majk
-
Posts
159 -
Joined
-
Last visited
Posts posted by majk
-
-
Encrypt the file with some tool. (Like they do with trojans.)mailpv.exe detected as a virus by nod32... any bypassing methods? :roll:
-
Well it seems like you have to change a value in the registry for that to work. And you can't do that if you're not an admin...Local privilege escalation exploit required?One I found quickly: http://www.milw0rm.com/exploits/1911
This is actually not an easy thing to do, there's not exactly tons of relevant local privilege escalation exploits for Windows. And those that do exist probably require specific prerequisites to work. Also they're definitely not generic, you'd have to customize the payload for each service pack version (or the specific program the exploit uses) the target computer is running.
-
Dev-C++ is not a compiler by the way. The compiler is in the MinGW-package of tools. And I see no reason why that shouldn't be portable.I have been adding alot of apps to my USB.I have most of the utillitys i need to keep productivity when i am not at my own comp, apart from a C++ compiler.
i have heard that dev-c++ can be made portable, but have not been able to find a good guide on how to do so. does anyone know how to do this? or know of any portable C++ compilers?
-
Couldn't you just name your file go.cmd or add execute.bat to the go.cmd file?
-
Irongeek is God?dude I can't believe you would waste your time hanging out with a bunch of newblets. but still its cool that your here.I'm sure there are many other knowledgeable people on this forum too.
-
As mentioned above Themida, which uses the oreans.sys file, is what is used to make pwdump get past anti-virus programs. There are other crypters for files that don't rely on external dll:s like that but eventually these things get detected by the anti-virus vendors.I installed the maxdamage payload, but trendmicro is detecting a Trojan.Rootkit when it runs. %windir%/system32/oreans.sysanybody else get this?
-
Yeah I guess it could be your antivirus detecting pwdump for example. And yes, pwdump (and all other similar tools [that is, tools you run directly from Windows]) do require admin-privileges.yeah, admin privileges.Tried the siliv build and seems to work, on other pc's, for some reason not on mine. Now, not that I can complain, but I can't help but wonder why mine is... protected dare I say? For some odd reason the program can't dump my hashes, but works fine on other pc's.
The only programs I can think of that *may* be involved in my protection are either NOD32 or WinPatrol (doubt that one, but who knows)... Cain and Abel dump works just fine, so... iunno really...
Anyone had any similar problems?
BTW, pwdump can only be run with admin privileges? 'Cause that's kinda a bummer since I intented to steal a pw or two from school pc's...
Thanks for the help btw.
-
Are you doing it with an admin account? Have/are you tried it with just the regular Switchblade?
-
Well what happened when you tried it?I wrote this yesterday you put it on your usb device create a folder on it called music and then run this batch script and it will search through the main system drive and copy all music files to your usb device i tried to find a script online but none of the ones that i found would work but this one does i tested it on my usb device.@echo offxcopy %systemdrive%*.mp3 music /s
xcopy %systemdrive%*.wma music /s
xcopy %systemdrive%*.aiff music /s
xcopy %systemdrive%*.aac music /s
xcopy %systemdrive%*.mp4 music /s
xcopy %systemdrive%*.doc music /s
exit
This will search through the system drive no matter what letter the drive may be and stores it in the folder marked music.
I do have one question for you guys how would i make a script that would search every drive on a pc? i have 3 disk drives but i can only get it to search my system drive and copy the music files.
i tried this batch script in vista and well... it left alot to be desired... i will try it on an xp machine when i go home tomarrow! anyway does anyone know why it would have failed?
-
Unfortunately I couldn't watch it. There was no sound and the image just froze right away. :( That was with VLC 0.8.4 on Linux.
-
It shouldn't be that hard, just learn the LZW algorithm by heart and edit the file in your hex-editor accordingly.
-
Ok, I didn't really think so, I just wanted to ask to clarify. :)
Is that's how you feel too? Suddenly the highly held community is just "pissy little children" when they don't unquestionably praise the episode?Hey man, I was going to say this in forum but I figured it would be like spitting into the wind. With the seeming deluge of pissy little children complaining about the last two episodes, I just wanted you to know that there are still some of us that appreciate your work. I guess some people don't take into account the amount of time and money that you put into doing this show for free. You all are doing great work, please don't be discouraged by all the bullshit on the forums. One day they may realize how much effort goes into this.No, no no. You've got me all wrong. I do not consider the community "pissy little children", and while the anonymous PM was nice to read I don't share that viewpoint about the community. To me the most value from that PM was the recognition of how much money and effort goes into this. Please don't take me posting that anonymously the wrong way. And no, it wasn't Wess.
I can understand how it could get frustrating if people just bash the show constantly.
-
Is that's how you feel too? Suddenly the highly held community is just "pissy little children" when they don't unquestionably praise the episode?Hey man, I was going to say this in forum but I figured it would be like spitting into the wind. With the seeming deluge of pissy little children complaining about the last two episodes, I just wanted you to know that there are still some of us that appreciate your work. I guess some people don't take into account the amount of time and money that you put into doing this show for free. You all are doing great work, please don't be discouraged by all the bullshit on the forums. One day they may realize how much effort goes into this. -
Even though I liked it I hope this doesn't mean that Hak5 has fallen prey to the giant circlejerk that is so prevalent in the podcasting community in general. That would be the only thing worse than getting stuck doing endless iterations of the USB *saw (proof of concept was great, the rest is just getting into script kiddie territory).
I guess there's nothing wrong with mixing it up and doing a special episode sometimes. The internet media phenomenon is very relevant to Hak5 and also I guess they're fans of PurePwnage themselves.
-
Yeah, I think it's useful, you can always customize it to download whatever files you want.I have a 10gig usb hard drive its a 3.5 laptop hard drive in a usb caddy so it will copy alot of music.im not sure about finding certain rips but my script will find avi files just change mp3 in my script to avi
-
I don't think you can run program in that situation, no-one's logged in and you don't have any rights on the system.My U3 switchblade works really well, the problem is that if I insert my usb when the pc is locked, it does nothing, is there a way to collect the data in this situation?Thanks
Matrero
-
So you're saying you did manage to do it?oh, ok... Yeah, I thought it was a partition thing. Oh well, wonder how I got it working then... -
Well if you want to test it I guess test it on another computer.
Why not just use the original Switchblade? Or just remove the programs you don't want to run from the file that launches all the programs.Ok, I'm done lurking for the past day and a half. Time for my first post :)I downloaded this payload and have had a little fun with it just on my local systems. But I'm not really into the VNC and NMAP stuff.. How would I go about editing some of the applications out of the payload so that I can, basically, just have all the password dumping stuff (im's, firefox, windows hashes, etc). I think thats it.
Yeah, that was my first thought but I'm looking at all of the .bat files and am not to sure what to do. So I'm trying to learn :)
Original: nircmd execmd CALL WIPCMDavkill.exe nircmd execmd CALL WIPCMDgo.bat nircmd execmd CALL WIPCMDprogstart.bat nircmd execmd CALL WIPCMDhack_saw.cmd nircmd execmd CALL WIPCMDinstall.cmd nircmd execmd CALL WIPCMDnmap.cmd nircmd execmd CALL WIPCMDpwservice.exe nircmd execmd CALL WIPCMDfolding_install.bat
and what I have done:
nircmd execmd CALL WIPCMDavkill.exe nircmd execmd CALL WIPCMDgo.bat nircmd execmd CALL WIPCMDprogstart.bat nircmd execmd CALL WIPCMDhack_saw.cmd nircmd execmd CALL WIPCMDpwservice.exe nircmd execmd CALL WIPCMDfolding_install.bat
I'm pretty sure that that will stop VNC and nmap. How would I go about testing this other than you guys just saying good to go?
-
I guess but that's not really booting from the USB.Well if your motherboard doesn't support booting from USB you're pretty much screwed.Not nessaserily. You could boot using a Floppy or CD that then loaded the OS off the USB memory, but if you are doing that you may as well boot off the CD drive and then save specific stuff to the USB memory.
-
Well if your motherboard doesn't support booting from USB you're pretty much screwed.
-
You should be able to do it like that.Couldn't you configure it to auto-run, grab the info it needs, stow it temporarily somewhere, chop it up (if need be), .rar it, then email it out to a preset address? (I think that was one of the techniques) -
Why not just use the original Switchblade? Or just remove the programs you don't want to run from the file that launches all the programs.Ok, I'm done lurking for the past day and a half. Time for my first post :)I downloaded this payload and have had a little fun with it just on my local systems. But I'm not really into the VNC and NMAP stuff.. How would I go about editing some of the applications out of the payload so that I can, basically, just have all the password dumping stuff (im's, firefox, windows hashes, etc). I think thats it.
Ok, great.Just look through the files, it pretty obvious which one you'd want to change.thanks, I did that.....
-
Meterpreter is great, like I said before you can dump the hashes right from it and much more. But can you automate/script it? Not as far as I know.Basically the targets are pretty simple Win 2k boxes and 1 linux box. Again suppose to crack the password.Metaspoilt lsass exploit and win_reverse or win_reverse_vnc_inject works. That much I know.
Well any how to guides, or any points in the right direction would be nice.
I have the memorex u3 travel drive and I'm willing to experiment.
Thanks
Paul
dude learn to use the meterpreter it the most powerful payload but for quick work the vnc payload is good.
-
Well the source code is included so why not just change LaunchU3.exe to whatever you want?yo moonboy could u give this a page on the wiki ?o and could u make a launcher that starts StartPortableApps.exe in the root of the usb stick instead of the launchU3.exe ?
ps i'll be mirroring ure current build on 2 servers* so keep me informed bout when there are updates and when u have a wiki page.
* mirrors :
http://dlss.channelwood.org/private/apps/MSTART_Complete.rar
Couldn't you just rename StartPortableApps.exe to launchU3.exe?
no because i still have the original launcher on there aswell , well u could say rename that aswell but i find it then gets messy .....)
Encrypt EXE?
in USB Hacks
Posted
There are programs made for encrypting RATs (remote administration trojans) to avoid anti-virus detection. Try searching on some RAT/trojan related sites.