bomberman Posted June 14, 2009 Posted June 14, 2009 Iv'e been trying out the switchblade a bit latley, And as many(most) others have experienced antivirus programs arent too found of the switchblade executables. So this got me thinking, How about putting all the executables on the CD partition so antivirus programs cant delete the files, The problem i encounterd is that usb drives gets drive letter asigned randomly, So theres no way of knowing the drive letter your usb drive will get assigned to. And if you change the drive letter in computer managment, It will only affect your local machine. And this makes it kinda hard to map the dump to the usb drive. So what im wondering is if anyone knows any other way other then drive letters to identify the right disk and dumping on it ? (I know you can just keep a rar archive with the executables on your usb drive incase antivirus programs deletes it, But this would eliminate the need for it) Quote
DHT420 Posted June 14, 2009 Posted June 14, 2009 It is possible to put information on the CD partition of a U3 drive by manipulating the ISO that gets burnt to it, but the partition itself is very small (around 6mb) so the payload would have to be relatively thin. As mapping drives go, it is not all that difficult. I have seen tutorials on assigning a "permanent" drive letter to a USB drive, but I think that just goes as far as your Home computer and not others. It shouldn't be too hard to have an executable on the CD partition that looks for a drive with a TAG file in it, and then returns that drive letter to the payload script. Maybe it could be done in VBS, but that's over my head. Quote
bomberman Posted June 14, 2009 Author Posted June 14, 2009 I know you can add the files to the iso and then flash it, I also think you can vary the size of the cd partition if that helps the payload. Your idea intregues me, Shouldnt it be possible to use command lines to search for a specific file in only the root directory of each disk, And dump the first letter as a variable in the go.cmd ? Or possibly add some "unix" executables too the drive, I think there are tools for that kind of stuff in some of them executables. Quote
HarshReality Posted June 14, 2009 Posted June 14, 2009 I know you can add the files to the iso and then flash it, I also think you can vary the size of the cd partition if that helps the payload. Your idea intregues me, Shouldnt it be possible to use command lines to search for a specific file in only the root directory of each disk, And dump the first letter as a variable in the go.cmd ? Or possibly add some "unix" executables too the drive, I think there are tools for that kind of stuff in some of them executables. I have been given the impression (and I cant recall where.. Im thinking DD in linux) that the size of the ISO partition is limited by the drives actual capacity and can be simply resized when flashing. While I havent tested this to validate if that is the case what would be the problem? Quote
bomberman Posted June 14, 2009 Author Posted June 14, 2009 The problem is you cant dump to a cd drive, And when the usb drive letter is random it's hard to map the dump beforehand from the cd Quote
Psionic Fungus Posted June 21, 2009 Posted June 21, 2009 I had this idea a long time ago and fiddled with it before getting too aggravated with antivirus deleting my payloads. I know you can set a drive letter for your external drives through Administrative Tools > Computer Management > Storage, and I'm fairly certain it retains the drive letter you set to it, as my external TB drive is ALWAYS W:, no matter what computer I plug it into. I suppose you could do this to the USB partition and set it to a drive letter that almost never gets used. There'd be a chance, slim but still a chance, that the computer you plug into would already be using that drive letter, I.E. W:\, and it'd get reassigned but that's a small chance. You could then edit your payload to use your custom drive letter, i.e. W:\? Quote
bomberman Posted June 21, 2009 Author Posted June 21, 2009 As stated before, You cannot assign a permanent drive letter to a flashdrive, It will only use the assigned drive letter on the computer you assigned it on. Quote
sablefoxx Posted June 22, 2009 Posted June 22, 2009 Ahh, sorry to burst your bubble, but this has already been done (some time ago) see GonZor's Payload. Now as far as finding what the drive letter is of the USB drive thats very easy, and can be done using batch files (like in gonzor's payload), vbs or in C Ruff Example in C/C++ ( Note: This can be done in a 5 line batch script, but C looks badass ) /********************************************** Name: SbExec Copyright: Fuck That Shit Author: SableFoXx Description: Runs a payload, reguardless of what drive letter it is on. the payload directory should be the first line of "sbexec.inf" and should be placed in the same directory as the sbexec.exe ***********************************************/ #include <stdio.h> #include <stdlib.h> #define INF_PATH "sbexec.inf" #define PL_PATH "X:\\Windows\\System32\\cmd.exe" #define FN_MAX 256 /* longest filename is 255 on ntfs */ int main(void) { int plexec( char path [] ); int inf_read( char path[] ); char path[FN_MAX] = PL_PATH; printf("\nSbExec v1.0\n"); FILE *pl; if ( ( pl = fopen( INF_PATH, "r" ) ) != NULL ) inf_read(path); else plexec(path); getchar(); return 0; } int plexec( char path[] ) { int cnt; FILE *pl; char letter = 'Z'; for( cnt = 0; cnt <= 25; cnt++ ) { path[0] = letter; printf("\nLooking for %s ... ", path); if ( ( pl = fopen( path, "r" ) ) != NULL ) { fclose(pl); printf("File Exists!\n\n * Executing \"%s\"\n\n", path); system(path); return 0; /* Executed Payload */ } printf("File Does Not Exist"); letter = (char)( (int)letter - 1 ); /* Next Letter Down */ } return 1; /* Payload Not Found */ } int inf_read( char path[] ) { int i; int plexec( char path[] ); printf("\nReading %s ... ", INF_PATH); FILE *inf; if ( ( inf = fopen( INF_PATH, "r" ) ) == NULL ) { printf("Failed to Open File!\n"); return 1; /* Failbus */ } while( fgets( path, FN_MAX, inf ) != NULL ) { } printf("File Points to \"%s\"", path); plexec(path); fclose(inf); return 0; } Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.