mrgee Posted September 30, 2008 Share Posted September 30, 2008 after i download the usb version and change the MRB, do i restart the computer and let it boot from the usb or something like that? you do exactly that then at promt typer startx when asked for password its root usermame is tor id sugest you start another subject elsewhere as this is hijacking this post watch these tuts http://www.youtube.com/watch?v=rMHcx6qr4vk Quote Link to comment Share on other sites More sharing options...
Leapo Posted September 30, 2008 Author Share Posted September 30, 2008 uhm...why are we talking about Backtrack in my PocketKnife thread? Quote Link to comment Share on other sites More sharing options...
Tmbomber Posted September 30, 2008 Share Posted September 30, 2008 Moderator assistance in thread one... (could some nice moderator split the backtrack stuff off to a new thread please???) Quote Link to comment Share on other sites More sharing options...
Jen Posted October 1, 2008 Share Posted October 1, 2008 Sorry, i just went a little off track, won't do it again. Also, on my laptop windows xp, which i installed with the same disc as my vmware, the pocket-knife didnt' even run automatically and it didn't even run when i maunally made it run. Any reasons why? Quote Link to comment Share on other sites More sharing options...
Leapo Posted October 1, 2008 Author Share Posted October 1, 2008 on my laptop windows xp, which i installed with the same disc as my vmware, the pocket-knife didnt' even run automatically and it didn't even run when i maunally made it run. Any reasons why? What version of the payload? U3 or non-U3? Quote Link to comment Share on other sites More sharing options...
Jen Posted October 1, 2008 Share Posted October 1, 2008 I am using a cruzer micro 8gb u3. Also, i was wondering if it is possible to update the Universal customizer becasue when i use it on a 8gb, it only gives me 4 gb of space, and the other 4 gb is lost Quote Link to comment Share on other sites More sharing options...
Leapo Posted October 1, 2008 Author Share Posted October 1, 2008 I am using a cruzer micro 8gb u3. Also, i was wondering if it is possible to update the Universal customizer becasue when i use it on a 8gb, it only gives me 4 gb of space, and the other 4 gb is lost Only reason it wouldn't autorun, after being installed correctly, is if autoplay has been disabled on the target computer. You can manually start it by opening my Computer, right clicking the U3 CR-ROM and selecting "autoplay" from the menu. As for the universal customizer, I didn't write the app, you'll have to wait for Sandisk to update it to work with the new 8GB drives. Quote Link to comment Share on other sites More sharing options...
Jen Posted October 1, 2008 Share Posted October 1, 2008 Universal customizer from sandisk can let you use u3custom.iso? Also, if i need to make it autoplay, then it wouldn't be that stealth. Quote Link to comment Share on other sites More sharing options...
Leapo Posted October 1, 2008 Author Share Posted October 1, 2008 Also, if i need to make it autoplay, then it wouldn't be that stealth. Autoplay is enabled on Windows XP by default, this is the principal that all switchblades rely on to run without user interaction. If you disable Autoplay you break the stealth ability of all switchblade payloads, not just mine. Really, if the person operating the computer is smart enough to have disabled autoplay...you probably shouldn't be messing with the system. Quote Link to comment Share on other sites More sharing options...
Jen Posted October 2, 2008 Share Posted October 2, 2008 Well, i didn't disable autoplay, i was testing that machine, it's my own machine and i didn't turn off autoplay Quote Link to comment Share on other sites More sharing options...
jojobadejoh Posted October 2, 2008 Share Posted October 2, 2008 hellow,, your usb pocket-knife is very nice!! ,, only one question, how does the keylogger work cuz i m not getting any log's back or somting,, i think i did every thing right butt still no logs. could any one help thanx! Quote Link to comment Share on other sites More sharing options...
Jen Posted October 2, 2008 Share Posted October 2, 2008 well, same for me, so I'm waiting for tromber to look into it. But my guess is that it can't send the email because some of the ports are blocked. Quote Link to comment Share on other sites More sharing options...
brenix Posted October 2, 2008 Share Posted October 2, 2008 ehm, heres a tool which finds google chrome passes http://www.nirsoft.net/utils/chromepass.html its not command line based im pretty sure, so maybe someone here with some techie savvy skills can reverse engineer it? i'd love to, cant find the time mates. also, i suggest leaving an Empty U3 in there, so when it plugs in, it will look okay, because i always look at my PC load Led, and when its working when im idle, i know something's wrong, i suggest putting the U3 in, could do a little cover up in that matter I added this into my Pocketknife (start.bat, menu.bat, and the config) and it works like a charm! The chromepass works exactly like the other ones..Only took a few minutes too.. Quote Link to comment Share on other sites More sharing options...
vanguard Posted October 2, 2008 Share Posted October 2, 2008 I tried the latest version of Leapos pocketknife today (U3, version 8.70). On the target was an installed "Symantec Antivirus", and as soon I put it in, there was an alert by the virus scanner. The stick was set to "NOT armed", and the configuration was set to "NOT install any applications" But the virus scanner detected the file "Cachedump.exe" as a virus, but I suppose, this behaviour is already known. So, shouldn`t be not all "*.exe" (aka binaries) on the cdrom-part of the U3-stick and only the configurations on the flash-partition, so that an antivirus does not see them ? I think, that was the basic idea by Leapo. If I miss something, please feel free to correct me. Quote Link to comment Share on other sites More sharing options...
Jen Posted October 2, 2008 Share Posted October 2, 2008 i think that leapo relies on the avkill to kill the av Quote Link to comment Share on other sites More sharing options...
Tmbomber Posted October 3, 2008 Share Posted October 3, 2008 well, same for me, so I'm waiting for tromber to look into it. But my guess is that it can't send the email because some of the ports are blocked. Still looking into VNC. I just tried it on a win2k machine and it failed to install. The actual line that failed was: REGEDIT /s %installdir%\VNC\vnc.reg 2>&1 I'm not sure exactly what went wrong there. Also, Leapo, I had a thought... You were thinking of using the serial number of the USB drive to identify it. Would it be possible to run the test to see if the drive has *any* serial number, and then if it does, do the test we're doing now. That way it wouldn't do the IF Exists test unless there was actually a drive there to test. Just a thought... Quote Link to comment Share on other sites More sharing options...
Leapo Posted October 3, 2008 Author Share Posted October 3, 2008 So, shouldn`t be not all "*.exe" (aka binaries) on the cdrom-part of the U3-stick and only the configurations on the flash-partition, so that an antivirus does not see them ? I think, that was the basic idea by Leapo. All the executable are on the CD partition, somehow the active Antivirus is detecting them upon insertion. It can't delete them, so no harm done, but it's interesting they're beign found without being called. Still looking into VNC. I just tried it on a win2k machine and it failed to install. The actual line that failed was: REGEDIT /s %installdir%\VNC\vnc.reg 2>&1 I'm not sure exactly what went wrong there. That's where it merges the registry data for VNC...but it was generated on a Windows XP machine; the REG file might need a slight tweak to make it apply to Windows 2000 (good thing we have OS detection working). Also, Leapo, I had a thought... You were thinking of using the serial number of the USB drive to identify it. Would it be possible to run the test to see if the drive has *any* serial number, and then if it does, do the test we're doing now. That way it wouldn't do the IF Exists test unless there was actually a drive there to test. Just a thought... I've got it sorted already, just setting up menu.bat so it's easy to configure the serial number. Quote Link to comment Share on other sites More sharing options...
joshv06 Posted October 4, 2008 Share Posted October 4, 2008 Wow great job Leapo. Hey do you think you can put an option for shutdown -s -t 0 batch file? it'd be pretty cool to swap in a U3 usb drive and automatically shutdown a machine. Thanks Quote Link to comment Share on other sites More sharing options...
vanguard Posted October 4, 2008 Share Posted October 4, 2008 All the executable are on the CD partition, somehow the active Antivirus is detecting them upon insertion. It can't delete them, so no harm done, but it's interesting they're beign found without being called. Yes, Leapo, I should have taken a better look, shame on me. Of course you are right. Sorry for the noise... But another thing: It would be nice, if you could implement the option of starting the "U3-menu" for starting U3-applications. I took a look at your "GO.VBS" and tried to change it, so "Launcher.exe" might be automatically started. Gonzor had managed this in his "GO.VBS" and "Autorun.inf" but both differ from yours. I tried to merge his one and yours, but as I am no good coder in VBS, I failed. Would you mind to take a look at it ? Maybe it is more easy for you, to see, how Gonzor managed it. If you succeed, please add an option in your "menu.bat", to make it possible the to switch autostart for "Launchpad.exe" on and off. Just another thing, which came in my mind: How about to implement the option, to store profiles. The idea behind this is the following: In one environments, I only want to execute few of the payloads, in some other all, and in a third one some special ones. Each time you always must configure a new profile, which might be annoying. On the other hand, it will be easy to change to the profile of my momentary needs. Just an idea, and of course I understand, this is a real "hacking idea" and has not much to do with technical lust. So please don´t mind me ! :) Great work anyway !!! Quote Link to comment Share on other sites More sharing options...
Jen Posted October 4, 2008 Share Posted October 4, 2008 Well, the profile thing will increase the size of the stick and also, I don't htink most people would want it Quote Link to comment Share on other sites More sharing options...
Tmbomber Posted October 4, 2008 Share Posted October 4, 2008 Just another thing, which came in my mind: How about to implement the option, to store profiles. The idea behind this is the following: In one environments, I only want to execute few of the payloads, in some other all, and in a third one some special ones. Each time you always must configure a new profile, which might be annoying. SanDisk sells a 3 pack of 2 gig thumbdrives colored Red, White, & Blue. You can also get a single one that's Black. I keep the white one stock (white being pure). The blue one has everything turned on except the installers and Slurp2. The red one only has "System Information" and the VNC installer. I'm thinking of what to do with the black one. As soon as I go through the other installers I'll probably have the black one be VNC (and maybe NMAP) and the red one have all 4 installers. Quote Link to comment Share on other sites More sharing options...
Big* Posted October 4, 2008 Share Posted October 4, 2008 Ok, let me get this straight. If i take a usb drive with this program on it and plant it in say one of my friends lockers. If he takes it home and plugs it in to his computer to see what it contains, then it will automatically put a keylogger that emails information on his computer permenently? something like what they used in that social engineering article... Quote Link to comment Share on other sites More sharing options...
Jen Posted October 5, 2008 Share Posted October 5, 2008 It's soemthing like that, but then the keylogger isn't perfected yet Quote Link to comment Share on other sites More sharing options...
Big* Posted October 5, 2008 Share Posted October 5, 2008 what is missing? it would help me a lot, and could you post a link to dl it? i cant find one... :S unless i have to use a mirror website? edit: i mean, what is missing, why isnt the keylogger perfected yet? and would hacksaw be pretty much the same thing? Quote Link to comment Share on other sites More sharing options...
pritchard9 Posted October 5, 2008 Share Posted October 5, 2008 Hey mate. Loving the pocket-knife. Would have commented earlier, but I had some problems registering. Looking through this thread, I like the idea of profiles. People have said that it would take up more space though. Note: Im a complete noob at this, so you have the right to tell me to shut up if u feel like it, because really, I dont know what I'm talking about. But anyway, I was thinking that if you were to implement the profile idea, maybe from menu.bat, you could choose what each profile would run, and then the batch file would create some form of config file, which would contain a list of the components to run. This way, only a few kilobytes of extra space would be needed, maximum being 1Mb I rekon. As for choosing which profile, I thought that maybe when the drive was plugged in (this would be for non-u3 only i guess), that a screen would pop-up, asking for a "password". From here, you could enter a password for a specific profile. That way, anyone watching would think the drive is just password protected. What do you think? I understand your probably really busy, and these are only just ideas, but I thought I should contribute somehow. Cheers, Pritchardo92 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.