Jump to content

USB Switchblade Development

Darren Kitchen

By Darren Kitchen
in USB Hacks

 Share

Recommended Posts

  • Replies 581
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

arkon Newbie

arkon

Posted
Posted
Im going to check that out. DeviceLock slows down data transfer to the USB drive by half at the very least. Im finding myself having to stop the service just so I can do my backup.

*DeviceWall (No price? I dont have the time to call people to order something... bah.)

Well there is a free 30 day trial.

Link to comment
Share on other sites
rastetter Newbie

rastetter

Posted
Posted
If you would have carefully read the main post (or even skimmed over it), you would have seen that.

It is very unclear what devices are compatible. and it seems that all u3 devices should be compatible

Examples:

In this example we are using a U3 enabled SanDisk Cruzer Micro USB Flash Drive
The autorun feature does not work properly on standard USB flash drives so a U3 enabled USB flash drive is required to make this work.

and from the Wiki

MaxDamage technique of using a special autorun loader on the virtual CD-ROM partition of a U3 compatible USB key
and requires a U3 compatible USB key, such as the newer Sandisk Cruzer Micro or Memorex Mini TravelDrive drives.
1. Plug your U3 Drive in any computer

Now i saw all of these and assumed since i have a u3 device it should work, but i could not find a loader for it. The only hint that my drive was not compatible was the lack of a loader... HENCE my post

Was I wrong to make that post?? it should say somewhere that those 2 companies were the only working onces at this time... if it says that somewhere by all means tell me so i can feel like an idiot

Link to comment
Share on other sites
arkon Newbie

arkon

Posted
Posted
is there a way to retrieve this same info from machintosh computers? Is there a way to retrieve things like lm hashes and internet history from networked computers that share their root?

There is always a way, but the approach would need to be very different. These tools take advantage of security shortcomings of Windows, ie LM hashes, U3 autorun hack etc. There is probably some debate regarding this, but I think OSX is more secure than Windows, at least with default configurations.

Link to comment
Share on other sites
pseudobreed Newbie

pseudobreed

Posted
Posted

@Draconova

When you format the drive with the new loader, it will attempt to run the loader during this setup.

@G-Stress

Yes, I use wget to grab and external IP, if it brings nothing back it shoots everything over on a netbios name as I have no idea what my IP will be on various networks.

Link to comment
Share on other sites
Sloth Newbie

Sloth

Posted
Posted

@ rastetter

not to get in the middle of a lovers quarrel or anything but...if you were to read through the 28 pages it is noted atleast a dozen an a half times the drives that work...i mean i know some people are to eager to read through all the discussion and development tips on projects in forums, specially when there over 25 pages long...but i know i always try to befor i ever try anything or even start to ask questions...considering that through out the past 28 pages i have seen snibits of code pop up here and there that are not included in any payload on the wiki...nice little additions for personal preferances that users developed....oh well this goes for everyone i suppose who is new to the use of forums...people generally get mad when they answer the same questions over and over and over in a developmental thread...oh well just my 1 9/10 cents...

@ aardwolf

yeah i agree with the why the hell would a n00b want to even mess with this but hey if i get time ill put ya together a nice lil how-to & Faq for you to sticky -=o)

-Sloth

Link to comment
Share on other sites
renegadecanuck Newbie

renegadecanuck

Posted
Posted
If you would have carefully read the main post (or even skimmed over it), you would have seen that.

It is very unclear what devices are compatible. and it seems that all u3 devices should be compatible...

MaxDamage's Solution

1. Loader

This replaces the U3 partition on the Sandisk Cruizer Micro with an invisible autorun loader

http://www.hak5.org/releases/2x02/switchbl...D1.0-loader.rar

Gotta read what the files do man.

Link to comment
Share on other sites
G-Stress Newbie

G-Stress

Posted
Posted

@ pseudobreed

So using wget, it executes the payload on the remote boxes and dumps all the information, hashes, history, installs vnc, etc. in a directory back on your box?

Just tryin to make sure I understood properly as if I have 4 machines on my lan and I wanted to execute this payload on them all at once without a flash drive and recieve all the information, etc.

Link to comment
Share on other sites
pseudobreed Newbie

pseudobreed

Posted
Posted

@G-Stress

No, I use wget to try and get an outside IP, if that does not happen, then I know there is no internet connection and I dump via netbios back to my machine (If Im on a LAN).

This is another payload in itself. I have one payload that is for the cruzer and looks at hotkeys to exec payloads and another for remote use that uses splitters/rar to autorun.

@deathwarder

Looks into psexec from sysinternals. It requires a remote account with priv. to write to the remote drive.

@melodic

This would be part of the framework. However, making modules/plugins I think kills the hacker mentality about it and makes it a huge script kiddie tool. Then this forum would blow up with people having problems on modules and never understanding why.

I have made a loader that uses modules with hotkeys as I know I will not need a full dump on a machine so why waste the time (The payload takes to long as it is).

Link to comment
Share on other sites
deathwarder Newbie

deathwarder

Posted
Posted
@G-Stress

No, I use wget to try and get an outside IP, if that does not happen, then I know there is no internet connection and I dump via netbios back to my machine (If Im on a LAN).

This is another payload in itself. I have one payload that is for the cruzer and looks at hotkeys to exec payloads and another for remote use that uses splitters/rar to autorun.

@deathwarder

Looks into psexec from sysinternals. It requires a remote account with priv. to write to the remote drive.

@melodic

This would be part of the framework. However, making modules/plugins I think kills the hacker mentality about it and makes it a huge script kiddie tool. Then this forum would blow up with people having problems on modules and never understanding why.

I have made a loader that uses modules with hotkeys as I know I will not need a full dump on a machine so why waste the time (The payload takes to long as it is).

this could potentially be very dangerous. My netscan addon makes a list of computers, and psexec runs the payload on all computers, sending the data through either email or the usb key.

Link to comment
Share on other sites
deathwarder Newbie

deathwarder

Posted
Posted

ok, heres how it works, first, create a batch file that shares the usb key on the network, then, sysinternals has a tool called psexec, this, when run with the proper parameters, will temporarily copy the payload(the info gathering tools) to all computers in the domain. It will then run them locally on the systems, and with some modified batch files, send the dump folder back to the now shared usb key. Finally, we can use another tool by sysinternals called sdelete that overwrites the payload a couple of times with random data on the remote machines. If we could get this working, for about 20seconds more time, we could collect all the data the usb drive currently collects, for all computers on the domain. I am also working on an addition to the payload that will use another coupld of tools from sysinternals called AccessChk, AccessEnum, PsFile, Autoruns, PsKill, psloglist, and some other programs from the pstools package.

Link to comment
Share on other sites
Darren Kitchen Grand Master

Darren Kitchen

Posted
  • Author
Posted

Just wanted to chime in and say that I've setup a basic package system on the wiki, so rather than choose between all the payloads just throw together what you need based on available packages. We'll even host the binaries in most cases with a simple uploader.

Official Thread:

http://www.hak5.org/forums/viewtopic.php?p=40179

Switchblade Packages:

http://www.hak5.org/wiki/Switchblade_Packages

I think this will make things a lot easier for everyone.

Thoughts?

Link to comment
Share on other sites
deathwarder Newbie

deathwarder

Posted
Posted
Just wanted to chime in and say that I've setup a basic package system on the wiki, so rather than choose between all the payloads just throw together what you need based on available packages. We'll even host the binaries in most cases with a simple uploader.

Official Thread:

http://www.hak5.org/forums/viewtopic.php?p=40179

Switchblade Packages:

http://www.hak5.org/wiki/Switchblade_Packages

I think this will make things a lot easier for everyone.

Thoughts?

thanks, Im going to contribute a bunch of packages Ive been working on as soon as I work out all of the kinks.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...