majk
-
Posts
159 -
Joined
-
Last visited
Posts posted by majk
-
-
Yeah you can, but as far as I have seen that backup SAM-file is usually much smaller and doesn't contain the same data as the original SAM-file. And infact, looking at my own computer, there's not even a SAM file in the restore-folder at all. But that's just what I've experienced.You can copy out the sam file directly, It's saved under Windows / system32 /restore. That a back up incase the one the current one has issues.Anyways just trying to get some ideas, bascially, Pentesting is cool and all I just wish I could go automatically.
I will try some things you guys talk about Monday as it will be a Fun time to try it :D
Thanks for the advice. All advice is welcomed
-
It should be easy to have it copy the files from where MSN stores its logs to the USB.what if the usb copied peoples saved msn convosthat might take up alot of space but it would be pretty cool
-
Basically the targets are pretty simple Win 2k boxes and 1 linux box. Again suppose to crack the password.
Metaspoilt lsass exploit and win_reverse or win_reverse_vnc_inject works. That much I know.
Well any how to guides, or any points in the right direction would be nice.
I have the memorex u3 travel drive and I'm willing to experiment.
Thanks
Paul
I'm sure it could be done. Just use Nmap to scan and save the results in a file, then use metasploit to exploit the hosts you want and retrieve the SAM-file, maybe sending an FTP-upload command as the payload. You can't really use win32_reverse or win_reverse_vnc_inject if you want to automate it. I'd go for a simple command as the payload instead.
EDIT: Forget about FTP, I just realized it was the SAM-file you're after, you can't copy the SAM-file like that. No you'd have to upload a program like pwdump2, dump the hashes and then get them back to your computer. I guess you could use win32_exec to do all that, using FTP, TFTP or whatever tools you have availiable. I know meterpreter can dump the hashes too but I'm not sure it can be automated.
EDIT2: Or how about using win32_adduser, adding a new user and than using pwdump4 or whatever version supports dumping the hashes over the network with the user and pass from your new user. There's definitely ways you can do this just experiment some and learn about the tools and you should be able to do it.
-
You could try unchecking "hide protected operating system files". Also like I said, look at the folder with command line tools and try unpacking it somewhere else.according to winrar the files are there in the rar file but once they are uncompressed they just disappear, even when i disable my av which is avast. anybody else ever had problems with winrar and avast before? im gonna try to use a different program to uncompressEDIT: alright well i was messing around trying to figure out whats wrong and i noticed if i go to the properties of the uncompressed SBS folder it says it has 13 files in it, but when i open it theres nothing there. I set everything to not be hidden, even though ive got folder settings so i can see hidden stuff. i thought it might be something with windows explorer so i tried typed in the location of my hacksaw directory in firefox so i could view it in there, but when i open up the SBS folder theres still nothing there. i also tried to uncompress it using 7-zip but its doing the same thing
-
Why not just rip out the USB?As in avoid running the scripts, you can either renamed the go.cmd, or hold shift while plugging it in.If you mean cancel half way through, it would basically be impossible since we're trying to do this silently without anyone noticing, and the only way to enable disability would be to make a command prompt show up.
-
Maybe your antivirus deletes them? Try different solutions. Use WinZip, unpack it in a different folder (like C:aaa), disable your antivirus, use command line tools to look in the folder and so on.i agree with you guys but im not really sure what to say about this. this is just strange. i did a screencap video to show you how it is, maybe somebody can help me. its kind of large but i couldnt get it any smaller heres the linkhttp://dl023.filefactory.com/dl/f/0cf593/b...4b933737e9c7fd/
-
Well maybe Stunnel just doesn't work if you're not an admin. If not I guess you have to find a different program (if Windows allows you to do stuff like this as a non-admin at all). Or find some privilege escalation exploit.Well I guess the problem is that you're not an admin then.I understand the whole admin/limited account idea, but I know that the hack will run under a limited account its just that payload needs to be tweaked for that ability.
I was hoping somebody has found an alternative to stunnel or a way around the errors. :P
Thanks
-
Well if you do it maybe you can save someone else time? :)Sounds like a good idea, just download the latest versions and replace the old ones with them in the payload.Thanks, I know that I could go through and download them into the payload, but I was just hoping someone had already done that. Just to save myself some time. :D
If anybody has this done please post or pm me. Thanks :o
-
Sounds like a good idea, just download the latest versions and replace the old ones with them in the payload.I was wondering if somebody would post a new upgraded payload with the newest version of all the incuded software such as stunnel...etcI know the links to these software are on the wiki, but I was hoping somebody already had the whole package neatly upgraded and integereated with each other for ppl. to download. :D
I think that many of the problems that other users are experienceing is from using outdated versions of the included software in the U3 hack package. At least with the upgraded versions of all the software we could eliminate some users problems; hopefully. :P
Let me know what you guys think or post links, packages or whatever.
thanks post or pm me. 8)
-
Well I guess the problem is that you're not an admin then.I am having similar stunnel problems as well when I run the hack on a limited account. "Failed to create a new service and Failed to open the service."I wondered if I upgraded stunnel to the newest version if that would solve the problem, but I am not too sure if this would work. (not sure how to do that either)
Let me know what you guys suggest. :?
-
I guess that's a reasonable attitude. If you don't put in the time and effort to understand how it works and how to get it to work you shouldn't get the privilege of using it.In my personal opinion since these USB hacks are PoC if you can't work them out either on your own or with a little prod in the right direction then you shouldn't be using them. -
As far as I understood it will only affect Windows XP. Or possibly if you're using the Windows XP boot loader to select operating systems it could affect that too. But does anyone do that with Linux (or at all)? Either way it should only affect the boot screen.
Personally I have no interest in doing something like that. But what is described here looks reversable and only affects Windows XP. So it shouldn't cause many problems, the odds of breaking a computer with that seems low.i don't really care if you make this or not but there are possible severe consequence for one if you are placing a modified ntloader which has a modified logo if it is not check you could leave a trail of computer which will not boot or al worst screwup a computer so bad all data is unrecoverable and have you considered that possibilities of future Microsoft patches that may fix or enhance the boot loader which could leave a sever problem and and again leading to the problems mentioned above. i really don't care if you do or don't make the payload but please make sure that the benefits out way that problems, in all previous payloads every this was reveresable easily and all files copied and be removed but in the case how can anyone produced a antidote which will remove the payload especially when messing with a bootloader which is crucial to a computer booting and have you thought of the many people using lilo or grub as a bootloader what will this payload do to their setups (i dual boot for one). again my opinion is against it but your the developerbut have you taken into consideration of people dual booting a solution such as that could screw up the dual booting config and as a batch file i would be practically impossible to create as it does not handle text editing well i.e. take left or right functions or strip characters or text away etc any way i think it's just a bad idea any way whatever like i said he's the programmer and hope the pro's outweigh the cons and the whole process can be reverable and the the danger issue people dual booting etc
Editing files with command line utilites could be solved easily by just having some grep/awk/sed-like tool on your USB.
-
I just downloaded it and unpacked it and there are files under payload/WIP/SBS.yea ive got it so i can view hidden folders/files, but this is really weird i just downloaded it again and theres still nothing there. im downloading it fromhttp://www.hak5.org/releases/2x03/hacksaw/...w_ver0.2poc.rar
any ideas? is there another link i can try or something?
-
Personally I have no interest in doing something like that. But what is described here looks reversable and only affects Windows XP. So it shouldn't cause many problems, the odds of breaking a computer with that seems low.i don't really care if you make this or not but there are possible severe consequence for one if you are placing a modified ntloader which has a modified logo if it is not check you could leave a trail of computer which will not boot or al worst screwup a computer so bad all data is unrecoverable and have you considered that possibilities of future Microsoft patches that may fix or enhance the boot loader which could leave a sever problem and and again leading to the problems mentioned above. i really don't care if you do or don't make the payload but please make sure that the benefits out way that problems, in all previous payloads every this was reveresable easily and all files copied and be removed but in the case how can anyone produced a antidote which will remove the payload especially when messing with a bootloader which is crucial to a computer booting and have you thought of the many people using lilo or grub as a bootloader what will this payload do to their setups (i dual boot for one). again my opinion is against it but your the developer -
I does have files in there for me.well the version i downloaded straight from the usb_hacksaw wiki page doesnt have anything at all in the sbs folder, so theres no send.bat file for me to edit -
Compare the ammount of script kiddy stuff on their show to the non-skiddy stuff overall. A segment in 2x02, 2x03 and a coiple in season one. They show isn't generally a script kiddy show. Hoenstly, if you want Script Kiddy stuff, watch The Broken, they openly act script kiddyish and embrace it (sure there are only 4 episodes, but meh)
I just think it's odd to complain in a thread about how to change the boot screen in a sub-forum that's exclusively focused on creating an USB-stick for various actions that are much more malicious.
Personally I think that changing the boot screen is hardly more than a practical joke. While dumping the password hashes and stealing files is much worse and definitely will get you more legal trouble.
-
-
Why? This is hardly more malicious than dumping all the password hashes from the computer or copying all documents from inserted USB-sticks.i wouldn't recommend doing this to people's computers first it's malicious and it would be hard to change back for the average user but for fun sake it would be funny as hell seeing some one's face with such a boot screen , it would e even funnier with a different image like goatse but that's really pushing itThe antidote is easy enough to make, all you have to do is get the batch scirpt to save a backup copy of ntoskrnl somewhere on the computer when changing the bootscreen, so when you stick the another key in with the antidote a batch script tells it to overwrite the your version with the backup
i really don't care if a solution to turn back the affect is easy to make or not it is still malicious and it's just stupid make such a payload,
moderators could you lock this thread
-
Well many tools from BackTrack have Windows versions too. And you could try including Cygwin on your USB and running the Unix/Linux/etc. programs from there.Too complicated for me.I download many versions of Slax and programs for emulation,BOCHS and QEMU too,but nothing like a Damn Small Linux.Is it possible to put some of the tools from BackTrack (Slax based Linux) on differrent Linux platform,Damn Small Linux for example ? Some kind of reversion or something ? -
Well BackTrack is an entire operating system. If you want to run it off an USB in Windows it would take some major modifications like installing some kind of x86 emulator. Like BOCHS or QEMU.Yes,version two is in my computer.Thanks for info.edit: I do everything from http://www.irongeek.com/i.php?page=securit...tpe-windows-usb
and at the end I see this : "Your BIOS must support booting from USB".
Well,my bios doesn't support booting from usb.How I can make run iso or whatever without booting,like a normal .exe ? I dont want use usb only for BackTrack,I have many other programs and stuff on my usb.
-
But doesn't that only work with Windows built in firewall?if you follow a similar syntax you should be able to add any port you likenetsh firewall add portopening TCP 5900 SMBv1
netsh firewall add portopening TCP 5800 SMBv2
netsh firewall add portopening UDP 5900 RDPv1
netsh firewall add portopening UDP 5800 RDPv2
it's basically "netsh firewall add portopening" and the the protocol then port then the comment. btw this is an example of how to apply it so vnc, btw tvnc does not use udp but i included it as an example
-
Yes I know LM, NTLM, MD5, MD4 are 32 characters but so are the hashes he posted. Or what do you mean?well lm is a 16 byte value. In DES you take in 56-bit's and give out 64, so that 128 bits or 8 bytes. 1 hex digit is 4 bits, so thats 32 hex digits. Lm must be 32 hex digits, as for the mscahces, those are NTLMv2 Session, MD5 of MD4 so MD5 is also 32 hex digits. Therefore the cache keys must be 32 hex digits in length, this expalins y theres such a problem with cracking them -
Standard length for MD5, LM, NTLM etc.is it just me do those hashes look kind of odd length :?: -
Omg, it's released!
EDIT: Watched it, it was pretty good!
Switchblade + Hacksaw + VNC + nmap = spektormax's payload
in USB Hacks
Posted