X3N

i have a laptop that has vista and after i tweaked it a little to make it more usable it works fine as a laptop.... Plus there is the learning factor involved... vista will one day surpass xp as time goes on. Its just a matter of time. Like holding onto windows 2000... Best to just get used to vista. Tweak your system to not use the visual effects and it will run alot faster...

So my concept here is taking a payload that adds a new user with custom password, binding that to a critical system process. Then killing the process forcing windows to restart the process with the new hacked program bound to the original exe. The concept should be easy enough the trick is finding what exe or dll can be used when not the administrator and how to kill it > infect it > restart it. The killing should be easy enough with an external program like pskill or another process killer program. The infection process basically consists of writing a vbs or bat or autoIT script to add a user with admin priv's. Then binding it to some .exe with upx or some other exe binder. Windows should take care of the automatic restart of the process or some application that a user has access to can have the payload attached.

Right now i have two fully functional versions i wrote in autoIT. One that saves the log to the usb drive and the other saves it to the drive and emails it to a gmail account. The thing i really like about autoIT is that you don't need any external programs to do the ssl emailing to gmail and that it can be compiled into an exe easily and its super easy to make it very stealthy. In my experience the .bat method yielded inconsistent results. Before i post my code i'd like to know if enough people are interested in testing it and making it better. I think it would be beneficial for continued development of the payload if a way can be found to do the same thing the nirsoft programs can do in some scripting language that way its more portable and hackable. The only downside that im considering is that if this is developed in autoIT then is autoIT going to be permanently flagged by AV software. Ideally i think it would be cool to port this to python perl and ruby in the long run. I think it would be good if we started working on replicating what these nirsoft programs do in other scripting languages. For example the dumping of passwords and autofill from IE and firefox, dumping the computer information, also the killing of AV software and infecting the computer with various other payloads. A problem i've run into is that these nirsoft programs are pretty much always flagged by AV software. While in some cases killing the AV software is an option in other situations its not really feasable. If the concepts are ported to other scripting languages you can bypass AV without killing it. P.S. does anyone have the source code for the AVkill program and the source code to a Keylogger? I dont like using exe's from unreliable sources. I'd rather compile them myself so i can check the code first.

Ok. So what i've noticed here is that basically the scripts are being refined but no new features are being added or even looked into. What i've tested regarding the switchblades and pocketknives and hacksaw is that they only work for the currently logged on user. What id like to see is someone tackle creating one that will run on the currently logged on users profile and then whoever else has a nonpassworded account on the pc or one that if the currently logged on user is admin then changing the password on the other users accounts to run the payload on those accounts while still logged in as the originally logged on user then change the password back to what it was.

I just noticed this topic... there are some interesting ideas.... however there are a few problems. Everyone that should know, knows how easy it is to add an administrator account with rebooting. Using a Linux distro or some other UBCD method. What I'd like to know is if you are a normal user on a system can you add a new administrator account without rebooting and on a system that has a password on the administrator account. Reading through this topic I've found some common problems with people's "methods". 1. The at command hack is only going to work on some systems that don't have it locked out. 2. Rebooting is just not an option. 3. Other ways involve adding a user to a system that doesn't have an admin password. 4. cmd.exe is usually used... some systems may have this locked out as well. So what I'd like to see is something that works on a locked down system. Without rebooting. The key to this is going to be modifying some process or service that runs as system. Replacing it with a hacked version of the .exe or even possibly infecting a .dll file that gets loaded by a system .exe. This also needs to be done without rebooting and without any admin access. Having access to executable's on a thumb drive is permitted. If this could be bound to a .doc or .pps or some other office format would be cool too. So this is my challenge to all yall's.

i think ive mentioned before about me rewriting this thing in autoIT script.... curious as to why .bat is still being used?

better yet never leave your laptop unattended.

write a script or use any kind of sync software

why?

the exe's can also be repacked to get by av stuff...

i will be also switching to autoit for sending mail via smtp + ssl instead of using blat and stunnel because creating a service and then deleting it is more messy then just using autoit. I like to have the output of the switchblade to get emailed to myself as well as saved on the memstick. In regards to using autoit instead of bat scripts it tends to be more reliable... bat scripts fail more often for unknown reasons...

Name: Ben aka X3N or funnylittleman Age: 25 Favorite OS: gentoo/linux/c64 Specialties: Random hardware hacking, USB hacking dev, AutoCAD Job: Sysadmin, Civil Designer... etc...

im curious too

in autoit i setup my script to search for a volume label to set the drive letter variable... you could also use the drive's serial number. lots of options.

Yeah i noticed that a while back when some of my other scripts got flagged for no reason... Maybe i wont post my code...

I was wondering if anyone knows why the universal customizer doesnt work on vista? My guess is that it has to do with the drivers being different. Does anyone have the source code for the UC or know of a way to make it work in vista?

I'm new here... I am rewriting the switchblade in autoit and was wondering if anyone is interested in that or if they wanted to contribute. Once i complete the payload i will post the source code. AutoIT has some cool ways of doing things in windows that is far superior to vbs or bat scripts. However I am making it compatible with some existing bat scripts. Also i am interested in doing this same thing in different scripting languages including Perl and ruby. Does anyone have experience with creating portable Perl or ruby environments for development and or deployment on systems that dont have the binaries installed already?