[Version 1] [code][win] Duksaws 0.2

[Vile]

DukSaws 0.2 (pronounced DuckSauce)

Uses Psychosis's PsyDuk Framework v0.3 http://www.hak5.org/projects/doku.php?id=psyduk

and the WinAVR C compiler (find link at psyduk page)

(Requires: Psyduk v0.3 + WinAVR + Teensy Loader)

What it does:

1. Creates small command prompt that isn't readable
 2. Moves the command prompt off the screen
 3. Downloads ncFTPget & ncFTPput command line tools for easy ftp download&uploads in one command
 4. Uses a tool called devcon.exe for disabling mouse devices while it does its thing (only on Windows OS's <Vista (not sure why it doesnt work on Vista/7))
 5. Adds Autostart for our payload to registry
 6. Clears the 'recently run commands' from start menu
 7. Creates batch file that gets run on startup.. disables firewall, sets created file-times of all files to an old date + sets hidden and readonly, starts netcat on port 5555
 8. lets you add additional code.. gives you options of downloading&using (netcat, ncftpget, ncftpput, pkzipc, wget, all the password stealing commands from nirsoft (that people used for the Haksaw), nirsoft mylastsearch (search results), firefox's autocomplete, (or whatever you want since you have access to ncftp & wget) ) for your custom code.
 9. Documents / Password stealer + emails you it compressed as zip file (Not working correctly with UAC on 7/vista)

read the readme

DukSaws 0.2

Edited July 8, 2010 by VaKo

[BITS1]

DukSaws 0.1 (pronounced DuckSauce)

Uses Psychosis's PsyDuk Framework v0.3 http://www.hak5.org/projects/doku.php?id=psyduk

and the WinAVR C compiler (find link at psyduk page)

(Requires: Psyduk v0.3 + WinAVR + Teensy Loader)

What it does:

1. Creates small command prompt that isn't readable
2. Moves the command prompt off the screen
3. Downloads ncFTPget & ncFTPput command line tools for easy ftp download&uploads in one command
4. Uses a tool called devcon.exe for disabling mouse devices while it does its thing (only on Windows OS's <Vista (not sure why it doesnt work on Vista/7))
5. Adds Autostart for our payload to registry
6. Clears the 'recently run commands' from start menu
7. Creates batch file that gets run on startup.. disables firewall, sets created file-times of all files to an old date + sets hidden and readonly, starts netcat on port 555
8. lets you add additional code.. gives you options of downloading&using (netcat, ncftpget, ncftpput, pkzipc, wget, all the password stealing commands from nirsoft (that people used for the Haksaw), nirsoft mylastsearch (search results), firefox's autocomplete, (or whatever you want since you have access to ncftp & wget) ) for your custom code.

read the readme

DukSaws 0.1

That is very cool!! :) Do you have any features that can search for a particular file or document and have it sent of to an email? I'm working on a small project that requires me to get Teensy to look for a file and then send it off. However, I'm not sure how to do that. I saw Serial.read() could be a way to 'read' for the file names but i'm not very confident in that. Do you have any suggestions? Thanks for posting your project on here, it will help me learn more about what Teensy is capable of doing. :)

Bits1

[Vile]

That is very cool!! :) Do you have any features that can search for a particular file or document and have it sent of to an email? I'm working on a small project that requires me to get Teensy to look for a file and then send it off. However, I'm not sure how to do that. I saw Serial.read() could be a way to 'read' for the file names but i'm not very confident in that. Do you have any suggestions? Thanks for posting your project on here, it will help me learn more about what Teensy is capable of doing. :)

Bits1

Yeah it could be done the way the original HakSaw used Blat.exe But you'd need to set up a 'sender' email (through like gmail) to use to send the documents to your real email. So you'd have to set up a fake account on google or another site that has a SMTP server to use as the sender account.

You could have some code at the bottom of the code (before the exit command)

... just get the newer version ...

That's just an example though. It would depend on what you wanted, and you'd need to also download stunnel program if you planned on using a gmail account to send the emails ( look at hak5's HakSaw code to understand what it would need to do..). I could probably write the code to put in for you if you ... knew you wanted to use the google method and made an account for the 'sender' account on gmail or any other server that has an smtp server, etc

Edited July 4, 2010 by Vile

[Vile]

Added new version v0.2

I added a similar Document / password stealer as the original HakSaw. It uses the gmail method (with stunnel, etc). Currently the docu/pass stealer doesn't work with OS's using UAC (Win7/Vista). I'll think of a way to fix that soon. The rest should work with 7/Vista though.

Changes:


[ version 0.2 ]
+ Added document / password recovery + sending thru email using gmail method (Doesnt work well with vista/7 if they have UAC on.. dont bother if you plan on using it against that. the stunnel.exe wont start the service thus no emails will be sent)
+ changed the default port netcat listens on to port 5555
+ devcon mouse disabling only works for Win XP/ 2000 / 2003 .. I disabled it for the other OS's

http://www.ircN.org/Vile/DukSaws02.rar

Edited July 4, 2010 by Vile

[greendixy]

just had a quick question about ducky's other then there yellow and cute can you make one out of a standard usb key if so what steps do i need to take to load the codes thanks

[Netshroud]

No.