Jump to content

USB Pocket-Knife Development

Leapo

By Leapo
in USB Hacks

 Share

Recommended Posts

mrgee Newbie

mrgee

Posted
Posted
after i download the usb version and change the MRB, do i restart the computer and let it boot from the usb or something like that?

you do exactly that

then at promt typer startx when asked for password its root usermame is tor

id sugest you start another subject elsewhere as this is hijacking this post

watch these tuts http://www.youtube.com/watch?v=rMHcx6qr4vk

Link to comment
Share on other sites
  • Replies 818
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Jen Newbie

Jen

Posted
Posted

Sorry, i just went a little off track, won't do it again. Also, on my laptop windows xp, which i installed with the same disc as my vmware, the pocket-knife didnt' even run automatically and it didn't even run when i maunally made it run. Any reasons why?

Link to comment
Share on other sites
Leapo Newbie

Leapo

Posted
  • Author
Posted
on my laptop windows xp, which i installed with the same disc as my vmware, the pocket-knife didnt' even run automatically and it didn't even run when i maunally made it run. Any reasons why?

What version of the payload? U3 or non-U3?

Link to comment
Share on other sites
Leapo Newbie

Leapo

Posted
  • Author
Posted
I am using a cruzer micro 8gb u3. Also, i was wondering if it is possible to update the Universal customizer becasue when i use it on a 8gb, it only gives me 4 gb of space, and the other 4 gb is lost

Only reason it wouldn't autorun, after being installed correctly, is if autoplay has been disabled on the target computer. You can manually start it by opening my Computer, right clicking the U3 CR-ROM and selecting "autoplay" from the menu.

As for the universal customizer, I didn't write the app, you'll have to wait for Sandisk to update it to work with the new 8GB drives.

Link to comment
Share on other sites
Leapo Newbie

Leapo

Posted
  • Author
Posted
Also, if i need to make it autoplay, then it wouldn't be that stealth.

Autoplay is enabled on Windows XP by default, this is the principal that all switchblades rely on to run without user interaction. If you disable Autoplay you break the stealth ability of all switchblade payloads, not just mine.

Really, if the person operating the computer is smart enough to have disabled autoplay...you probably shouldn't be messing with the system.

Link to comment
Share on other sites
brenix Newbie

brenix

Posted
Posted
ehm, heres a tool which finds google chrome passes

http://www.nirsoft.net/utils/chromepass.html

its not command line based im pretty sure, so maybe someone here with some techie savvy skills can reverse engineer it? i'd love to, cant find the time mates.

also, i suggest leaving an Empty U3 in there, so when it plugs in, it will look okay, because i always look at my PC load Led, and when its working when im idle, i know something's wrong, i suggest putting the U3 in, could do a little cover up in that matter

I added this into my Pocketknife (start.bat, menu.bat, and the config) and it works like a charm! The chromepass works exactly like the other ones..Only took a few minutes too..

Link to comment
Share on other sites
vanguard Newbie

vanguard

Posted
Posted

I tried the latest version of Leapos pocketknife today (U3, version 8.70). On the target was an installed "Symantec Antivirus", and as soon I put it in, there was an alert by the virus scanner.

The stick was set to "NOT armed", and the configuration was set to "NOT install any applications"

But the virus scanner detected the file "Cachedump.exe" as a virus, but I suppose, this behaviour is already known.

So, shouldn`t be not all "*.exe" (aka binaries) on the cdrom-part of the U3-stick and only the configurations on the flash-partition, so that an antivirus does not see them ? I think, that was the basic idea by Leapo.

If I miss something, please feel free to correct me.

Link to comment
Share on other sites
Tmbomber Newbie

Tmbomber

Posted
Posted
well, same for me, so I'm waiting for tromber to look into it. But my guess is that it can't send the email because some of the ports are blocked.

Still looking into VNC. I just tried it on a win2k machine and it failed to install.

The actual line that failed was:

REGEDIT /s %installdir%\VNC\vnc.reg 2>&1

I'm not sure exactly what went wrong there.

Also, Leapo, I had a thought...

You were thinking of using the serial number of the USB drive to identify it.

Would it be possible to run the test to see if the drive has *any* serial number, and then if it does, do the test we're doing now.

That way it wouldn't do the IF Exists test unless there was actually a drive there to test.

Just a thought...

Link to comment
Share on other sites
Leapo Newbie

Leapo

Posted
  • Author
Posted
So, shouldn`t be not all "*.exe" (aka binaries) on the cdrom-part of the U3-stick and only the configurations on the flash-partition, so that an antivirus does not see them ? I think, that was the basic idea by Leapo.

All the executable are on the CD partition, somehow the active Antivirus is detecting them upon insertion. It can't delete them, so no harm done, but it's interesting they're beign found without being called.

Still looking into VNC. I just tried it on a win2k machine and it failed to install.

The actual line that failed was:

REGEDIT /s %installdir%\VNC\vnc.reg 2>&1

I'm not sure exactly what went wrong there.

That's where it merges the registry data for VNC...but it was generated on a Windows XP machine; the REG file might need a slight tweak to make it apply to Windows 2000 (good thing we have OS detection working).

Also, Leapo, I had a thought...

You were thinking of using the serial number of the USB drive to identify it.

Would it be possible to run the test to see if the drive has *any* serial number, and then if it does, do the test we're doing now.

That way it wouldn't do the IF Exists test unless there was actually a drive there to test.

Just a thought...

I've got it sorted already, just setting up menu.bat so it's easy to configure the serial number.

Link to comment
Share on other sites
vanguard Newbie

vanguard

Posted
Posted
All the executable are on the CD partition, somehow the active Antivirus is detecting them upon insertion. It can't delete them, so no harm done, but it's interesting they're beign found without being called.

Yes, Leapo, I should have taken a better look, shame on me. Of course you are right. Sorry for the noise...

But another thing: It would be nice, if you could implement the option of starting the "U3-menu" for starting U3-applications. I took a look at your "GO.VBS" and tried to change it, so "Launcher.exe" might be automatically started. Gonzor had managed this in his "GO.VBS" and "Autorun.inf" but both differ from yours. I tried to merge his one and yours, but as I am no good coder in VBS, I failed.

Would you mind to take a look at it ? Maybe it is more easy for you, to see, how Gonzor managed it.

If you succeed, please add an option in your "menu.bat", to make it possible the to switch autostart for "Launchpad.exe" on and off.

Just another thing, which came in my mind: How about to implement the option, to store profiles. The idea behind this is the following: In one environments, I only want to execute few of the payloads, in some other all, and in a third one some special ones. Each time you always must configure a new profile, which might be annoying.

On the other hand, it will be easy to change to the profile of my momentary needs.

Just an idea, and of course I understand, this is a real "hacking idea" and has not much to do with technical lust. So please don´t mind me ! :)

Great work anyway !!!

Link to comment
Share on other sites
Tmbomber Newbie

Tmbomber

Posted
Posted
Just another thing, which came in my mind: How about to implement the option, to store profiles. The idea behind this is the following: In one environments, I only want to execute few of the payloads, in some other all, and in a third one some special ones. Each time you always must configure a new profile, which might be annoying.

SanDisk sells a 3 pack of 2 gig thumbdrives colored Red, White, & Blue. You can also get a single one that's Black.

I keep the white one stock (white being pure). The blue one has everything turned on except the installers and Slurp2. The red one only has "System Information" and the VNC installer. I'm thinking of what to do with the black one. As soon as I go through the other installers I'll probably have the black one be VNC (and maybe NMAP) and the red one have all 4 installers.

Link to comment
Share on other sites
Big* Newbie

Big*

Posted
Posted

Ok, let me get this straight.

If i take a usb drive with this program on it and plant it in say one of my friends lockers. If he takes it home and plugs it in to his computer to see what it contains, then it will automatically put a keylogger that emails information on his computer permenently? something like what they used in that social engineering article...

Link to comment
Share on other sites
Big* Newbie

Big*

Posted
Posted

what is missing? it would help me a lot, and could you post a link to dl it? i cant find one... :S unless i have to use a mirror website?

edit: i mean, what is missing, why isnt the keylogger perfected yet? and would hacksaw be pretty much the same thing?

Link to comment
Share on other sites
pritchard9 Newbie

pritchard9

Posted
Posted

Hey mate.

Loving the pocket-knife. Would have commented earlier, but I had some problems registering.

Looking through this thread, I like the idea of profiles.

People have said that it would take up more space though.

Note: Im a complete noob at this, so you have the right to tell me to shut up if u feel like it, because really, I dont know what I'm talking about.

But anyway, I was thinking that if you were to implement the profile idea, maybe from menu.bat, you could choose what each profile would run, and then the batch file would create some form of config file, which would contain a list of the components to run. This way, only a few kilobytes of extra space would be needed, maximum being 1Mb I rekon.

As for choosing which profile, I thought that maybe when the drive was plugged in (this would be for non-u3 only i guess), that a screen would pop-up, asking for a "password". From here, you could enter a password for a specific profile. That way, anyone watching would think the drive is just password protected.

What do you think? I understand your probably really busy, and these are only just ideas, but I thought I should contribute somehow.

Cheers,

Pritchardo92

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...