Jump to content

USB Switchblade Development

Darren Kitchen

By Darren Kitchen
in USB Hacks

 Share

Recommended Posts

  • Replies 581
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

psichonico Newbie

psichonico

Posted
Posted
I just saw this site on digg. Its a way of finding keys, but finds more that what ive seen currently on the switchblade.

http://www.raymond.cc/blog/archives/2006/0...-your-computer/

Hope someone will add this to a future switchblade.

How is that any different from the product key dump that's on the current switchblade?

Its different because it has taken more product keys than ProduKey from nirsoft takes. (at least on my machine)

Link to comment
Share on other sites
patman Newbie

patman

Posted
Posted
I just saw this site on digg. Its a way of finding keys, but finds more that what ive seen currently on the switchblade.

http://www.raymond.cc/blog/archives/2006/0...-your-computer/

Hope someone will add this to a future switchblade.

How is that any different from the product key dump that's on the current switchblade?

Its different because it has taken more product keys than ProduKey from nirsoft takes. (at least on my machine)

problem is that this program use a GUI, someone need to verify if this can be automated

Link to comment
Share on other sites
G-Stress Newbie

G-Stress

Posted
Posted

Hey guys, I must say I LOVE this tool. However I had a request I think would be nice if someone would be willing/able to do it. I think if somehow we could add to the script to when run it also dumps wireless keys to the logfiles... that would be nice.

The only problem I seem to be having is it does not dump the SAM file's. It only dumps the logfiles containing the IP information, system info, m$ keys, creates the backdoor :?

Link to comment
Share on other sites
temperseed Newbie

temperseed

Posted
Posted

Question: Has anyone tried combining Autoit + batch files to turn off the most common firewalls, automatically (like a kill process tree command)

I know that autoit has many options for you to mess around with different processes, and windows has a built in process list (maybe we can get the names of each antivirus version)

it should be alot less painfull to simply kill a process by its name (since its usually the same)

Just making some hypothesis here :twisted: Need some feedback tho...

Link to comment
Share on other sites
Sparda Newbie

Sparda

Posted
Posted

It would be better to open ports in the windows firewall rather then disable it. Several anti-spyware applications flag the "Notifie me when the firewall is diactivated" option been disabled as a critical problem. Opening specific (or all) ports avoids this problem entierly and usualy indefinitly. The avarage user wouldn't know Windows had a built in firewall let alone how to configure it. Speaking of firewall usability. I found the Vista firewall configuration menu to be the most intimidating menu I have ever seen Microsoft produce. I suspect that if even some one was reading a guide to configuring it, as soon as they saw the interface they would run crying.

Link to comment
Share on other sites
cs_weasel Newbie

cs_weasel

Posted
Posted

I just watched the episode of Hak.5 with the U3 USB drives, on the recommendation of a friend, and thought I'd drop by to link the viewers to the original writeup I did on modifying the ISO and autorun capabilities of U3 drives a while back:

http://cse.msstate.edu/~rwm8/hackingU3/

I've recieved a lot of hits over the past several months via Hackaday, Abe Usher and his demonstration in London, and various google queries, and I'm glad everyone's getting some mileage out of it and using it as a good pen testing tool.

Link to comment
Share on other sites
Darren Kitchen Grand Master

Darren Kitchen

Posted
  • Author
Posted
I just watched the episode of Hak.5 with the U3 USB drives, on the recommendation of a friend, and thought I'd drop by to link the viewers to the original writeup I did on modifying the ISO and autorun capabilities of U3 drives a while back:

http://cse.msstate.edu/~rwm8/hackingU3/

I've recieved a lot of hits over the past several months via Hackaday, Abe Usher and his demonstration in London, and various google queries, and I'm glad everyone's getting some mileage out of it and using it as a good pen testing tool.

Welcome to the fourms. I do believe I ran across your site in research. I'll had to add a link to the show notes on the wiki. Nice job.

Link to comment
Share on other sites
patman Newbie

patman

Posted
Posted

http://www.securityfocus.com/archive/1/446236

also ...

Well if You have physical access

to the computer its possible "on the fly"

takeout copies of the SAM and system files with this tool:

DiskInternals NTFS Reader 2.0 - Works XpSp2 - tested

http://www.diskinternals.com/download/NTFS_Reader_Setup.zip

So with this tool You dont need any "boot" or restarting of windows...

Link to comment
Share on other sites
gbjazzman Newbie

gbjazzman

Posted
Posted

First I must say this is one of the most well thought out hacks I've seen in a while. That being said, I have a question as I'm not as knowledgable as other people.

Would the non U3 method work on a U3 enabled drive, or does the virtual CD interfer with that method? I ask because the Staple's near my house just opened had has the 1 gig SanDisks for $25. I'm asking because I'm curious about such things.

Link to comment
Share on other sites
gbjazzman Newbie

gbjazzman

Posted
Posted
I ask because the Staple's near my house just opened had has the 1 gig SanDisks for $25.

actually all staples are running this promo untill the 23rd

512mb = 14.99

1gig = 24.99

2gig = 44.99

all U3 enabled Sandisk Cruzer Micros

Score. Cheap U3 for everyone! (Or people who have Staples near them, atleast)

Link to comment
Share on other sites
G-Stress Newbie

G-Stress

Posted
Posted

something I thought might be interesting is if possible to somehow modify the script to, when inserted into any OS, MAC, nix, windows, etc. to make it work natively on any OS. Also it appears that the remote registry service must be running in order to dump the SAM hashes. Anyone else notice the same thing? At least that was the case with me between 2 different machines.

Link to comment
Share on other sites
Ouroboros Newbie

Ouroboros

Posted
Posted
btw folks, mostly everything is now detected by symantec ...

The AV folks aren't idiots and are watching this thread too. But they rely mostly on static signatures. Is there some way to have a file download server that repacks/pads/encrypts the source files differently on every download to prevent easy signature creation?

This won't protect against good heuristics and application behavior detection, but a lot of people turn that functionality off anyways because of the number of false alarms.

Link to comment
Share on other sites
Darren Kitchen Grand Master

Darren Kitchen

Posted
  • Author
Posted
btw folks, mostly everything is now detected by symantec ...

The AV folks aren't idiots and are watching this thread too. But they rely mostly on static signatures. Is there some way to have a file download server that repacks/pads/encrypts the source files differently on every download to prevent easy signature creation?

This won't protect against good heuristics and application behavior detection, but a lot of people turn that functionality off anyways because of the number of false alarms.

Or, is there a way to obtain the LM password hashes without the use of PWDUMP? Oh, and you raise an interesting point. So much for that job at Symantec. Hi whitehats!

Link to comment
Share on other sites
boristsr Newbie

boristsr

Posted
Posted
Or, is there a way to obtain the LM password hashes without the use of PWDUMP? Oh, and you raise an interesting point. So much for that job at Symantec. Hi whitehats!
you don't think they hire people without experience do you? they hire people who know the sites, the techniques, and who are going to enjoy their work. they hire virus writers! (lets just hope all of them now use their powers for good!)
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...