[Darren Kitchen]

White Hat use: Switchblade payload that echo "Your system has been compromised. No data was stolen. You have not been infected. This note describes the vulnerability and possible workarounds. blah blah blah" >> "%userprofile%Start MenuStartupNotification.txt"

Back in the day while wardriving we'd look for shared printers and print out a little notice about how to enable WEP (WPA wasn't out yet).

[teknicalissue]

haha yep there you go =)

[SomeoneE1se]

not for the switchblade, I've seen white hat uses for it*, but for this payload What's the white hat use for fucking over an OS?

(*moonlit you need to build a anti USB hack payload)

[teknicalissue]

well a white hack use for this i would think is basicly to test your skills...then again that would go more towards the gray hat side.... i mean if you were an IT professional and i were to bring this issue upto you, wouldn't you do something about it kinda thing? lol but then again lol this falls under alll sorts of usb hacks haha i honestly don't think there really is a complete white hat use for this

[moonlit]

Please report to Moonlit's office, c/o whichever is the nearest country where murder isn't a punishable offence. Thanks.

[teknicalissue]

wait. huuuuhhh?? haha and i can name a country where you CAN get away with murder =), venezuela.

[moonlit]

I'm running low on methods of textually suggesting that I'm thoroughly pissy with people who design things specifically to fuck with systems. At least some method of preventing the attacks or antidotes would be nice.

[chazzm]

I gotta say to post this kinda thing is alright, BUT I would think that a way to prevent this would be a much better way to spend time!!!

I mean if you are that pissed to do something like this to someone maybe you need a time out or something LOL,,,

("Hacking" Get in, Get out, Leave no trace!!!)

[Xqtftqx]

just hit the fucking thing with a hammer, less work.

[Scorpion]

I would say one way to stop it from happening is disable Autorun or make the program look for a little file in a certain area if it see it, it wont attack thats what i've done with one of my programs that TAKES pictures from My Pictures and My Documents and sends it by FTP to a server (works well). A third option is when it saves a file on its drive the computers name so its like i've already been here or he's in my list i wont do it honest

[teknicalissue]

haha moonlit lol im not gonna use it on some one else i honestly just like having something like that with me, lol same feeling as when you write a program and your like OMFG IT WORKSS!!!, honestly guys ha i really don't have any intensions on using it on some one, like i said lol it was just an idea i had.. NOW to prevent this sort of thing, have a batch file (or any other type of file) that saves/records and backs up your sytem files AND make it run on everyrestart on the autorun in the C: drive... lol goodness haha im sorry for posting this post, to me it looked like a sound idea =/

[nicatronTg]

When I read the topic, I thought that you modded a usb drive to give you a lethal injection. Didn't we have a "No harmful USB hacks" thread? Oh, yes, here: http://hak5.org/forums/index.php?showtopic=8358

[teknicalissue]

my bad lol, if you guys want delete this post, i don't wanna break your rules =)

[nicatronTg]

My guess is that it is fine, as Moonlit already has seen it, and usually pwns the thread if it is bad, before it gets elaborate.

[teknicalissue]

haha good lol but yea, lol i don't wanna give a bad first impression or anything

[nicatronTg]

You want to see the topic entitled: "readme.txt - the final readme", as it has valuable information that you may need for this forum.

[Angablade]

I have figured out after a while how this could be used as a white hat use. Now place yourself in this predicament:

You have been hacked.. and it's valuable information about your credit shit.. not.. say you know who it is.. you can access the computer and the files.. but you don't want to be known by the person.. So, You put the injection in.. and bam.. your shit is protected.. :)

Now, this may never happen.. but to keep in mind.. that you asked for a white hat use.

[SomeoneE1se]

I have figured out after a while how this could be used as a white hat use. Now place yourself in this predicament:

You have been hacked.. and it's valuable information about your credit shit.. not.. say you know who it is.. you can access the computer and the files.. but you don't want to be known by the person.. So, You put the injection in.. and bam.. your shit is protected.. :)

Now, this may never happen.. but to keep in mind.. that you asked for a white hat use.

how about unplugging the ethernet cable