Jump to content

Obi-Wahn

Active Members
  • Posts

    58
  • Joined

  • Last visited

Everything posted by Obi-Wahn

  1. Well, if the LOCK-Keys are If-Programmable (which they should, AFAIR I read that these keys are sent from the OS to all HIDs) then that would be enough. eg.: I'm writing a Script in AutoHotkey (AHK). I can add a If-statement in the script which checks if the compiled script is running with administrative privileges or not. If it doesn't, I can enable CapsLock with the script which would also be sent to the ducky, which knows then, when the script is executed. With this method, there could be a failsave implemented so that you've neither a too early Enter Keystroke from the duck OR a suspicious UAC window 5-15 secs on the screen while you are waiting for the duck. Any other If loops would be unnecessary. At least for Data exfiltration...
  2. Hi! I'm a quite long owner of multible teensys but sadly I haven't done much with them until I bought them. After watching the Show where Darren exfiltates Passwords with the Duck, I ordered one. A couple days later, the duck swam through my door ;) So I started writing my own little script wich calles another batch on the sd card, but I'm running in some issues. First and foremost, if I run the powershell command to gain administrative powers, time varies to display the UAC dialogue from pc to pc. Also, a program, like written in AutoHotkey or AutoIT could be stealthier than a batch file. This could be even more interesting since you are able to trigger Keystrokes with either Scriptlanguage. To interact with the duck, is there a possibility to write If-commands in the duck payload, so it waits to execute some code? If not, it would be a really nice addition to the duck. But if it isn't possible, may someone can explain me why? THXIA Obi-Wahn
  3. What about adding the "EulaAccepted" Regkey before? eg 4 pskill: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERSoftwareSysinternalsPsKill] "EulaAccepted"=dword:00000001 EDIT: Sorry, overread the last part of your 1st post. EDIT2: I've downloaded v 1.12 of pskill from microsoft, and see there, if you start it the first time with -accepteula, it accept the eula, and you can kill a process with the first run. I think this parameter is included to the ps-suite from now... eg: pskill.exe -accepteula winrar.exe EDIT3: M$ Technet Link to PsKill
  4. Heres mine... http://img153.imageshack.us/img153/9746/screenpi8.th.jpg[/img]
  5. All my released tools are Open-Source. just type "usb_copier.exe /Src" in the commandline. Coded in AHK, downloadable @ www.autohotkey.com
  6. Hi! Actually, I've coded something that copies the entire drive or even only specific filetypes from any removable drive. DOWNLOAD Just doubleclick it, and it'll ask you. But: I've tested the syntax. Doesn't matter if I try xcopy "D:*.doc" "C:files" /S /C /Q /R /H or even xcopy "D:*.doc" "C:files" /S /E /C /Q /R /H /Y it copies all files to the directory. Have you created the directory before?
  7. http://img153.imageshack.us/img153/9574/laptopscreendd2.th.jpg[/img] My new Laptop Desktop. I created a hybrid from a official AVP2 Wallpaper and a screenshot from the Homepage.
  8. @islandcastaway: No, it's an .u3p File (U3 Program Installation) but in fact U3P is a renamed .zip or .rar. It works, but maybe the Icon is false on your system.
  9. Sorry Guys for late answer but I've to do a lot in the past. @Skunkfoot: To 1st post: It's possible, that you cant just add the Hacksaw, because I've coded only the Switchblade part, and I never had to use the Hacksaw. If I found some time (maybe behind my desk *gg*) I look at the hacksaw and maybe -depends on time- I'll start developing. But it's possible that the release came in January or so (cause I've to sell @ my Christmas market). @RadarG: As far as I know, the entire Software is installed to the Writeable partition of the U3 Device. The Installations are Stored in "J:SystemApps" ("J" is the Letter of the writeable Partition), and my Switchblade should be in the Folder "65FAEC39-85E2-4CA5-A53F-D738C97D1538". It's possible that some AV scanners detect some stuff, but that's a false positive. Most Tools I've used are from Nirsoft, and they're often detected by Scanners, because they're looking for Passwords. It depends on the Scanner and/or the User Input if the Files are only blocked or deleted. I'm working on a solution to prevent the detection, but that's far away. The "ff_passwordsXX.txt" should contain Passwords of an Firefox Installation. It could be, that there's a Bug. I've to look at the Code to see if there's a failure. If there's so, I'll fix it.
  10. Reinstalled Machine, new Wallpaper and Rainmeter Skin... Rainmeter: Panthero Glass TopBar: Rocketdock Style: Aero Glass Light
  11. Wow. This is a awesome Background. May I get the Wallpaper from you (or a link) Thanks
  12. My September Desktop Wallpaper: Light Modification of a WP from NetTools 4.5 (Removed Nettools Logo and resized wallpaper) Cmd.exe: Console, Modifyed Console_small.xml Rainlendar: Clear Skin Top Bar: RocketDock Style: VTP 6.0 Clock: LClock OS: Windows XP SP 2 Home Edition Also Running: WinRoll, YZ Shadow
  13. @all: Rainmeter counts the Uptime since the last reboot/shutdown. My last reboot was 30 days before. But over night, my notebook is in idle state.
  14. My Notebook desktop. Modified Wallpaper (original 4:3, now 16:10) ORIGINAL WALLPAPER
  15. I found a big bug into my switchblade. On one system, Switchblade hangs when Ignoremycomputers=Yes. I'll fix it, and upload it asap.
  16. @Charlie: Believe it or not, I wasn't ever on myspace, so may your post is joke (cause of "lol") or not. If not, show me a tool, and I'll try it. @setzer: Actually, I've tested it only on AVG, Norman and Avast AV. And there wasn't any beep (accordingly to ZA Firewall). And I've add a FF password reader, which works on a testinstallation of FF on my machine. Setting into the .ini File: Section "DUMP", Key "FFPasswords"
  17. May I do, but file.exe is in fact a updated version of fc.exe. I've fixed several bugs and added more features. however, at the moment, I've currently a lot to do with my diploma thesis, so I don't do very much coding work now. May I seperate the copy-part of file.exe and put it into a updated version of fc.exe
  18. After installation of the Package, you have to start the switchblade on your computer. It'll create a hidden Directory "Switchblade" on the writeable partition. there are two files into. A processlist and a .ini-File. In the .ini File, there's a Section called Mycomputers. There you can add computers / users to ignore by adding lines like "index=Computername_username". on startup, it checks the section and if it's plugged into a system with the correct Computer_Username combination, it'll exit. Example: [MYCOMPUTERS] # If you want to add more Computer-User combinations # Write in every line a Array of numbers. Eg: # 1=Computername_Username # 2=... # ... 1=OBI-WAHN_Andreas 2=ANDREAS_Obi-Wahn This is my configuration. The #1 entry is filled in by starting the package the first time. so you have to plugged it into your computer while starting. Yes. I mean this dialog.
  19. Of course, that's right, but this will work only with a few items in the list. If there are many Items, may it's chaos in the list or -'d be worse- on a lower res, you wouldn't see all items. BTW.: I think "modern" computers (from P2 with 128 MB RAM upwards) should be able to handle a process that "weight" 7.5 Megs of RAM.
  20. Thanks. Unfortunately, I detect one bug til jet. On the Searchmask if the search should performed into a subfolder, containing a plus symbol (+), then it doesn't work. Because I split the Searchmasks on a plus symbol. I've to change this, but at the moment I've only a rare amount of time. EDIT: New tool added: pkill.exe
  21. May THIS will work. And yes, I wrote the complete switchblade (.exe / .bat, Manifest-File, processlist) and created the Icon, based on the Switchblade-logo from the wiki and the HAK5 logo.
  22. Sorry. I had to hurry up yesterday. However. Usage added @ first post. Yes, the .u3p package has to use with a Stock u3 drive (which I use). After installation of the u3 package, you have to go to the manage programs dialog, and activate "start on insertion" for the switchblade. Then (without terminating and restarting processes) it takes about 45 Seconds, depending on the computer to dump all informations. I've configurated my switchblade not to kill and restart processes. I've only added this feature if e.g. a scanner detects a tool as a virus, but scanned with Avast, AVG and Norton, nothing happend.
×
×
  • Create New...