Jump to content

Recommended Posts

Posted

Hi :lol:

I have been following the development of the switch blade and the hack saw and in my spare time I have produced a payload that combines both the VNC, NMAP and Folding@home payloads and my own key logger Payload.

Also i have made a lot of tweaks and added a lot more applications to the payload and lots of features.

I'd like to release this and place it in the wiki, before i do I would like some feed back on the payload and any way's i can improves on it

Payload (7z)

Payload Hashes (MD5.SHA,CRC)

Thanks

Spartain X

Posted

Man, I'm looking over this stuff and it's definitely thorough. You've done a great job putting it all together.

I have one question, though, what does this mean in your autorun:

shell1=&1

Posted
dos4gw shows up as a Trojan during download with Avast Free version, just so ya know.

Yes it does show up as a Trojan and like many of the tools used are either in firm territory of AV's as being a Trojan or just border lining. I can assure you it is not a Trojan because first off I have compiled it from source and second of all have read through each line of code to ensure nothing malicious takes place.

The source code can be found at planet source code, but I have read through each line and it has been verified

Description

Direct Download

I have done every thing possible to stop it from showing up as a Trojan (UPX compress, Corrupt UPX Header, Adding extra bytes, converting to VBS File, Convert to Bat file) even though the last two are kind of irrelevant it still catches it either in execution or as a regular file, again if anyone has any ideas it's great

Man, I'm looking over this stuff and it's definitely thorough. You've done a great job putting it all together.

I have one question, though, what does this mean in your autorun:

Code:

shell1=&1

In the auto run file if you want to add extra entries in the menu you have to define it in the autorun.inf file where "shell1=&1" is going to be displayed in the menu and "&" just places an underscore (_) under the first character.

If any one any suggestions for any of my problems I have noted in the program or any has a problem or question please post

Posted

trust me it wont trip anything.... well, AV's are starting to catch onto the driver it loads inorder to patch the kernel. Eventualy it may begin to get detected, but this is the best you're gonna do withought a full blown root kit.

Posted
ok, here is a fully encripted, virtual envirmented, entry point obsifcated file. (its a little big but no one can see it). <REMOVED>

Can you PM me on how you did this? I would love to know!

Posted
ok, here is a fully encripted, virtual envirmented, entry point obsifcated file. (its a little big but no one can see it). <REMOVED>

Can you PM me on how you did this? I would love to know!

ditto !

Posted

it's amazing how a key logger that starts off as being less then 50kb blows up to being 1.4mb anyway I'm not complaining and best of all so far it's not detected by AVG, Clam AV, Bit Defender and Mcaffee (Don't ask why i have 4 AV's I'm just paranoid and that's another discussion all together).

Posted

Due to concerns over the content of the encrypted executable file that has been released here, posting of the link will not be permitted until the contents of the file have been verified.

It has been requested that all further submissions to the USB projects are provided unencrypted and/or with a method of viewing the enclosed file(s) and where appropriate accompanied by the source code/resources due to the security risks posed by such files.

Thanks.

Edit: Revised text.

Posted

We need to see some source code here folks, encrypted exe's of unknown content are never a good thing. If you want to complain about this, you can contact the forum mods, or Darren. This isn't negotiable. Open source it, or don't put it up here.

Posted

Even if he posts the source code to the file, how do we know that the source is what matches the encrypted executable?

I think it's good to post encrypted files since that's the only way around AV and it's the responsibility of the person downloading to load on a test box with FileMon, RegMon, TCPMon, Wireshark, Snort .. etc. to see if it's malicious. Surely no one expects a file they're downloading to hack other systems to not be coded in such a way that it gives the author a back door also. :)

I know other people have posted encrypted files before and no one has really complained about it.

I think someone needs to post HOW they're encrypting these files so we can all do it. I know there are a ton of howtos on bypassing AV by using a hex editor and IDApro (or was it Ollydbg). I know this kind of stuff takes a pretty in-depth knowledge of assembly, which I don't have.

Do a Google search for "Hexing your malware" and you'll find the article I'm referring to.

Posted

If he posts the source code, you can compile it yourself to make sure you have a clean exe, and you can indeed just cryp it yourself.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...