Switchblade + Hacksaw + VNC + nmap = spektormax's payload

[DLSS]

yo spectormax , any upd8es ?

give some info on current functionality , ....

i'm back in the game so gimme a heads up on wot is needed and wot i can do.

also i'm going to buy a sandisk cruzer micro 2G cos i just saw one advertised @selection for €49 .so someone will need to inform me bout how to flash it and how to backup and restore the original iso ...

GRTS , DLSS

[spektormax]

eh, its complicated, I have something really cool built but well the problem is that it is potencialy usable by skides to use to spread there botnets. PM me for more details if you care. (the ICBM is made) the ICBM is what darren and wess were iluding to about uding the hacksaw to make it infect other flash drives.

[Luka_Krmpotic]

What exactly is on the ICBM?

Intercontinental ballistic missile.

[spektormax]

ICBM is a "mod" (so to speak) for the hacksaw that when a removable flash media storage device is inserted into the USB port of the computer, after the HackSaw grabs everything off of is and emails it to you, it the "r00ts" the flash media device so that when it is inserted into another computer, it will install the HackSaw on that computer as well. The reason I have not made a public reilise is because of its extreamly easy use by your run of the mill skiddy who will use it to propigate his botnet. There is curently a private reslise of the BETA code. PM me if you want to be a tester.

[spektormax]

ok production of the ICBM is pritty much compleated

[cuemmey]

I just joined the forum, although I've been reading and following for a while. The other day I finally got a u3 flash drive, so I decided to try this out. While I could get the regular hacksaw payload to work... I couldn't compile my own from the wiki page spektormax filled with code etc.

I guess right now my main question is... where can I download spektormax's payload? its not on the wiki from what i can see. And the links at the beginning of this thread are dead.

If I need to I'll create a separate thread to get help with making my own.

noob

PS. Is this a type of programming language that is in the go.cmd? like is it considered a c++ or is it something completely different?

[remkow]

the go.cmd is just a batch file (cmd prompt commands). Make the script in notepad, and save it with the cmd or bat extension.

and what exactly doesn't work with the switchblade?? the autorun, the programs, or something else?

[cuemmey]

Well I've got it partially working putting together my own since a few minutes ago lol. I know what the go.cmd is and all that, my problem was I mixing two of the payloads instead of just making one from scratch from spektormax's stuff.

I still have a few things to do, and I'm sure I'll have questions. Thanks for replying.

[Guest Twilight Zone]

Is it possible to put,for example,http traffic generator to bomb predefined sites with connections and make bigger ratings on counter ? and do mortal thing to victim's computer like a hard drive killer or cmos killer,for example after 6 hours or 3 days computer self execute lethal program ?

and pass reweal for wirelless key view, and licence viewer like a Koala licence viewer ,and Mozilla and IE cookies view and anything else for rewealing passwords and secrets ? I try to put this in folder but nothing,maybe need to put codes in .cmd or .bach to be able to execute this,or what ?

And is it possible to make code for auto opening netbios ports and share predefined folder or entire hard disc without admin's permision and notice?I have more ideas but dont know how to programing.

[psycho]

hey no0b get off my avatar

[Guest Twilight Zone]

offtopic

sorry,I didnt notice,I have this on 7-8 phorums.Ok,suggest me one so I will change it.send me on pm link for another one.

[spektormax]

ok well let me know what you want and ill consider it, and twilight, im lookgin into how to do what you want me to do

[Guest Twilight Zone]

ok,I will send U on mail some of the programs from my wishlist up in thread,but I'm shure that U have programs with these functions allready.

[echeco]

Ok so this is the hacksaw, the full switchbalde, as well as cachedump, and now an namper that will nmap the 192.168.*.*, 10.*.*.*, 172.16.*.*-172.32.*.* and email it to you as well as the vnc installer. It has both a U3 and a non U3 version. get it at: http://tinyurl.com/q8zgr

HI... :D :D

how can i change the options on nmap??

is there a file i can modify???

cheers

[Jmtyra]

gawd this thread is ~still~ going strong.

usb hax ftw :P

[majk]

Ok so this is the hacksaw, the full switchbalde, as well as cachedump, and now an namper that will nmap the 192.168.*.*, 10.*.*.*, 172.16.*.*-172.32.*.* and email it to you as well as the vnc installer. It has both a U3 and a non U3 version. get it at: http://tinyurl.com/q8zgr

HI... :D :D

how can i change the options on nmap??

is there a file i can modify???

cheers

Just look through the files, it pretty obvious which one you'd want to change.

[./pwned]

Ok, I'm done lurking for the past day and a half. Time for my first post :)

I downloaded this payload and have had a little fun with it just on my local systems. But I'm not really into the VNC and NMAP stuff.. How would I go about editing some of the applications out of the payload so that I can, basically, just have all the password dumping stuff (im's, firefox, windows hashes, etc). I think thats it.

[echeco]

Just look through the files, it pretty obvious which one you'd want to change.

thanks, I did that.....

[majk]

Ok, I'm done lurking for the past day and a half. Time for my first post :)

I downloaded this payload and have had a little fun with it just on my local systems. But I'm not really into the VNC and NMAP stuff.. How would I go about editing some of the applications out of the payload so that I can, basically, just have all the password dumping stuff (im's, firefox, windows hashes, etc). I think thats it.

Why not just use the original Switchblade? Or just remove the programs you don't want to run from the file that launches all the programs.

Just look through the files, it pretty obvious which one you'd want to change.

thanks, I did that.....

Ok, great.

[./pwned]

Ok, I'm done lurking for the past day and a half. Time for my first post :)

I downloaded this payload and have had a little fun with it just on my local systems. But I'm not really into the VNC and NMAP stuff.. How would I go about editing some of the applications out of the payload so that I can, basically, just have all the password dumping stuff (im's, firefox, windows hashes, etc). I think thats it.

Why not just use the original Switchblade? Or just remove the programs you don't want to run from the file that launches all the programs.

Yeah, that was my first thought but I'm looking at all of the .bat files and am not to sure what to do. So I'm trying to learn :)

Original:

nircmd execmd CALL WIPCMDavkill.exe

nircmd execmd CALL WIPCMDgo.bat

nircmd execmd CALL WIPCMDprogstart.bat

nircmd execmd CALL WIPCMDhack_saw.cmd

nircmd execmd CALL WIPCMDinstall.cmd

nircmd execmd CALL WIPCMDnmap.cmd

nircmd execmd CALL WIPCMDpwservice.exe

nircmd execmd CALL WIPCMDfolding_install.bat

and what I have done:

nircmd execmd CALL WIPCMDavkill.exe

nircmd execmd CALL WIPCMDgo.bat

nircmd execmd CALL WIPCMDprogstart.bat

nircmd execmd CALL WIPCMDhack_saw.cmd

nircmd execmd CALL WIPCMDpwservice.exe

nircmd execmd CALL WIPCMDfolding_install.bat

I'm pretty sure that that will stop VNC and nmap. How would I go about testing this other than you guys just saying good to go?

[majk]

Ok, I'm done lurking for the past day and a half. Time for my first post :)

I downloaded this payload and have had a little fun with it just on my local systems. But I'm not really into the VNC and NMAP stuff.. How would I go about editing some of the applications out of the payload so that I can, basically, just have all the password dumping stuff (im's, firefox, windows hashes, etc). I think thats it.

Why not just use the original Switchblade? Or just remove the programs you don't want to run from the file that launches all the programs.

Yeah, that was my first thought but I'm looking at all of the .bat files and am not to sure what to do. So I'm trying to learn :)

Original:

nircmd execmd CALL WIPCMDavkill.exe

nircmd execmd CALL WIPCMDgo.bat

nircmd execmd CALL WIPCMDprogstart.bat

nircmd execmd CALL WIPCMDhack_saw.cmd

nircmd execmd CALL WIPCMDinstall.cmd

nircmd execmd CALL WIPCMDnmap.cmd

nircmd execmd CALL WIPCMDpwservice.exe

nircmd execmd CALL WIPCMDfolding_install.bat

and what I have done:

nircmd execmd CALL WIPCMDavkill.exe

nircmd execmd CALL WIPCMDgo.bat

nircmd execmd CALL WIPCMDprogstart.bat

nircmd execmd CALL WIPCMDhack_saw.cmd

nircmd execmd CALL WIPCMDpwservice.exe

nircmd execmd CALL WIPCMDfolding_install.bat

I'm pretty sure that that will stop VNC and nmap. How would I go about testing this other than you guys just saying good to go?

Well if you want to test it I guess test it on another computer.

[spektormax]

you can either delete it form the bat or put a :: before it to comment it out

offtopic:

sorry that Ive been sorta not here the last liek 3 weeks, and sorry to peopel liek twighlight who have asked me to code soemthign but I nver got around to it, let me know what u guys need im back (sorta)

[likeachild]

norton detects a trojan in this payload...

it's naming a services.exe file in the antidote folder!

what is the services.exe file for?

[spektormax]

its to set a service

[twist3r]

hey, I've read through everything, and unless I'm mistaken (please correct me) vnc is being setup regularly, as in it won't work through nats/firewalls. So why not make it a reverse connection? I've been using a mod for ultravnc called single click to remotely fix computers for a long time now. The remote host contacts the local host therefore bypassing any nat issues (though the localhost must have an open port). $0.02