GonZor

HakSaw is confirmed NOT WORKING! VNC I am still yet to test but will look at hopefully soon (sorry I have been distracted by other projects like my new website im am still working on). Somewhere between my testing and releasing the ISO something went wrong and now the HakSaw doesn't work. Sorry. I have moved this to the top of my to-do list (unless some real work comes up) and should hopefully have a fix soon. Once again sorry.

If it finished like it should it wouldn't give you an error, do you have any more information?

Which part of the universal customizer would stuff up?

the U3 part is the CD partition it is treated as a CD (no delete). You have obviously flashed your drive with an ISO from a payload? It actually sounds like mine. If you would like to remove the payload go to the drive manufacturers website and they usually have a download available to reflash the drive with updated software. Here is the sandisk link.

I'm assuming you have done a search for "*.vbs" ? Firefox does not use .vbs

I havent made an antidote for my payload yet but the antidote from the original haksaw works fine. heres the link

You could try taking a copy of cmd.exe, its located at %systemroot%system32cmd.exe not sure if it would work though.

Another option would be HDGuard, I am from Australia and several schools I know use this. Is there a need for them to make executables? If they are learning something like visual basic the don't need to make the executable they can test their program through the debug mode and I'm sure the teachers don't need an exe to mark they would need to look at the source code. I would definately make a list of programs you don't want run and add the hash to the black listed programs through group policy. School kids tend to find fad games all the time, they play it for a month then find something better so it may be an idea if all the schools in your region do something similar and create a combined list of black listed games. This would keep an up to date list of all the current games and will slow the kids down.

Now I know i'm as dumb as you will see, but (without removing it)? umm are you talking about the flash drive???? :( if no then sorry new at all this. Thank you 7Sins My fault, I didn't explain properly. I was referring to removing the haksaw proram from where it was installed (using the antidote).

And you have logged off and on since you infected the computer (without removing it)? My version doesn't start until the next time they log on. I'm beginning to think I ISO'd the wrong version for release, ill download it and test to see if I can find the error (I currently have loaded the testing for my new version).

I wouldn't receive any emails, The email address in SBConfig is the one I use but I did not use my real password :-P I'm not that stupid... Although that is a valid point, remember to change the details in SBConfig which I'm sure you have already done.

You could setup a policy to block programs running unless they are in a certain location, eg block all programs that aren't located in the "C:Program Files" folder, or create a list of programs on your computers and and deny all exes from running unless their hash matches one in the list. The first way is easily bypassed if students are smart enough to realise, The later becomes an issue when you have a programming class that need to make exes. Someone may be able to build on this, to over come the problems.

Agreed but at least this will be a temporary bypass until they have found a better way to fix the problem, people that use hotmail for their primary business email are paying thousands of dollars to people to get their accounts unfrozen. so it is a serious problem, but if you are using hotmail for your primary business email then there is a problem to begin with. Haven't seen him since, I will be seeing him soon though. :-P

Nice catch there mate how did you ever figure it out? :-P

. That is odd. But to be honest, you have to use what your friends use True all her friends are on msn so she needs a client that is compatible. It would take too much effort to convince them all to move over to google talk. Update on the frozen account, I figured out who was doing this and it seems he doesn't like it when his girlfriends account gets frozen. After arguing for 5 minutes he decided to unfreeze her account to save his girlfriends account. I was right he was using "IceCold ReLoaded" fortunately that doesn't work against gmail account which is where I will create a new account for her (it may block her from using msn but at least she still has email). Thanks for all the help.

I don't understand what you mean at all by this statement. I think you may have forgotten to put in a word. I suspect that I am not the only one who doesn't understand you. Could you please rephrase this for me and the others? It made sense to me, maybe you need to be sleep deprived to understand. Although some more punctuation could make it easier to read I think he meant... Meaning "GonZor has planned to release a video to help explain his payload and how it works. It would help the people that are new to this. Keep up the good work". Although correct me if I'm wrong, that is just my interpretation.

I was thinking of swapping her over to trillian, it seems simple. I'm going to set her up an account either on my server or with gmail and hopefully this will stop the "skiddie" (lack of a better word, its nearly 4am) from locking her out. or would google talk be a better option than trillian?

Yep, and still no luck. If somehow I were to find out who was doing this, would I be able to do much? (aside from the obvious punch in the face)

I forgot to mention I sent an email to hotmail asking what can be done, I'm still waiting on a reply.

Is it possible to unfreeze a hotmail account? My friend recently had her account frozen. I believe it was frozen using "IceCold ReLoaded", we don't know who froze the account so we cannot report them. If we can unfreeze the account we have the password, so this is not about trying to hack into the account. I have tested and I cannot unfreeze her account using "IceCold ReLoaded" we need to close their version which is freezing her account, unfortunately we only have a vague idea of who may be doing this, so I cannot use "social engineering" and punch them in the face. I have searched Google for hours and the two replies that come up are "Reset your password" and "You won't get the account back". We have tried several times to reset the password but to no avail it still has the same error message, We don't plan to continue using this account but she would like her contacts list. Does someone know how we can unfreeze the account (all we want is the contacts list)? Any help is greatly appreciated.

I still don't like the idea of associating a "worm" of any kind with Hak5.

Thanks a lot... Dam you now you've made the game even more addictive!

Hmm the testing I've done has worked, so I'm not sure what the issue is. Any more information would be useful I will hopefully have some time in the next few days to do this.

A few things to remember with my version of the HakSaw, -It will not start until the next time someone logs on (created havoc with my code) -You MUST use a simple password i recommend an alpha only password (e.g. lamepassword) I think it may be time for me to re write the scripts into a single exe, I think this may solve the problem. and yeah sorry about the fgdump it completely slipped my mind, Ive added it to the top of my to-do list even above setting monkeys on fire...

I still don't think this should be released, it is very simple to make this self propagate and a publicly released version will only wreak havoc even if it terminates after one copy. there are also several things to look at... -will the machine with the "master key" infect every USB or just the first? -will the secondary infected USB infect every computer or just the first? Even if you have thought these through I still vote 'NO' QFE, If people don't know how to code it in themselves then they shouldn't be allowed to because they don't know how much damage this could cause. I know there are several people that will disagree with me but it is for the good of Hak5 I vote no, also I would still like to hear from some of the 'higher ups' as leapo put it...