sablefoxx Posted February 19, 2009 Share Posted February 19, 2009 (edited) A.P.E. The Attack Pre-Installed Environment About: Basically it is a bootable USB drive that will let you copy SAM files from the local system, install backdoors, crack passwords, edit any file you want, etc. All without the user's password! Its based off BartPE, unlike Backtrack this is designed more to help you compromise the local system faster and easier. This also has network support so you can FTP, or SSH the SAM file anywhere in the world. Let me know if you have any ideas on what to add, or if you think it sucks. I also wrote almost all the scripts, and loaders so let me if you find any bugs. Also feel free to post your own payloads, mods, etc, have fun! ^_^ Features:Password Attacks: GetSAM - Copies Local SAM file to removable drive CrackSAM - Cracks Local\Custom SAM file using OphCrack (non-gui) JohnTheRipper - Use CLI, X:\ape\johntheripper\run\. You may need to manually unload/load the reg hives to use this program (rh_load.exe and rh_unload.exe)Network Attacks:Wireshark - Packet Sniffer (BartPE Plugin)Cain & Able - ARP Cache Poison, among other things, note that not all functionality of this program can be used in P.E. Payloads: Cmdo - Installs a netcat backdoor to port 69 (Reverse Shell), use NConnect to connect to victim (fixed the bsod bug)HackSaw - Installs the hacksaw payload from P.E. RickR - Randomly Opens Up (in defualt browser) a Rick Roll FTPme - Installs a FTP server, shares entire C:\ on port 21 with no user/pass KeyB - Any keyboard input is converted to binary KeyL - Installs Keylogger, log saved to C:\WINDOWS\keyl.txt, looks like "svchost" when running. KeyR - All keyboard input is randomized, 1/10 Nums shuts computer off KeySh - Picks random key, and turns computer off when pressedUtilman Hacks:Replaces Utilman.exe with different payloads, to run press WinKey + U or (in vista/win7) press the blue circle in the lower left hand corner at the logon screen. The included payloads are;Root Account Maker - Creates an account on the local system Username: root Password: toor, remember if the 'Welcome Screen' is enabled you may need to reboot the system after running the payload for the new account to show up.Shell Spawn - Opens a command prompt as NT Authority\System (Vista\Win7 Only)SwitchBlade Exec - After reboot will execute Leapo's PocketKnife payload, the script goes from drive Z-->B looking for the file \SYSTEM\go.vbs Edit the sbexec.bat if you want it to run a different payload. If the payload isn't found it will ask you to run a custom file.Note: On Vista and Win7 you must select 'Yes' to set file permissions if asked, or the payloads wont workResource Tools:Notepad++ - Simple text editorResHacker - Resource editoreXe Scopre - Resource editorNetwork Tools:Angry IP Scanner - Fast and simple IP ScannerFireFox 1.5 - Web Browser (BartPE Plugin)Filezilla - FTP ClientPutty - SSH ClientUltra VNC Viewer - VNC (Remote Desktop) ClientScreen ShotDownloads:Current Release: Ver 0.8 Beta 5, 3/7/09Download APE v0.8 - Beta 5 (Fixed Link 3-15-2010)Ophcrack Rainbow Tables (Free):Download XP Rainbow TablesDownload Vista Rainbow Tables How to Install: 0. Download, Plug in USB Drive 1. Run Ape_USB.exe - (SFX RAR File) 2. (If doesn't autorun) Run "APE_USB_MAKE.bat" 3. (Optional) Configure Payload, or Patch in Rainbow Tables. 4. Go pull some pranks on your friends ;)Notes:Patching Rainbow Tables: Use your favorite ISO editor to patch the tables into the attackpe.iso, should be in the root of the thumb drive after running "APE_USB_MAKE.bat" or "Ape_USB.exe" Tables go in \ape\ophcrack_pe\tables\ you have to patch the tables in after building the .iso or the CRC gets fucked up and it won't boot! Edited March 16, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
Bakb0ne Posted February 19, 2009 Share Posted February 19, 2009 Sick dude. Nessus, and JohnTheRipper would be nice to see on there. Great set of tools, looking forward to using this personally. Quote Link to comment Share on other sites More sharing options...
m1k Posted February 19, 2009 Share Posted February 19, 2009 Got it! ;) Quote Link to comment Share on other sites More sharing options...
str33ts0ld13r Posted February 19, 2009 Share Posted February 19, 2009 thats sweet man. ive been playing with it in a VM for a few hours. i haven't had any problems with it. a few suggestions i could make would be to add cain & able (i know its a tool that is looked down upon but there is no denying that it dose have a lot of useful features) maybe wireshark. i like how the UI is real simple and not cluttered with things that you dont need. im really looking forward to the future releases! if i can help with anything pm me. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted February 19, 2009 Share Posted February 19, 2009 Ha, you got to it first. Great job, works as described. The only thing is the legality of using windows PE. I am working on some other things at that my help clear that up and just automate the process. Shot me a PM and maybe we can work on it together. Quote Link to comment Share on other sites More sharing options...
ElevenWarrior Posted February 20, 2009 Share Posted February 20, 2009 well done! I was hoping someone would do something like this, I would only suggest that you make the USB payloads either built in. (IE, password dumper etc) again, Good job! Quote Link to comment Share on other sites More sharing options...
m1k Posted February 20, 2009 Share Posted February 20, 2009 The box is done.... now let's put a lot of hack stuff inside! ;) Quote Link to comment Share on other sites More sharing options...
timmy Posted February 21, 2009 Share Posted February 21, 2009 You are like god in hak.5 nice work looking forward to trying it out Quote Link to comment Share on other sites More sharing options...
johnnyrage Posted February 21, 2009 Share Posted February 21, 2009 looking forward to trying this out but it doesnt have the drivers to access my laptops hard drive,i could add my own to it if it would be ok with the author to extract the iso a bit? Quote Link to comment Share on other sites More sharing options...
timmy Posted February 22, 2009 Share Posted February 22, 2009 Hey um i am sorry for asking this but how do u boot this off with unetbootin i have boot previous version of distros off usb using unetbootin. After i make the usb and boot it the screen is grey where it just countdowns the boot then loops again any ideas or am i just doing it wrong. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted February 22, 2009 Author Share Posted February 22, 2009 Hey um i am sorry for asking this but how do u boot this off with unetbootin i have boot previous version of distros off usb using unetbootin. After i make the usb and boot it the screen is grey where it just countdowns the boot then loops again any ideas or am i just doing it wrong. lol, your right. the version posted doesn't work with unetbootin (i was using an earlier test version on my drive). Working on a fix, ill let you know what i find. Quote Link to comment Share on other sites More sharing options...
timmy Posted February 22, 2009 Share Posted February 22, 2009 lol, your right. the version posted doesn't work with unetbootin (i was using an earlier test version on my drive). Working on a fix, ill let you know what i find. good that mean i was not not doing it wrong :P Thanx for the fix!!!! Quote Link to comment Share on other sites More sharing options...
m1k Posted February 22, 2009 Share Posted February 22, 2009 Xp and Vista versions ready... good work...indeed! ;) Quote Link to comment Share on other sites More sharing options...
jshmoe12 Posted February 23, 2009 Share Posted February 23, 2009 This is an awesome project. Props to you man. This has potential to be great. Will be testing through out the night, I will post back on my findings. :P Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted February 23, 2009 Share Posted February 23, 2009 Interesting project. I tried something similar for the USB Chainsaw that was never released. My goal was to boot a computer from the CDFS partition on a U3 drive (It actually shows up as a CDROM in the BIOS so many older computers that don't support USB Booting would still be viable targets). The target PC would boot into a freedos shell, from which they would automatically mount the local drive (even if it was NTFS formatted, I had a freedos driver for NTFS read support). The Chainsaw would then copy the SAM to the USB partition. The next step was to pwdump it and run it against a set of rainbow tables on the drive. Basically Ophcrack USB Live before it existed. I gave up soon into the project when I couldn't get rcrack to work. I should have just released it as is. Anyway, there is something to be said about a USB device that you can boot off that will automatically (and hopefully invisibly) grab the sam. Also remember if you're on the target PC's HDD in your own OS you can replace the accessibility program with your own. There was a hack last year floating around this forum where, if you could replace the file (in use when windows boots) you could simply press WIN+U at the XP Welcome screen to launch your own payload, no need to login. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted February 23, 2009 Author Share Posted February 23, 2009 Also remember if you're on the target PC's HDD in your own OS you can replace the accessibility program with your own. There was a hack last year floating around this forum where, if you could replace the file (in use when windows boots) you could simply press WIN+U at the XP Welcome screen to launch your own payload, no need to login. Hehe, i have already begun work on just such a payload... Quote Link to comment Share on other sites More sharing options...
m1k Posted February 24, 2009 Share Posted February 24, 2009 The project is growing...we stay tuned!!! ;) Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted February 27, 2009 Author Share Posted February 27, 2009 Released an update w/utilman hacks, let me know how they work :) (have only tested them in VMs so far) Note, if you use your USB drive you can put A.P.E. and Leapo's Pocketknife on it for all-in-one pwnage. Quote Link to comment Share on other sites More sharing options...
Jen Posted February 27, 2009 Share Posted February 27, 2009 Is there a full tut for this and can we remote-connect to control the comp? Quote Link to comment Share on other sites More sharing options...
ElevenWarrior Posted February 27, 2009 Share Posted February 27, 2009 yah! USB payloads are added. *downloads* Quote Link to comment Share on other sites More sharing options...
m1k Posted March 7, 2009 Share Posted March 7, 2009 v.0.8 has really a very straight installer! Quote Link to comment Share on other sites More sharing options...
Jen Posted March 8, 2009 Share Posted March 8, 2009 This requires us to boot from the usb to use the backdoors etc, right? Quote Link to comment Share on other sites More sharing options...
m1k Posted March 8, 2009 Share Posted March 8, 2009 Yes....except for Leapo's............. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted March 9, 2009 Author Share Posted March 9, 2009 This requires us to boot from the usb to use the backdoors etc, right? Only to install it, after that just run NConnect.bat (NetCat) from any computer in normal mode or PE. For the FTP payload use any FTP client you want, and its just a blank username/password. Still adding some stuff to this, remember its a work in progress. Quote Link to comment Share on other sites More sharing options...
Artoo Posted March 9, 2009 Share Posted March 9, 2009 Cmdo - Installs a netcat backdoor to port 69 (Reverse Shell), use NConnect to connect to victim (fixed the bsod bug) --> is it really that simple?? You just install that and than you are able to connect to your victim computer from let's say your home?? what about protection from the firewall of your router?? Just fire up Netcat en your of to go?ß Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.