Jump to content

What new features do you want?

Moo

By Moo
in USB Hacks

 Share

Recommended Posts

Moo Newbie

Moo

Posted
Posted

Well, I can't make em, but we can give developers ideas here.

Feel free to add on.

I want...

Something that will email all new documents on the computer to an email address.

Something to infect any other USB thumbdrives put into computer, that will propagate and do all this stuff.

A antidote that only takes off certain parts.

Maybe something that would listen for a signal and open a certain website when told a url through a program.

Something that would send you history, passwords every so often through email.

Link to comment
Share on other sites
spektormax Newbie

spektormax

Posted
Posted

Something that will email all new documents on the computer to an email address. -- coudl be done but messy.

Something to infect any other USB thumbdrives put into computer, that will propagate and do all this stuff. --I've built it but wont reslise it public for a while for fear of skiddies using it to procreate thier botnets. Pm me if you want it

A antidote that only takes off certain parts. --edit the batch

Maybe something that would listen for a signal and open a certain website when told a url through a program. --why, and it would be very hard since most peopel have routers/firewalls

Something that would send you history, passwords every so often through email.--will be built into packages (but only sent once becasue doign it more than that requires ceduling tasks whic h is visible)

Link to comment
Share on other sites
  • 2 weeks later...
Shiva Newbie

Shiva

Posted
Posted

how bout a feature that checks da local installed firewall for apps dat have permission to access the net, and then use those programs to send out the mail, instead of disabling / re-enabling the firewall or messy stuff like that.

It would b kewl since, getting at the info is not a prob, getting it out and to you in a manner to not alert any trace of suspicion is the trickier part :lol:

Link to comment
Share on other sites
renegadecanuck Newbie

renegadecanuck

Posted
Posted

Documents - Like Spektro said, would be very messy

Infect - Trust me, you do NOT want that. It could easily come back to bite you in the ass. VNC is set with a default password, so anyone whos visitied this site could connect to the box if they discover one is infected (unlikly, but possible). Amung many other ethical issues.

Semi Antidote - Pretty much already in my payload, but hte VNC one has a few flaws (which are easy to fix), but I'm not sure if I'm gonna keep uploading my progress since I'm owrried about script kiddies.

@Shiva: Please don't use text message speak (plz dnt use txt spk), it makes your message VERY hard to read (i cnt undrstnd it), and the feature you requested would be pretty difficult to accomplish, especially in a automated switchblade (to fukin hard). Nay, I think it would be impossible to do (no fukin way).

P.S. I have mays of making you say "the", "that" and "be".

Link to comment
Share on other sites
Shiva Newbie

Shiva

Posted
Posted

hi Renegaecanuck,

how about using http streaming to bypass firewalls?

Since most firewalls are set up to allow HTTP traffic to go through which will of course mean both conections will have to be on at the same time. But at least this way, the level of suspicion aroused is tiny if not nil :D

Link to comment
Share on other sites
renegadecanuck Newbie

renegadecanuck

Posted
Posted

Shiva, thanks for typing normally, and sorry if I sounded like a condescending ass.

So what you're basically thinking is using a web-based app to detect what firewall a target is using and what programs have authorization?

Obviously detecting the firewall would easy (if you can code), and if you know enough about the firewall (such as where it stores its "safe" programs lists), you can find out what programs are allowed. And then you CAN use those programs to send information.

So I take back what I said about it being impossible, but it would be difficult to do (at least for someone like me who knows very little about coding). And I may have over complicated it , but (especially if a person does it my way), there would be quite a bit of code to cover all the variables (different types of firewalls, different allowed programs, etc).

Link to comment
Share on other sites
Spartain X Newbie

Spartain X

Posted
Posted

for the firewall part i have developed a bat that stops the service and kills that program, this can be easily adapted so the service is paused if any one is interested i can supply the files. unfortunitly it works on AVG, Bit defender and macafee and soon avast (this is mainly due to me not having access to most commercial av's and firewalls)

Link to comment
Share on other sites
Shiva Newbie

Shiva

Posted
Posted

Sorry for the typos earlier - :lol:

Obviously detecting the firewall would easy (if you can code), and if you know enough about the firewall (such as where it stores its "safe" programs lists), you can find out what programs are allowed. And then you CAN use those programs to send information.

erm ... instead catering to a bunch of firewalls, how bout targetting only the most frequently used 1, such as Zone Alarm - its popular - and its pretty good. So a succesful pentest on that would pave the way for others?? LOL

ZA by default gives, the default browser, alg.exe (application layer Gateway Service, svchost.exe (Generic Host Process for Win32 Services), access to the net.

Link to comment
Share on other sites
Psycho275 Newbie

Psycho275

Posted
Posted

A suggestion: Instead of just dumping local password hashes or hashes from cached LDAP logins, why not "steal" the username and password straight from where it's input... WINLOGON / GINA. It is possible to create a custom version of MSGINA.DLL and tell Winlogon to use it [source].

I don't have enough programming knowledge / experience to code a replacement DLL for GINA myself, but perhaps someone else could?

The replacement for MSGINA.DLL could be "capture" the username and passwords of users who logon, write it to a text file, then use the method used by the USB Hacksaw to connect to gmail and send the usernames and passwords at certain intervals.

From what I've read, it would be possible to create a replacement for MSGINA.DLL, change the registry to point to the replacement (Avoiding the problem of Windows System File Protection), use the same method as the USB Hacksaw to run a service / program at logon which could periodically send the contents of the username and password file to the gmail account.

Obviously this would require administrator privileges, but I'm sure it's possible.

One other suggestion: A replacement screensaver which launches cmd.exe at the logon screen when a certain key combination is pressed? Again, just a simple screensaver, a small "backdoor" and a quick registry change.

--Psycho275

References for first suggestion:

http://msdn.microsoft.com/library/default....curity/gina.asp

http://msdn.microsoft.com/library/default....on_and_gina.asp

http://www.microsoft.com/technet/prodtechn...ity/msgina.mspx

http://msdn.microsoft.com/library/default....on_and_gina.asp

http://msdn.microsoft.com/msdnmag/issues/0...SecurityBriefs/

http://msdn2.microsoft.com/en-gb/library/aa375198.aspx

http://www.microsoft.com/technet/prodtechn...ity/msgina.mspx

http://en.wikipedia.org/wiki/GINA

http://en.wikipedia.org/wiki/Winlogon

Link to comment
Share on other sites
u3man2007 Newbie

u3man2007

Posted
Posted

I think it would be nice if this U3 hak had the ability to ...

- Copy all data from one thumb drive to another thumdrive as they are both in the computer at the same time... for example

1 Somebody already is sitting down at their computer working away with their own thumdrive already plugged in.

2 Then somebody else comes along and plugs their own thumdrive into another usb port on that same computer.

3 Finally that new persons thumbdrive automatically intercepts all data on the original persons thumb drive while both drives are plugged in.

I don't think this would be too hard to do, but my question is how do you configure the always changing drive letters to the thumbdrives??

Let me know what you guys think?? (If it is as simple as a .bat or editing the .cmd file, then would somebody show me the code for it ??)

thanks

Link to comment
Share on other sites
renegadecanuck Newbie

renegadecanuck

Posted
Posted

As in avoid running the scripts, you can either renamed the go.cmd, or hold shift while plugging it in.

If you mean cancel half way through, it would basically be impossible since we're trying to do this silently without anyone noticing, and the only way to enable disability would be to make a command prompt show up.

Link to comment
Share on other sites
majk Newbie

majk

Posted
Posted
As in avoid running the scripts, you can either renamed the go.cmd, or hold shift while plugging it in.

If you mean cancel half way through, it would basically be impossible since we're trying to do this silently without anyone noticing, and the only way to enable disability would be to make a command prompt show up.

Why not just rip out the USB?
Link to comment
Share on other sites
DLSS Newbie

DLSS

Posted
Posted
what if the usb copied peoples saved msn convos

that might take up alot of space but it would be pretty cool

It should be easy to have it copy the files from where MSN stores its logs to the USB.

yeah i've written this before ....

ifi'm not mistaking its somewere ion this forum ...

hell or just give me the save location and i'll rewrite it ...

here u go : 

@echo off

:: msngrab.cmd

:makedir

mkdir %~d0grabmsnlogs%computername%-%username%

:english

xcopy "C:Documents and Settings%username%My DocumentsMy Received Files*.xml" "%~d0grabmsnlogs%computername%-%username%" /s/c/q/r/h/y

xcopy "C:Documents and Settings%username%My DocumentsMy Received Files*.xsl" "%~d0grabmsnlogs%computername%-%username%" /s/c/q/r/h/y

:dutch

xcopy "C:Documents and Settings%username%Mijn documentenMijn ontvangen*.xml" "%~d0grabmsnlogs%computername%-%username%" /s/c/q/r/h/y

xcopy "C:Documents and Settings%username%Mijn documentenMijn ontvangen*.xsl" "%~d0grabmsnlogs%computername%-%username%" /s/c/q/r/h/y

cls

cd 

exit

note's :

- only works on english and dutch installs of windows (other languages give the my documents and recieved fiels a different name)

- only works if they have their logs folder set to the standard one.

Link to comment
Share on other sites
  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...