Jump to content

The Attack Pre-Installed Environment


sablefoxx

Recommended Posts

A.P.E.
The Attack Pre-Installed Environment


About:

Basically it is a bootable USB drive that will let you copy SAM files from the local system, install backdoors, crack passwords, edit any file you want, etc. All without the user's password! Its based off BartPE, unlike Backtrack this is designed more to help you compromise the local system faster and easier. This also has network support so you can FTP, or SSH the SAM file anywhere in the world. Let me know if you have any ideas on what to add, or if you think it sucks. I also wrote almost all the scripts, and loaders so let me if you find any bugs. Also feel free to post your own payloads, mods, etc, have fun! ^_^

Features:

Password Attacks:
GetSAM - Copies Local SAM file to removable drive
CrackSAM - Cracks Local\Custom SAM file using OphCrack (non-gui)
JohnTheRipper - Use CLI, X:\ape\johntheripper\run\. You may need to manually unload/load the reg hives to use this program (rh_load.exe and rh_unload.exe)

Network Attacks:
Wireshark - Packet Sniffer (BartPE Plugin)
Cain & Able - ARP Cache Poison, among other things, note that not all functionality of this program can be used in P.E.

Payloads:
Cmdo - Installs a netcat backdoor to port 69 (Reverse Shell), use NConnect to connect to victim (fixed the bsod bug)
HackSaw - Installs the hacksaw payload from P.E.
RickR - Randomly Opens Up (in defualt browser) a Rick Roll
FTPme - Installs a FTP server, shares entire C:\ on port 21 with no user/pass
KeyB - Any keyboard input is converted to binary
KeyL - Installs Keylogger, log saved to C:\WINDOWS\keyl.txt, looks like "svchost" when running.
KeyR - All keyboard input is randomized, 1/10 Nums shuts computer off
KeySh - Picks random key, and turns computer off when pressed

Utilman Hacks:
Replaces Utilman.exe with different payloads, to run press WinKey + U or (in vista/win7) press the blue circle in the lower left hand corner at the logon screen. The included payloads are;

Root Account Maker - Creates an account on the local system Username: root Password: toor, remember if the 'Welcome Screen' is enabled you may need to reboot the system after running the payload for the new account to show up.
Shell Spawn - Opens a command prompt as NT Authority\System (Vista\Win7 Only)
SwitchBlade Exec - After reboot will execute Leapo's PocketKnife payload, the script goes from drive Z-->B looking for the file \SYSTEM\go.vbs Edit the sbexec.bat if you want it to run a different payload. If the payload isn't found it will ask you to run a custom file.
Note: On Vista and Win7 you must select 'Yes' to set file permissions if asked, or the payloads wont work

Resource Tools:
Notepad++ - Simple text editor
ResHacker - Resource editor
eXe Scopre - Resource editor

Network Tools:
Angry IP Scanner - Fast and simple IP Scanner
FireFox 1.5 - Web Browser (BartPE Plugin)
Filezilla - FTP Client
Putty - SSH Client
Ultra VNC Viewer - VNC (Remote Desktop) Client

Screen Shot
1zf1ixh.png

Downloads:
Current Release: Ver 0.8 Beta 5, 3/7/09
Download APE v0.8 - Beta 5
(Fixed Link 3-15-2010)
Ophcrack Rainbow Tables (Free):

Download XP Rainbow Tables
Download Vista Rainbow Tables


How to Install:

0. Download, Plug in USB Drive
1. Run Ape_USB.exe - (SFX RAR File)
2. (If doesn't autorun) Run "APE_USB_MAKE.bat"
3. (Optional) Configure Payload, or Patch in Rainbow Tables.
4. Go pull some pranks on your friends ;)

Notes:
Patching Rainbow Tables:
Use your favorite ISO editor to patch the tables into the attackpe.iso, should be in the root of the thumb drive after running "APE_USB_MAKE.bat" or "Ape_USB.exe" Tables go in \ape\ophcrack_pe\tables\ you have to patch the tables in after building the .iso or the CRC gets fucked up and it won't boot! Edited by sablefoxx
Link to comment
Share on other sites

  • Replies 146
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Sick dude.

Nessus, and JohnTheRipper would be nice to see on there.

Great set of tools, looking forward to using this personally.

Link to comment
Share on other sites

thats sweet man. ive been playing with it in a VM for a few hours. i haven't had any problems with it. a few suggestions i could make would be to add cain & able (i know its a tool that is looked down upon but there is no denying that it dose have a lot of useful features) maybe wireshark. i like how the UI is real simple and not cluttered with things that you dont need. im really looking forward to the future releases! if i can help with anything pm me.

Link to comment
Share on other sites

Hey um i am sorry for asking this but how do u boot this off with unetbootin i have boot previous version of distros off usb using unetbootin. After i make the usb and boot it the screen is grey where it just countdowns the boot then loops again any ideas or am i just doing it wrong.

Link to comment
Share on other sites

Hey um i am sorry for asking this but how do u boot this off with unetbootin i have boot previous version of distros off usb using unetbootin. After i make the usb and boot it the screen is grey where it just countdowns the boot then loops again any ideas or am i just doing it wrong.

lol, your right. the version posted doesn't work with unetbootin (i was using an earlier test version on my drive). Working on a fix, ill let you know what i find.

Link to comment
Share on other sites

This is an awesome project. Props to you man. This has potential to be great. Will be testing through out the night, I will post back on my findings. :P

Link to comment
Share on other sites

Interesting project. I tried something similar for the USB Chainsaw that was never released. My goal was to boot a computer from the CDFS partition on a U3 drive (It actually shows up as a CDROM in the BIOS so many older computers that don't support USB Booting would still be viable targets).

The target PC would boot into a freedos shell, from which they would automatically mount the local drive (even if it was NTFS formatted, I had a freedos driver for NTFS read support). The Chainsaw would then copy the SAM to the USB partition. The next step was to pwdump it and run it against a set of rainbow tables on the drive.

Basically Ophcrack USB Live before it existed. I gave up soon into the project when I couldn't get rcrack to work. I should have just released it as is.

Anyway, there is something to be said about a USB device that you can boot off that will automatically (and hopefully invisibly) grab the sam.

Also remember if you're on the target PC's HDD in your own OS you can replace the accessibility program with your own. There was a hack last year floating around this forum where, if you could replace the file (in use when windows boots) you could simply press WIN+U at the XP Welcome screen to launch your own payload, no need to login.

Link to comment
Share on other sites

Also remember if you're on the target PC's HDD in your own OS you can replace the accessibility program with your own. There was a hack last year floating around this forum where, if you could replace the file (in use when windows boots) you could simply press WIN+U at the XP Welcome screen to launch your own payload, no need to login.

Hehe, i have already begun work on just such a payload...

34ql2er.png

Link to comment
Share on other sites

Released an update w/utilman hacks, let me know how they work :) (have only tested them in VMs so far)

Note, if you use your USB drive you can put A.P.E. and Leapo's Pocketknife on it for all-in-one pwnage.

Link to comment
Share on other sites

This requires us to boot from the usb to use the backdoors etc, right?

Only to install it, after that just run NConnect.bat (NetCat) from any computer in normal mode or PE. For the FTP payload use any FTP client you want, and its just a blank username/password. Still adding some stuff to this, remember its a work in progress.

Link to comment
Share on other sites

Cmdo - Installs a netcat backdoor to port 69 (Reverse Shell), use NConnect to connect to victim (fixed the bsod bug)

--> is it really that simple?? You just install that and than you are able to connect to your victim computer from let's say your home?? what about protection from the firewall of your router?? Just fire up Netcat en your of to go?ß

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...