-
Posts
58 -
Joined
-
Last visited
Posts posted by Obi-Wahn
-
-
Hi!
I'm a quite long owner of multible teensys but sadly I haven't done much with them until I bought them. After watching the Show where Darren exfiltates Passwords with the Duck, I ordered one.
A couple days later, the duck swam through my door ;)
So I started writing my own little script wich calles another batch on the sd card, but I'm running in some issues.
First and foremost, if I run the powershell command to gain administrative powers, time varies to display the UAC dialogue from pc to pc.
Also, a program, like written in AutoHotkey or AutoIT could be stealthier than a batch file.
This could be even more interesting since you are able to trigger Keystrokes with either Scriptlanguage.
To interact with the duck, is there a possibility to write If-commands in the duck payload, so it waits to execute some code?
If not, it would be a really nice addition to the duck.
But if it isn't possible, may someone can explain me why?
THXIA
Obi-Wahn
-
Episode 4x15
in Hak5
Cool episode. I liked the skype interview. It was really different.
As far as it belongs to mp3, I have only 10-12 Gig of MP3, which are basically ripped from CDs I have, or downloaded from Jamendo.com and Chilirec.com
Another gig are streams from the CCC (Chaos Computer Club [Germany/German]).
I personally use MP3Tag to sort and tag my collection, which is very handy, because I can query the freedb, amazon.com and amazon.de for tags. It takes only 2 clicks to rename the files with the tag-data or change the tag-data from the filename.
-
What about adding the "EulaAccepted" Regkey before?
eg 4 pskill:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERSoftwareSysinternalsPsKill] "EulaAccepted"=dword:00000001
EDIT: Sorry, overread the last part of your 1st post.
EDIT2: I've downloaded v 1.12 of pskill from microsoft, and see there, if you start it the first time with -accepteula, it accept the eula, and you can kill a process with the first run. I think this parameter is included to the ps-suite from now...
eg:
pskill.exe -accepteula winrar.exe
EDIT3: M$ Technet Link to PsKill
-
-
All my released tools are Open-Source. just type "usb_copier.exe /Src" in the commandline. Coded in AHK, downloadable @ www.autohotkey.com
-
Hi!
Actually, I've coded something that copies the entire drive or even only specific filetypes from any removable drive.
Just doubleclick it, and it'll ask you.
But:
I've tested the syntax. Doesn't matter if I try
xcopy "D:*.doc" "C:files" /S /C /Q /R /H
or even
xcopy "D:*.doc" "C:files" /S /E /C /Q /R /H /Y
it copies all files to the directory.
Have you created the directory before?
-
http://img153.imageshack.us/img153/9574/laptopscreendd2.th.jpg[/img]
My new Laptop Desktop.
I created a hybrid from a official AVP2 Wallpaper and a screenshot from the Homepage.
-
@islandcastaway: No, it's an .u3p File (U3 Program Installation) but in fact U3P is a renamed .zip or .rar. It works, but maybe the Icon is false on your system.
-
@USBHacker: I'll try...
-
Sorry Guys for late answer but I've to do a lot in the past.
@Skunkfoot: To 1st post: It's possible, that you cant just add the Hacksaw, because I've coded only the Switchblade part, and I never had to use the Hacksaw. If I found some time (maybe behind my desk *gg*) I look at the hacksaw and maybe -depends on time- I'll start developing.
But it's possible that the release came in January or so (cause I've to sell @ my Christmas market).
@RadarG: As far as I know, the entire Software is installed to the Writeable partition of the U3 Device. The Installations are Stored in "J:SystemApps" ("J" is the Letter of the writeable Partition), and my Switchblade should be in the Folder "65FAEC39-85E2-4CA5-A53F-D738C97D1538".
It's possible that some AV scanners detect some stuff, but that's a false positive. Most Tools I've used are from Nirsoft, and they're often detected by Scanners, because they're looking for Passwords. It depends on the Scanner and/or the User Input if the Files are only blocked or deleted. I'm working on a solution to prevent the detection, but that's far away.
The "ff_passwordsXX.txt" should contain Passwords of an Firefox Installation. It could be, that there's a Bug. I've to look at the Code to see if there's a failure. If there's so, I'll fix it.
-
-
-
My September Desktop
Wallpaper: Light Modification of a WP from NetTools 4.5 (Removed Nettools Logo and resized wallpaper)
Cmd.exe: Console, Modifyed Console_small.xml
Rainlendar: Clear Skin
Top Bar: RocketDock
Style: VTP 6.0
Clock: LClock
OS: Windows XP SP 2 Home Edition
Also Running: WinRoll, YZ Shadow
-
cmd.exe or Autohotkey
-
@all: Rainmeter counts the Uptime since the last reboot/shutdown. My last reboot was 30 days before. But over night, my notebook is in idle state.
-
Rainmeter, Digi-Skin
-
-
I found a big bug into my switchblade.
On one system, Switchblade hangs when Ignoremycomputers=Yes.
I'll fix it, and upload it asap.
-
@Charlie: Believe it or not, I wasn't ever on myspace, so may your post is joke (cause of "lol") or not. If not, show me a tool, and I'll try it.
@setzer: Actually, I've tested it only on AVG, Norman and Avast AV. And there wasn't any beep (accordingly to ZA Firewall). And I've add a FF password reader, which works on a testinstallation of FF on my machine. Setting into the .ini File: Section "DUMP", Key "FFPasswords"
-
May I do, but file.exe is in fact a updated version of fc.exe. I've fixed several bugs and added more features. however, at the moment, I've currently a lot to do with my diploma thesis, so I don't do very much coding work now.
May I seperate the copy-part of file.exe and put it into a updated version of fc.exe
-
After installation of the Package, you have to start the switchblade on your computer.
It'll create a hidden Directory "Switchblade" on the writeable partition. there are two files into. A processlist and a .ini-File.
In the .ini File, there's a Section called Mycomputers. There you can add computers / users to ignore by adding lines like "index=Computername_username".
on startup, it checks the section and if it's plugged into a system with the correct Computer_Username combination, it'll exit.
Example:
[MYCOMPUTERS] # If you want to add more Computer-User combinations # Write in every line a Array of numbers. Eg: # 1=Computername_Username # 2=... # ... 1=OBI-WAHN_Andreas 2=ANDREAS_Obi-Wahn
This is my configuration. The #1 entry is filled in by starting the package the first time. so you have to plugged it into your computer while starting.
Yes. I mean this dialog.
-
I like this better than all those start menu replacement programs, because this does not add a process, and thereby uses no ram or CPU cycles.
Of course, that's right, but this will work only with a few items in the list. If there are many Items, may it's chaos in the list or -'d be worse- on a lower res, you wouldn't see all items.
BTW.: I think "modern" computers (from P2 with 128 MB RAM upwards) should be able to handle a process that "weight" 7.5 Megs of RAM.
-
Thanks.
Unfortunately, I detect one bug til jet. On the Searchmask if the search should performed into a subfolder, containing a plus symbol (+), then it doesn't work. Because I split the Searchmasks on a plus symbol.
I've to change this, but at the moment I've only a rare amount of time.
EDIT: New tool added: pkill.exe
-
May THIS will work.
And yes, I wrote the complete switchblade (.exe / .bat, Manifest-File, processlist) and created the Icon, based on the Switchblade-logo from the wiki and the HAK5 logo.
If query from the duck
in Classic USB Rubber Ducky
Posted
Well, if the LOCK-Keys are If-Programmable (which they should, AFAIR I read that these keys are sent from the OS to all HIDs) then that would be enough.
eg.: I'm writing a Script in AutoHotkey (AHK). I can add a If-statement in the script which checks if the compiled script is running with administrative privileges or not. If it doesn't, I can enable CapsLock with the script which would also be sent to the ducky, which knows then, when the script is executed.
With this method, there could be a failsave implemented so that you've neither a too early Enter Keystroke from the duck OR a suspicious UAC window 5-15 secs on the screen while you are waiting for the duck.
Any other If loops would be unnecessary. At least for Data exfiltration...