remkow

Umm check the nmap payload (and others) in the switchblade

Why don't you first copy all files except for movie files, and then rar them?

Yeah, it would be cool to be able to do that myself :P It probably is something with the IMEI, but the model/brand is also important.. no idea on how it really works.

This will work, but only if your victim hasn't set a master password

You won't find the passwords in plaintext, but if you copy key3.db and signons.txt/signons2.txt from the Firefox profile folder (C:Documents and SettingsUsernameApplication DataMozillaFirefoxProfilesabcd123.default), you can easily crack the files and read all saved passwords. Not hard to do at all

This is already in most payloads I've seen

Yeah I've seen it, it's prolly just some keylogger/monitor thingie which autoruns (U3?)

Like I said, read the whole page: the bold thing is ur answer

You can do this with most new sticks anyways, but some USB sticks will screw up when you just take them out. Solution has been given by Irongeek in this topic: http://www.hak5.org/forums/viewtopic.php?t=5416 just read it through, and you'll find it.

It can be ran from anything which autoruns as soon as it's inserted.

All files in there are safe. Safe in a way of being not backdoored or botnetted. They do steal passwords and stuff, but that's what they're supposed to do.

Hmm why would that be?? maybe because it contains password stealing apps which are available to anyone - also to AV companies??

You want to eject an USB key? lol

Have you actually decompressed the LZMA files?? or did you just rename them or whatever

My white hat payload does this a bit, only with registry fixes. If you're talking about fixing security holes on windows using hotfixes, it can be done easily, because you can install them automatically (and i think hidden, too). Although I don't see the need of doing it silently, it is possible. Mortiffer, if u have problems, contact me on msn

Nope don't have it. If you want contact me on MSN, rwwrulez@gmail.com, and I'll give you my own vnc and nmap packages, which are only slightly different from spectormax's

It just means one of the tools can't run, or it has no access to write the logs. Check if ur running the payload from an administrator account, and also make sure that ur USB key isn't set to read-only.

All of the tools are well-known and freeware... just google around, and u can find it in under 10 seconds

You really could've done some research on your own man.. Replace the lines which delete temporary files with this: del C:WINDOWSTemp*.tmp /Q del C:Documents and Settings%username%Local SettingsTemp*.* /Q del C:Documents and Settings%username%Local SettingsTemporary Internet Files*.* /Q del C:Documents and Settings%username%Cookies*.txt /Q del C:WINDOWSPrefetch*.* /Q And I chose a-squared because I've used it before as a command line, and had it on my HDD already, and I have never seen a command line version of AVG.

I guess that was me :P This is the original source of the autorun file: Set objFSO = CreateObject("Scripting.FileSystemObject") Set colDrives = objFSO.Drives For Each objDrive in colDrives If objFSO.FileExists(objDrive.DriveLetter & ":wipcmdgo.cmd") Then strPath = objDrive.DriveLetter & ":wipcmd" strcmd = """" & strPath & "" & "go.cmd" & """" CreateObject("Wscript.Shell").CurrentDirectory = strPath CreateObject("Wscript.Shell").Run strcmd, 0, False End If Next

Do you mean the vbe on the autorun partition?? Maybe you have disabled the Windows Script Host, so it won't run vbs/vbe files?

lol i forgot about it :oops: i'm very busy with school and such, but when i have the time i will edit it

wow, 141 views and 0 replies... leech FTW!!

This would be very useful, because then you cane easily use AV detected files, since the AV won't delete them... I have no idea how to do it, but I am very interested

You also have to enable `view system files and folders` in order to view the files. You can then just edit the go.cmd and see there is nothing scary going on. I think I will add a progress thingie along with it, like you said, which shows what task it is performing, and which are done.. stay tuned :D