sablefoxx Posted August 17, 2010 Author Share Posted August 17, 2010 (edited) sablefoxx have you been able to find any implementation details on the .lnk exploit, from what I read if has something to do with the parsing of the picture on any shortcut with shell32.dll, but that is all I could fund. Metasploit has a module for it, I was hoping to be able to craft one using that but the Metasploit implementation really only allows you to exploit it over the network and not locally. I'm still looking into it though, it'd be a pretty slick way to run the payloads. this is whats in my pwdump log file. is there something wrong here? cause the machine does have a login password. i know the password but why wont it dump it? or is this what its supposed to look like and i have to crack it with that program? Administrator:500:NO PASSWORD*********************:NO PASSWORD*********************::: Guest:501:NO PASSWORD*********************:NO PASSWORD*********************::: VM:1000:NO PASSWORD*********************:NO PASSWORD*********************::: It appears all the accounts on the computer have blank passwords. What OS was this take from? Edited August 17, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 17, 2010 Share Posted August 17, 2010 its on vista. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 17, 2010 Author Share Posted August 17, 2010 Lol, whoops. You're actually looking at a log file from a virtual machine I use to test stuff, it's not from your computer. (fixed) Quote Link to comment Share on other sites More sharing options...
Mr. Stuky Posted August 17, 2010 Share Posted August 17, 2010 Set up guide? :D Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 17, 2010 Share Posted August 17, 2010 lmao. well in that case i dont have a pwdump file. i only got ie_history im_password sysinfo and wifikeys. im_passwords i guess was instant messenger? so thats blank cause there is no IM. an wifi was blank cause its not a wifi network. so why didnt i get a pwdump.log? Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 17, 2010 Author Share Posted August 17, 2010 (edited) Each time you run bex.exe it should create a new directory called X:\logs\COMPUTERNAME and will generate a set of logs for that computer. If a new directory does not exist there was a problem executing the payload(s). (if you're looking in X:\logs\VM then you're looking at the log files from the virtual machine I test stuff on which doesn't have any passwords nor programs installed on it) (in the examples above 'x:' would be your flash drive) Edited August 17, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 17, 2010 Share Posted August 17, 2010 no no i know. i have the directory from the computer i used it on. the log files i mentioned are in there, but not the pwdump log file. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 17, 2010 Author Share Posted August 17, 2010 Ohh, okay. Yeah sounds like pwdump failed to launch for some reason... hrm. Quote Link to comment Share on other sites More sharing options...
misfitsman805 Posted August 18, 2010 Share Posted August 18, 2010 Ohh, okay. Yeah sounds like pwdump failed to launch for some reason... hrm. probably because windows defender or other anti virus. Quote Link to comment Share on other sites More sharing options...
greendixy Posted August 18, 2010 Share Posted August 18, 2010 (edited) one feature i think that would be great is the ability to send to email for the log files great work Edited August 18, 2010 by greendixy Quote Link to comment Share on other sites More sharing options...
Jen Posted August 18, 2010 Share Posted August 18, 2010 But the usb's yours, so why do you need it to be mailed?? Quote Link to comment Share on other sites More sharing options...
m1k Posted August 18, 2010 Share Posted August 18, 2010 U3 pyblade up and running... but where does it stores the log files? Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 18, 2010 Share Posted August 18, 2010 (edited) i got it working! had to disable something in AVG security and allow exceptions for the path to the USB. great work sablefoxx! it also dumped IE passwords this time too. Edited August 18, 2010 by okiwan Quote Link to comment Share on other sites More sharing options...
Jen Posted August 18, 2010 Share Posted August 18, 2010 Oh right, can anyone provide a u3 setup guide please? I'm not confident in myself Quote Link to comment Share on other sites More sharing options...
m1k Posted August 19, 2010 Share Posted August 19, 2010 From what I now... -Install F_Bex.u3p opening the U3 menu of an UNMODIFIED Sandisk Cruzer. -Open the menu...install apps...from Hdd... and a small icon will appear on the avalaible apps... My Problem Couldn't find the "sniffing" log ! :) Quote Link to comment Share on other sites More sharing options...
Jen Posted August 19, 2010 Share Posted August 19, 2010 Sorry, don't really get your tut LOL Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 20, 2010 Author Share Posted August 20, 2010 (edited) From what I now... -Install F_Bex.u3p opening the U3 menu of an UNMODIFIED Sandisk Cruzer. -Open the menu...install apps...from Hdd... and a small icon will appear on the avalaible apps... My Problem Couldn't find the "sniffing" log ! :) Make sure you also copy the PyBlade files onto the flash partition of the drive. 'FBex' merely finds bex.exe and executes it. You can also set FBex to start automatically when the drive is inserted via the U3 menu. I'm writing up some full documentation it'll be out soon, also w1ldf1re is working on a (modified) U3 version. Edited August 20, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
misfitsman805 Posted August 20, 2010 Share Posted August 20, 2010 hey could you change it so that when you set it to save as shtml in the blade.conf to actually save the logs as .html instead of .log? Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 20, 2010 Share Posted August 20, 2010 why dont you just convert it. Quote Link to comment Share on other sites More sharing options...
m1k Posted August 20, 2010 Share Posted August 20, 2010 Jen,Sablefoxx is much better than me explaining that stuff... ;) Anyway Pyblade working well also on Win 7 ! Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 22, 2010 Author Share Posted August 22, 2010 (edited) hey could you change it so that when you set it to save as shtml in the blade.conf to actually save the logs as .html instead of .log? Fixed in version 0.3 ;) -- also note its now just 'text' 'html' or 'xml' instead of 'stext', 'shtml' or 'sxml' Edited August 22, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
Jen Posted August 22, 2010 Share Posted August 22, 2010 Thanks for the new version and tutorial! Quote Link to comment Share on other sites More sharing options...
misfitsman805 Posted August 22, 2010 Share Posted August 22, 2010 Fixed in version 0.3 ;) -- also note its now just 'text' 'html' or 'xml' instead of 'stext', 'shtml' or 'sxml' Nice :) awesome work! keep it up Quote Link to comment Share on other sites More sharing options...
mR.xx Posted August 22, 2010 Share Posted August 22, 2010 (edited) thanx for tut , but can put file PyBlade on partition "CDFS" and save log on Another Partition , I thing that best because if put file on CDFS cant delete file and the antivirus not scan and give me some explain about payloads file emo.exe,ftp_exec.exe etc.. what can I do for that Edited August 22, 2010 by mR.xx Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted August 22, 2010 Author Share Posted August 22, 2010 thanx for tut , but can put file PyBlade on partition "CDFS" and save log on Another Partition , I thing that best because if put file on CDFS cant delete file and the antivirus not scan and give me some explain about payloads file emo.exe,ftp_exec.exe etc.. what can I do for that A modified U3 payload is on the way, w1ldf1re is help'in with that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.