Jump to content

HarshReality

Active Members
 View Profile  See their activity

  • Posts

    101

  • Joined

  • Last visited

 Content Type 

Posts posted by HarshReality

    Bnand2..

    in USB Hacks

    Posted

    Run USBDeview and post the PID and VID. Can't tell which is what from the pic.

    bNAND2 Memory USB Composite Device Unknown No Yes No No E: 101026060051 5/14/2012 8:03:55 AM 5/14/2012 8:04:50 AM 0693 0034 1.10 00 00 00 6&3145db5&1 usbccgp Microsoft USB Generic Parent Driver usbccgp.sys USB (Standard USB Host Controller) 2.00 USB Composite Device 5.1.2600.0 USB\Vid_0693&Pid_0034\101026060051

    bNAND2 Memory USB Mass Storage Device Mass Storage No No No No E: 5/14/2012 8:04:04 AM 5/14/2012 8:04:21 AM 0693 0034 1.10 08 06 50 7&38cde2cb&0 USBSTOR USB Mass Storage Driver USBSTOR.SYS USB Compatible USB storage device USB Mass Storage Device 5.1.2600.0 USB\Vid_0693&Pid_0034&MI_00\6&3145db5&1&0000

    bNAND2 Memory USB Human Interface Device HID (Human Interface Device) No Yes No No 5/14/2012 8:04:04 AM 5/14/2012 8:04:26 AM 0693 0034 1.10 03 00 00 7&10633502&0 HidUsb Microsoft HID Class Driver hidusb.sys HIDClass (Standard system devices) USB Human Interface Device 5.1.2600.5512 USB\Vid_0693&Pid_0034&MI_01\6&3145db5&1&0001

    Bnand2..

    in USB Hacks

    Posted

    Recently come into some USB drives with a U3 'like' partition. Trick is is a UD Hagiwara bNAND2 partition. Anybody know of tools that can remove or customize this bugger?

    Freenas Project

    in Questions

    Posted

    So, I want to pick Kitchen's brain... Love the show and hit them constantly but my current issue/tweak/project I am running in circles on.

    I had an older machine I installed FreeNAS on some time ago and used it as a media server for my networked xboxes running XBMC but that is neither here nor there. I build a new one with some donations and since we tend to stay with the things we are familiar with I again installed freenas.

    Specs are here: http://only-harshreality.com/?p=25

    Anyway, I activated tftp and setup a series of linux network installs & clonezilla (network booting, also on the blog) as my kids hate windows (I am so proud). Problem is my wife only knows windows.. the only way I get her to upgrade is forced but I am trying to setup RIS working with freenas so I can do a network install of windows XP using the network boot.

    I know.. there are several who would say I should use this or that but the trick is I am trying to get it to work with what I have at hand ;) Soooo Mr. Kitchen what do you have in your bag of tricks ;)

    All switchblade files on cd partition (U3)

    in USB Hacks

    Posted

    I know you can add the files to the iso and then flash it, I also think you can vary the size of the cd partition if that helps the payload.

    Your idea intregues me, Shouldnt it be possible to use command lines to search for a specific file in only the root directory of each disk, And dump the first letter as a variable in the go.cmd ?

    Or possibly add some "unix" executables too the drive, I think there are tools for that kind of stuff in some of them executables.

    I have been given the impression (and I cant recall where.. Im thinking DD in linux) that the size of the ISO partition is limited by the drives actual capacity and can be simply resized when flashing. While I havent tested this to validate if that is the case what would be the problem?

    USB Powersaw

    in USB Hacks

    Posted

    I am working on my own USB payload. I name it... USB Powersaw. I will be posting my development of the project here. I will post version 1.0 later today. Just thought I would get the form post running.

    Could you elaborate on the differences.. I dont think you'll get much of a response just hanging your load.

    U3 Incident Response Payload

    in USB Hacks

    Posted

    I cant do a direct dump using dir but find it can be done with multiple command lines..

    cd %ALLUSERSPROFILE%\Start Menu
dir * >> %1\output\%computername%\allusersstart-%computername%.txt

    Course this is most likely not the preferred way but it does get the results done making use of an environment variable and like the rest of your script is using only command line.

    Non-U3 haksaw

    in USB Hacks

    Posted

    The hacksaw can be extracted and placed on a non u3 drive and ran via autorun.ini if needed but the email aspect of the program is typically regarded as spyware or virus and immediately denied the ability to run and/or removed by antivirus programs. This is why its placed by the majority on a U3 partition so the system cant delete the programs.

    U3 Incident Response Payload

    in USB Hacks

    Posted

    Many of the things DingleBerries suggested are lready included, so definitely make sure to check the latest version. The issue with checking AV logs is the log file paths vary between AV vendors and this needs to be as vendor neutral as possible. Some things I have been working on myself, but I have a weird issue happening...I can run the command from the command line myself, but when it is executed from the U3 image, there are permissions issues.

    Got a sample? I have.. 4 XP based terminals here at home running I could test on. The only permission issue I could see would be with autorun and execution but I could most likely be wrong.

    U3 Incident Response Payload

    in USB Hacks

    Posted

    ic, and i mean the no drive error, i mean the no disk error. you know, the one with the pocket-knife? how if there are multimedia dries, they give no disk error because there's no content in them

    The only time I got error was when the launchpad was incompatible (the old launch didnt work well with XP till I updated..)

    U3 Incident Response Payload

    in USB Hacks

    Posted

    Added my suggestion above to export 'Error' from System logging. (Note /V is detailed description). Didnt see a point in doing Warnings as Im mainly concerned with issues that dont function.

    REM Grab Sytem Error Log for Review (Error ONLY)
cscript %WINDIR%\System32\eventquery.vbs /fi "Type eq Error" /V /L System >> %1\output\%computername%\syslog-%computername%.txt
REM Grab Application Error Logs for Review
cscript %WINDIR%\System32\eventquery.vbs /fi "Type eq Error" /V /L Application >> %1\output\%computername%\syslog-%computername%.txt

    U3 Incident Response Payload

    in USB Hacks

    Posted

    Hey all sorry for the lack of updates and versions. I'm working on testing some of the latest ideas you guys have, but unfortunately the stuff I have to do to pay my bills (i.e. work) has taken over the better portion of my time lately. I'll have a new version out by the weekend hopefully. Thanks for being patient!

    Sweet, I seem to have lost track of this thread myself.. I rather like beakmyn's idea about on the fly downloads the only question would be where it stores them pre-run and if removed completely on post run.. if 'yadda.exe' isnt present download and run it if internet connection is present else command line fu. In terms of the registry I agree first run and run are typically where the spy/malware hide to reinstall themselves so for efficiency it would be required rather than a complete dump.

    Since your doing the command line.. how would we do a list of restore points on the machine?

    AND, since your point of externl observation was brought up earlier.. might want to consider exporting your error logs (if applicable). see ref: http://articles.techrepublic.com.com/5100-...11-5786621.html but rather than scan the whole of the logs for "warning" or "error" from the beginning of time perhaps limit the backtrace to 2 weeks since its a first response tool.

    **That will be a stupid question on my part no doubt. I have GOT to stop editing this thread! Now.. I wonde if I can trick this out like Beaker did and have it in a folder with HTML output to link to the files for easier review... Damn.. not coming back here for a week

×
×
  • Create New...