USB Powersaw

[Micah C]

I am working on my own USB hacksaw. I name it... USB PowerSaw. (Not very unique, whatever) I will be posting my development of the project here.

Description of PowerSaw V.1.0: Powersaw copies it's payload onto the victims PC once inserted. It copies "copy.exe and "win_activate.exe" to the start up directory. "win_activate.exe" silently download's and installs your payload / program from a remote website. It then launches your payload. win_activate.exe check's for new download's every time the victims PC is stared OR when the same USB stick is inserted. "win_activate.exe" call's home and sends an e-mail to you informing you of the user's DNS Servers, Computer Name and OS version. (I would like to thank X3N for his e-mail script.) I am working on version 2 which has a self replicating feature. This allows the virus (whatever you want to call it) to spread faster. Upcoming releases would include "PCToDrive.exe" and "DriveToPC.exe".

V1.0 Features

> Call Home with information about the victims PC.

> Automatically download's and installs your payload / .exe

> Check's for new download's upon PC start up OR when the same USB stick is inserted

V2.0 Features (Work in progress) (Non U3)

> Self replicate. Copies itself to other USB sticks for faster spreading. (Almost finished)

> Dump passwords.

> Dump Cookies FF + IE

> Call home every so may hours.

> Dump Registry keys (Complete. Im trying to decide what keys might be useful.)

I would like to be able to send commands to PowerSaw for execution. Ill have to work a bit on that, but if you are interested in downloading V1.0 you can visit my blog at www.micahconti.blogspot.com for more info. If you are interested in the development PM me and well work something out! You can also email me at usbpowersaw@gmail.com. Ill try to post download links to the forum, but for now just visit my blog. There will be a link on the right side.

Edit:

ZIP File Password: 8h7k2u4 (Requires 7-Zip)

Download link: Here

Downloads: 41 (8/11/09)

[HarshReality]

I am working on my own USB payload. I name it... USB Powersaw. I will be posting my development of the project here. I will post version 1.0 later today. Just thought I would get the form post running.

Could you elaborate on the differences.. I dont think you'll get much of a response just hanging your load.

[Micah C]

Has anyone had a chance to test it out yet? I'm working on a way to copy registry keys and then attach them in an e-mail. I'm running into problems doing so. If anyone has any suggestions, comments or questions just spit it out!

[Micah C]

I just finished working on dumping the VNC password hex. When the USB stick is inserted to the victims PC or when PowerSaw check's for downloads it copies VNC details from the registry and email's them to you. VNC details include Ports, user names and encrypted hex passwords. (You can decrypt them with Cain). With this information one could simply connect and grab as much information as he or she wants. Im still looking for more useful registry keys to dump, so if you have any ideas just shout em out!

[Micah C]

Say hello to the new USB PowerSaw U3.v1. USB PowerSaw is now for U3 Devices. The following updates have been included in USB PowerSaw U3 Version 1:

U3.V1 Features:

> Copy's its payload much faster. (up to 50% faster)

> Sends more information about the victim. Includes: OS Service Pack, Drive Free Space, Drive Total Space, Drive Serial Number & it attaches cookies

> Minor Bug Fixes.

Planned Updates:

> Im currently acquiring information on the GeoLocation API. The next version of PowerSaw (U3) would give the location of the victim as well as their external IP. - Done.

> Remove error messages. Includes: "Error connecting to server" & "Attachment not found"...

> Send sensitive data. ex Passwords. (VNC Passwords Attached - Done)

> No more need to download updates. You can install update packages right from PowerSaw

> Weew I have a lot on my plait!!

Development on non U3 Versions are still continuing.

Thanks for your interest in PowerSaw. If you would like to get involved please email me at usbpowersaw@gmail.com

RECALL! If you have downloaded USB PowerSaw before August 12, 2009 at 4:20 PM YOU MUST download it again. The autorun file is missing. Please re download USB PowerSaw U3.v1 to aquire the autorun.inf file. OR download it below. Sorry for the inconvenience that I may have caused you.

Download Link: (Public no password needed)

Mirrior1 (Media Fire)

Mirrior2 - (File Factory) Working

AutoRun.inf (This file is not needed for those of you who have downloaded USB PowerSaw after 8/12/09 at 4:20 PM)

micachonti.blogspot.com

[Jen]

Thx for this!! I'll be testing this on window 7 and reporting some results. however, is it possible to add the installation of vnc onto the victim's computer secretly? That would be awesome xD

Edit: I just downloaded, but then there are some things I don't understand. Does this include the payload, or no?

[Micah C]

Thx for this!! I'll be testing this on window 7 and reporting some results. however, is it possible to add the installation of vnc onto the victim's computer secretly? That would be awesome xD

Edit: I just downloaded, but then there are some things I don't understand. Does this include the payload, or no?

Its awesome to hear feedback! USB PowerSaw's "payload" is win_activate.exe. One of the main objectives of PowerSaw is to allow you to create your own payload. win_activate.exe download's the "install.exe" program from a user specified website. Does USB PowerSaw U3 work on windows 7? I wasn't sure if it would seeing how file locations are a bit different. As for the VNC server ill look into it.

[Jen]

I've been trying to test on window 7, but then I don't have my own payload. If it calls home with the computer information, isn't that already a payload??

[Micah C]

I've been trying to test on window 7, but then I don't have my own payload. If it calls home with the computer information, isn't that already a payload??

Yes. It just allows you to add an custom one if you wish. If you dont have a payload of your own you can just leave the website field blank in win_activate.exe. Im not sure if you looked at it too much but the info is really basic. It really needs to be added to, but its a start. Does it work on windows 7?

[Jen]

Yes it does, the one without my own payload. Well, i'll be waiting for your other versions and report back with testing results :P. Right now, it's undetected in my eset. The dumping of password is super nice in versison 2.

[X3N]

sweet great work... something i'd like to see is automating a reverse connection with vnc to relay off a server connected to the interwebs... i was developing some python reverse shells but kinda lost interest in the whole project due to other priorities.