bing0 Posted September 18, 2006 Share Posted September 18, 2006 if you are looking for a U3 drive, check this out... http://www.sandisk.de/Products/Catalog(116...lash_Drive.aspx BTW: how about infos of masking/encoding EXE's and DLL's like i'm asked before ?? TOM Cooper: Fixed the URL. Quote Link to comment Share on other sites More sharing options...
psichonico Posted September 18, 2006 Share Posted September 18, 2006 I just saw this site on digg. Its a way of finding keys, but finds more that what ive seen currently on the switchblade.http://www.raymond.cc/blog/archives/2006/0...-your-computer/ Hope someone will add this to a future switchblade. How is that any different from the product key dump that's on the current switchblade? Its different because it has taken more product keys than ProduKey from nirsoft takes. (at least on my machine) Quote Link to comment Share on other sites More sharing options...
patman Posted September 18, 2006 Share Posted September 18, 2006 nevermind, i jus ordered the 4gb model ;) Quote Link to comment Share on other sites More sharing options...
patman Posted September 18, 2006 Share Posted September 18, 2006 I just saw this site on digg. Its a way of finding keys, but finds more that what ive seen currently on the switchblade.http://www.raymond.cc/blog/archives/2006/0...-your-computer/ Hope someone will add this to a future switchblade. How is that any different from the product key dump that's on the current switchblade? Its different because it has taken more product keys than ProduKey from nirsoft takes. (at least on my machine) problem is that this program use a GUI, someone need to verify if this can be automated Quote Link to comment Share on other sites More sharing options...
G-Stress Posted September 18, 2006 Share Posted September 18, 2006 Hey guys, I must say I LOVE this tool. However I had a request I think would be nice if someone would be willing/able to do it. I think if somehow we could add to the script to when run it also dumps wireless keys to the logfiles... that would be nice. The only problem I seem to be having is it does not dump the SAM file's. It only dumps the logfiles containing the IP information, system info, m$ keys, creates the backdoor :? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 18, 2006 Author Share Posted September 18, 2006 good information's folks,any u3-enabled model you guys recommand ? So far we only have a loader for sandisk models. I'm sure sandisk is happy about that. Note: We're not affiliated with U3 or Sandisk Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted September 19, 2006 Share Posted September 19, 2006 I get somethin really weird with one of the versions. Havent bothered to find out which, that opens the iTunes remote speakers windows when itunes is running Quote Link to comment Share on other sites More sharing options...
temperseed Posted September 19, 2006 Share Posted September 19, 2006 Question: Has anyone tried combining Autoit + batch files to turn off the most common firewalls, automatically (like a kill process tree command) I know that autoit has many options for you to mess around with different processes, and windows has a built in process list (maybe we can get the names of each antivirus version) it should be alot less painfull to simply kill a process by its name (since its usually the same) Just making some hypothesis here :twisted: Need some feedback tho... Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 19, 2006 Share Posted September 19, 2006 It would be better to open ports in the windows firewall rather then disable it. Several anti-spyware applications flag the "Notifie me when the firewall is diactivated" option been disabled as a critical problem. Opening specific (or all) ports avoids this problem entierly and usualy indefinitly. The avarage user wouldn't know Windows had a built in firewall let alone how to configure it. Speaking of firewall usability. I found the Vista firewall configuration menu to be the most intimidating menu I have ever seen Microsoft produce. I suspect that if even some one was reading a guide to configuring it, as soon as they saw the interface they would run crying. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted September 19, 2006 Share Posted September 19, 2006 I get somethin really weird with one of the versions. Havent bothered to find out which, that opens the iTunes remote speakers windows when itunes is running My does this too I'm glad I'm not alone... anyone know why it does this? Quote Link to comment Share on other sites More sharing options...
cs_weasel Posted September 19, 2006 Share Posted September 19, 2006 I just watched the episode of Hak.5 with the U3 USB drives, on the recommendation of a friend, and thought I'd drop by to link the viewers to the original writeup I did on modifying the ISO and autorun capabilities of U3 drives a while back: http://cse.msstate.edu/~rwm8/hackingU3/ I've recieved a lot of hits over the past several months via Hackaday, Abe Usher and his demonstration in London, and various google queries, and I'm glad everyone's getting some mileage out of it and using it as a good pen testing tool. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 19, 2006 Author Share Posted September 19, 2006 I just watched the episode of Hak.5 with the U3 USB drives, on the recommendation of a friend, and thought I'd drop by to link the viewers to the original writeup I did on modifying the ISO and autorun capabilities of U3 drives a while back:http://cse.msstate.edu/~rwm8/hackingU3/ I've recieved a lot of hits over the past several months via Hackaday, Abe Usher and his demonstration in London, and various google queries, and I'm glad everyone's getting some mileage out of it and using it as a good pen testing tool. Welcome to the fourms. I do believe I ran across your site in research. I'll had to add a link to the show notes on the wiki. Nice job. Quote Link to comment Share on other sites More sharing options...
patman Posted September 19, 2006 Share Posted September 19, 2006 http://www.securityfocus.com/archive/1/446236 also ... Well if You have physical access to the computer its possible "on the fly" takeout copies of the SAM and system files with this tool: DiskInternals NTFS Reader 2.0 - Works XpSp2 - tested http://www.diskinternals.com/download/NTFS_Reader_Setup.zip So with this tool You dont need any "boot" or restarting of windows... Quote Link to comment Share on other sites More sharing options...
patman Posted September 20, 2006 Share Posted September 20, 2006 btw folks, mostly everything is now detected by symantec ... Quote Link to comment Share on other sites More sharing options...
gbjazzman Posted September 20, 2006 Share Posted September 20, 2006 First I must say this is one of the most well thought out hacks I've seen in a while. That being said, I have a question as I'm not as knowledgable as other people. Would the non U3 method work on a U3 enabled drive, or does the virtual CD interfer with that method? I ask because the Staple's near my house just opened had has the 1 gig SanDisks for $25. I'm asking because I'm curious about such things. Quote Link to comment Share on other sites More sharing options...
Sloth Posted September 20, 2006 Share Posted September 20, 2006 I ask because the Staple's near my house just opened had has the 1 gig SanDisks for $25. actually all staples are running this promo untill the 23rd 512mb = 14.99 1gig = 24.99 2gig = 44.99 all U3 enabled Sandisk Cruzer Micros Quote Link to comment Share on other sites More sharing options...
gbjazzman Posted September 20, 2006 Share Posted September 20, 2006 I ask because the Staple's near my house just opened had has the 1 gig SanDisks for $25. actually all staples are running this promo untill the 23rd 512mb = 14.99 1gig = 24.99 2gig = 44.99 all U3 enabled Sandisk Cruzer Micros Score. Cheap U3 for everyone! (Or people who have Staples near them, atleast) Quote Link to comment Share on other sites More sharing options...
G-Stress Posted September 21, 2006 Share Posted September 21, 2006 something I thought might be interesting is if possible to somehow modify the script to, when inserted into any OS, MAC, nix, windows, etc. to make it work natively on any OS. Also it appears that the remote registry service must be running in order to dump the SAM hashes. Anyone else notice the same thing? At least that was the case with me between 2 different machines. Quote Link to comment Share on other sites More sharing options...
Ouroboros Posted September 21, 2006 Share Posted September 21, 2006 btw folks, mostly everything is now detected by symantec ... The AV folks aren't idiots and are watching this thread too. But they rely mostly on static signatures. Is there some way to have a file download server that repacks/pads/encrypts the source files differently on every download to prevent easy signature creation? This won't protect against good heuristics and application behavior detection, but a lot of people turn that functionality off anyways because of the number of false alarms. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 21, 2006 Author Share Posted September 21, 2006 btw folks, mostly everything is now detected by symantec ... The AV folks aren't idiots and are watching this thread too. But they rely mostly on static signatures. Is there some way to have a file download server that repacks/pads/encrypts the source files differently on every download to prevent easy signature creation? This won't protect against good heuristics and application behavior detection, but a lot of people turn that functionality off anyways because of the number of false alarms. Or, is there a way to obtain the LM password hashes without the use of PWDUMP? Oh, and you raise an interesting point. So much for that job at Symantec. Hi whitehats! Quote Link to comment Share on other sites More sharing options...
marc Posted September 21, 2006 Share Posted September 21, 2006 Someone really needs to help put all this on the wiki. I'll help where possible. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 21, 2006 Author Share Posted September 21, 2006 Someone really needs to help put all this on the wiki. I'll help where possible. Agreed. The current wiki page could use some TLC. Anyone up for the challenge? Quote Link to comment Share on other sites More sharing options...
marc Posted September 21, 2006 Share Posted September 21, 2006 I added a quick guide for n00bs. Not the best, but when I wanted quick info on how to do this on my LAKS USB watch, it really took time searching the thread. Quote Link to comment Share on other sites More sharing options...
boristsr Posted September 21, 2006 Share Posted September 21, 2006 Or, is there a way to obtain the LM password hashes without the use of PWDUMP? Oh, and you raise an interesting point. So much for that job at Symantec. Hi whitehats!you don't think they hire people without experience do you? they hire people who know the sites, the techniques, and who are going to enjoy their work. they hire virus writers! (lets just hope all of them now use their powers for good!) Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 21, 2006 Author Share Posted September 21, 2006 It was a light hearted joke. I'm sure the security community at large has been aware of this attack vector for many years. The only thing new about it is the fact the U3 gives us the autorun abilities of a CD-ROM with the write abilities of a USB key. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.