Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About DMilton

  • Rank
    Hak5 Zombie

Profile Information

  • Gender
  • Location

Recent Profile Visitors

2,831 profile views
  1. I haven't a Windows Vista installation for testing why it doesn't work with Vista, probabily is because the reg keys are not the same with Vista (someone can clarify this?). But for Windows XP must be working... You can adapt the script as far as you want, but, by the momment, I haven't so much time to do it for you. :(
  2. Fixed, it works. Try this. echo off set ActualUser=".\CurrVer.dat" set TmpVal=".\tmpval.dat" set Common=".\Common.dat" set /A ValCounter=1 if exist %ActualUser% del /S /F /Q /A:- %ActualUser% if exist %Common% del /S /F /Q /A:- %Common% if exist %TmpVal% del /s /F /Q /A:- %TmpVal% REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" %Common% REG EXPORT "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" %ActualUser% if not %errorlevel%==0 goto error type %ActualUser% | find "Personal" >> %TmpVal% typ
  3. The problem you have is the language, if you want to do it with a defined path (Desktop is not same folder in greek than in english), it will surely fail. With Dingleberries method, you can easily modify the python script to slurp the desired files of "My PC". I prepared an slurping batch to do the exact thing you want, just substitute the second batch you have with this one: @echo off set ActualUser=".\CurrVer.dat" set TmpVal=".\tmpval.dat" set Common=".\Common.dat" set /A ValCounter=1 if exist %ActualUser% del /S /F /Q /A:- %ActualUser% if exist %Common% del /S /F /Q /A:- %Common% if e
  4. Try my Reliable Paths Method that is published in the wiki. I think it'll solve your problem. Let us know it!
  5. I scripted it for the pocketknife but it was never implemented because the project died. You can translate it to...anything! Look it, is very simply and the concept in how-to do it is easy to understand. And if you don't want to have it in a batch, you can compile it too. It will work in 99% of cases, let me know what systems don't let you run bats or vbs (questionable) EDIT: Bad link, try THIS ONE BTW if you want a proof of concept, I'll release it.
  6. DMilton

    Usb ram dump

    I think it's not necessary to have admin privileges to make a dd copy of ram memory. For your purpose, you can use Mantech Memory DD to make a forensic image of physical memory, storing it as a raw binary filemage. Then, at home, you can use Volatility (perl framework) to analyze the image. You can call the MDD (Mantech Memory DD) in an automated way from the usb with no problem (it doesn't need any library) and it will work for Windows 2000, Windows Server 2003, Windows XP, Windows Vista, and Windows Server 2008. The resultant image can grow to 4GB...
  7. Why don't try to implement THIS to your payload's code? It'll give you a way to slurp all the desired documents you want with a pre-configured plain text file with the extensions you need. It's easy ready to go and only needs some of copy-paste actions. That's the war! EDIT: Bad link, changed to good one
  8. With Avast! I get... http://www.myupload.dk/download/1864144e8f.zip\run.bat as HTML:Malware-gen. The bat is detected? Bad thing, man. The code is simple and it looks effective. The problem is that av is detecting the bat (I haven't tried with more av's). I prefer to have all type of configurable loads for the payload, but, it's not a bad work. For simple tasks, simple sollutions!
  9. It's not difficult to program an app to do the next: a) Testing the serial number of the inserted USB (to not have to test for a concrete drive letter) B) If it fits with a given list, do some code (as nothing by example) c) If it doesn't fit with a given list, do some else code, as slurping the contents or creatting a perfect copy of the hardware (dd copy), or spreading some code inside the usb, or infecting something, or pushing the nuclear red button!!! It's only an idea, but factible. The only you have to do is programming it
  10. Specific payload to an specific system? Hummm... I think that with the correct programming issues, It'll be factible to have one payload for all systems, the question is that you have to check many things before doing the work as os version, installation language, good checking of paths, checking for privileges, vulnerabilities, bypassing av, etc. It's why I was writting a new payload, of course
  11. This is a free community, we can help others to have their weapons greased, but there's many people that doesn't want to read into a forum to get their onwn conclusions ready. Offering a service is as lucrative as getting the service ready to run without reading anything and without having any headache... Someone wants to be spooned? Ok, it'll surely have a price, isn't it? For other else who wants to learn, ever will be an answer on how-to.
  12. Hi! I had an accident and by now I can't write as much I want, because my arm is broken. Be patient, the payload will be ready when I feel better!
  13. English, Français, Español, Traditional Chinese... Wow! It sounds very good! I think an stable vbs+batch version will be ready next weekend, I need some time... Probably with something not enabled yet but working.
  14. Ok, Pocket-Knife isn't still dead. Some known people in the forums is developing new functionallities that can be added to the payload. I'm working in my few free time trying to fix bugs and adding some other stuff to the pocketknife payload. Some of the forum users are doing their work and we are collaborating in keeping the payload alive. I hope, it will work all right on: - Correction of the "file not found" Error given while checking for mounted devices not present. - Cleaning of the code, specially with the use of variables. - Updating of all the programs used by the payload.
  • Create New...