Jump to content

~Gozor~ Finished Payload


setzer1411

Recommended Posts

Hello,To everyone

@ GonZor

First sorry about this here--->

are you going to add the Switchblade ? to your own tool. 

I'm going to assume you meant HakSaw? Yes I am currently working on V2.0 that will include a lot more, mostly functions that will infect the computer like HakSaw and VNC. I have also added a function to dump the external IP to the log if it is connected to the internet. I am currently having trouble with the HakSaw I have never used it before, I have the installation to work properly but It will not send the files. I have also tested with the original payload and cannot get it to send. Please email any ideas to gonzor228@gmail.com.

Yes my bad that's just what I had been talking about ;( i'm on the slow side with all this.

Now if I may ask you or someone that may know about this, do you remove what's on the USB now?

or do you just add to what was there. I can't seem to get how you use the new one any help at all.

By the way looks like a great one nice work keep it up will keep an eye on this.

Thank you

7Sins

Link to comment
Share on other sites

  • Replies 220
  • Created
  • Last Reply

Top Posters In This Topic

Now if I may ask you or someone that may know about this, do you remove what's on the USB now?

or do you just add to what was there. I can't seem to get how you use the new one any help at all.

I'm assuming your talking about loading the new ISO ?

you simply follow the same steps as before, copy the new ISO (its about 13MB) to the BIN folder of the Universal Loader, then run the Universal Loader. Once that has finished running copy SBConfig V2.X to the flash partition of the drive and run it from there. I will be creating a Video tutorial of the whole process when I find some free time.

##  Things to remember  ##

The password for VNC is hacked

When using the HakSaw the password must be simple (eg lamepassword) i recommend an alpha password only 

Link to comment
Share on other sites

Hey, GonZor

Yes sorry I was talking about the new ISO just slap once to get me going here ;)

so you are saying it will not delete your othere tool. I have installed now yes???

I don't want to lose your first tool.and will the first Ver still work the same way as before.

Thank you

7Sins

Link to comment
Share on other sites

Hey, GonZor

Yes sorry I was talking about the new ISO just slap once to get me going here ;)

so you are saying it will not delete your othere tool. I have installed now yes???

I don't want to lose your first tool.and will the first Ver still work the same way as before.

Thank you

7Sins

This is an updated version of my original payload, It will remove the old payload and replace it with the new version. They function exactly the same and everything can be either turned on or off. so yes you will lose V1.x but V2.x contains everything from v1.x plus more and it is still easily customized.

Link to comment
Share on other sites

Gonzor,   All i  can say  is WOW~!   this tool rocks the house!  The GUI is smooth.  Nice work.

I have two issues (I am sure it’s me) but I would like to see if there is a simple solution.

1.  When putting the configured payload (with any combination of U3/Hacksaw enabled/disabled) into Windows Vista Ultimate I get a VB script error asking for the GO. vbs on the flash partition of the U3 drive, but the entire payload is located on the CD.  No log files are captured.  Using the same setup changing nothing it works GREAT inside Windows XP Pro (SP2).   (I can provide screenshot if need be. ) This happens on 4 out of 4 vista machines I have tried it on.  However if you click through the error and pull the drive the next time you enter the U3 drive it will still error but then will capture most of the data.

I have run the customizer tool and your Version 2. 0 Beta at least 6 times or better to make sure I am not messing it up.  I have also applied the U3 update from SanDisk and started from scratch to verify no residual switchblades were remaining.

2.  Next question is the Hacksaw functional?  Using the current configuration and my own email (Gmail account) it will not send the results (tried this from two separate networks) but I believe it has to be “hung” due to the first (go. vbs) issue.   (Hacksaw will not send in Windows XP or Windows Vista)

Info:

SanDisk Micro 1GB U3

Version 2. 0 Beta

U3 Customizer

SBConfig-V2. 0. 17

Windows XP (sp2) / Windows Vista Ultimate

Let me know if you need more information and thank you for your help!    This tool Rocks!

Malice

Link to comment
Share on other sites

Chalk it up to Vista's improved security?  The switchblade only version (1.x) didn't work on my copy of Vista too, remember that pwdump doesn't work in Vista.  GonZor said he'd stick fgdump in when he got a chance.  Other programs may have similar incompatibilities.

Link to comment
Share on other sites

Good Call :)

Does your HackSaw work in Windows XP or Vista?

-Malice

A few things to remember with my version of the HakSaw,

-It will not start until the next time someone logs on (created havoc with my code)

-You MUST use a simple password i recommend an alpha only password (e.g. lamepassword)

Chalk it up to Vista's improved security?  The switchblade only version (1.x) didn't work on my copy of Vista too, remember that pwdump doesn't work in Vista.  GonZor said he'd stick fgdump in when he got a chance.  Other programs may have similar incompatibilities.

I think it may be time for me to re write the scripts into a single exe, I think this may solve the problem. and yeah sorry about the fgdump it completely slipped my mind, Ive added it to the top of my to-do list even above setting monkeys on fire...

Link to comment
Share on other sites

I will change the password from a 7 letter alpha password back to the one that is default and try that.

Please note I am in no way complaining, because I love this tool you created. And I am excited about the updates.

Thanks again for the time you put into it.

-Malice

Link to comment
Share on other sites

I couldn't get Hacksaw or VNC to work and i did the password changes and everything but dont know whats the problem

Hmm the testing I've done has worked, so I'm not sure what the issue is. Any more information would be useful

and may I ask is there a time line to the Video ????

I will hopefully have some time in the next few days to do this.

Link to comment
Share on other sites

I am  using both:

Windows XP SP2 (at work)  - no proxy -no firewall

Windows Vista Ultimate (at Home) - no proxy -router (linksys) -no MS Firewall

Both machines and many that I have tried seem to function but then there are no results in the email and no VNC connection.

I reformated the flash  section and reapplied the Sandisk update to remove all files and start again from scratch, then reapplied the Switchblade and i'm functional on the payload but not the hacksaw features.

either way, the main payload rocks!

-Malice

please let me know if you need anything from me, i  would love to  help if i can.

Link to comment
Share on other sites

for some reason i suspect that the emails are going back to you  :-?

i just wish i am wrong :???:

I wouldn't receive any emails, The email address in SBConfig is the one I use but I did not use my real password  :-P I'm not that stupid...

Although that is a valid point, remember to change the details in SBConfig which I'm sure you have already done.

Link to comment
Share on other sites

hahah I  think I  just  shot coffee out my  nose!

I truly changed the email and the password, being that i am testing my own machines.  I mean I  have done some stupid things in my  day like uninstalled the SQL server from a production web server and gave my  workstation CIH virus by  testing a virus creation kit  but  I  can honestly say  I  did change the email and password (to  a simple yet lame password) 

Still no email love...

:P

Malice

Link to comment
Share on other sites

And you have logged off and on since you infected the computer (without removing it)? My version doesn't start until the next time they log on.

I'm beginning to think I ISO'd the wrong version for release, ill download it and test to see if I can find the error (I currently have loaded the testing for my new version).

Link to comment
Share on other sites

Hey,Gozor

Sorry to say samething here

And you have logged off and on since you infected the computer (without removing it)? My version doesn't start until the next time they log on.

Now I know i'm as dumb as you will see, but (without removing it)?

umm are you talking about the flash drive????  :(

if no then sorry new at all this.

Thank you

7Sins

Link to comment
Share on other sites

Hey,Gozor

Sorry to say samething here

And you have logged off and on since you infected the computer (without removing it)? My version doesn't start until the next time they log on.

Now I know i'm as dumb as you will see, but (without removing it)?

umm are you talking about the flash drive????  :(

if no then sorry new at all this.

Thank you

7Sins

My fault, I didn't explain properly. I was referring to removing the haksaw proram from where it was installed (using the antidote).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...