USB Switchblade Development

[MorbidPenguin]

Awesome work so far, guys. I wish I had some coding skills so I could help you out.

I'm wondering, however, if it wouldn't be possible to set up the U3 partition to load up both the payload and the LaunchU3 application together. That way, I can plug my key in, use U3 to check my email or skype or whatever, and it also instantly runs the payload in the background.

Either that or, as a previous poster said, use the development api to create a u3 program that can be run fairly discretely.

Anyway, love the work so far. Keep it up.

[Jay]

Hey, folks. Went through all nine pages and haven't seen this yet.

I've unzipped MaxDamage's payloads. And the encrypted files are no problem. However, I have McAfee Internet Security Suite 8.0 and it is complaining about mspass.exe and netpass.exe .

May I please have encrypted versions of these?

Thanks.

[Darren Kitchen]

Heya guys. Well bad news i lost my memory stick with liek 100's of password on it :S So i had to change them all.

Anyways before i lost it i had time to implement this

http://www.cqure.net/wp/?page_id=7

It grabs and decrypts the password for Tight VNC and Real VNC on the fly, and it runs in command line :D

So thats good to implement. =)

Im glad to see the projects going well.

But i think someone or myself shoudl implement a command line file encryptor to store these password safe everytime we dump them, jsut incase we loose them....like me. I wish i did that before

Good idea about encrypting. I'd suggest truecrypt but I dont think there is a way to automate it and you'd have to type the password. What command line encryption options are out there. Of course the script would only have the password to write to the file, the read password would be in your head. Sorry if I'm not making sense... painkillers.

And Amish, think you could add your updated payload that grabs VNC passwords to the wiki?

[Ag3nT_KaTz]

Well I got my answer from Memorex.

I am sorry about the inconvenience but at this moment we do not have an

update for the launchpad, the other version was build on the drive and

cannot be copied or your version cannot be updated.

Thank you for choosing Memorex.

George Cheves

Memorex Technical Support

[DTYtsejam24]

damn memorex to helllllllllllllllllllll

i have two memorex drives laying around that i could hve used one of them for this...oh well ill just have to pick up a sandisk one, or find some kid at my school to trade me

[teslafreak]

Good idea about encrypting. I'd suggest truecrypt but I dont think there is a way to automate it and you'd have to type the password. What command line encryption options are out there. Of course the script would only have the password to write to the file, the read password would be in your head. Sorry if I'm not making sense... painkillers.

And Amish, think you could add your updated payload that grabs VNC passwords to the wiki?

How about something like ncrypt?

http://ncrypt.sourceforge.net/

[bing0]

Ok, so id like to know what executables are detectable as viruses. pwdump is... I plan to fix that right now. PM me on irc if you have a better idea. nick == Brainkill

=====================

_________________

-----------------------------

Brandon G.

Lead Hosting Tech/Owner

------------------------------

hi guys, hi brainkill,

face the problem that not only 'pwservice' and 'pwdump' can be detected i have problems with netpass an mspass also.

@ Brainkill: can you fix this too ?? or better, tell me how you fixt this :)

Thanks

TOM

[bing0]

AAARLG

left thret open without refresh. :oops:

will try ncrype

jokes on me :roll:

tom

[bing0]

@Brainkill: still need the named exe files crypted

[DTYtsejam24]

for the hahas we should develope a really robust version of the switchblade, that just rediculously owns the machine its plugged into and doesnt do it in a stealthy way at all. Not really sure what this would entail, but when i think of it ill get back to you

[amish]

Darren i would add it but i dont have it anymore. It was on my memorystick and i dont have it anymore :(

I think the flags were -c for real vnc and -s for tight jsut run the program

vncdecrypt.exe /?

[jag]

not to be redundant or whiny but just for a different perspective...

I'm running BitDefender9 and it caught three immediately upon inserting the device: mailpv, pspv, mspass (using MADs version)

and obviously just two: pspv and mspass with Silivs version (since there is no mailpv).

dunno if this helps or was pointless but i sure hope people keep working on this

props to all the people who can do this kind of stuff

me = noob so hello to everyone too

[temperseed]

ermmmm ZOMG WTF ! :shock:

This hack is sesame street kiddy. Allmost EVERYONE that has a computer uses an admin account (period.) And if they have an antivirus, and they allready lent you their computer use your "SOCIAL ENGENIEERING" skills (witch either u have em or not... the ability to sweet talk ppl on doing what u want) Just tell em:

"hey can i get a glass of water"

disable the antivirus or add an exception rule. 10s tops.

Plug it in, and take it out...

PS: AUTO-IT Scripts ??? anyone... i allready have a personalized autoit script for disabeling "Symantec Client Security" wich is the one used on my college.... and since everyone logs into the computers and uses their chat clients, and emails, i can basically have access to anyones information withing 30minutes !!!! ZOOOORF !!!! :twisted: Its actually less, but i prefer to go back to my house, blast some hacking music on, and have fun with my new victim.

[DLSS]

aww man my experiences @ school with this were gr8 so far :

got bout 50 valid & legal license keys 4 m$ w1nd0ws and 0ff1ce 2003

(school pays for 300 only 250 or so pc's @school all pc's use same serial ....)

also cos the school blocks msn , ppl login to online msn services (not allowed btw) and leave cookies ... my usb stick ate 'em :P even found some cell #s +account and passes for it on sms site's . (with this info i could send sms messages under their name coming from their number ...)

ppl are so ignorant ...

btw i wont use any of the above ! , purely exploring ....

ok i might abuse the msn accounts :P its time 4 him to break up with that girl y :twisted: (just kidding )

[temperseed]

SUGGESTION

Maybe you would like the idea of having a fixed drive for the USB everytime you plug it, no matter in witch computerusb port you put it in.

http://www.uwe-sieber.de/usbdlm_e.html

X: <--- looks preaty slick :twisted:

J: <---- looks retarded :evil:

[bshwckr592]

Could you explain how to use the usbdlm program to make a usb drive non-removable on any computer? I read the instructions but I am not clear on how to do this. Thanks.

[temperseed]

This goes on the switchblade (a *.bat, just make sure is ran after the admin account is created, so u just input that username here...)

runas /user:[b]USERNAME[/b] "USBDLM -install"

USBDLM -silentinstall

net start USBDLM

The .ini file

[settings]

ForceDriveLetters=1

DeleteMountPointsOnRemoval=1

LogLevel=3

WriteDebugInfo=0

[DriveLetters]

Letter1=X

[DriveLettersUsbPort1]

PortName=5-8

Letter1=X

Then again... this needs alot of work done. I can olso sugjest we use "CMDOW" specially those of us who use regular USB drives, so we can HIDE the .BAT window, and be less obvious.

I usually just run the damn .bat file right on their face, but since it doesnt do or say anything they are like ... ermm wtf? (ohh well... nvm) :twisted:

[Plutonium]

Something wierd is happening with the my switchblade.

I get this message when plug my usb drive(sandisk cruzer) in with the 1.2 payload on it and all. It takes about 3 mins to come up after i plug it in.

here it is.

http://www.trendmicro.com/vinfo/images/wor...sser_a_img2.gif

from what I'v read this is the same message ppl would get when they were infected with sasser. I have windows sp2 updated and all. It only happens when i have the usb in the drive. i hope i dont have a virus ive never had one b4. *cries*

oh btw other than that everything else works fine with the switchblade software

[teslafreak]

Something wierd is happening with the my switchblade.

I get this message when plug my usb drive(sandisk cruzer) in with the 1.2 payload on it and all. It takes about 3 mins to come up after i plug it in.

here it is.

http://www.trendmicro.com/vinfo/images/wor...sser_a_img2.gif

from what I'v read this is the same message ppl would get when they were infected with sasser. I have windows sp2 updated and all. It only happens when i have the usb in the drive. i hope i dont have a virus ive never had one b4. *cries*

oh btw other than that everything else works fine with the switchblade software

This is probably pwdump, if you drop in a new version, it should be fine.

[NiteMare]

Something wierd is happening with the my switchblade.

I get this message when plug my usb drive(sandisk cruzer) in with the 1.2 payload on it and all. It takes about 3 mins to come up after i plug it in.

here it is.

http://www.trendmicro.com/vinfo/images/wor...sser_a_img2.gif

from what I'v read this is the same message ppl would get when they were infected with sasser. I have windows sp2 updated and all. It only happens when i have the usb in the drive. i hope i dont have a virus ive never had one b4. *cries*

oh btw other than that everything else works fine with the switchblade software

if you want to get rid of that then all you have to do is execute this line in RUN

shutdown.exe /a

and that should remove that window so it wont make you restart ur comp

[harneable]

all that is, is when you open the command prompt (windows key + R and type in cmd) its a command called shutdown -i (i for initilize)and you cna select a ip or computer name and choose to shutdown the selected computer or log off the user and then type a message and the ammount of time the message will be visable and at the end of the alloted time it will take action, you can stop this ofcorse by typing shutdown -a (a for abort) in the command prompt.

[servzero]

I thought of a name for this type of attack,

"Hit and Run Hacking"

*shrugs*

[psichonico]

I just saw this site on digg. Its a way of finding keys, but finds more that what ive seen currently on the switchblade.

http://www.raymond.cc/blog/archives/2006/0...-your-computer/

Hope someone will add this to a future switchblade.

[Darren Kitchen]

I just saw this site on digg. Its a way of finding keys, but finds more that what ive seen currently on the switchblade.

http://www.raymond.cc/blog/archives/2006/0...-your-computer/

Hope someone will add this to a future switchblade.

How is that any different from the product key dump that's on the current switchblade?

[patman]

good information's folks,

any u3-enabled model you guys recommand ?