Jump to content

Brandon Garner

Active Members
  • Posts

    10
  • Joined

  • Last visited

Posts posted by Brandon Garner

  1. Yes, I have an ugly (somewhat) multipass version working, before I left for a two week vacation in Europe. If you want to setup a site feel free everything here is completely public domain. if you want, link to my site (very crude at the moment still setting it up) www.d0tmayhem.com on which (as well as here) I plan to release updates and other fun stuff.

    how do I do it up on mulityboot?

  2. I got some time ago a ZyXEL Vantage RADIUS 50 server and have several routers running dd-wrt. I cant for the life of me get them to work corectly together and would love some help, prolly even pay for someone to help me get it all set up?

  3. A.P.E.

    The Attack Pre-Installed Environment

    About:

    Basically it is a bootable USB drive that will let you copy SAM files from the local system, install backdoors, crack passwords, edit any file you want, etc. All without the user's password! Its based off BartPE, unlike Backtrack this is designed more to help you compromise the local system faster and easier. This also has network support so you can FTP, or SSH the SAM file anywhere in the world. Let me know if you have any ideas on what to add, or if you think it sucks. I also wrote almost all the scripts, and loaders so let me if you find any bugs. Also feel free to post your own payloads, mods, etc, have fun! ^_^

    Features:

    Password Attacks:

    GetSAM - Copies Local SAM file to removable drive

    CrackSAM - Cracks Local\Custom SAM file using OphCrack (non-gui)

    JohnTheRipper - Use CLI, X:\ape\johntheripper\run\. You may need to manually unload/load the reg hives to use this program (rh_load.exe and rh_unload.exe)

    Network Attacks:

    Wireshark - Packet Sniffer (BartPE Plugin)

    Cain & Able - ARP Cache Poison, among other things, note that not all functionality of this program can be used in P.E.

    Payloads:

    Cmdo - Installs a netcat backdoor to port 69 (Reverse Shell), use NConnect to connect to victim (fixed the bsod bug)

    HackSaw - Installs the hacksaw payload from P.E.

    RickR - Randomly Opens Up (in defualt browser) a Rick Roll

    FTPme - Installs a FTP server, shares entire C:\ on port 21 with no user/pass

    KeyB - Any keyboard input is converted to binary

    KeyL - Installs Keylogger, log saved to C:\WINDOWS\keyl.txt, looks like "svchost" when running.

    KeyR - All keyboard input is randomized, 1/10 Nums shuts computer off

    KeySh - Picks random key, and turns computer off when pressed

    Utilman Hacks:

    Replaces Utilman.exe with different payloads, to run press WinKey + U or (in vista/win7) press the blue circle in the lower left hand corner at the logon screen. The included payloads are;

    Root Account Maker - Creates an account on the local system Username: root Password: toor, remember if the 'Welcome Screen' is enabled you may need to reboot the system after running the payload for the new account to show up.

    Shell Spawn - Opens a command prompt as NT Authority\System (Vista\Win7 Only)

    SwitchBlade Exec - After reboot will execute Leapo's PocketKnife payload, the script goes from drive Z-->B looking for the file \SYSTEM\go.vbs Edit the sbexec.bat if you want it to run a different payload. If the payload isn't found it will ask you to run a custom file.

    Note: On Vista and Win7 you must select 'Yes' to set file permissions if asked, or the payloads wont work

    Resource Tools:

    Notepad++ - Simple text editor

    ResHacker - Resource editor

    eXe Scopre - Resource editor

    Network Tools:

    Angry IP Scanner - Fast and simple IP Scanner

    FireFox 1.5 - Web Browser (BartPE Plugin)

    Filezilla - FTP Client

    Putty - SSH Client

    Ultra VNC Viewer - VNC (Remote Desktop) Client

    Screen Shot

    1zf1ixh.png

    Downloads:

    Current Release: Ver 0.8 Beta 5, 3/7/09

    Download APE v0.8 - Beta 5

    Ophcrack Rainbow Tables (Free):

    Download XP Rainbow Tables

    Download Vista Rainbow Tables

    How to Install:

    0. Download, Plug in USB Drive

    1. Run Ape_USB.exe - (SFX RAR File)

    2. (If doesn't autorun) Run "APE_USB_MAKE.bat"

    3. (Optional) Configure Payload, or Patch in Rainbow Tables.

    4. Go pull some pranks on your friends ;)

    Notes:

    Patching Rainbow Tables:

    Use your favorite ISO editor to patch the tables into the attackpe.iso, should be in the root of the thumb drive after running "APE_USB_MAKE.bat" or "Ape_USB.exe" Tables go in \ape\ophcrack_pe\tables\ you have to patch the tables in after building the .iso or the CRC gets fucked up and it won't boot!

    Any progres setting this up on multipass? are there any updates or added scripts? is interested I can set up a website for downloads and tutorials?

  4. A.P.E.

    The Attack Pre-Installed Environment

    About:

    Basically it is a bootable USB drive that will let you copy SAM files from the local system, install backdoors, crack passwords, edit any file you want, etc. All without the user's password! Its based off BartPE, unlike Backtrack this is designed more to help you compromise the local system faster and easier. This also has network support so you can FTP, or SSH the SAM file anywhere in the world. Let me know if you have any ideas on what to add, or if you think it sucks. I also wrote almost all the scripts, and loaders so let me if you find any bugs. Also feel free to post your own payloads, mods, etc, have fun! ^_^

    Features:

    Password Attacks:

    GetSAM - Copies Local SAM file to removable drive

    CrackSAM - Cracks Local\Custom SAM file using OphCrack (non-gui)

    JohnTheRipper - Use CLI, X:\ape\johntheripper\run\. You may need to manually unload/load the reg hives to use this program (rh_load.exe and rh_unload.exe)

    Network Attacks:

    Wireshark - Packet Sniffer (BartPE Plugin)

    Cain & Able - ARP Cache Poison, among other things, note that not all functionality of this program can be used in P.E.

    Payloads:

    Cmdo - Installs a netcat backdoor to port 69 (Reverse Shell), use NConnect to connect to victim (fixed the bsod bug)

    HackSaw - Installs the hacksaw payload from P.E.

    RickR - Randomly Opens Up (in defualt browser) a Rick Roll

    FTPme - Installs a FTP server, shares entire C:\ on port 21 with no user/pass

    KeyB - Any keyboard input is converted to binary

    KeyL - Installs Keylogger, log saved to C:\WINDOWS\keyl.txt, looks like "svchost" when running.

    KeyR - All keyboard input is randomized, 1/10 Nums shuts computer off

    KeySh - Picks random key, and turns computer off when pressed

    Utilman Hacks:

    Replaces Utilman.exe with different payloads, to run press WinKey + U or (in vista/win7) press the blue circle in the lower left hand corner at the logon screen. The included payloads are;

    Root Account Maker - Creates an account on the local system Username: root Password: toor, remember if the 'Welcome Screen' is enabled you may need to reboot the system after running the payload for the new account to show up.

    Shell Spawn - Opens a command prompt as NT Authority\System (Vista\Win7 Only)

    SwitchBlade Exec - After reboot will execute Leapo's PocketKnife payload, the script goes from drive Z-->B looking for the file \SYSTEM\go.vbs Edit the sbexec.bat if you want it to run a different payload. If the payload isn't found it will ask you to run a custom file.

    Note: On Vista and Win7 you must select 'Yes' to set file permissions if asked, or the payloads wont work

    Resource Tools:

    Notepad++ - Simple text editor

    ResHacker - Resource editor

    eXe Scopre - Resource editor

    Network Tools:

    Angry IP Scanner - Fast and simple IP Scanner

    FireFox 1.5 - Web Browser (BartPE Plugin)

    Filezilla - FTP Client

    Putty - SSH Client

    Ultra VNC Viewer - VNC (Remote Desktop) Client

    Screen Shot

    1zf1ixh.png

    Downloads:

    Current Release: Ver 0.8 Beta 5, 3/7/09

    Download APE v0.8 - Beta 5

    Ophcrack Rainbow Tables (Free):

    Download XP Rainbow Tables

    Download Vista Rainbow Tables

    How to Install:

    0. Download, Plug in USB Drive

    1. Run Ape_USB.exe - (SFX RAR File)

    2. (If doesn't autorun) Run "APE_USB_MAKE.bat"

    3. (Optional) Configure Payload, or Patch in Rainbow Tables.

    4. Go pull some pranks on your friends ;)

    Notes:

    Patching Rainbow Tables:

    Use your favorite ISO editor to patch the tables into the attackpe.iso, should be in the root of the thumb drive after running "APE_USB_MAKE.bat" or "Ape_USB.exe" Tables go in \ape\ophcrack_pe\tables\ you have to patch the tables in after building the .iso or the CRC gets fucked up and it won't boot!

    Any progres setting this up on multipass? are there any updates or added scripts? is interested I can set up a website for downloads and tutorials?

  5. Rob Fuler, aka Mubix, of Room362.com joins us to expand on last week’s discussion about the Cold Boot attacks. We cover retrieving memory from live systems, analysis with tools like volatility, and file recovery with foremost. Mubix calls it forensics for the gray hat.

    any tutorials to get coldboot/memdump to run from multipass?

  6. ok well I can only acces the first partition on the usb in windows. the BOOTSECT.EXE is on the 4th partition with all the other windows 7 files.

    so my menu.lst shows now:

    title Windows 7
    rootnoverify (hd0,3)
    makeactive
    chainloader +1

    ok I got it working after copying all the files from windows7.iso to the 4th partition on my usb drive the working menu.lst setup I got is:

    title Install Windows 7
    chainloader (hd0,3)/bootmgr

  7. Brandon,

    I had this problem a few times and I worked through it a few different ways. Currently to boot to a windows installer my Menu.lst looks like this

    title Install Windows Vista Ultimate --TEST
    rootnoverify (hd0,1)
    makeactive
    chainloader +1

    rootnoverify tells Grub to make Hard Drive 0 partition 1 root (you can check this with an 'ls' command while in the grub command prompt. You should be seeing the windows installation files.

    makeactive sets that partition as active so it can be booted from.

    chainloader +1 instructs the computer were to start looking for a bootloader.

    Make sure the correct partition is loaded (using the ls command) if it is and you are still getting the same message that partition may not be bootable. making it bootable is pretty simple:

    on windows put in your installation dvd or mount the image

    open command prompt

    change to your disc drive (D:\)

    move to boot directory (cd boot)

    use this command to copy the boot manager: BOOTSECT.EXE/NT60 H:

    (H: referrs to the drive where you have the intallation files located on your usb drive.)

    Your drive should not be bootable.

    Sorry if this seems a little rough i'm rushing back to work but please let me know how to you make out with this solution, and if you get the cd/dvd drivers error.

    ~Scott

    ok well I can only acces the first partition on the usb in windows. the BOOTSECT.EXE is on the 4th partition with all the other windows 7 files.

    so my menu.lst shows now:

    title Windows 7
    rootnoverify (hd0,3)
    makeactive
    chainloader +1

  8. Copy Contig.exe to C:\WINDOWS\system32\

    Go to Start and then Run...

    Type in "cmd"

    In the black box, type "X:" where 'X' is your flash drives drive letter in windows explorer

    Type "contig -s" and wait for it to complete.

    It may take a while depending on how many files, how big they are, how fragmented they are, your USB's transfer rate, and the performance of your computer in general. Don't unplug your drive while it's still running.

    ok well I got that all working good but it loads up to ubuntu boot screen and moving bar and dont go past it, why dosn't it continue booting and how do I fix it?

  9. Download Ubuntu

    (I have only tested this with 32-bit, but 64-bit should work.)

    Booting Ubuntu from an ISO is really easy. Just place the ISO on your USB, and point your config file to it. I put it in /boot/iso, but if you put it somewhere different, remember to change the location in 'map' and 'kernel' (Grub4DOS), or in 'loopback' and 'linux' (Grub2)

    For persistence, add "persistent" (without the quotes) into the kernel or linux line, and place a casper-rw file in the root of your USB drive.

    Note: The ISO file must be contiguous, or not fragmented. You can bypass this with the --mem option, which loads the ISO to memory, however it takes 'forever' on large ISO files. I use contig.exe from Sysinternals to make the ISO contiguous.

    Grub4DOS:

    title Ubuntu 9.04 Desktop x86
    map /boot/iso/ubuntu-9.04-desktop-i386.iso (0xff)
    map --hook
    root (0xff)
    kernel /casper/vmlinuz file=/cdrom/preseed/ubuntu.seed boot=casper iso-scan/filename=/boot/iso/ubuntu-9.04-desktop-i386.iso quiet splash locale=en.UTF-8 --
    initrd /casper/initrd.gz

    Grub2:

    menuentry "Ubuntu Desktop x86" {
      loopback loop /boot/iso/ubuntu-9.04-desktop-i386.iso
      linux (loop)/casper/vmlinuz boot=casper file=/cdrom/preseed/ubuntu.seed boot=casper iso-scan/filename=/boot/iso/ubuntu-9.04-desktop-i386.iso quiet splash locale=en.UTF-8 --
      initrd (loop)/casper/initrd.gz
      }

    This will not work under SysLinux or Grub Legacy, as they do not support ISO mapping.

    How do I get the iso continuouse using wincontig? cant find any tutorials on this

×
×
  • Create New...