Spartain X Posted November 7, 2006 Posted November 7, 2006 Hi I have been following the development of the switch blade and the hack saw and in my spare time I have produced a payload that combines both the VNC, NMAP and Folding@home payloads and my own key logger Payload. Also i have made a lot of tweaks and added a lot more applications to the payload and lots of features. I'd like to release this and place it in the wiki, before i do I would like some feed back on the payload and any way's i can improves on it Payload (7z) Payload Hashes (MD5.SHA,CRC) Thanks Spartain X Quote
burn Posted November 7, 2006 Posted November 7, 2006 dos4gw shows up as a trojan during download with Avast Free version, just so ya know. Quote
burn Posted November 7, 2006 Posted November 7, 2006 Man, I'm looking over this stuff and it's definitely thorough. You've done a great job putting it all together. I have one question, though, what does this mean in your autorun: shell1=&1 Quote
spektormax Posted November 7, 2006 Posted November 7, 2006 well, nice job, but SOOOOO much of this stuff trips av's. I personaly dont care about most of the stuff thats added but hey nice job, check ur pm. Quote
Spartain X Posted November 7, 2006 Author Posted November 7, 2006 dos4gw shows up as a Trojan during download with Avast Free version, just so ya know. Yes it does show up as a Trojan and like many of the tools used are either in firm territory of AV's as being a Trojan or just border lining. I can assure you it is not a Trojan because first off I have compiled it from source and second of all have read through each line of code to ensure nothing malicious takes place. The source code can be found at planet source code, but I have read through each line and it has been verified Description Direct Download I have done every thing possible to stop it from showing up as a Trojan (UPX compress, Corrupt UPX Header, Adding extra bytes, converting to VBS File, Convert to Bat file) even though the last two are kind of irrelevant it still catches it either in execution or as a regular file, again if anyone has any ideas it's great Man, I'm looking over this stuff and it's definitely thorough. You've done a great job putting it all together.I have one question, though, what does this mean in your autorun: Code: shell1=&1 In the auto run file if you want to add extra entries in the menu you have to define it in the autorun.inf file where "shell1=&1" is going to be displayed in the menu and "&" just places an underscore (_) under the first character. If any one any suggestions for any of my problems I have noted in the program or any has a problem or question please post Quote
spektormax Posted November 7, 2006 Posted November 7, 2006 ok, here is a fully encripted, virtual envirmented, entry point obsifcated file. (its a little big but no one can see it). <REMOVED> Quote
DLSS Posted November 7, 2006 Posted November 7, 2006 im interested :D o and nice work spectormax this dont trip avast ! :D Quote
spektormax Posted November 7, 2006 Posted November 7, 2006 trust me it wont trip anything.... well, AV's are starting to catch onto the driver it loads inorder to patch the kernel. Eventualy it may begin to get detected, but this is the best you're gonna do withought a full blown root kit. Quote
burn Posted November 7, 2006 Posted November 7, 2006 ok, here is a fully encripted, virtual envirmented, entry point obsifcated file. (its a little big but no one can see it). <REMOVED> Can you PM me on how you did this? I would love to know! Quote
DLSS Posted November 7, 2006 Posted November 7, 2006 ok, here is a fully encripted, virtual envirmented, entry point obsifcated file. (its a little big but no one can see it). <REMOVED> Can you PM me on how you did this? I would love to know! ditto ! Quote
spektormax Posted November 7, 2006 Posted November 7, 2006 sorry kids, its a private source thats in a very closed loop development Quote
Spartain X Posted November 8, 2006 Author Posted November 8, 2006 it's amazing how a key logger that starts off as being less then 50kb blows up to being 1.4mb anyway I'm not complaining and best of all so far it's not detected by AVG, Clam AV, Bit Defender and Mcaffee (Don't ask why i have 4 AV's I'm just paranoid and that's another discussion all together). Quote
spektormax Posted November 8, 2006 Posted November 8, 2006 yeh well if you want it not detecable they get big sorry Quote
prasmax Posted November 8, 2006 Posted November 8, 2006 Is it just me or is the link for <REMOVED> down? 404. Quote
spektormax Posted November 8, 2006 Posted November 8, 2006 Its not just you, I cleaned out the directory... and well sorry its back up Quote
Spartain X Posted November 9, 2006 Author Posted November 9, 2006 ill upload my updated payload and the fixed dos4gw.exe soon Quote
moonlit Posted November 9, 2006 Posted November 9, 2006 Due to concerns over the content of the encrypted executable file that has been released here, posting of the link will not be permitted until the contents of the file have been verified. It has been requested that all further submissions to the USB projects are provided unencrypted and/or with a method of viewing the enclosed file(s) and where appropriate accompanied by the source code/resources due to the security risks posed by such files. Thanks. Edit: Revised text. Quote
VaKo Posted November 9, 2006 Posted November 9, 2006 We need to see some source code here folks, encrypted exe's of unknown content are never a good thing. If you want to complain about this, you can contact the forum mods, or Darren. This isn't negotiable. Open source it, or don't put it up here. Quote
spektormax Posted November 10, 2006 Posted November 10, 2006 sorry, its encrypted becasue everyone wanted it to go thru AV's and the only way to so this is encryption Quote
burn Posted November 10, 2006 Posted November 10, 2006 Even if he posts the source code to the file, how do we know that the source is what matches the encrypted executable? I think it's good to post encrypted files since that's the only way around AV and it's the responsibility of the person downloading to load on a test box with FileMon, RegMon, TCPMon, Wireshark, Snort .. etc. to see if it's malicious. Surely no one expects a file they're downloading to hack other systems to not be coded in such a way that it gives the author a back door also. :) I know other people have posted encrypted files before and no one has really complained about it. I think someone needs to post HOW they're encrypting these files so we can all do it. I know there are a ton of howtos on bypassing AV by using a hex editor and IDApro (or was it Ollydbg). I know this kind of stuff takes a pretty in-depth knowledge of assembly, which I don't have. Do a Google search for "Hexing your malware" and you'll find the article I'm referring to. Quote
remkow Posted November 10, 2006 Posted November 10, 2006 If he posts the source code, you can compile it yourself to make sure you have a clean exe, and you can indeed just cryp it yourself. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.