U3 Payload Advice

[neoglow]

I have a cruizer u3 drive and basically i would like to make a payload which would run a exe file that i stored on the drive then i would like it to copy the exe file to other computers on the network and run.

I am not too fussed about the network part but it would be a bonus if not i would like it to email itself to other contacts on each computer.

I also wonder if it could be possible to create a payload which would encrypt a whole hard drive at a boot level

a hard drive which contained a operating system

You see pgp professional desktop encryption lets you encrypt a drive at the boot level for pre boot authentication

i was just wondered if you could apply this to a usb payload and encrypt a drive on the fly.

[sablefoxx]

1) Copy and .exe to the local system and run it;

Copy .\example.exe %temp%
start %temp%\example.exe

Please read up on how LANs work, you cannot easily copy/run .exe files on other systems even if they are on the same LAN.

2) Encrypt system drive;

I cannot see a reason why you would want to do this via a USB drive, it is a lengthy process. Just download and run TrueCrypt. I should stress it would be very, very foolish to do this on a system you do not own.

Edited February 28, 2010 by sablefoxx

[pyr]

Copy and .exe to the local system and run it

Why do you execute the exe file on %temp% and not on the usb key ?

[sablefoxx]

The command works like so;

Copy [source] [destination]

lets break it down a little more;

Copy .\example.exe %temp%

".\example.exe" the '.' in this lines means "current directory" so our source file is "example.exe" in the current directory where the script is being run (in this case it's the USB key).

Second comes the destination, in this example %temp% you could just as easily use C:\ but it is much more likely that you will always have write access to the %temp% directory so I just chose it for the example. You could even easily add a little logic, attempting to write to C:\Windows\system32\ and if that fails fall back to using %temp%.

If you'd like to know the exact path of %temp% (will differ depending on the local OS) open up a shell and type "echo %temp%" this will display the directory we are coping the file to. Then we simply start the executable by using the 'start' command.

If you have more questions use '/?' for example 'copy /?' or 'start /?'

However if you simply want to run the .exe on the USB drive (which after reading your original post that may have been what you were asking) you'd use the command "start .\example.exe"

Edited March 1, 2010 by sablefoxx

[pyr]

Thank you for your answer. I know how to use this command, but my question was :

Why do you prefer to copy + execute an exe in %temp% folder , and not just executing the exe directly from the usb ?

I mean, is there a raison to loose time in copying instead of directly executing ? Or maybe when you execute from C: drive it's faster than from an usb ?

Thank you

ps: I also posted this question, among other, here http://forums.hak5.org/index.php?showtopic=15765 but no answer.

Edited March 1, 2010 by pyr

[sablefoxx]

I misunderstood your question, the only advantage to copy + execute would be you can add a start regkey and leave the payload on the victim system ( so it continues to execute in the future ). However if you just want to dump and run you'd want to execute the file directly from the USB key.

Edited March 1, 2010 by sablefoxx

[neoglow]

Why because i wanted to experiment with using a usb payload on cd. But if you try to execute certain code on a cd it wont play ball because it cant create the directories on the cd. However if you program the cd to copy and run the file on the system it should work perfectly.

Its easy to pop a cd in to your drive and without prompt it would run because of auto run. Just a theory

[sablefoxx]

It will only auto run on Windows XP. Vista/Seven do not execute programs from optical media automatically.

You are however touching on the advantages of a U3 drive, the computer will see it as a normal disc, which is read only, but it also has a normal flash partition which is read/write and you can use the CDFS partition to run programs on the normal flash partition (that way the program(s) can create directories if need be, but maintain their 'run via optical media' advantages).