m1k Posted August 22, 2010 Share Posted August 22, 2010 Sable... Whenever You will come to Italy... You have a voucer for a fre "Pizza Napoletana" and a bottle of "Rosso Conero" ;) Nice work..indeed! Quote Link to comment Share on other sites More sharing options...
w1ldf1re Posted August 22, 2010 Share Posted August 22, 2010 (edited) A modified U3 payload is on the way, w1ldf1re is help'in with that. Check your inbox. I've used the usb on another pc and it also worked :-) will try some vm's now: works on xp and 7 so far.. Edited August 22, 2010 by w1ldf1re Quote Link to comment Share on other sites More sharing options...
okiwan Posted August 22, 2010 Share Posted August 22, 2010 this thread should be stickied. Quote Link to comment Share on other sites More sharing options...
misfitsman805 Posted August 23, 2010 Share Posted August 23, 2010 (edited) this thread should be stickied. I agree on this also. :) +1 Edit: Is this project still being worked on? Edited August 29, 2010 by misfitsman805 Quote Link to comment Share on other sites More sharing options...
w1ldf1re Posted August 30, 2010 Share Posted August 30, 2010 I agree on this also. :) +1 Edit: Is this project still being worked on? I sent my code to Sable, he hasn't replied though. At the moment the code is working perfectly on a U3, with the programs on the CD partition and the logs and config on the USB. The only problem now is that the anti-virus's are preventing the .exe's from running. They aren't deleted though, they just can't run. So we need a Virus disabler or workaround at the moment. Quote Link to comment Share on other sites More sharing options...
misfitsman805 Posted August 30, 2010 Share Posted August 30, 2010 I sent my code to Sable, he hasn't replied though. At the moment the code is working perfectly on a U3, with the programs on the CD partition and the logs and config on the USB. The only problem now is that the anti-virus's are preventing the .exe's from running. They aren't deleted though, they just can't run. So we need a Virus disabler or workaround at the moment. Nice! That sounds pretty sweet! Quote Link to comment Share on other sites More sharing options...
w1ldf1re Posted September 5, 2010 Share Posted September 5, 2010 Nice! That sounds pretty sweet! I haven't seen the first page in a while and it seems there's an easier way to do the U3 thing. So rather just go for that. Props to sablefoxx once again, great work, and it's awesome to see someone also digging the glitch-hop scene. :) Quote Link to comment Share on other sites More sharing options...
int3rnal Posted September 11, 2010 Share Posted September 11, 2010 nice, ill have to take a look at this Quote Link to comment Share on other sites More sharing options...
mR.xx Posted September 19, 2010 Share Posted September 19, 2010 can add app TightVNC and install silent this info about that tightvnc.com/download.php Good luck! :) Quote Link to comment Share on other sites More sharing options...
xantos_gambit Posted September 21, 2010 Share Posted September 21, 2010 Wow, this thing is terrifying, worked on win 7 64bit Quote Link to comment Share on other sites More sharing options...
Guest seksi90210 Posted October 18, 2010 Share Posted October 18, 2010 Wow, I looked all over for a up to date version of Switchblade and found this instead. Has this project been abandoned? I would love to see a vnc/remote desktop backdoor type payload in a future version. Keep up the great work! Quote Link to comment Share on other sites More sharing options...
Jen Posted October 18, 2010 Share Posted October 18, 2010 What happened to the new u3 version? Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted October 18, 2010 Author Share Posted October 18, 2010 Soon, very soon. Quote Link to comment Share on other sites More sharing options...
Guest seksi90210 Posted October 18, 2010 Share Posted October 18, 2010 Soon, very soon. Can't wait! I was worried this project had been abandoned. Sablefoxx, have you ever looked into the Metasploit scripts for killing AV's? I believe they use getcountermeasure.rb/killav.rb Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted October 19, 2010 Author Share Posted October 19, 2010 (edited) (Sorry about the long update interval recently moved 1,784 miles to attend college) Lots of new features in the upcoming build, plus made the code a lot more modular so it will be easier for kids to play with. No AV kill in the new build at this time, but I will look into the Metasploit kill scripts, thx for the tip. Edited October 19, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
m1k Posted October 19, 2010 Share Posted October 19, 2010 Nice to hear from You Sablefox ! Kill AV? Human Engineering works..... Just ask Your victim to test the computer against Viruses....tell him/her you have a "test virus" on Your usb....and see if Antivirus detect it!! Then go on and start Bex.... For me it works 100/100 !!! ;) Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted October 20, 2010 Author Share Posted October 20, 2010 (edited) I'm hoping not to have to use AV-Kill and instead just hide everything. Killing process is messy and loud and I'd rather focus on stealth. I'm currently looking into hiding executable files in alternate data streams. For those of you who aren't familiar with alternate data streams they work like so; E:\>touch test.txt E:\>echo hello world >> test.txt E:\>cat test.txt hello world E:\>dir test.txt Volume in drive E is RAID_ARRAY Volume Serial Number is 0000-0000 Directory of E:\ 10/20/2010  10:35 AM                14 test.txt               1 File(s)            14 bytes               0 Dir(s)  7,143,783,653,376 bytes free E:\>touch test.txt:hidden.txt E:\>echo this is the hidden file >> test.txt:hidden.txt E:\>dir test.txt Volume in drive E is RAID_ARRAY Volume Serial Number is 0000-0000 Directory of E:\ 10/20/2010  10:36 AM                14 test.txt               1 File(s)            14 bytes               0 Dir(s)  7,143,783,653,376 bytes free E:\>cat test.txt hello world E:\>cat test.txt:hidden.txt this is the hidden file E:\> Notice the file size does not change and the file isn't listed using 'dir' and cannot be viewed by enabling hidden/system file viewing. :) Edited October 20, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
Jen Posted October 20, 2010 Share Posted October 20, 2010 Seems like a really nice method, great work!! Waiting to help you test! xD Quote Link to comment Share on other sites More sharing options...
astrocheese Posted October 22, 2010 Share Posted October 22, 2010 (edited) Maybe I'm doing something wrong...But when I run this, I'm only able to find the sysinfo and ie_history in the logs folder. Tested on both my machine and my roommate's, only those two files show up EDIT: I re-extracted the entire package to my stick, because I noticed that a lot of the dump .exe's were missing from the blade folder. However, when I ran it a second time, I watched them all disappear except hidec, iehv, PwDump, and WirelessKeyView. My second try returned the same two logs, what am I doing wrong? Edited October 22, 2010 by astrocheese Quote Link to comment Share on other sites More sharing options...
Jen Posted October 22, 2010 Share Posted October 22, 2010 I think it disappeared because of the anti virus Quote Link to comment Share on other sites More sharing options...
astrocheese Posted October 22, 2010 Share Posted October 22, 2010 (edited) I think it disappeared because of the anti virus Yep, I looked at the notifications I had received, and Norton Endpoint removed them. It's a required install to connect to our university network, so I'm definitely looking forward to the fix (whether it be stealth or a av kill!) :D EDIT: I'm curious as to why norton didn't remove the last couple of dump apps though.. Edited October 22, 2010 by astrocheese Quote Link to comment Share on other sites More sharing options...
eovnu87435ds Posted October 25, 2010 Share Posted October 25, 2010 (edited) Here are the results I found: Windows 7 Ultimate x64 AV: Windows Defender/Malwarebytes Chrome Ver. 6.0.472.63 Firefox Ver. 3.6.10 Everything seems to work fine except for the Firefox and Chrome PW dump. The logs for them turn up empty. Both AV programs warn me about the applications included in PyBlade. When I turned off my AV, bex.exe reported an error, and here was the included log: Traceback (most recent call last): Â Â File "bex.pyw", line 52, in <module> WindowsError: [Error 3] The system cannot find the path specified: 'C:\\logs\\EPIC_21-28' Traceback (most recent call last): Â Â File "bex.pyw", line 52, in <module> WindowsError: [Error 3] The system cannot find the path specified: 'C:\\logs\\EPIC_21-28' Traceback (most recent call last): Â Â File "bex.pyw", line 52, in <module> WindowsError: [Error 3] The system cannot find the path specified: 'C:\\logs\\EPIC_21-28' Just to check, I downloaded the standalone versions of PasswordFox and ChromePass from Nirsoft, and both of them found my saved passwords. For PasswordFox to find my passwords, however, I needed to manually specify the installation of Firefox (C:/Program Files(x86)/Mozilla Firefox/) Edited October 25, 2010 by eovnu87435ds Quote Link to comment Share on other sites More sharing options...
Zimmer Posted October 25, 2010 Share Posted October 25, 2010 Make sure you have a folder in your C: drive that is logs and within that one that is EPIC_21-28 Quote Link to comment Share on other sites More sharing options...
eovnu87435ds Posted October 25, 2010 Share Posted October 25, 2010 I just realized it was some sort of weird thing that happened with my flash drive when I turned off the AV, since my flashdrive was E, and bex.exe was running from it. I found out later I couldn't save files to it either. Once I unplugged it and plugged it back in, it all worked fine again. Quote Link to comment Share on other sites More sharing options...
Emptiness Posted November 3, 2010 Share Posted November 3, 2010 (edited) Well, I got a big problem with the payload. Following carefully the instructions, I've installed the u3p file and maked it in autorun, but it won't start. Even starting it manually nothing happens: the logs directory is empty. Every file is in the correct place, I checked it a thousand of times. I also tried to replace H:\System\Apps\E5E37115-A1CB-4D78-A39E-3CB6A668D65E\Data\fbex.exe with the bex.exe, renaming it and copying the logs and blade directories in the same place. Nothing. Bex.exe works only if started manually, but for fbex.exe no way. My configuration: Macbook 13' late 2008 Windows XP with Bootcamp Avira Antivir Personal - Disabled, because he wants to delete an half part of the programs in the key (The same problem on VMWare -> WinXP under MacOSX) Sorry for my english, I know that is orrible. Edited November 3, 2010 by Emptiness Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.