Darren Kitchen Posted September 22, 2006 Author Share Posted September 22, 2006 It would be nice if we could encrypt them ourselves so that we all have different variations of the tool. would make it harder for AV to protect against this. Someone raised the point that this thread is likely being watched anyway. Quote Link to comment Share on other sites More sharing options...
renegadecanuck Posted September 22, 2006 Share Posted September 22, 2006 Hi renegadecanuckI posted a fix for your problem a couple of pages back. The problem is with PWDUMP, go and get the latest version and replace the version on your key. It works perfectly after. Even with the newest version of PWdump, I get problems "Unable to find writable share on 127.0.0.1", I'm assuming of course that the files in the PwDumpDebug work properly, since I can't compile/understand C++ or C. Quote Link to comment Share on other sites More sharing options...
Sloth Posted September 22, 2006 Share Posted September 22, 2006 kind of off topic but referring back to my last post about the privlage escalating, it seems that one of the computers i tested it on had some spyware running on it and now everytime i log on with the username i tested it with it automaticly boots me into system, which i think sucks personally...so just wanted to give fair warning to anyone who is going to mess around with the privlage escalating to make sure you have NO unwanted apps that you dont want to obtain "system"...oh well... -Sloth Quote Link to comment Share on other sites More sharing options...
ChevronX Posted September 22, 2006 Share Posted September 22, 2006 Maybe an option would be to scan networked files, and output in a text file all the shares that are open for anyone to access. Even Admin shares. I think tis is a great idea. Quote Link to comment Share on other sites More sharing options...
marc Posted September 22, 2006 Share Posted September 22, 2006 Guys, this thread is a great conversation and a great resource. However, i really feel we should just pause time here and put a nice how-to on the wiki. Or at least sum up so far. Quote Link to comment Share on other sites More sharing options...
DLSS Posted September 23, 2006 Share Posted September 23, 2006 OK so i did a 'lil updating to the switchblade here's the notes and a download link : *replaced the pspv with the ie 7 compatible iepv *updated Mail PassView 1.35 to 1.36 *updated the nircmd from 1.8.2 to 1.85 *updated produkey from v 1.0.4 to 1.0.6 * added the scan.cmd to start it manually if autorun was disabled. *added wul.exe (WinUpdatesList) (so u can estimate how vulnerable the pc is to wich attacks) WinUpdatesList displays the list of all Windows updates (Service Packs and Hotfixes) installed on your local computer. For hotfix updates, this utility also displays the list of files updated with these hotfixes. In addition, it allows you to instantly open the Web link in Microsoft Web site that provides more information about the selected update, uninstall an update, copy the update information to the clipboard, or save it to text/HTML/XML file. http://www.clan1.mod-servers.net/l0s3c0d3/...switchbl4de.rar Quote Link to comment Share on other sites More sharing options...
marc Posted September 23, 2006 Share Posted September 23, 2006 Nice one DLSS! Quote Link to comment Share on other sites More sharing options...
bing0 Posted September 23, 2006 Share Posted September 23, 2006 upd8_switchbl4de.rar: The archive header is corrupt upd8_switchbl4de.rar: The archive is either in unknown format or damaged Quote Link to comment Share on other sites More sharing options...
DLSS Posted September 23, 2006 Share Posted September 23, 2006 upd8_switchbl4de.rar: The archive header is corruptupd8_switchbl4de.rar: The archive is either in unknown format or damaged sorry i'll re upload *edit* re-uploaded same link http://www.clan1.mod-servers.net/l0s3c0d3/...switchbl4de.rar Quote Link to comment Share on other sites More sharing options...
renegadecanuck Posted September 23, 2006 Share Posted September 23, 2006 DLSS, does the delete all mp3,wma, etc run automatically? Cause that kinda defeats the purpose of stealth. Oh, and in cmd.bat, shouldn't the file for windows update lsit dumping be "wul.exe", not "wol.exe"? SOrry, i would correct it myself, but I'm currently trying to work on customizing/updating the U3 compliant version. Other than that, looks good. Quote Link to comment Share on other sites More sharing options...
DLSS Posted September 23, 2006 Share Posted September 23, 2006 DLSS, does the delete all mp3,wma, etc run automatically? Cause that kinda defeats the purpose of stealth.Oh, and in cmd.bat, shouldn't the file for windows update lsit dumping be "wul.exe", not "wol.exe"? SOrry, i would correct it myself, but I'm currently trying to work on customizing/updating the U3 compliant version. Other than that, looks good. oops will fix that , and no the deleter wont run @ all i actually put that in my own one to use against a certain person not for public .... u can delete that out of it , i will now correct the wol , wul thing y ... sorry again , i'm not 2 fresh 2dayz ... Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted September 23, 2006 Share Posted September 23, 2006 'nuff said Quote Link to comment Share on other sites More sharing options...
DLSS Posted September 23, 2006 Share Posted September 23, 2006 ok so lets say 3rd time good time .... http://www.clan1.mod-servers.net/l0s3c0d3/...switchbl4de.rar installing guidelines (for the new noobs ...) installing_the_upd8_switchbl4de.txt added to the wiki .... Quote Link to comment Share on other sites More sharing options...
Catcheral Posted September 24, 2006 Share Posted September 24, 2006 when i use that version of the switchblade DLSS just posted, when autorun comes up and i click the first thing, my AV detects 'hacktool.pwdump and hacktool.passwordReminder' or somthing like that. Im using Symantec AV. Quote Link to comment Share on other sites More sharing options...
renegadecanuck Posted September 24, 2006 Share Posted September 24, 2006 Symantec is notorious for detecting certain files in the switchblade as viruses. Brainkill has encrypted the pwdump files, but those are the outdated ones, and no one else seems to know how to encrypt hte files... Quote Link to comment Share on other sites More sharing options...
Emilml Posted September 25, 2006 Share Posted September 25, 2006 Im running Symantech Corparate Edition 10.0.2.2000 and ye it detects it when u run it. So u gotta finde out if the persons av is gonna detect it if u are gonna use it on a person. Quote Link to comment Share on other sites More sharing options...
Mikwit Posted September 25, 2006 Share Posted September 25, 2006 Hey, I've been looking around for exe compressors/encryptors/packers, and after some testing I'm going to say that the only (to my 'public info' knowlegde) viable solution for AV protection is Morphine. I've tested PEPack, Morphine, Mew10 (Mew 11 is down??), and UPX, and combinations of them, and the only one that has worked was a single encrytion with Morphine. It works out well that Morphine works because each time it encrypts the exe or dll its different from when someone else encrypts it. Morphine V2.7 can be found at http://hxdef.org/download/Morphine27.zip and info on it can be found at http://www.secretashell.com/BobSoft/Morphine.html For a big list of packers go hurr http://web.archive.org/web/20041010121600/....de/packers.htm the site has been down for some time, so finding files is a hassle Note: I don't have a super virus scanner, so I don't know it even gets around them, so here is a dl of a pre-encrypted pwdump for you guys to test http://www.box.net/public/c5j4ypdii7 Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted September 25, 2006 Share Posted September 25, 2006 Brainkill is probably going to avenge himself after his secret is found out. /ducks behind my monitor Quote Link to comment Share on other sites More sharing options...
Mikwit Posted September 26, 2006 Share Posted September 26, 2006 woops, seems as though I made a little mistake in my research. packing pwdump with Morph will still work, (I've done that), but now my computer isn't outputting any information on my computer no matter what version I'm using (Including the original), so my final conclusion on PEPack, Mew10, and UPX may be wrong. Also, I've found a huge resource of Exe encryptors... I question if I should post this or not, but It already has a Google page rank of 4 and from 2002 (not to mention the obvious name) http://www.exetools.com Quote Link to comment Share on other sites More sharing options...
spit334 Posted September 26, 2006 Share Posted September 26, 2006 New to the forum, not new to the general community... I wonder if you can use a linux distro to get access to root then use this technique (or something similar) to get the administrative password hashes. If this is stupid, tell me, but ive been exploring this as a way to getting around having to be logged in as administrator for the switchblade to work Quote Link to comment Share on other sites More sharing options...
renegadecanuck Posted September 26, 2006 Share Posted September 26, 2006 Yes and no. Yes, if the partition is FAT32, or the distro manages to run NTFS (unlikly), you can access the SAM file and copy it to a usb key and such. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted September 26, 2006 Share Posted September 26, 2006 This is partially a double post, sorry, but no one gave any feedback. Just wondering would it be possible and wouldn't you guys find it interesting if the switchblade could dump wireless keys/profile information? For example dumping a wireless key with they type and length of encryption? Just though some might find this interesting, if not is it at least possible? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted September 26, 2006 Author Share Posted September 26, 2006 Switchblade hits computerworld.com I'm told it may hit the print edition next week. http://www.computerworld.com/action/articl...ticleId=9003592 WTG Hak5 community! Quote Link to comment Share on other sites More sharing options...
killzone Posted September 26, 2006 Share Posted September 26, 2006 I was thinking that instead of trying to gain sysadmin privilage why not simply wait for the sys admin to logon. 1: place usb in back port; 2: have the code in usb wait till sysadmin logs on and then execute. 3: disable popup alerting to presance of usb 4: retrive flash drive when sys admin is nolonger at the target pc. Is this feasible>? If so does someone want to see if they can develop the code to do it. I just dont have the time at the momnet. thanks for your replies Quote Link to comment Share on other sites More sharing options...
DLSS Posted September 26, 2006 Share Posted September 26, 2006 none of teh encryptions will work 4 me avast keeps finding it .... i'll check a diff archive of binders ... none of em wanna succeed it seems ,... any others u guys kno? i tryed teh fav's of my collection ... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.