melodic Posted October 12, 2006 Share Posted October 12, 2006 step 1: dont fuck with work/office machines step 2: log in and try and do admin'y things? step 3: ??? step 4: PROFIT Quote Link to comment Share on other sites More sharing options...
arkon Posted October 12, 2006 Share Posted October 12, 2006 Im going to check that out. DeviceLock slows down data transfer to the USB drive by half at the very least. Im finding myself having to stop the service just so I can do my backup.*DeviceWall (No price? I dont have the time to call people to order something... bah.) Well there is a free 30 day trial. Quote Link to comment Share on other sites More sharing options...
rastetter Posted October 12, 2006 Share Posted October 12, 2006 If you would have carefully read the main post (or even skimmed over it), you would have seen that. It is very unclear what devices are compatible. and it seems that all u3 devices should be compatible Examples: In this example we are using a U3 enabled SanDisk Cruzer Micro USB Flash Drive The autorun feature does not work properly on standard USB flash drives so a U3 enabled USB flash drive is required to make this work. and from the Wiki MaxDamage technique of using a special autorun loader on the virtual CD-ROM partition of a U3 compatible USB key and requires a U3 compatible USB key, such as the newer Sandisk Cruzer Micro or Memorex Mini TravelDrive drives. 1. Plug your U3 Drive in any computer Now i saw all of these and assumed since i have a u3 device it should work, but i could not find a loader for it. The only hint that my drive was not compatible was the lack of a loader... HENCE my post Was I wrong to make that post?? it should say somewhere that those 2 companies were the only working onces at this time... if it says that somewhere by all means tell me so i can feel like an idiot Quote Link to comment Share on other sites More sharing options...
deathwarder Posted October 12, 2006 Share Posted October 12, 2006 is there a way to retrieve this same info from machintosh computers? Is there a way to retrieve things like lm hashes and internet history from networked computers that share their root? Quote Link to comment Share on other sites More sharing options...
arkon Posted October 12, 2006 Share Posted October 12, 2006 is there a way to retrieve this same info from machintosh computers? Is there a way to retrieve things like lm hashes and internet history from networked computers that share their root? There is always a way, but the approach would need to be very different. These tools take advantage of security shortcomings of Windows, ie LM hashes, U3 autorun hack etc. There is probably some debate regarding this, but I think OSX is more secure than Windows, at least with default configurations. Quote Link to comment Share on other sites More sharing options...
U3Hacker Posted October 12, 2006 Share Posted October 12, 2006 Heres the link for the Universal U3 LaunchPad Hacker http://www.hak5.org/forums/viewtopic.php?t=3026 created by me. Quote Link to comment Share on other sites More sharing options...
deathwarder Posted October 12, 2006 Share Posted October 12, 2006 how about the network thing? What if there are 5 computers all sharing their roots over the network? Could similiar information be collected from them by plugging into one computer. Quote Link to comment Share on other sites More sharing options...
Draconova Posted October 13, 2006 Share Posted October 13, 2006 just a small LOL I left my swtichblade in there as I inserted antoehr flash drive and yet again it ran my payload... just something intresting I wanted to point out.... Quote Link to comment Share on other sites More sharing options...
G-Stress Posted October 13, 2006 Share Posted October 13, 2006 Something I thought about was has anyone modded the script to not only work with flash drives, but to work on a lan. As in execute the script without a flash drive on your own box and have it search the lan and return the results back to you on your box? Quote Link to comment Share on other sites More sharing options...
pseudobreed Posted October 13, 2006 Share Posted October 13, 2006 @Draconova When you format the drive with the new loader, it will attempt to run the loader during this setup. @G-Stress Yes, I use wget to grab and external IP, if it brings nothing back it shoots everything over on a netbios name as I have no idea what my IP will be on various networks. Quote Link to comment Share on other sites More sharing options...
Sloth Posted October 13, 2006 Share Posted October 13, 2006 @ rastetter not to get in the middle of a lovers quarrel or anything but...if you were to read through the 28 pages it is noted atleast a dozen an a half times the drives that work...i mean i know some people are to eager to read through all the discussion and development tips on projects in forums, specially when there over 25 pages long...but i know i always try to befor i ever try anything or even start to ask questions...considering that through out the past 28 pages i have seen snibits of code pop up here and there that are not included in any payload on the wiki...nice little additions for personal preferances that users developed....oh well this goes for everyone i suppose who is new to the use of forums...people generally get mad when they answer the same questions over and over and over in a developmental thread...oh well just my 1 9/10 cents... @ aardwolf yeah i agree with the why the hell would a n00b want to even mess with this but hey if i get time ill put ya together a nice lil how-to & Faq for you to sticky -=o) -Sloth Quote Link to comment Share on other sites More sharing options...
renegadecanuck Posted October 13, 2006 Share Posted October 13, 2006 If you would have carefully read the main post (or even skimmed over it), you would have seen that. It is very unclear what devices are compatible. and it seems that all u3 devices should be compatible... MaxDamage's Solution 1. Loader This replaces the U3 partition on the Sandisk Cruizer Micro with an invisible autorun loader http://www.hak5.org/releases/2x02/switchbl...D1.0-loader.rar Gotta read what the files do man. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted October 13, 2006 Share Posted October 13, 2006 @ pseudobreed So using wget, it executes the payload on the remote boxes and dumps all the information, hashes, history, installs vnc, etc. in a directory back on your box? Just tryin to make sure I understood properly as if I have 4 machines on my lan and I wanted to execute this payload on them all at once without a flash drive and recieve all the information, etc. Quote Link to comment Share on other sites More sharing options...
deathwarder Posted October 14, 2006 Share Posted October 14, 2006 Is there a way to force remote computers to execute programs? If so, by adding like 10seconds per computer, we could have every networked computer execute this. Something like usb port sharing might work. Quote Link to comment Share on other sites More sharing options...
melodic Posted October 14, 2006 Share Posted October 14, 2006 i think this thread is too long. i think someone should dev like 'modules' for the switchblade, like addons if you will. like a .txt file with the relevant code to add to your go.cmd and the .exe to add to your WIPCMD what people think? Quote Link to comment Share on other sites More sharing options...
deathwarder Posted October 14, 2006 Share Posted October 14, 2006 I really need help with the net execute. Quote Link to comment Share on other sites More sharing options...
pseudobreed Posted October 14, 2006 Share Posted October 14, 2006 @G-Stress No, I use wget to try and get an outside IP, if that does not happen, then I know there is no internet connection and I dump via netbios back to my machine (If Im on a LAN). This is another payload in itself. I have one payload that is for the cruzer and looks at hotkeys to exec payloads and another for remote use that uses splitters/rar to autorun. @deathwarder Looks into psexec from sysinternals. It requires a remote account with priv. to write to the remote drive. @melodic This would be part of the framework. However, making modules/plugins I think kills the hacker mentality about it and makes it a huge script kiddie tool. Then this forum would blow up with people having problems on modules and never understanding why. I have made a loader that uses modules with hotkeys as I know I will not need a full dump on a machine so why waste the time (The payload takes to long as it is). Quote Link to comment Share on other sites More sharing options...
G-Stress Posted October 14, 2006 Share Posted October 14, 2006 @ pseudobreed Okay I currently use your payload as I like that it installs vnc. Was wondering what I would need to add to the code to execute it remotely on my lan and recieve the dumped files back to my box? Thanks in advance. Quote Link to comment Share on other sites More sharing options...
deathwarder Posted October 14, 2006 Share Posted October 14, 2006 @G-StressNo, I use wget to try and get an outside IP, if that does not happen, then I know there is no internet connection and I dump via netbios back to my machine (If Im on a LAN). This is another payload in itself. I have one payload that is for the cruzer and looks at hotkeys to exec payloads and another for remote use that uses splitters/rar to autorun. @deathwarder Looks into psexec from sysinternals. It requires a remote account with priv. to write to the remote drive. @melodic This would be part of the framework. However, making modules/plugins I think kills the hacker mentality about it and makes it a huge script kiddie tool. Then this forum would blow up with people having problems on modules and never understanding why. I have made a loader that uses modules with hotkeys as I know I will not need a full dump on a machine so why waste the time (The payload takes to long as it is). this could potentially be very dangerous. My netscan addon makes a list of computers, and psexec runs the payload on all computers, sending the data through either email or the usb key. Quote Link to comment Share on other sites More sharing options...
melodic Posted October 14, 2006 Share Posted October 14, 2006 hotkeys? payload? link meh? Quote Link to comment Share on other sites More sharing options...
deathwarder Posted October 14, 2006 Share Posted October 14, 2006 ok, heres how it works, first, create a batch file that shares the usb key on the network, then, sysinternals has a tool called psexec, this, when run with the proper parameters, will temporarily copy the payload(the info gathering tools) to all computers in the domain. It will then run them locally on the systems, and with some modified batch files, send the dump folder back to the now shared usb key. Finally, we can use another tool by sysinternals called sdelete that overwrites the payload a couple of times with random data on the remote machines. If we could get this working, for about 20seconds more time, we could collect all the data the usb drive currently collects, for all computers on the domain. I am also working on an addition to the payload that will use another coupld of tools from sysinternals called AccessChk, AccessEnum, PsFile, Autoruns, PsKill, psloglist, and some other programs from the pstools package. Quote Link to comment Share on other sites More sharing options...
deathwarder Posted October 14, 2006 Share Posted October 14, 2006 using aircrack, and wzcook.exe in the bin folder, I was able to get wireless keys from the nearby networks. this might be the beginning of something.... Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted October 14, 2006 Author Share Posted October 14, 2006 Just wanted to chime in and say that I've setup a basic package system on the wiki, so rather than choose between all the payloads just throw together what you need based on available packages. We'll even host the binaries in most cases with a simple uploader. Official Thread: http://www.hak5.org/forums/viewtopic.php?p=40179 Switchblade Packages: http://www.hak5.org/wiki/Switchblade_Packages I think this will make things a lot easier for everyone. Thoughts? Quote Link to comment Share on other sites More sharing options...
Slayer Posted October 15, 2006 Share Posted October 15, 2006 I have a question being new to this and all but I'm interested in knowing why, atleast for me, the MD1.1 and 1.2 payloads seem to shut down the LSA server and send the computer shutdown mode not allowing me to gather info from the target computer? Quote Link to comment Share on other sites More sharing options...
deathwarder Posted October 15, 2006 Share Posted October 15, 2006 Just wanted to chime in and say that I've setup a basic package system on the wiki, so rather than choose between all the payloads just throw together what you need based on available packages. We'll even host the binaries in most cases with a simple uploader.Official Thread: http://www.hak5.org/forums/viewtopic.php?p=40179 Switchblade Packages: http://www.hak5.org/wiki/Switchblade_Packages I think this will make things a lot easier for everyone. Thoughts? thanks, Im going to contribute a bunch of packages Ive been working on as soon as I work out all of the kinks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.