New Payload

[DingleBerries]

So all the payloads are pretty much played out or detected by AV. What I say is that we all get some ideas together and some custom code in order to make a newer, better, bundle. So far I like the idea of a back door that can wget and execute files. Installing other things from there is a snap. I am working on a "system profiler", dumps some info, so if you guys have anything else lets get it together and start a new.

[messsy]

ild like to be involved with this, well the undetecting i will do.

i also think that the readme should be as clear as possible, maybe 2 versions of it, 1 for total n00bs and 1 just for regular users, i think this will stop threads getting jam packed and would certainly be more user friendly.

now with the undetecting work what is best? crypting the files or hexing them out, i say this because some people might not want to run a crypted file (unless it is analized by admin)

but yeah i like the idea of a new payload

[Destro]

I can do a little if you would like. I am not sure you can do this, but why not throw a zinger at the av. How bout we hex and encrpyt files, mix it up. I am not sure you can do this, but I remeber reading about it. Or maybe make multiple folders of payloads an a list of scripts that give runtimes etc...

cheers,

Destro

[DingleBerries]

Hexing the old payloads al good and dandy but I am think of making something new. However there are a few tools that would be nice, like pwdump.

[messsy]

ok ive done PSPV.exe and working on IEPV.exe

Ill do PWDUMP.exe next, then which other files?

edit: these are been hexed not crypted

[pritchard9]

awesome guys. great ideas.

kinda been worried about the USB hacks section, seems to have died a little.

If there can be atleast one more push, ill be happy :).

Any way i can help, give me a shout.

Cheers,

Pritchardo92

[DingleBerries]

The problem with hexing it is that different avs detect different signatures and the good one, NOD32, will detect it even if it in caps. Still looking for ideas. So far I am liking

Back door(Wget, Execute)

Slurper

Keylogger

Firefox grabber

Chrome grabber

If anyone knows some reg keys that can be cracked or contain plain text passwords that would be great, like aim.

[Destro]

If you really want to get black hat go with a rootkit for the back door + wget.

cheers,

Destro

[messsy]

lol nod32's no problem, i was thinking about a crypter to execute them as system and run/fake as a different process

how about a run custom exe if your going down that road, so user can deploy further exe's like backdoor, stealer or an upgrade, ild be willing to impliment a crypter to the project so the user could select custom exe to be crypted, this way the crypter will need updating which i will do as well as host any files needed ;)

p.s need quick answer to this, im working on PWDUMP.exe now but i need to test it to see if i have broken it, whats the easyest way to test if the exe is still working as it has no gui

[Jen]

How about secretly installing a RAT ?

[DingleBerries]

Messy, Run it in a VM

[timmy]

The thing i dont like about RAT and anything that you have remote control of its hard to make it untraceable

[DingleBerries]

Wrong timmy. Use upd(get past FW) with encryption or encryption in general. Dont use your internet, instead hack some wifi or jump on an open network. It really isnt all that hard. I can see if you have a rat that calls home(reverse connection). The RAT should not send emails either.

[pritchard9]

Okay. This is a stupid idea, and there will be holes punched in it with ease. But how about a totally different look at this. Okay, stealth is important. So people have decided to try and disable the AVs, which has proved to be rather ineffective. Is it possible to use some kind of DoS attack on them? Make them total up a large number of detections, in order to miss out maybe one or two lines of code? Sure, itd be seen by whoevers PC it is, but if you have time to plug in a USB, maybe youl have time to run another script that could either clear the detection log of the AV, or just close all of the "Detection Found!" windows..

Just an idea. Totally improbable, but I thought I might aswell speak up about it.

Also this would be totally independant to the AV..

EDIT: Basically a buffer overflow. Why I didnt use that phrase earlier, I dont know lol.

[messsy]

ok dingleberries the pwdump has no interface as it flashes a cmd screen, i have no way of telling if i have broke it

if they are not runtime i will crypt them but scantime for now until i can test properly the files with no gui.

[DingleBerries]

I have a tool to dump the lmhashs, just most people do not have rainbow tables and brute forcing takes a while. I have some free time today to work on it all.

[messsy]

be nice to use that tool

[messsy]

back to the rat idea, i mentioned a custom exe to install from the flash drive, be good to impliment this so the user can choose a exe to run

[DingleBerries]

That wouldnt be to hard to implement. Have an .ini, or .conf file where the user inputs the strings they want to run, i.e;

hack.exe -i -l

and have the proggy execute as such. Like a cross between nircmd and batch.

[timmy]

Thats kind of mean though i bet when the police tries to trace it unless you used tor it will probly trace back to that poor persons internet you jack :D

lol j/ks

Also you guys should make something that takes care of the AV Ive herd about it before but i forgot were.

Its like a anti anti virus. Basically its a code that kills the av when it tries to make a scan it just stops the process it kills anything searching for something sorry i can not be more specific but you should look into something like that

[DingleBerries]

No reason to kill AV if your program isnt picked up. So far I have this working:

Create dir based on computers name

Write a log of info from the computer, names, home drive, home path, ip address

Create a directory to put slurped documents

slurp documents

Next I will be implementing a backdoor and a few other fun things. Still needs more ideas. Any one use delphi? I have a nice yahoo! webcam hack.

[G-Stress]

I wish I had the time and motivation to become a coder, I would love to have part in this. This thread here I had an idea: http://hak5.org/forums/index.php?showtopic=11818

After reading this new thread, the idea I mentioned on the above thread about the utiliman.exe hack I think would be a nice edition to this payload. I'm thinking if possible when a usb drive is inserted it issues a restart command, when the pc restarts the payload is ran and done it's job before everything is loaded in explorer.exe

Also might sounds like a dumb ? but what effect would hexing or crypting, somehow modifying the Anti-Virus software have? If that was done would it act irregular? Maybe not be so detectable?

[DingleBerries]

Just finished a payload. I will update this post with the link in a min.

LINK

http://hak5.org/forums/index.php?s=&sh...st&p=127943

[messsy]

How about a proxy installer?

Custom tools (say for the keylogger, be able to browse for a prefered keylogger from the dongle)

with this AV kill most AV will pick up that they are been killed as they run more than 1 process so they just fire themselfs back up, with crypters they will get detected real quick if the crypted files were distributed around, and the effort in programing crypters and undetection work would incure a cost for custom builds so i dont think that could be an option (i dont realy think dingleberries would/could sell this)..

Other ideas:

Download *.txt or custom file search and download filename AND extension (ie passwords.txt)

No kill code, i think any type of kill code on this will make it a disaster especialy in the wrong hands

Keygen collector, download keygen.exe