remkow Posted November 13, 2006 Share Posted November 13, 2006 Since all current payloads are kinda grey/blackhat, I thought I'd make a whitehat one. This payload does some small security fixes, removes temporary files and such, speeds up windows, and does a check for spyware and viruses. It's still very small, and I am planning to add more stuff to it, with some help and suggestions of you guys :D . Features: - Removes all traces from the Switchblade/Hacksaw - Disables CDrom autorun - Disables LM hashes - Disables anonymous access - Disables the clearing of the pagefile at shutdown - Sets prefetch to cache both normal and system files - Disables the thing which shows when a file was last accessed. This increases the overall speed of windows - Deletes temporary files - Updates antivirus, and then scans for viruses and spyware - Scans for rootkits - Performs a chkdsk to repair any damage to the HDD - Defragments the C: drive - Creates a system restore point Download: Mirror 1 Mirror 2 Mirror 3 OLD FILE by Spartain X Wiki page Sorry for the large file, but that's the antivirus/antispyware component. Quote Link to comment Share on other sites More sharing options...
Spartain X Posted November 13, 2006 Share Posted November 13, 2006 Mirror it would be useful if you include a list of new features and modification anyway besides that it's good to see more usb hack development, i'm going to be seeing how this one ticks and works :) Quote Link to comment Share on other sites More sharing options...
remkow Posted November 13, 2006 Author Share Posted November 13, 2006 List of features has been added to the original post. And thanks for mirroring :D Quote Link to comment Share on other sites More sharing options...
CaveMan Posted November 13, 2006 Share Posted November 13, 2006 very clever :P Quote Link to comment Share on other sites More sharing options...
Spartain X Posted November 13, 2006 Share Posted November 13, 2006 maybe add the usb antidote and you have a true white hat and anti usb attack device Quote Link to comment Share on other sites More sharing options...
remkow Posted November 14, 2006 Author Share Posted November 14, 2006 I've added the antidote, and included a registry change which disables autorun, so there wont be any future hacksaw/switchblade attacks. Quote Link to comment Share on other sites More sharing options...
Jester Posted November 14, 2006 Share Posted November 14, 2006 Good work have been thinking about doing this myself and now its done HaHa :). 8) Quote Link to comment Share on other sites More sharing options...
remkow Posted November 14, 2006 Author Share Posted November 14, 2006 Yeah at first I thought there would be someone else to make it soon, but noone did it.. so I thought, why not? Quote Link to comment Share on other sites More sharing options...
CaveMan Posted November 14, 2006 Share Posted November 14, 2006 i can add some mirrors if you wish Quote Link to comment Share on other sites More sharing options...
remkow Posted November 14, 2006 Author Share Posted November 14, 2006 I don't think that's really necessary, but if you want to, go ahead :P Quote Link to comment Share on other sites More sharing options...
burn Posted November 15, 2006 Share Posted November 15, 2006 Nice .... I'm getting it! Quote Link to comment Share on other sites More sharing options...
remkow Posted November 15, 2006 Author Share Posted November 15, 2006 I've now also added a rootkit scan (rootkitrevealer). The scanning unofrtunately runs as a GUI, so it's not hidden, but it does automatically exit after finishing the scanning and reparations. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted November 15, 2006 Share Posted November 15, 2006 You should update the wiki VERY nice work... http://www.hak5.org/wiki/USB_Antidote Quote Link to comment Share on other sites More sharing options...
remkow Posted November 15, 2006 Author Share Posted November 15, 2006 VERY nice work... Thanks :D and I've added the entire thing to the wiki. Quote Link to comment Share on other sites More sharing options...
Spartain X Posted November 17, 2006 Share Posted November 17, 2006 i will be posting a mirror with the new files on the wiki http://www.sif.u-wh.com/mirror/whitehat_payload_v1.3.rar Quote Link to comment Share on other sites More sharing options...
Guest Twilight Zone Posted November 19, 2006 Share Posted November 19, 2006 It's great.I work with 30 non-techy peoples and clean computers for them,this is for mass actions.Howewer,is it posible to remove chkdsk and defragments the C: drive ? it's takes too much time and I think in most cases unnesessary. Quote Link to comment Share on other sites More sharing options...
remkow Posted November 19, 2006 Author Share Posted November 19, 2006 Yeah sure, just edit the WIPgo.cmd, and change this: :: a simple checkdisk chkdsk C: /F :: defragmenting the hard drive defrag C: into this: :: a simple checkdisk :: chkdsk C: /F :: defragmenting the hard drive :: defrag C: Quote Link to comment Share on other sites More sharing options...
Guest Twilight Zone Posted November 19, 2006 Share Posted November 19, 2006 Great job man,really... Quote Link to comment Share on other sites More sharing options...
Paladin Posted January 23, 2007 Share Posted January 23, 2007 Is there anyway to make it so that this is not hidden? I really like this antidote but everything is so hidden and I am not sure why. I would actually like some sort of progress bar myself. But if it would at least show a console window with the output I would be happy. I tried to dump the dir to my desktop but it disappeared. Revealing hidden files does not work and so I just deleted it using linux. Being so hidden makes me feel as though something underhanded is going on here. I want it to be a useful tool with progress easily seen so I know how long to leave it in and such. Any help would be much appreciated Quote Link to comment Share on other sites More sharing options...
remkow Posted January 23, 2007 Author Share Posted January 23, 2007 You also have to enable `view system files and folders` in order to view the files. You can then just edit the go.cmd and see there is nothing scary going on. I think I will add a progress thingie along with it, like you said, which shows what task it is performing, and which are done.. stay tuned :D Quote Link to comment Share on other sites More sharing options...
CaveMan Posted January 23, 2007 Share Posted January 23, 2007 pm me when your done with the status thing ill post up another mirror and start mass running it Quote Link to comment Share on other sites More sharing options...
Paladin Posted February 6, 2007 Share Posted February 6, 2007 Any word on the "progress thingy" BTW thanks for the info on how the files were hidden. Quote Link to comment Share on other sites More sharing options...
remkow Posted February 8, 2007 Author Share Posted February 8, 2007 lol i forgot about it :oops: i'm very busy with school and such, but when i have the time i will edit it Quote Link to comment Share on other sites More sharing options...
Paladin Posted February 9, 2007 Share Posted February 9, 2007 any idea why I might not be able to autorun this USBAntidote on my laptop? I enabled autorun and reinstalled U3 and it autoruns. But when I use Antidote it does not. If I right click on the faux cdrom and choose autorun it does nothing. If I click on the vbe script it does nothing but if I click on go.cmd it does run. Does anyone have a way to see whats in the encrypted vbe on the iso so I can see whats going on? I am really a n00b to this but could there be something on my laptop that won't run vbe's or somthing like that preventing it from autorunning? I have take no action to stop it from running. This is a Dell Lattitude D620. So anyway I would love to get a peak at the vbe and also would like to know why I can't autorun the antidote or any cutom payload. P.S. For reference I ran the hacked lpinstaller for sandisk as I have a cruzer. I then copied over the payload to the root dir of the flash drive. Pop it in and nada. I tried the lpinstaller from all the different payloads thinking that maybe the one I initially used was corrupt but nothing. Although I can reinstall U3 and it works "perfectly". Quote Link to comment Share on other sites More sharing options...
remkow Posted February 9, 2007 Author Share Posted February 9, 2007 Do you mean the vbe on the autorun partition?? Maybe you have disabled the Windows Script Host, so it won't run vbs/vbe files? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.