Verye

Don't know what to tell you guys. It would auto-run if I clicked "open folder," and after a data slurp put a picture on it, it asked me how it wanted to handle pictures on CDs (though, this applies to any removable disk) from now on. I said to have it auto-open them, and it does. It's possible that the open folder/auto-open picture thing has nothing to do with auto-running, and auto-running is just, for some reason, enabled my default on my computer. I really don't know, sorry. :(

Leeeaaapooooo Any ideas on how to make the payload more...compatible...with Vista?

Which payload? PocketKnife self-starts for me. I put a picture on it, told Vista to auto-run all picture CDs, and boom, it auto-runs just fine. Before that, it would simply ask me what to do with the removable disk, and if I clicked "open folder," it would also auto-run.

Everyone gets that error, myself included. I'm too lazy to edit GO.vbs and re-customize the flash drive though, and clicking the U3 icon in My Computer does the same job. If you ever want to run it manually, just click the U3 CD-ROM icon.

Oh, it fixes this error too? Perfect then. Slurping all the .txt files would probably work. Also, another quick question...I put the SwitchBlade into a friend's computer today, to show him its capabilities, and his AVG detected it as soon as I put it in. I did not have any installers enabled; it was just LSA secrets, PWDUMP, Application Info slurping, and FF/IE/Chrome password grabbing. Everytime AVG popped up with a message saying "unwanted program/virus/whatever detected," I'd always click Ignore. When I got the logs though, it said "Access denied" under all the categories. I guess AVG blocks Firefox/IE/Chrome passwords, and LSA Secrets?? Or is it just that it blocked all those parts of PocketKnife, and since they couldn't run, it displayed "Access denied"? Note, I was not running with AVKill enabled. Alex told me that the AVKill program itself is detected by many AVs. So, I'm wondering, when IS it useful to have it enabled? Does it stop AVG? Thanks.

Hey, I have (another) question, and also an idea. The question...when I put the flash drive in computers with Windows 2000, 9 times out of 10 a message will pop up saying there's some sort of error with "wscript.exe," and it says to "please ensure that a floppy is drive A:." Now, this may be a problem due to the fact that these are being used on computers which previously had floppy drives, but were removed and disabled in the BIOS. Not sure why PocketKnife would cause an error having anything to do with floppies though, and I do not know what "wscript.exe" specifically means. This isn't a very big problem, since the payload still runs fine, just...I have to exit the error every time I put it in one of their computers, except for like 1 or 2 computers. Second, the suggestion. The slurp application info is a very nice idea. I know it can take time, but slurping little bits and pieces of info like that is just helpful. However, what would make it even better is if it would also capture Notepad and possibly Word files that don't have much text in them. People often put passwords or private pieces of information in Notepad files. So, maybe it should capture all Notepad files that have, say, fewer than 40 words in them, or X amount of characters, or whatever. I'm not sure if this would be hard to code, and also, I'm thinking that if it has to search the whole computer for them it may take a long time to run, so maybe it could just search the Desktop and Documents folders.

I understand what you're saying. However, I personally find it confusing if people go through the trouble to make an edit to his payload, then upload it, then ask other people to download it. I've seen a few things like that here. Recommendations or writing bits of code to improve it make sense, it's just that going through the trouble of essentially releasing another version of it, with or without Leapo's permission, in his thread, seems odd. But whatever. I'm not really complaining. It's just that I see cool edits and additions in this thread, and I think to myself, "hmmm, should I download/add this, or should I just wait for Leapo to implement it?" I'm just eagerly anticipating Leapo's next update.

Well, it works, just it doesn't do it automatically. If I want it to work right I simply have to click "view folder." I can exit it and it works fine. But are you saying this problem occurs on Vista universally? If so, then okay, I understand.

Ok, here's the problem. If I put the flash drive in and just X out the little AutoPlay Window that pops up, the log writing gets messed up really, really badly. Here's a picture: If I click "Open folder to view files," then it does everything normally. However, this means that I have to open the folder in order for it to run and write the logs properly, which is obviously bad. How do I fix this? How do I get it to just autorun automatically, without that stupid window popping up? (For those who are confused, I explained the window that popped up in my previous post.) The worst part is that if I exit out of the window, the logs do not write correctly. If I click "open folder," it writes correctly, but this is a hassle for me, and also, if it's on someone else's computer, quite suspicious, as they see all the PocketKnife folders.

Ah, I see. And sorry with all the questions, but oooone last thing: When I put the flash drive in computers, a little window named AutoPlay pops up. Here's a picture of it: For my Vista computer, it does this whether or not safety.txt is on the C: drive. This kind of defeats the purpose of running silently... Thankfully, it doesn't do that on most computers. However, it doesn't really say how to change the settings of removable disks (USB flash drives) in the Control Panel. So, first off, how do I make it so it doesn't come up with that window when I put it in my Vista computer? Second...is there a way to make it so it doesn't pop up like that on any computer? Thanks.

I'm not familiar with the "old method," sorry. What folder icon?? Also, I have another question, though this one isn't support-related: How do I get someone's Windows login password? I got a bunch of hashes, and I'm presuming these are what I need...but how do I decrypt them? And finally, I'd just like to speak up about the method of payload development that's been going on in this thread. It is very, very confusing that multiple people are making multiple updates to Leapo's payload. A GUI, bug fixes, etc. It's impossible for anyone to keep up. In fact, I personally believe having independent payloads in general is bad. Leapo had the right idea; a payload with just about everything. People have been working with Leapo on this payload to make it a fusion of the best ideas and features, and that's been working, but I understand that he's been inactive for a while and people are taking it upon themselves to edit it and add/edit things to make it better. I know that he hasn't been on in a while, but I feel that things would be simpler and better for everyone if they simply collaborated with Leapo and worked on it with him, so there's only one version of Leapo's payload. Unless he does not plan on updating it any time in the next 2 months, or has quit, then people should just be working with him.

According to the manual that came with my Cruzer Titanium Plus, it says that if you forget your password you must format the drive. There is no service to restore passwords, and there really is no way to view them, as far as I know. I think you should keep trying to remember the password. If you really can't, your only option is to format and try and remember the Word document you wrote, then write it again.

Well, I'm saying the flaw is that auto-play was disabled by default. Meaning, the person would be immune from attacks without even knowing what auto-play WAS. Also, what's with that GO.vbs error I kept getting?

Thanks, the auto-play thing did the trick. The thing is though, it appears that auto-play was disabled by default. Isn't this kind of a big flaw, if it's supposed to run automatically and silently on computers? Also, when I tried to run it manually either by clicking GO.vbs, it gave an error saying something was wrong with GO.vbs. This is the full error: It does this if I click GO.vbs on any of my 3 computers. I'm assuming there's a known error in GO.vbs that is causing this to happen if you try to run PocketKnife manually. If this isn't a known error, then...why is it happening to me?

Haha, disregard all that, I'm an idiot. I accidentally named the file safety.txt, not safety. Thus, the file was called safety.txt.txt, and that was the problem. I got kind of confused and didn't notice the file extension was already part of it. Problem solved in that regard. The only other problem left is the fact that the payload is not doing anything to one of my other target computers. It's got no safety.txt on it, and the anti-virus has been disabled. I have 2 computers. They're both laptops, and both have XP 32-bit. They both have McAfee as an anti-virus. When I put the USB drive in one of them, it captures all of its passwords and such fine. In the other, it does nothing and does not create a log for it in the LOGS folder. As in, the computer name doesn't even appear there.

Problem solved, see below.

This is your first post here? Sounds kinda fishy. I recommend someone virus scans this.

Disregard this, problem solved, see below.

Trust me, that setting is the first thing I checked. The option to bypass safety.txt is not enabled. Plus, on one of my computers, if safety.txt is on C:, then it doesn't infect, and if it isn't there, then it does, like it should. It's just on this Vista computer that it infects even though safety.txt is on there. I guess I can't use this payload, seeing as I'll infect myself every time I ever want to check logs... Oh well. :(

Hmmm, not sure why everyone is ignoring me, but I guess I can repeat my problem for a 4th time: Why is PocketKnife capturing passwords and taking info from my computer, which has safety.txt on the main HDD, C:?

I'll ask just this one more time, because it's still confusing me greatly: Can anyone think of why PocketKnife would slurp the info and passwords of a computer it is put in, even though safety.txt is in the C: drive? And yet, when I put it in a computer with anti-virus disabled and no safety.txt, it does not obtain any of its info. Only my 3rd computer acts how it should; slurps info if safety.txt is not on C:, doesn't slurp if it is on C:. I suppose there are numerous possible reasons for why it wouldn't get any info from that computer, but I find it baffling that it IS getting the info on a computer with safety.txt. Just as a note, the computer I'm putting it in, with safety.txt, is Vista Home Premium 64-bit. I can't see why it'd be having problems with the safety just because it's Vista (or x64), but it's definitely bypassing the safety. Also, I am 100% sure the option to "ignore safety.txt" is disabled.

Okay, I've tested it on 3 different computers now: One Vista, 2 XP. The Vista one is 64-bit, the 2 XP ones are 32-bit. I'm getting some really strange results overall. The payload seems to work, sort of, but not consistently, and not how it should. Including capturing passwords and system info of my Vista computer, even with safety.txt on the C: drive. Yet, it will only capture passwords on one of the XP computers with safety.txt not on the C: drive. The other, it will not log anything, with or without safety.txt. It's pretty much impossible to communicate everything I've done and then also respond to questions over a message board like this, so I'd very much prefer if someone could contact me over AIM or MSN over this. AIM screenname = TheWoWLawyer MSN screenname = wowlawyer@bendblizzpolicy.com Thanks.

Okay. Okay. I also do not know how to check this. =/ Okay, with the anti virus disabled, and with only "dump system information" enabled in Menu.bat... I stuck it in and nothing seemed to happen. By nothing, I mean there was no "do you want to explore the folder of this removable device" message, nor any sort of U3 pop-up or message. I waited for a few minutes, took it out. I put it back in the computer with safety. There's a file in my LOGS folder with all the system information of...the computer with the safety?? I'm very confused. I put it in the target computer with anti-virus disabled, and nothing happened. Then, when I put it back into my safety'd computer, I see a log of MY computer, not the victim one. Ironically, the computer with the safety has the complete Eset Smart Security, all enabled. And yet, it captures the info of THAT computer, with safety.txt and an enabled and good anti-virus, yet cannot capture the info of a computer with no safety, and the anti-virus completely disabled? Why is it even capturing the info of my safety'd computer? To explain just how ridiculous this all is, let me simplify it: 1. I stick USB drive into victim computer. 2. I check the LOGS folder on that computer...nothing. 3. I stick it back into my computer with safety. 4. A file is instantly created in LOGS with the computer info of the computer it is currently in. My main computer; my safety'd one. So, it appears that even though I do not want it to get the info of my main computer, it retrieves it any time I stick the USB drive in it, even though it has safety.txt on C:, and yet, when I put it in the computer with anti-virus completely disabled and no safety.txt, it does not capture any of its info and does not create a LOGS file of it. Is there any chance we could talk over some sort of instant messaging program? Telling you for me to test something, and then me giving you the results, and then you telling me to do something else, and me giving the results, etc. etc. could take many days, since both of us are not checking this thread every minute.

I did read through the thread. I understand we are expected to do so. However, there was no clear-cut guide on how to actually install it on any page of the thread. I understand that they're sort of assuming people know how to use the Universal Customizer and how to burn .iso's to a flash drive's U3 partition. However, I didn't. I'm quite new to U3 and USB hacks in general, so I was just a bit confused. After reading what you've said, and talking to Alex, who simplified it for me for a little, I think I was able to successfully install it. However, it still doesn't seem to work. At least, not on the computer I put it in. I left it in for about 3 minutes. I took it out of that computer and put it back in my computer with safety.txt. As soon as I put the flash drive back in in, a message pops up in the bottom right saying there was some sort of write error, and data was lost. It was kind of confusing and didn't last long enough for me to write down fully. Anyway, I looked through the flash drive, but the LOGS folder, and other folders, were empty. It didn't appear to capture anything. Both computers have XP. The victim computer's antivirus did not seem to detect or stop it. After trying it again, the weird error didn't pop on when I put it back in my main computer, but still, no logs. Is it possible that it simply isn't finishing? I think I remember it saying in Menu.bat that it will pop open the "Logs" file when it finishes. Well, that doesn't happen. I've waited quite a while though... Is there any way to tell if the payload is actually extracting passwords and such from a target computer?

Ok, Alex helped me out, but he's away right now. So I got Pocketknife on my Cruzer Micro. I enabled most of the settings in menu.bat and such, and everything seemed to be fine. However, when I sticked it in another computer of mine (there was no safety.txt on the C drive), nothing happened. It detected the drive, and I could access the files on it (which were all Pocketknife files), but it did not take any logs. I noticed no U3 symbol popped up or anything like that. Actually, after I installed the Universal Customizer, the entire U3 program doesn't start when I put the drive in a computer. I thought this was normal, since Universal Customizer replaces it...however, if it removes U3, or at least its program, how is it supposed to auto run, or run at all? Universal Customizer doesn't seem to be an actual program, either. I extracted it to a folder on my desktop, put a flash drive in the computer, ran Universal_Customizer.exe from that desktop folder, and it detected the USB drive, flashed it, and did whatever it does. I cannot find any application that runs Universal Customizer afterwards, though. I've heard 2 different ways to install Pocketknife. One apparently involves moving an .iso to the Universal Customizer folder. The other, which alexthedrifter helped me do over MSN, was just dragging and dropping the Leapo's Payload/U3 Devices/Flash Partition/ folder to the root of my flash drive. But it's not working. Actually, the whole Universal Customizer in general confuses me. Why do I even need it for Pocketknife? I just dragged and dropped the folder. There is no Universal Customizer folder or files on my flash drive. I didn't add Pocketknife using the Universal Customizer program, which, from what I can see, doesn't even exist. I'm very confused.