X3N
-
Posts
270 -
Joined
-
Last visited
Posts posted by X3N
-
-
But wouldn't you need admin rights on the target computer in order to run truecrypt? Since truecrypt needs to install drivers in order to mount the encrypted volume as a drive. Or are you thinking of using it in some other way? ;) Cant seem to find anything through google that would work but im a poor little nooblet so i guess i'll just have to keep looking.
Most of the programs that do lock up computers well arn't freeware jobs and have some sort of evaluation popup so that spoils the fun.in order to have an encrypted hard drive you need a passkey or pass phrase that unlocks the entire partition and by definition you pretty much have to be an admin. If you just wanted to lock your computer all you have to do is hit windows key + L which locks it. Now it would also be possible to write some vbs code that watches WMI for a certain usbdrive instertion which could lock if removed... but really why would you spend the time to program that when you can just hit Win + L to lock your computer...
I understand the concept your thinking of though here which i think is like biometric style watching only with a usb drive... which is a little more complicated... considering you'd have to write your own program locking mechanism for your computer that totally bypasses windows login features... unless theres a way to intgrate with them... but i doubt it.
-
I didnt know that about python, Ive seen sooo many tools that can steal creds and what not. Hmm, if that is true i may be switching to that. Thank you
yeah thers a script called py2exe that does it .... i havnt successfully done it yet because i havnt gotten that far with the development... but that shouldnt be too far off
-
its all about executor or launchy and maybe a screendock...
-
you could do something like that with truecrypt
-
I have to admit i know very little about python, i can read it and modify some of it, but i am in no way fluent. However it is my assumption that you would have to have the frame work installed in order to run the script.
Also sending the log file is some what of a good idea but now it is adding more. I guess its a good idea because the marks IP would be in the header, revealing the need to have another program call home. Also i was looking at scheduling a delete of the log file once it was sent, or should that be done by the attacker?
the python script can be compiled into an exe after its developed also the autoIT is compilable into an exe. also depending on how you wrote the code the log could be stored as a variable or hidden temp file to be sent out after it completes in order to avoid needing to cleanup afterwords...
-
yeah no icons here either
-
I had a problem with that part, when i chaged that attrib to +sar the key loggers log file wont show up either. I gues we can create that first and just give it a hidden attrib.
Also looking at THIS for emailing logs if that is implemented along the way.
On the subject of remote shells I was also looking into adding openssh as well because its less likely to get picked up by AV.
i have some autoIT code that will send mail which is even compatible with gmail. i have some python code i been working on to send log files via google talk too... and i been workin on tryin to make a custom reverse shell in python using xml-rpc
-
pf is best
-
is there a way to prevent anti virus software from detecting all the tools that keep the USB exploit alive?
unfortunately avira tells me it recognized the usb hack :(
there are ways.
-
also im looking into rootkits for ideas... theres alot of source code on that site i think we could roll our own rootkit for this payload.
-
http://code.google.com/p/creddump/
here is some cool code i found although it isnt really working for me right now... i think its referencing some module i dont have
-
Thats awesome, thank you very much. I am still reviewing what it is exactly that I want, i.e. to include the keylogger. There would not be a need for the logs to be sent off because you could transfer it via remote shell. Another thing i was considering is the "guest trick". Where when logged on via guest a batch script containing instruction to create an admin account is placed in the admins startup folder. If that is modified to allow RDP then we can install the shell via RDP when the owner is away from their desk.. Just throwing things out there :).
i been tweaking some of the autoIT code for the remote switchblade..using psexec.exe i was successfully running it on a remote computer you still need domain admin rights and thers the issue of what user account the programs are run under... so im looking at other methods of information retrieval. But the payload executes fine and logs to the remote computer fine.
The payload i was running just outputs the results to stdout
so basically. Theres an exe payload.exe
then theres a bat file i created to run the payload with psexec.exe \\remotecomputer -u admin -p password payload.exe
Then open a command prompt and type payload.bat > output.log
This can and will all be scripted correctly later but for testing purposes it works fine.
but it would be easy enough to tailor this to setup a reverse backdoor and etc...
my only complaint is that we are still tied down to these nirsoft programs which are not open source.
In the long run i'd like to get some of this password dumping code released as open source and rewritten in different languages. Also the limitation of the nirsoft programs is that they only dump information of the currently logged on user.
-
no, i was there when the put it on my computer however, i only knew the program name and i went from there to try to resolve my problem, and i have not gone on this forum from a computer at my house
if its your computer then reinstall windows or install linux with an encrypted harddrive. Or just run a linux live cd.
if its not your computer dont mess with it.
-
find and delete all exe's and dll's associated with the program.
-
part of my idea of writing the payload in python would be cross platform compatible... what i been thinking of doing too is writing a bunch of scripts in python that would be included on a minimal distribution of Linux to do administrative tasks on a windows machine all this could be included on a boot cd or boot usb drive... so the payload could be run on a machine on reboot... it would be far more complicated then the current switchblade... and would probably have a name like machete... so in the end the payload could be run from windows on insertion or if you booted from the stick it would load linux text only and grab all the same info from windows...
so if anyone likes this idea let me know... also is there anyone that knows enough python to assist?
-
what is the average time for JTR to crack a hash, of any type? will it always get the full password and what is the best mode to use? also how do i find the hash to use in the first place and then how do i ID the type of hash it is? i just started using it and i want to know what to expect
thanx
a long time
-
yes
-
That might go against the point of the test.
We're trying to verify the security of his online server. But I'll still be able to make use of the information you've provided. Maybe I should give USBSwitchblade a second look.Thank you.
Running an exploit is the only way to get unauthorized access to someone's computer?
I find it so odd that someone like me, who has been using computers since the 80s, is having a hard time understanding this when 12 year olds today are able to hack without any problem. :( What in the hell are these kids reading? I want that. lol.
Oh noes. This is a white hat attack. I don't want to do anything that could do serious damage.
create your own trojan...or a reverse bindshell... use metasploit
-
I could never understand why someone would recommend something like Debian, Fedora, and (especially) Slackware to someone who is new to Linux. I've been using Linux for many years now and I still have problems with those distros. Ubuntu is the epitome of ease. It's the only distro worth recommending to those who just want to get their work done, and would rather not spend too much time tinkering with settings.
actually those distro's are just as good as ubuntu just easier for the windows convert. building linux from scratch or a minimal install like debian is a great learning process.
-
if you have physical access to the computer then just usbhack him.
odds are good your not going to be successful with hydra your better off using some exploit.
or just pack your trojan into some file he will open. then email it to him or trick him into opening it by binding it to another exe...
-
really? the one i use in autoIT works perfectly fine...i haven't noticed any cpu shortages (and my computer is not that good). the keylogger uses the hotkey feature.
do you know how to make netcat undetectable? most antvirus applications are extremely hostile to it.
i don't like using avkillers and 99% of packers are detected.
i thought of hex-editing, but gave up after an hour of trying.
you cant really make netcat undetectable... but its easy enought to write a netcat clone in autoIT or python...
-
So Ive been contemplating making a new payload for a while... These are some of the things that I want to inplement:
1. No .VBS or .NET
2. Mostly command line, and the .BATs will all be .EXEs, just because i like those better
3. Dump SAM or create a New admin, via command line, preferable both
4. Install a remote shell, this part is already take care of
5. Dump a list of all users on the computer
And thats about it. The remote shell autoruns and adds itself to the registry. I want to keep this as small and as basic as possible.. So there isnt any slurping of docs and what not, maybe pics ;). The dumping part will be done via command lin, ie. run rs.exe, because the shell copies its self onces its ran. Other than that i have a good keylogger, runs low on mem and can be customized... Right now I am still looking for ideas, so if you have any let me know.
i been thinking of trying to write it in python... and also maybe reworking the tools of thepayload to be just scritps then the entire thing can be made an exe
-
yeah...autoit is kindof noobish in general...but much better than batch (in my humble opinion).
The autoIT payload looks great. It should help clean up and expand my payload.
Fileinstall is pretty good in general. Occasionally, I receive errors while using it.
Eventually, I hope to expand my payload to include:
-backdoor which works through firewalls (partly successful--the output doesn't always bounce back)
-keylogger (almost finished)
-self propagating hacksaw (work in progress).
i was just using a reverse netcat shell
if you were planning on writing the keylogger in autoIT you might want to rethink it... it eats up to much cpu
-
I just noticed that netcat hasn't been updated in 4 years. Does it still work as well today, or should I consider socat?
http://www.dest-unreach.org/socat/
Ah. So I need to use 'back door' as my search topic? That clears up a little confusion.
Thank you.
netcat is the bomb... still
you should research reverse bind shells
Most of the programs that do lock up computers well arn't freeware jobs and have some sort of evaluation popup so that spoils the fun.
We're trying to verify the security of his online server. But I'll still be able to make use of the information you've provided. Maybe I should give USBSwitchblade a second look.
Adding new disk to FreeNAS
in Questions
Posted
its easy as pie... just install and format and then share it.