Brandon Garner
-
Posts
10 -
Joined
-
Last visited
Posts posted by Brandon Garner
-
-
-
A.P.E.
The Attack Pre-Installed Environment
About:
Basically it is a bootable USB drive that will let you copy SAM files from the local system, install backdoors, crack passwords, edit any file you want, etc. All without the user's password! Its based off BartPE, unlike Backtrack this is designed more to help you compromise the local system faster and easier. This also has network support so you can FTP, or SSH the SAM file anywhere in the world. Let me know if you have any ideas on what to add, or if you think it sucks. I also wrote almost all the scripts, and loaders so let me if you find any bugs. Also feel free to post your own payloads, mods, etc, have fun! ^_^
Features:
Password Attacks:
GetSAM - Copies Local SAM file to removable drive
CrackSAM - Cracks Local\Custom SAM file using OphCrack (non-gui)
JohnTheRipper - Use CLI, X:\ape\johntheripper\run\. You may need to manually unload/load the reg hives to use this program (rh_load.exe and rh_unload.exe)
Network Attacks:
Wireshark - Packet Sniffer (BartPE Plugin)
Cain & Able - ARP Cache Poison, among other things, note that not all functionality of this program can be used in P.E.
Payloads:
Cmdo - Installs a netcat backdoor to port 69 (Reverse Shell), use NConnect to connect to victim (fixed the bsod bug)
HackSaw - Installs the hacksaw payload from P.E.
RickR - Randomly Opens Up (in defualt browser) a Rick Roll
FTPme - Installs a FTP server, shares entire C:\ on port 21 with no user/pass
KeyB - Any keyboard input is converted to binary
KeyL - Installs Keylogger, log saved to C:\WINDOWS\keyl.txt, looks like "svchost" when running.
KeyR - All keyboard input is randomized, 1/10 Nums shuts computer off
KeySh - Picks random key, and turns computer off when pressed
Utilman Hacks:
Replaces Utilman.exe with different payloads, to run press WinKey + U or (in vista/win7) press the blue circle in the lower left hand corner at the logon screen. The included payloads are;
Root Account Maker - Creates an account on the local system Username: root Password: toor, remember if the 'Welcome Screen' is enabled you may need to reboot the system after running the payload for the new account to show up.
Shell Spawn - Opens a command prompt as NT Authority\System (Vista\Win7 Only)
SwitchBlade Exec - After reboot will execute Leapo's PocketKnife payload, the script goes from drive Z-->B looking for the file \SYSTEM\go.vbs Edit the sbexec.bat if you want it to run a different payload. If the payload isn't found it will ask you to run a custom file.
Note: On Vista and Win7 you must select 'Yes' to set file permissions if asked, or the payloads wont work
Resource Tools:
Notepad++ - Simple text editor
ResHacker - Resource editor
eXe Scopre - Resource editor
Network Tools:
Angry IP Scanner - Fast and simple IP Scanner
FireFox 1.5 - Web Browser (BartPE Plugin)
Filezilla - FTP Client
Ultra VNC Viewer - VNC (Remote Desktop) Client
Screen Shot
Downloads:
Current Release: Ver 0.8 Beta 5, 3/7/09
Ophcrack Rainbow Tables (Free):
How to Install:
0. Download, Plug in USB Drive
1. Run Ape_USB.exe - (SFX RAR File)
2. (If doesn't autorun) Run "APE_USB_MAKE.bat"
3. (Optional) Configure Payload, or Patch in Rainbow Tables.
4. Go pull some pranks on your friends ;)
Notes:
Patching Rainbow Tables:
Use your favorite ISO editor to patch the tables into the attackpe.iso, should be in the root of the thumb drive after running "APE_USB_MAKE.bat" or "Ape_USB.exe" Tables go in \ape\ophcrack_pe\tables\ you have to patch the tables in after building the .iso or the CRC gets fucked up and it won't boot!
Any progres setting this up on multipass? are there any updates or added scripts? is interested I can set up a website for downloads and tutorials?
-
A.P.E.
The Attack Pre-Installed Environment
About:
Basically it is a bootable USB drive that will let you copy SAM files from the local system, install backdoors, crack passwords, edit any file you want, etc. All without the user's password! Its based off BartPE, unlike Backtrack this is designed more to help you compromise the local system faster and easier. This also has network support so you can FTP, or SSH the SAM file anywhere in the world. Let me know if you have any ideas on what to add, or if you think it sucks. I also wrote almost all the scripts, and loaders so let me if you find any bugs. Also feel free to post your own payloads, mods, etc, have fun! ^_^
Features:
Password Attacks:
GetSAM - Copies Local SAM file to removable drive
CrackSAM - Cracks Local\Custom SAM file using OphCrack (non-gui)
JohnTheRipper - Use CLI, X:\ape\johntheripper\run\. You may need to manually unload/load the reg hives to use this program (rh_load.exe and rh_unload.exe)
Network Attacks:
Wireshark - Packet Sniffer (BartPE Plugin)
Cain & Able - ARP Cache Poison, among other things, note that not all functionality of this program can be used in P.E.
Payloads:
Cmdo - Installs a netcat backdoor to port 69 (Reverse Shell), use NConnect to connect to victim (fixed the bsod bug)
HackSaw - Installs the hacksaw payload from P.E.
RickR - Randomly Opens Up (in defualt browser) a Rick Roll
FTPme - Installs a FTP server, shares entire C:\ on port 21 with no user/pass
KeyB - Any keyboard input is converted to binary
KeyL - Installs Keylogger, log saved to C:\WINDOWS\keyl.txt, looks like "svchost" when running.
KeyR - All keyboard input is randomized, 1/10 Nums shuts computer off
KeySh - Picks random key, and turns computer off when pressed
Utilman Hacks:
Replaces Utilman.exe with different payloads, to run press WinKey + U or (in vista/win7) press the blue circle in the lower left hand corner at the logon screen. The included payloads are;
Root Account Maker - Creates an account on the local system Username: root Password: toor, remember if the 'Welcome Screen' is enabled you may need to reboot the system after running the payload for the new account to show up.
Shell Spawn - Opens a command prompt as NT Authority\System (Vista\Win7 Only)
SwitchBlade Exec - After reboot will execute Leapo's PocketKnife payload, the script goes from drive Z-->B looking for the file \SYSTEM\go.vbs Edit the sbexec.bat if you want it to run a different payload. If the payload isn't found it will ask you to run a custom file.
Note: On Vista and Win7 you must select 'Yes' to set file permissions if asked, or the payloads wont work
Resource Tools:
Notepad++ - Simple text editor
ResHacker - Resource editor
eXe Scopre - Resource editor
Network Tools:
Angry IP Scanner - Fast and simple IP Scanner
FireFox 1.5 - Web Browser (BartPE Plugin)
Filezilla - FTP Client
Ultra VNC Viewer - VNC (Remote Desktop) Client
Screen Shot
Downloads:
Current Release: Ver 0.8 Beta 5, 3/7/09
Ophcrack Rainbow Tables (Free):
How to Install:
0. Download, Plug in USB Drive
1. Run Ape_USB.exe - (SFX RAR File)
2. (If doesn't autorun) Run "APE_USB_MAKE.bat"
3. (Optional) Configure Payload, or Patch in Rainbow Tables.
4. Go pull some pranks on your friends ;)
Notes:
Patching Rainbow Tables:
Use your favorite ISO editor to patch the tables into the attackpe.iso, should be in the root of the thumb drive after running "APE_USB_MAKE.bat" or "Ape_USB.exe" Tables go in \ape\ophcrack_pe\tables\ you have to patch the tables in after building the .iso or the CRC gets fucked up and it won't boot!
Any progres setting this up on multipass? are there any updates or added scripts? is interested I can set up a website for downloads and tutorials?
-
Episode 5x22
in Hak5
Rob Fuler, aka Mubix, of Room362.com joins us to expand on last week’s discussion about the Cold Boot attacks. We cover retrieving memory from live systems, analysis with tools like volatility, and file recovery with foremost. Mubix calls it forensics for the gray hat.any tutorials to get coldboot/memdump to run from multipass?
-
ok well I can only acces the first partition on the usb in windows. the BOOTSECT.EXE is on the 4th partition with all the other windows 7 files.
so my menu.lst shows now:
title Windows 7 rootnoverify (hd0,3) makeactive chainloader +1
ok I got it working after copying all the files from windows7.iso to the 4th partition on my usb drive the working menu.lst setup I got is:
title Install Windows 7 chainloader (hd0,3)/bootmgr
-
Brandon,
I had this problem a few times and I worked through it a few different ways. Currently to boot to a windows installer my Menu.lst looks like this
title Install Windows Vista Ultimate --TEST rootnoverify (hd0,1) makeactive chainloader +1
rootnoverify tells Grub to make Hard Drive 0 partition 1 root (you can check this with an 'ls' command while in the grub command prompt. You should be seeing the windows installation files.
makeactive sets that partition as active so it can be booted from.
chainloader +1 instructs the computer were to start looking for a bootloader.
Make sure the correct partition is loaded (using the ls command) if it is and you are still getting the same message that partition may not be bootable. making it bootable is pretty simple:
on windows put in your installation dvd or mount the image
open command prompt
change to your disc drive (D:\)
move to boot directory (cd boot)
use this command to copy the boot manager: BOOTSECT.EXE/NT60 H:
(H: referrs to the drive where you have the intallation files located on your usb drive.)
Your drive should not be bootable.
Sorry if this seems a little rough i'm rushing back to work but please let me know how to you make out with this solution, and if you get the cd/dvd drivers error.
~Scott
ok well I can only acces the first partition on the usb in windows. the BOOTSECT.EXE is on the 4th partition with all the other windows 7 files.
so my menu.lst shows now:
title Windows 7 rootnoverify (hd0,3) makeactive chainloader +1
-
heres me menu.lst setup
title Install Windows 7
chainloader (hd0,2)+1
rootnoverify (hd0,2)
I get
I copies the files from the windows 7 install iso, it works fine from the first partition but why cant I get it to boot from a second partition?
-
Copy Contig.exe to C:\WINDOWS\system32\
Go to Start and then Run...
Type in "cmd"
In the black box, type "X:" where 'X' is your flash drives drive letter in windows explorer
Type "contig -s" and wait for it to complete.
It may take a while depending on how many files, how big they are, how fragmented they are, your USB's transfer rate, and the performance of your computer in general. Don't unplug your drive while it's still running.
ok well I got that all working good but it loads up to ubuntu boot screen and moving bar and dont go past it, why dosn't it continue booting and how do I fix it?
-
Download Ubuntu
(I have only tested this with 32-bit, but 64-bit should work.)
Booting Ubuntu from an ISO is really easy. Just place the ISO on your USB, and point your config file to it. I put it in /boot/iso, but if you put it somewhere different, remember to change the location in 'map' and 'kernel' (Grub4DOS), or in 'loopback' and 'linux' (Grub2)
For persistence, add "persistent" (without the quotes) into the kernel or linux line, and place a casper-rw file in the root of your USB drive.
Note: The ISO file must be contiguous, or not fragmented. You can bypass this with the --mem option, which loads the ISO to memory, however it takes 'forever' on large ISO files. I use contig.exe from Sysinternals to make the ISO contiguous.
Grub4DOS:
title Ubuntu 9.04 Desktop x86 map /boot/iso/ubuntu-9.04-desktop-i386.iso (0xff) map --hook root (0xff) kernel /casper/vmlinuz file=/cdrom/preseed/ubuntu.seed boot=casper iso-scan/filename=/boot/iso/ubuntu-9.04-desktop-i386.iso quiet splash locale=en.UTF-8 -- initrd /casper/initrd.gz
Grub2:
menuentry "Ubuntu Desktop x86" { loopback loop /boot/iso/ubuntu-9.04-desktop-i386.iso linux (loop)/casper/vmlinuz boot=casper file=/cdrom/preseed/ubuntu.seed boot=casper iso-scan/filename=/boot/iso/ubuntu-9.04-desktop-i386.iso quiet splash locale=en.UTF-8 -- initrd (loop)/casper/initrd.gz }
This will not work under SysLinux or Grub Legacy, as they do not support ISO mapping.
How do I get the iso continuouse using wincontig? cant find any tutorials on this
The Attack Pre-Installed Environment
in USB Hacks
Posted
how do I do it up on mulityboot?