DingleBerries Posted March 26, 2009 Share Posted March 26, 2009 So all the payloads are pretty much played out or detected by AV. What I say is that we all get some ideas together and some custom code in order to make a newer, better, bundle. So far I like the idea of a back door that can wget and execute files. Installing other things from there is a snap. I am working on a "system profiler", dumps some info, so if you guys have anything else lets get it together and start a new. Quote Link to comment Share on other sites More sharing options...
messsy Posted March 26, 2009 Share Posted March 26, 2009 ild like to be involved with this, well the undetecting i will do. i also think that the readme should be as clear as possible, maybe 2 versions of it, 1 for total n00bs and 1 just for regular users, i think this will stop threads getting jam packed and would certainly be more user friendly. now with the undetecting work what is best? crypting the files or hexing them out, i say this because some people might not want to run a crypted file (unless it is analized by admin) but yeah i like the idea of a new payload Quote Link to comment Share on other sites More sharing options...
Destro Posted March 26, 2009 Share Posted March 26, 2009 I can do a little if you would like. I am not sure you can do this, but why not throw a zinger at the av. How bout we hex and encrpyt files, mix it up. I am not sure you can do this, but I remeber reading about it. Or maybe make multiple folders of payloads an a list of scripts that give runtimes etc... cheers, Destro Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 26, 2009 Author Share Posted March 26, 2009 Hexing the old payloads al good and dandy but I am think of making something new. However there are a few tools that would be nice, like pwdump. Quote Link to comment Share on other sites More sharing options...
messsy Posted March 26, 2009 Share Posted March 26, 2009 ok ive done PSPV.exe and working on IEPV.exe Ill do PWDUMP.exe next, then which other files? edit: these are been hexed not crypted Quote Link to comment Share on other sites More sharing options...
pritchard9 Posted March 26, 2009 Share Posted March 26, 2009 awesome guys. great ideas. kinda been worried about the USB hacks section, seems to have died a little. If there can be atleast one more push, ill be happy :). Any way i can help, give me a shout. Cheers, Pritchardo92 Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 26, 2009 Author Share Posted March 26, 2009 The problem with hexing it is that different avs detect different signatures and the good one, NOD32, will detect it even if it in caps. Still looking for ideas. So far I am liking Back door(Wget, Execute) Slurper Keylogger Firefox grabber Chrome grabber If anyone knows some reg keys that can be cracked or contain plain text passwords that would be great, like aim. Quote Link to comment Share on other sites More sharing options...
Destro Posted March 26, 2009 Share Posted March 26, 2009 If you really want to get black hat go with a rootkit for the back door + wget. cheers, Destro Quote Link to comment Share on other sites More sharing options...
messsy Posted March 26, 2009 Share Posted March 26, 2009 lol nod32's no problem, i was thinking about a crypter to execute them as system and run/fake as a different process how about a run custom exe if your going down that road, so user can deploy further exe's like backdoor, stealer or an upgrade, ild be willing to impliment a crypter to the project so the user could select custom exe to be crypted, this way the crypter will need updating which i will do as well as host any files needed ;) p.s need quick answer to this, im working on PWDUMP.exe now but i need to test it to see if i have broken it, whats the easyest way to test if the exe is still working as it has no gui Quote Link to comment Share on other sites More sharing options...
Jen Posted March 28, 2009 Share Posted March 28, 2009 How about secretly installing a RAT ? Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 29, 2009 Author Share Posted March 29, 2009 Messy, Run it in a VM Quote Link to comment Share on other sites More sharing options...
timmy Posted March 29, 2009 Share Posted March 29, 2009 The thing i dont like about RAT and anything that you have remote control of its hard to make it untraceable Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 29, 2009 Author Share Posted March 29, 2009 Wrong timmy. Use upd(get past FW) with encryption or encryption in general. Dont use your internet, instead hack some wifi or jump on an open network. It really isnt all that hard. I can see if you have a rat that calls home(reverse connection). The RAT should not send emails either. Quote Link to comment Share on other sites More sharing options...
pritchard9 Posted March 30, 2009 Share Posted March 30, 2009 Okay. This is a stupid idea, and there will be holes punched in it with ease. But how about a totally different look at this. Okay, stealth is important. So people have decided to try and disable the AVs, which has proved to be rather ineffective. Is it possible to use some kind of DoS attack on them? Make them total up a large number of detections, in order to miss out maybe one or two lines of code? Sure, itd be seen by whoevers PC it is, but if you have time to plug in a USB, maybe youl have time to run another script that could either clear the detection log of the AV, or just close all of the "Detection Found!" windows.. Just an idea. Totally improbable, but I thought I might aswell speak up about it. Also this would be totally independant to the AV.. EDIT: Basically a buffer overflow. Why I didnt use that phrase earlier, I dont know lol. Quote Link to comment Share on other sites More sharing options...
messsy Posted March 30, 2009 Share Posted March 30, 2009 ok dingleberries the pwdump has no interface as it flashes a cmd screen, i have no way of telling if i have broke it if they are not runtime i will crypt them but scantime for now until i can test properly the files with no gui. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 30, 2009 Author Share Posted March 30, 2009 I have a tool to dump the lmhashs, just most people do not have rainbow tables and brute forcing takes a while. I have some free time today to work on it all. Quote Link to comment Share on other sites More sharing options...
messsy Posted March 30, 2009 Share Posted March 30, 2009 be nice to use that tool Quote Link to comment Share on other sites More sharing options...
messsy Posted March 30, 2009 Share Posted March 30, 2009 back to the rat idea, i mentioned a custom exe to install from the flash drive, be good to impliment this so the user can choose a exe to run Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 30, 2009 Author Share Posted March 30, 2009 That wouldnt be to hard to implement. Have an .ini, or .conf file where the user inputs the strings they want to run, i.e; hack.exe -i -l and have the proggy execute as such. Like a cross between nircmd and batch. Quote Link to comment Share on other sites More sharing options...
timmy Posted March 30, 2009 Share Posted March 30, 2009 Thats kind of mean though i bet when the police tries to trace it unless you used tor it will probly trace back to that poor persons internet you jack :D lol j/ks Also you guys should make something that takes care of the AV Ive herd about it before but i forgot were. Its like a anti anti virus. Basically its a code that kills the av when it tries to make a scan it just stops the process it kills anything searching for something sorry i can not be more specific but you should look into something like that Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 30, 2009 Author Share Posted March 30, 2009 No reason to kill AV if your program isnt picked up. So far I have this working: Create dir based on computers name Write a log of info from the computer, names, home drive, home path, ip address Create a directory to put slurped documents slurp documents Next I will be implementing a backdoor and a few other fun things. Still needs more ideas. Any one use delphi? I have a nice yahoo! webcam hack. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted March 30, 2009 Share Posted March 30, 2009 I wish I had the time and motivation to become a coder, I would love to have part in this. This thread here I had an idea: http://hak5.org/forums/index.php?showtopic=11818 After reading this new thread, the idea I mentioned on the above thread about the utiliman.exe hack I think would be a nice edition to this payload. I'm thinking if possible when a usb drive is inserted it issues a restart command, when the pc restarts the payload is ran and done it's job before everything is loaded in explorer.exe Also might sounds like a dumb ? but what effect would hexing or crypting, somehow modifying the Anti-Virus software have? If that was done would it act irregular? Maybe not be so detectable? Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 31, 2009 Author Share Posted March 31, 2009 Just finished a payload. I will update this post with the link in a min. LINK http://hak5.org/forums/index.php?s=&sh...st&p=127943 Quote Link to comment Share on other sites More sharing options...
messsy Posted March 31, 2009 Share Posted March 31, 2009 How about a proxy installer? Custom tools (say for the keylogger, be able to browse for a prefered keylogger from the dongle) with this AV kill most AV will pick up that they are been killed as they run more than 1 process so they just fire themselfs back up, with crypters they will get detected real quick if the crypted files were distributed around, and the effort in programing crypters and undetection work would incure a cost for custom builds so i dont think that could be an option (i dont realy think dingleberries would/could sell this).. Other ideas: Download *.txt or custom file search and download filename AND extension (ie passwords.txt) No kill code, i think any type of kill code on this will make it a disaster especialy in the wrong hands Keygen collector, download keygen.exe Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.