Jump to content

Pyblade


sablefoxx

Recommended Posts

  • Replies 93
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

I agree on this also. :)

+1

Edit: Is this project still being worked on?

I sent my code to Sable, he hasn't replied though.

At the moment the code is working perfectly on a U3, with the programs on the CD partition and the logs and config on the USB. The only problem now is that the anti-virus's are preventing the .exe's from running. They aren't deleted though, they just can't run. So we need a Virus disabler or workaround at the moment.

Link to comment
Share on other sites

I sent my code to Sable, he hasn't replied though.

At the moment the code is working perfectly on a U3, with the programs on the CD partition and the logs and config on the USB. The only problem now is that the anti-virus's are preventing the .exe's from running. They aren't deleted though, they just can't run. So we need a Virus disabler or workaround at the moment.

Nice! That sounds pretty sweet!

Link to comment
Share on other sites

  • 2 weeks later...
  • 4 weeks later...
Guest seksi90210

Wow, I looked all over for a up to date version of Switchblade and found this instead. Has this project been abandoned? I would love to see a vnc/remote desktop backdoor type payload in a future version. Keep up the great work!

Link to comment
Share on other sites

Soon, very soon.

Link to comment
Share on other sites

Guest seksi90210
Soon, very soon.

Can't wait! I was worried this project had been abandoned. Sablefoxx, have you ever looked into the Metasploit scripts for killing AV's? I believe they use getcountermeasure.rb/killav.rb

Link to comment
Share on other sites

(Sorry about the long update interval recently moved 1,784 miles to attend college)

Lots of new features in the upcoming build, plus made the code a lot more modular so it will be easier for kids to play with. No AV kill in the new build at this time, but I will look into the Metasploit kill scripts, thx for the tip.

Edited by sablefoxx
Link to comment
Share on other sites

Nice to hear from You Sablefox !

Kill AV?

Human Engineering works.....

Just ask Your victim to test the computer against Viruses....tell him/her you

have a "test virus" on Your usb....and see if Antivirus detect it!!

Then go on and start Bex....

For me it works 100/100 !!!

;)

Link to comment
Share on other sites

I'm hoping not to have to use AV-Kill and instead just hide everything. Killing process is messy and loud and I'd rather focus on stealth. I'm currently looking into hiding executable files in alternate data streams. For those of you who aren't familiar with alternate data streams they work like so;

E:\>touch test.txt

E:\>echo hello world >> test.txt

E:\>cat test.txt
hello world

E:\>dir test.txt
 Volume in drive E is RAID_ARRAY
 Volume Serial Number is 0000-0000

 Directory of E:\

10/20/2010  10:35 AM                14 test.txt
               1 File(s)             14 bytes
               0 Dir(s)  7,143,783,653,376 bytes free

E:\>touch test.txt:hidden.txt

E:\>echo this is the hidden file >> test.txt:hidden.txt

E:\>dir test.txt
 Volume in drive E is RAID_ARRAY
 Volume Serial Number is 0000-0000

 Directory of E:\

10/20/2010  10:36 AM                14 test.txt
               1 File(s)             14 bytes
               0 Dir(s)  7,143,783,653,376 bytes free

E:\>cat test.txt
hello world

E:\>cat test.txt:hidden.txt
this is the hidden file

E:\>

Notice the file size does not change and the file isn't listed using 'dir' and cannot be viewed by enabling hidden/system file viewing. :)

Edited by sablefoxx
Link to comment
Share on other sites

Maybe I'm doing something wrong...But when I run this, I'm only able to find the sysinfo and ie_history in the logs folder. Tested on both my machine and my roommate's, only those two files show up

EDIT: I re-extracted the entire package to my stick, because I noticed that a lot of the dump .exe's were missing from the blade folder. However, when I ran it a second time, I watched them all disappear except hidec, iehv, PwDump, and WirelessKeyView. My second try returned the same two logs, what am I doing wrong?

Edited by astrocheese
Link to comment
Share on other sites

I think it disappeared because of the anti virus

Yep, I looked at the notifications I had received, and Norton Endpoint removed them. It's a required install to connect to our university network, so I'm definitely looking forward to the fix (whether it be stealth or a av kill!) :D

EDIT: I'm curious as to why norton didn't remove the last couple of dump apps though..

Edited by astrocheese
Link to comment
Share on other sites

Here are the results I found:

Windows 7 Ultimate x64

AV: Windows Defender/Malwarebytes

Chrome Ver. 6.0.472.63

Firefox Ver. 3.6.10

Everything seems to work fine except for the Firefox and Chrome PW dump. The logs for them turn up empty. Both AV programs warn me about the applications included in PyBlade. When I turned off my AV, bex.exe reported an error, and here was the included log:

Traceback (most recent call last):
  File "bex.pyw", line 52, in <module>
WindowsError: [Error 3] The system cannot find the path specified: 'C:\\logs\\EPIC_21-28'
Traceback (most recent call last):
  File "bex.pyw", line 52, in <module>
WindowsError: [Error 3] The system cannot find the path specified: 'C:\\logs\\EPIC_21-28'
Traceback (most recent call last):
  File "bex.pyw", line 52, in <module>
WindowsError: [Error 3] The system cannot find the path specified: 'C:\\logs\\EPIC_21-28'

Just to check, I downloaded the standalone versions of PasswordFox and ChromePass from Nirsoft, and both of them found my saved passwords. For PasswordFox to find my passwords, however, I needed to manually specify the installation of Firefox (C:/Program Files(x86)/Mozilla Firefox/)

Edited by eovnu87435ds
Link to comment
Share on other sites

  • 2 weeks later...

Well, I got a big problem with the payload.

Following carefully the instructions, I've installed the u3p file and maked it in autorun, but it won't start. Even starting it manually nothing happens: the logs directory is empty. Every file is in the correct place, I checked it a thousand of times.

I also tried to replace H:\System\Apps\E5E37115-A1CB-4D78-A39E-3CB6A668D65E\Data\fbex.exe with the bex.exe, renaming it and copying the logs and blade directories in the same place. Nothing. Bex.exe works only if started manually, but for fbex.exe no way.

My configuration:

Macbook 13' late 2008

Windows XP with Bootcamp

Avira Antivir Personal - Disabled, because he wants to delete an half part of the programs in the key

(The same problem on VMWare -> WinXP under MacOSX)

Sorry for my english, I know that is orrible.

Edited by Emptiness
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...