Jump to content

Obi-Wahn

Active Members
  • Posts

    58
  • Joined

  • Last visited

Contact Methods

  • Website URL
    http://www.obi-wahn.net.tc
  • ICQ
    290863363

Profile Information

  • Location
    Vienna

Recent Profile Visitors

1,422 profile views

Obi-Wahn's Achievements

Newbie

Newbie (1/14)

  1. Well, if the LOCK-Keys are If-Programmable (which they should, AFAIR I read that these keys are sent from the OS to all HIDs) then that would be enough. eg.: I'm writing a Script in AutoHotkey (AHK). I can add a If-statement in the script which checks if the compiled script is running with administrative privileges or not. If it doesn't, I can enable CapsLock with the script which would also be sent to the ducky, which knows then, when the script is executed. With this method, there could be a failsave implemented so that you've neither a too early Enter Keystroke from the duck OR a suspicious UAC window 5-15 secs on the screen while you are waiting for the duck. Any other If loops would be unnecessary. At least for Data exfiltration...
  2. Hi! I'm a quite long owner of multible teensys but sadly I haven't done much with them until I bought them. After watching the Show where Darren exfiltates Passwords with the Duck, I ordered one. A couple days later, the duck swam through my door ;) So I started writing my own little script wich calles another batch on the sd card, but I'm running in some issues. First and foremost, if I run the powershell command to gain administrative powers, time varies to display the UAC dialogue from pc to pc. Also, a program, like written in AutoHotkey or AutoIT could be stealthier than a batch file. This could be even more interesting since you are able to trigger Keystrokes with either Scriptlanguage. To interact with the duck, is there a possibility to write If-commands in the duck payload, so it waits to execute some code? If not, it would be a really nice addition to the duck. But if it isn't possible, may someone can explain me why? THXIA Obi-Wahn
  3. What about adding the "EulaAccepted" Regkey before? eg 4 pskill: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERSoftwareSysinternalsPsKill] "EulaAccepted"=dword:00000001 EDIT: Sorry, overread the last part of your 1st post. EDIT2: I've downloaded v 1.12 of pskill from microsoft, and see there, if you start it the first time with -accepteula, it accept the eula, and you can kill a process with the first run. I think this parameter is included to the ps-suite from now... eg: pskill.exe -accepteula winrar.exe EDIT3: M$ Technet Link to PsKill
  4. Heres mine... http://img153.imageshack.us/img153/9746/screenpi8.th.jpg[/img]
  5. All my released tools are Open-Source. just type "usb_copier.exe /Src" in the commandline. Coded in AHK, downloadable @ www.autohotkey.com
  6. Hi! Actually, I've coded something that copies the entire drive or even only specific filetypes from any removable drive. DOWNLOAD Just doubleclick it, and it'll ask you. But: I've tested the syntax. Doesn't matter if I try xcopy "D:*.doc" "C:files" /S /C /Q /R /H or even xcopy "D:*.doc" "C:files" /S /E /C /Q /R /H /Y it copies all files to the directory. Have you created the directory before?
  7. http://img153.imageshack.us/img153/9574/laptopscreendd2.th.jpg[/img] My new Laptop Desktop. I created a hybrid from a official AVP2 Wallpaper and a screenshot from the Homepage.
  8. @islandcastaway: No, it's an .u3p File (U3 Program Installation) but in fact U3P is a renamed .zip or .rar. It works, but maybe the Icon is false on your system.
  9. Sorry Guys for late answer but I've to do a lot in the past. @Skunkfoot: To 1st post: It's possible, that you cant just add the Hacksaw, because I've coded only the Switchblade part, and I never had to use the Hacksaw. If I found some time (maybe behind my desk *gg*) I look at the hacksaw and maybe -depends on time- I'll start developing. But it's possible that the release came in January or so (cause I've to sell @ my Christmas market). @RadarG: As far as I know, the entire Software is installed to the Writeable partition of the U3 Device. The Installations are Stored in "J:SystemApps" ("J" is the Letter of the writeable Partition), and my Switchblade should be in the Folder "65FAEC39-85E2-4CA5-A53F-D738C97D1538". It's possible that some AV scanners detect some stuff, but that's a false positive. Most Tools I've used are from Nirsoft, and they're often detected by Scanners, because they're looking for Passwords. It depends on the Scanner and/or the User Input if the Files are only blocked or deleted. I'm working on a solution to prevent the detection, but that's far away. The "ff_passwordsXX.txt" should contain Passwords of an Firefox Installation. It could be, that there's a Bug. I've to look at the Code to see if there's a failure. If there's so, I'll fix it.
  10. Reinstalled Machine, new Wallpaper and Rainmeter Skin... Rainmeter: Panthero Glass TopBar: Rocketdock Style: Aero Glass Light
  11. Wow. This is a awesome Background. May I get the Wallpaper from you (or a link) Thanks
  12. My September Desktop Wallpaper: Light Modification of a WP from NetTools 4.5 (Removed Nettools Logo and resized wallpaper) Cmd.exe: Console, Modifyed Console_small.xml Rainlendar: Clear Skin Top Bar: RocketDock Style: VTP 6.0 Clock: LClock OS: Windows XP SP 2 Home Edition Also Running: WinRoll, YZ Shadow
  13. @all: Rainmeter counts the Uptime since the last reboot/shutdown. My last reboot was 30 days before. But over night, my notebook is in idle state.
×
×
  • Create New...