DingleBerries

Pidgin is great, A+++++++++++++++ would use again

Linux Mint. I was tempted to do fedora, but i had to many issues with my wirless card, plus im not a guru or anything and Ubuntu is pretty noob friendly.

So if I was to buy a Fonera+, Jaseger should work out of the box? Sorry to take this off topic

No non of that, you are going to either have to transfer it via telnet of install a mailer.. haven't really gotten that far. The keylogger source isnt available, Im kinda of wary of releasing it.

QFE, somewhat. Regular backup and system checks are a good idea. I reinstall after every semester and burn all my papers/assignments/notes, music/videos is on a nas. For windows I would keep an updated version of your programs on a disk and install those, that way your not downloading them once your install has finished. But for now: Grab a copy of CCleaner and run it. Defrag your hhd and run the windows file cleaner. Run msconfig and turn off all the shit that you do not need, same goes with services in admin tools. Try to run this bat to clean out some old junk: C: cd "C:\Users\%USERNAME%\AppData\Local\Temp" DEL /q /s /f *.* C: cd "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files" DEL /q /s /f *.* cd C:\Windows\Temp DEL /q /s /f *.* del %temp%\. /f/s/q rd /s/q %temp%\ del %tmp%\. /f/s/q rd /s/q %tmp%\ del /f /s /q %systemdrive%\*.dmp del /f /s /q %systemdrive%\*.tmp del /f /s /q %systemdrive%\*._mp del /f /s /q %systemdrive%\*.log del /f /s /q %systemdrive%\*.old exit *Remembered pretty well for not having a windows box for a few months huh?*

is it rf or ir?

Feedback anyone? Is it working?

lol @ 51 plus

Vako's

That was really funny at first, but then i started thinking about how much that shit happens and it became sad and i became angry. Reformatting a laptop right now and the user is getting NO rights, all the software i want them to have is it. I wanted to be nice and offerer firefox and they said that "they didn't like it, it wasn't secure". I can see that to a point, untrusted addons, but seriously. AND The other day my grandmother's modem kicked bricks so the tech guy came out and installed a new one. He reset all the router configs and told her "I dont think i can fix this, you are running Win 98". The computer is brand new running vista without pretty graphics, thats what she is used to so that how we kept it. She called me and asked me to install vista for her because of this dicks uneducated observation. I mean really is this what we are funking doomed to? You dont have aero so you are running an older OS? FUCK THAT AND EVERY THING, now i am raging :/.

Excuse my ignorance but would it be possible to make a boot script that launches some vbs, that send the CTRL + ALT combination. If not you can duct tape the selected keys down, then you would still have to go around and take them off :/.

Are you using a built in windows command for this or a Systernal tool? Maybe DiskCat can do it, or some other third party tool?

Tanto Payload v. 1 HERE Note this is not a U3 payload, that part still needs work. I think this works, but it still needs beta testers. I only tried it in a VM(only windows machine I have). The .exe is linked to the VBS so do not change the name unless you change it in the vbs as well. The source is included as well as the Back door and keylogger. There are dumped log files and what not. I will do a virii scan here in a minute. System.exe is picked up as a virus by pretty much every virus protection, except: Avast CAT-QuickHeal eSafe eTrust-Vet Fortinet PCTools Prevx1 Sophos Symantec TheHacker TrendMicro ViRobot VirusBuster I will try to pack that later. The payload is flagged by eSafe and Panda. Ikarus says its adware, and F-Secure says "Tibs.DBVL". The keylogger isnt picked up.

What exactly are you having permission issues with? Can you set the .bat to have SYSTEM attributes?

I understand the whole patent pending thing, and all in all i wasn't very happy with the software(linux version). Any one with common sense can monitor their network traffic and see what is out of place, and that is pretty much what this does. I would rather have a way of getting rid of the bot, other than a complete wipe of my drive, then knowing where the traffic is going. Still, an interesting project with an interesting partner(US Military).

BotHunter is a passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter. Using an advanced infection-dialog-based event correlation engine (patent pending), BotHunter represents the most in-depth network-based malware infection diagnosis system available today. Available on Unix, Windows, and a Live CD. HERE

Here is another set-cam Air App, recommended by darren.

Yeah the whole pagefile thing is kind of crazy, Ive never used one larger than a gig. However it does make sense to grab it, somehow :/

Yeah i am going to pick that one up for back track and use my old one for docs and what not.

So far I think this tool is far more valuable than any of the hacksaws. I am amble to get so much more info, just planting malware isnt going to help me as much as know speicifics about the machine and what i can exploit. So here are my further suggestions I would follow the Federal Incident Reporting Guidelines and include this data in the dump. The rest is only to be written up in a report. Incident Reporting Guidelines Cont.(different links) Checks and Dumps Checks - Recycle Bin of each profile - Verify anti-virus logs for e.g. trojans received through e-mail - Use PestPatrol to find known backdoor software on the system - Verify the service pack level to assess known vulnerabilities (CSDVersion key in the registry) - Check the registry to obtain SIDs for those systems to which the current user has logged on. Users will only have the SID of a remote domain in their Profile list if they have successfully logged onto the domain in the past. CMD commands - rasusers – obtain all users connected through RAS. - net start – obtain a list of all running services - at – verify scheduled jobs with, especially for listening shells scheduled to start at certain times - netstat -anp – verify listening processes - fport – verify which processes have listening sockets open - listDLLs – show command line arguments for each process running Registry & File Name Dumps 1. Autoruns(Silent Runners: VBS script that dumps the autoruns/Vista compatible/possible alternative) - HKCU & HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run - HKCU & HKLM\Software\Microsoft\Windows\CurrentVersion\Run - HKCU & HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce - HKCU & HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices - HKCU & HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce - HKCU & HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows, the "run" and Load" keys. 2. Installed software(LINK for a vbs that does this)http://www.appdeploy.com/tips/detail.asp?id=128 - HKCU & HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall 3. Dump file list of Startup folder Other Dumps - Boot.ini and MBR - Event log - Page file for later analysis (win386.swp/pagefile.sys) Software to include on the drive(incase further measures are needed also all freeware and/or GPL'd) File/Disk Copying and Verification dd – For Windows DiskCat – Catalogues all files on disks Decode – Forensic Date/Time Decoder Forensic Toolkit – Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity Photo Analysis ExifViewer – Recover and display the metadata of pictures Internet tools CookieView – Cookie Decoder Pasco – Internet Explorer activity analysis tool, to help reconstruction a subject's internet activity Other Disable – Disables the keyboard. Used on a boot disk for evidence protection Phone/PDA Investigation Undelete SMS – Recover deleted SMS messages from a GSM SIM Pilot-Link – Dump ROM & RAM of a Palm Device POSE – Palm Emulator for ROM/RAM dump. Requires sign-up OTHER INFORMATION & DOCUMENTATION Forensics Wiki How to Seiz Digital Evidence PROTOCOL NUMBERS (last updated 2003-01-13) PORT NUMBERS(last updated 2008-11-24) Trojan Ports, Protocol and General Description Handy stuff for cisco routers Characterizing and Tracing Packet Floods Using Cisco Routers Note: I know this is lengthy, but computer forensics is kind of my passion. Many of the tolls mentioned my not be used with this payload, however are important none the less and should be looked at if you are conducting some type of work.

There are alot of virii that are able to get past virus protection, especially now with the availability of source code and the ease that it can be compiled(any nooblet can download bloodshed and open a file). I just try to stay clear of shady websites and I do not do warez. Running linux as my only OS also helps.

Maybe try FonSpot from time Warner, HERE. OR System Preferences>Sharing>Internet Select Built in Ethernet for "Share your connection from" Check mark "Ethernet Connection 2" and "Airport Click Airport Options, named my network, chose password. http://theappleblog.com/2008/05/22/create-...ion-in-leopard/ http://docs.info.apple.com/article.html?pa....5/en/8156.html

So far I've seen a 4GB Sandisk Thumb Drive at Walmart for 9 bucks... Not to bad and i need a new one

The only problem is formating the hhd so that you have a persistent boot. Ive seen instructions for it, but my usb drives arent large enough, >1GB.

Link to the instructable